Chapter 8, DHCP in IP Configuration Designs
|1| Chapter 8 Overview
A. Designs That Include DHCP
1. Identify the requirements and constraints
for creating a DHCP design.
2. Describe the relationship between DHCP
and Windows 2000.
3. Determine when it’s appropriate to use
DHCP in IP configuration solutions.
4. Identify the DHCP design decisions you’ll
need to make.
B. Essential DHCP Design Concepts
1. Determine where and how to use DHCP to
provide automatic IP configuration.
2. Determine the DHCP scopes and scope
options to include in your design.
C. Configuration Protection in DHCP Designs
1. Prevent IP configuration errors caused by
unauthorized DHCP servers.
2. Prevent unauthorized users from modifying
your DHCP server configuration.
D. DHCP Design Optimization
1. Select strategies to improve the
availability and performance of your DHCP design.
Chapter 8, Lesson 1
Designs That Include DHCP
|2| 1. DHCP
and Windows 2000
A. DHCP provides automatic IP configuration.
1. Makes it easier to implement and maintain
networking services designs, and reduces the chance of IP configuration errors
2. Uses IP information from IP broadcasts
3. Consider the existing IP routing design
as you implement DHCP.
B.
Windows
2000 includes DHCP services.
1.
DHCP Client
a. Receives IP configuration information from
DHCP servers and updates the local IP configuration
b. Is also included in other operating
systems, including Microsoft Windows 95, Microsoft Windows 98, Microsoft
Windows Me, Microsoft Windows NT 4.0, and UNIX
2. DHCP Server
a. Provides IP configuration information to
DHCP clients
b. Uses the Windows 2000 IP stack to
communicate with DHCP clients, other DHCP servers, the Active Directory domain
controllers, and DHCP Relay Agents
c. Manages a database that contains the
status of the IP address ranges that the DHCP server manages
d.
Is available in
Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, and
Microsoft Windows 2000 Datacenter Server
e.
Is not available
in Microsoft Windows 2000 Professional
f.
Requires you to
assign a fixed IP address to the network interfaces in the computer running it
3. DHCP Relay Agent
|3| a. Is a protocol you can include in Routing
and Remote Access
b. Forwards DHCP between IP routed network
segments
c. Receives DHCP broadcasts and forwards the
DHCP requests as unicast IP packets directed to the DHCP server
d. Eliminates DHCP broadcast traffic between
network segments
e. Requires you to assign a fixed IP address
to the network interfaces in the computer running it
f.
Is a standard feature of Windows
2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter Server
g. Is not available in Windows 2000
Professional
h. Do not install DHCP Server service and
DHCP Relay Agent on the same computer.
Note You should not install the
DHCP Server service and DHCP Relay Agent on the same computer because the DHCP
Server service and DHCP Relay Agent use the same UDP ports. The services won’t
work reliably if you install them both on the same computer.
C. To create DHCP designs, you should
understand
1. General IP configuration
2. General IP routing theory
3. General DHCP theory
|4| 2. DHCP
Design Requirements and Constraints
A. Collect design requirements and
constraints before creating your design.
1. The amount of data transmitted between
existing network segments that contain the DHCP clients and DHCP server
2. The number of locations and network
segments that require automatic IP configuration
3. Plans for future network growth
4. Characteristics of existing routers,
including
a. Router placement
b. Router broadcast traffic forwarding
c. WAN connections used
|5| 3. DHCP
Design Decisions
A. Base design decisions on your
organization’s requirements and constraints.
B. Decide the following:
1. The types of client computers that the
DHCP servers will support
2. The method for handling IP configuration
for each network segment
Note Before designing a DHCP
solution, you must determine the number of hosts, the number of subnets, and
the configuration of the network.
3. The placement of DHCP servers and DHCP
Relay Agents
4. The method for providing DHCP automatic
IP configuration to DHCP clients
5. The method for optimizing traffic between
DHCP clients and DHCP servers
|6| 4. IP
Configuration Designs
A. Most IP configuration designs are for
routed networks.
B. IP parameters for all computers in the
organization’s private network must be properly configured.
C. Choose one of the following methods for
configuring IP information for each computer:
1. Manual configuration
a. You must manually configure file servers,
print servers, routers, gateways, or other IP devices that provide resources or
services to client computers.
b. To save time and reduce configuration
errors, use an automatic IP configuration method for computers that don’t
manage network resources.
