DHCP 服务器原理

DHCP协议工作过程

由于在IP地址动态获取过程中采用广播方式发送报文,因此要求DHCP客户端和服务器位于同一个网段内。如果DHCP客户端和DHCP服务器位于不同的网段,则需要通过DHCP中继来中继转发DHCP报文。

通过DHCP中继完成动态配置的过程中,客户端与服务器的处理方式与不通过DHCP中继时的处理方式基本相同。下面仅以DHCP客户端与DHCP服务器在同一网段的情况为例,说明DHCP协议的工作过程。

 

 

为了动态获取并使用一个合法的IP地址,需要经历以下几个阶段:

(1)        发现阶段:即DHCP客户端寻找DHCP服务器的阶段。

(2)        提供阶段:即DHCP服务器提供IP地址的阶段。

(3)        选择阶段:即DHCP客户端选择某台DHCP服务器提供的IP地址的阶段。

(4)        确认阶段:即DHCP服务器确认所提供的IP地址的阶段。

 

 

 

【组网情况】

  SW5--E0/4/5-----------------------------E0/4/0--R5

 

  SW5作为DHCP服务器  R5与SW5相连的口都在vlan5中

SW5的主要配置:

#

dhcp server ip-pool 5

 network 192.168.50.0 mask 255.255.255.0

 gateway-list 192.168.50.10

#

interface Vlan-interface5

 ip address 192.168.50.10 255.255.255.0

 

R5的主要配置:

#

interface Vlan-interface5

 ip address dhcp-alloc

 

【实验需求】

 

将R5和SW5互联的口先shutdown   然后再R5主SW5上都开启debugging dhcp ,再开启互联口,观察服务器和客户端的信息。

 

 

 

 

 

 

【客户端debugging信息】

<R5>

%Mar 11 11:45:11:00 2013 R5 IFNET/4/LINK UPDOWN:

 Ethernet0/4/0: link status is DOWN 

%Mar 11 11:45:11:00 2013 R5 IFNET/4/LINK UPDOWN:

 Vlan-interface5: link status is DOWN 

%Mar 11 11:45:11:15 2013 R5 IFNET/4/UPDOWN:

 Line protocol on the interface Vlan-interface5 is DOWN 

*Mar 11 11:45:11:15 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Move to HALT state.

*Mar 11 11:45:11:31 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Send a Dhcp packet...

  Head : op(BOOTPREQUEST); htype(ETHERNET); hlen(6); xid(0x37890204);    op:报文的操作类型,分为请求报文和响应报文,1为请求报文;2为响应报文。  htype:硬件地址类型。   hlen:硬件地址长度。系统目前只对以太网支持,硬件地址长度固定为6。   xid:由客户端软件产生的随机数,用于匹配请求和应答报文。

    ciaddr(192.168.50.1); yiaddr(0.0.0.0); chaddr(00e0-fc00-0501);      ciaddr:DHCP客户端的IP地址。(这里有地址有是因为刚刚已经获得了)      yiaddr:DHCP服务器分配给客户端的IP地址。

  Options : 

    63 82 53 63 35 01 07 36 04 C0 A8 32 0A 3D 1F 00 

    30 30 65 30 2E 66 63 30 30 2E 30 35 30 31 2D 56 

    6C 61 6E 2D 69 6E 74 65 72 66 61 63 65 35 FF 

 

*Mar 11 11:45:11:31 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Sending DHCPRELEASE packet succeeded. 发送DHCP释放报文

*Mar 11 11:45:11:31 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: FSM state transfer(BOUND-->HALT) successfully.

%Mar 11 11:45:39:547 2013 R5 IFNET/4/LINK UPDOWN:

 Ethernet0/4/0: link status is UP 

%Mar 11 11:45:39:562 2013 R5 IFNET/4/LINK UPDOWN:

 Vlan-interface5: link status is UP 

%Mar 11 11:45:39:562 2013 R5 IFNET/4/UPDOWN:

 Line protocol on the interface Vlan-interface5 is UP 

在接口起来后,需要经过如下四个阶段才能获取到IP

 

 

*Mar 11 11:45:39:562 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Move to INIT state.

*Mar 11 11:45:39:562 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: FSM state transfer(HALT-->INIT) successfully.    

*Mar 11 11:45:39:562 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Send DHCPDISCOVER in 10000 ms.

*Mar 11 11:45:47:234 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Send a Dhcp packet...