2. DHCP services provided by third-party
operating systems
a. You can use DHCP services offered in other
operating systems (like Novell NetWare and UNIX systems) to automatically
configure client computers.
b. This method is useful if your organization
has standardized on a third-party operating system that offers a DHCP server
implementation.
c. DHCP services included with other
operating systems do not provide all of the features offered by the DHCP
services in Windows 2000.
|7| 3. DHCP services provided by Windows 2000
a. Are integrated with Microsoft operating
systems, the Domain Name System (DNS), and Routing and Remote Access services
in Windows 2000
Note Routing and Remote Access
dynamically allocates IP addresses from a DHCP server to remote access clients.
When the remote access client disconnects, Routing and Remote Access
immediately returns the assigned IP address, which becomes available to other remote
access clients.
Note DHCP and DNS integration
allows earlier versions of Windows–based clients and other non-Microsoft
clients to automatically update their records in the DNS database.
b. Provide automatic IP configuration for
other operating systems
c. Prevent DHCP configuration errors from
unauthorized DHCP servers
d. Provide highly available IP configurations
by using DHCP and Windows clustering
e. Allow you to standardize network
management by using Active Directory directory service
Note One of the advantages of
the Windows 2000 DHCP service is its integration with Active Directory. It
allows DHCP servers to be authorized within Active Directory.
Chapter 8, Lesson 2
Essential DHCP Design Concepts
|8| 1. Determining
Which Segments Require Automatic IP Configuration
A. Use DHCP to configure IP information for
any network segments that contain desktop computers.
B. Provide automatic IP configuration for all
network segments except
1. Network segments that contain only
computers that manage network resources
a. File servers
b. Print servers
c. Database servers
d. Web servers
2. Network backbone segments that contain
only routers that connect network segments to the backbone
3. WAN segments
Note The devices listed above don’t
need automatic IP configuration. They usually require a fixed IP address, and
therefore shouldn’t use DHCP.
4. Screened subnet segments (also known as
Demilitarized Zones, or DMZs).
|9| 2. Determining
the DHCP Automatic IP Configuration Method
A. Designers need to determine which DHCP
automatic IP configuration method to use for each network segment.
B. The automatic IP configuration methods are
1. Connecting a DHCP server to network
segments
2. Connecting a DHCP Relay Agent to network
segments
3. Enabling DHCP/Boot Protocol (BOOTP)
forwarding on routers that connect to network segments
|10| C. DHCP server method
Note You should place a single
DHCP server on one subnet (generally the one with the highest number of
clients) and then use DHCP Relay Agents or DHCP/BOOTP forwarding on the
routers.
1. Include at least one DHCP server at each
location in your networking services design.
2. Each DHCP server can service more than
15,000 client computers.
3. In each location, use as few DHCP servers
as practical, to reduce DHCP server administration tasks.
Note A simple, non-routed LAN
needs only one DHCP server. For larger networks, multiple DHCP servers must
share the IP address range by defining a scope.
4. To provide DHCP services to more than one
network segment, include multiple network interface adapters in the computer
that runs the DHCP Server service. This creates a multihomed DHCP server.
|11| D. DHCP Relay Agents method
Note The DHCP Relay Agent is
one of the methods used in routed networks. The DHCP Relay Agent as an
intermediary between DHCP clients and DHCP servers.
1. Include DHCP Relay Agents on network
segments that are not directly connected to DHCP servers.
2. DHCP Relay Agents forward DHCP traffic
between a network segment and a network segment that contains a DHCP server.
The process is as follows:
a. The DHCP client sends a request.
Note The DHCP Relay Agent is
transparent to the DHCP client.
b. The DHCP Relay Agent receives the
broadcast packet request.
c. The DHCP Relay Agent converts the request
from broadcast to unicast.
d. The DHCP Relay Agent forwards the request
to the DHCP server.
3. A DHCP Relay Agent can service thousands
of client computers.
4. To provide DHCP services to more than one
network segment, include multiple network interface adapters in the computer
that runs the DHCP Relay Agent. This creates a multihomed Relay Agent.
|12| E. DHCP/BOOTP forwarding on routers method
Note DHCP/BOOTP is the second
way of supporting DHCP in a routed network. DHCP Relay Agent has advantages
over DHCP/BOOTP. Routers with DHCP/BOOTP forwarding enabled forward the
broadcast packet, creating additional broadcast traffic. If your routers
already support DHCP/BOOTP, however, you should consider implementing
DHCP/BOOTP to save costs.
1. Use this method on network segments that
aren’t connected to a DHCP server.
2. DHCP/BOOTP forwarding on routers forwards
only the DHCP broadcast traffic.
3. Routers with more than two network
interfaces and with DHCP/BOOTP enabled can provide DHCP services to more than
one network segment.
4. The method is useful in designs where an
existing router supports DHCP/BOOTP forwarding and you don’t want to add more
hardware or software.
|13| 3. Determining DHCP Scopes and
DHCP Scope Options
A. Designers need to determine the DHCP
scopes and DHCP scope options to include in the design.
B. A DHCP scope defines a range of IP
addresses that the DHCP server manages.
Note Using multiple DHCP
servers to provide IP addresses to the subnet increases DHCP service
availability and reliability to the subnet and distributes the DHCP client
load.
1. Create a DHCP scope for each IP address
range managed by DHCP.
Note You must define a scope
before DHCP clients can use the DHCP server for dynamic IP configuration.
2. Superscopes group multiple DHCP scopes to
support multiple IP address ranges on the same physical network segment.
Note A superscope is a shared,
distributed scope that allows multiple servers to share the available address
range for a subnet.
3. Use superscopes to
a. Support network segments serviced by DHCP
Relay Agents or routers with DHCP/BOOTP forwarding
b. Provide additional IP address ranges for
network ranges that have used up the existing available IP address ranges
c. Combine multiple IP subnets into a single
subnet without redesigning your IP addressing scheme and subnet masks
|14| 4. The DHCP IP address lease length
specifies when an IP address assigned to a computer that was removed from a
network segment becomes available for other computers to use.
Note Modifying the lease length
is one of the primary ways to improve DHCP performance. If clients leave the
network but do not release their IP addresses, those addresses are unavailable
for other computers until the administrator manually releases all addresses.
a. Increasing the DHCP lease length
(1) Means that IP addresses are unavailable for
longer periods after the computer is removed from the network segment
(2) Decreases DHCP traffic
(3) Should be done when computers are seldom
moved from segment to segment
b. Decreasing the DHCP lease length
(1) Makes the IP address available sooner
(2) Increases DHCP traffic
Note Decreasing the lease
length increases network traffic.
(3) Should be done when computers are
frequently moved between network segments
Note You can configure Windows
2000 DHCP clients to automatically release their IP addresses when they shut
down.
|15| C. Determine which IP addresses to exclude
from the IP address range defined by the DHCP scope.
1. For each device with a manually assigned
IP address within the DHCP scope, you must exclude the corresponding manually
assigned IP address.
2. Exclude any manually assigned IP
addresses within the DHCP scope’s IP address range, such as those for the
following:
a. IP routers
b. Firewalls
c. File, print, and application servers
d. Gateways
e. Any operating system or device that DHCP
cannot configure
f. Any other device with a manually assigned
IP address
|16| D. Define the DHCP scope options.
1. A DHCP scope option is a specific client
IP configuration parameter for
a. Routers
b. DNS servers
c. DNS domain name
d. Windows Internet Name Service (WINS) node
type
e. WINS servers
2. Define the DHCP scope options that the
DHCP administrator can assign.
3. Assign DHCP scope options to affect
different levels of clients that the DHCP Server services.
a. Server options level: scope options apply
to all scopes managed by the DHCP server
b. Scope options level: scope options apply
to all DHCP clients with IP addresses within the range defined by the DHCP
scope
c. Class options level: scope options apply
to a specific, customizable class of DHCP clients
d. Client options level: scope options apply
to individual client computers only
Note DHCP also provides
predefined options that let you control which options are available through the
DHCP console. Although you can make options available in this way, they are not
assigned values until configured at the server, scope, or client.
Chapter 8, Lesson 3
Configuration Protection in DHCP Designs
Note The DHCP protocol is not inherently secure, and that there are a few
management strategies you can use to make the service secure. One of the
primary methods is to integrate the DHCP service with Active Directory.
|17| 1. Preventing
Unauthorized DHCP Servers
A. Protect your network from unauthorized
DHCP servers.
B. If an unauthorized DHCP server is started,
it can automatically provide IP configuration to DHCP clients and thus disable
communications.
C. Prevent unauthorized Windows 2000–based
DHCP servers from starting by authorizing Windows 2000 DHCP servers in Active
Directory.
1. The DHCP Server service automatically
queries Active Directory to determine whether a DHCP server is authorized to
start.
2. If the DHCP server is not authorized, the
DHCP Server service writes an event in the Windows 2000 Event Log and stops.
D. To detect and prevent unauthorized DHCP
servers, do the following:
1. Install one or more DHCP Server services
on a domain controller or member server.
2. List authorized DHCP servers in Active
Directory.
3. Use DHCP Relay Agents or enable
DHCP/BOOTP forwarding on routers.
E. You can’t prevent DHCP servers from
starting if they run on operating systems other than Windows 2000.
|18| 2. Preventing
Unauthorized Users
A. Prevent unauthorized users from directly
accessing your DHCP servers and compromising the integrity of your DHCP
database.
B. Protect your DHCP servers and the database
in two ways:
1. Restricting DHCP administrators
a. Grant permission to manage DHCP servers
only to authorized network administrators.
b. Create a Windows 2000 group and assign the
group the permissions needed to manage your organization’s DHCP servers.
c. In the Windows 2000 group, include the
authorized network.
2. Isolating DHCP servers from public
networks
a. DHCP servers should not exist on any
network segments that public network users can access.
b. Make sure that only computers within your
organization’s private network can directly communicate with your DHCP servers.
Chapter 8, Lesson 4
DHCP Design Optimization
Note To ensure availability, your
DHCP solution must include a very reliable DHCP server or redundant DHCP
servers. There are generally two methods for increasing availability:
superscopes (shared distributed scopes) and Windows Clustering.
|19| 1. Enhancing
DHCP Availability
A. Optimize your design for increased
availability.
B. Base your decisions on your organization’s
requirements.
C. Use the following strategies to increase
availability:
1. Use Windows Clustering server clusters.
Note Windows Clustering is a
method to increase the availability of a single DHCP server using a server
cluster.
a. Windows 2000 DHCP Server service is
cluster-aware, which means that it can interact with server clusters.
b. You can create server clusters by
configuring two computers to share a common cluster drive. The DHCP database is
stored on this drive.
c. The DHCP Server service runs on only one
cluster node, called the active node, at a time.
d. If the DHCP active node fails for any
reason, the other cluster node automatically runs the DHCP Server service. The
shared drive contains the current DHCP reservation information from the DHCP
database.
2. Distribute a DHCP scope across multiple
DHCP servers.
a. Distributes the IP address range that the
DHCP scope manages across two DHCP servers.
b. If one DHCP server fails for any reason,
the other DHCP server provides IP configuration for the segment with the
remaining portion of the IP address range.
c. Requires no additional hardware or
software resources
Note You can also allocate
equal portions of the address range if subnets use DHCP Relay Agents.
3. Dedicate a computer to DHCP to prevent
one application or service from becoming unstable.
|20| 2. Improving
DHCP Performance
A. Business requirements can include set
periods, or a number of simultaneous DHCP connections.
B. You can improve DHCP configuration
performance by
1. Load balancing the DHCP configuration
across multiple DHCP servers
a. This method is useful when existing DHCP
servers are working to capacity and you cannot upgrade hardware.
b. Evenly distributes DHCP scopes across
multiple DHCP servers, which distributes IP configuration traffic across
servers and reduces any latency in IP configuration
2. Modifying the lease length
a. Increasing the lease length reduces the IP
configuration traffic but means that IP addresses are reserved for longer
periods.
b. Decreasing the lease length increases the
IP configuration traffic but increases the availability of IP addresses.
3. Dedicating a computer to DHCP to prevent
other applications and services from consuming system resources
|21| Chapter Summary
A. DHCP services in Windows 2000 provide
automatic IP configuration for the client computers, reducing errors as well as
configuration and management time.
1. Manually configure IP information for IP
devices that manage network resources (such as file servers, print servers, and
so on).
2. Include at least one DHCP server at each
geographic location in your design.
B. Use DHCP Relay Agents or enable DHCP/BOOTP
forwarding on routers wherever network segments are not directly connected to
DHCP servers.
C. Create DHCP scopes for all IP address
ranges that are automatically configured using DHCP.
1. With Windows 2000, you can also create
superscopes.
2. Exclude any manually assigned IP
addresses within the scope’s IP address range.
3. You can assign DHCP scope options to
affect different levels of DHCP clients that a DHCP server manages.
D. Use the DHCP Server service in Windows
2000 to prevent unauthorized DHCP servers from starting and communicating with
the network.
E. Grant DHCP management permissions
carefully to protect the DHCP database.
F. Use the following optimization techniques
to improve the availability and performance of your DHCP design:
1. Use Windows Clustering server clusters.
2. Distribute DHCP scopes across multiple
DHCP servers.
3. Dedicate a computer to DHCP.
4. Modify the DHCP lease length.