  Head : op(BOOTPREQUEST); htype(ETHERNET); hlen(6); xid(0xc96419d); 

    ciaddr(0.0.0.0); yiaddr(0.0.0.0); chaddr(00e0-fc00-0501); 

  Options : 

    63 82 53 63 35 01 01 0C 02 52 35 32 04 C0 A8 32 

    01 37 05 01 03 06 0F 2B 39 02 04 80 3C 0C 48 33 

    43 2E 20 53 49 4D 57 41 52 45 3D 1F 00 30 30 65 

    30 2E 66 63 30 30 2E 30 35 30 31 2D 56 6C 61 6E 

    2D 69 6E 74 65 72 66 61 63 65 35 FF 

 

*Mar 11 11:45:47:234 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Sending DHCPDISCOVER packet succeeded.     //在发现阶段,DHCP客户端通过发送DHCP-DISCOVER报文来寻找DHCP服务器。广播方式发送

*Mar 11 11:45:47:234 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: FSM state transfer(INIT-->SELECTING) successfully.

*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Receive a packet.

*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Receive a DHCP packet...                      收到一个服务器的回包 //如果有多台DHCP服务器向DHCP客户端回应DHCP-OFFER报文,则DHCP客户端只接受第一个收到的DHCP-OFFER报文。然后以广播方式发送DHCP-REQUEST请求报文,该报文中包含Option 54(服务器标识选项),即它选择的DHCP服务器的IP地址信息。

 

 

  Head : op(BOOTPREPLY); htype(ETHERNET); hlen(6); xid(0xc96419d); 

    ciaddr(0.0.0.0); yiaddr(192.168.50.1); chaddr(00e0-fc00-0501); 

  Option : type(DHCPOFFER); mask(255.255.255.0); lease(86400); 

    T1(43200); T2(75600); server(192.168.50.10); default router(192.168.50.10); 

*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Select 192.168.50.10 as the server.     将192.168.50.10 设置为DHCP服务器  //网络中接收到DHCP-DISCOVER报文的DHCP服务器,会选择一个合适的IP地址,连同IP地址租约期限和其他配置信息(如网关地址,域名服务器地址等)一同通过DHCP-OFFER报文发送给DHCP客户端。

*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Send a Dhcp packet...

  Head : op(BOOTPREQUEST); htype(ETHERNET); hlen(6); xid(0xc96419d); 

    ciaddr(0.0.0.0); yiaddr(0.0.0.0); chaddr(00e0-fc00-0501); 

  Options : 

    63 82 53 63 35 01 03 0C 02 52 35 32 04 C0 A8 32 

    01 36 04 C0 A8 32 0A 37 05 01 03 06 0F 2B 39 02 

    04 80 3C 0C 48 33 43 2E 20 53 49 4D 57 41 52 45 

    3D 1F 00 30 30 65 30 2E 66 63 30 30 2E 30 35 30 

    31 2D 56 6C 61 6E 2D 69 6E 74 65 72 66 61 63 65 

    35 FF 

 

*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Sending DHCPREQUEST packet succeeded.

*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: FSM state transfer(SELECTING-->REQUESTING) successfully.

*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Receive a packet.

*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Receive a DHCP packet...

  Head : op(BOOTPREPLY); htype(ETHERNET); hlen(6); xid(0xc96419d); 

    ciaddr(0.0.0.0); yiaddr(192.168.50.1); chaddr(00e0-fc00-0501); 

  Option : type(DHCPACK); mask(255.255.255.0); lease(86400); 

    T1(43200); T2(75600); server(192.168.50.10); default router(192.168.50.10); 

*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Begin to detect IP address conflict via ARP.     开始检测是否有IP地址冲突  //DHCP客户端收到DHCP服务器返回的DHCP-ACK确认报文后,会以广播的方式发送免费ARP报文,探测是否有主机使用服务器分配的IP地址,如果在规定的时间内没有收到回应,客户端才使用此地址。否则,客户端会发送DHCP-DECLINE报文给DHCP服务器,通知DHCP服务器该地址不可用,并重新申请IP地址。

 

*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Sending arp request for address(192.168.50.1) succeeded.

*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Move to BOUND state in 1500 milliseconds if no arp reply is received.

*Mar 11 11:45:48:844 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Receive no arp reply for 192.168.50.1, begin to use the address.

*Mar 11 11:45:48:844 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: FSM state transfer(REQUESTING-->BOUND) successfully.  

*Mar 11 11:45:48:844 2013 R5 DHCPC/7/DHCP_Client:

  Vlan-interface5: Sending arp request for address(192.168.50.10) succeeded.

<R5>

<R5>

<R5>

 

 

 

【服务器debugging信息】

 

 Checking for expired lease.

<SW5>sy

System View: return to User View with Ctrl+Z.

[SW5]int e0/4/5

[SW5-Ethernet0/4/5]shut

*Mar 11 11:45:11:235 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

 Checking for expired lease.

[SW5-Ethernet0/4/5]

%Mar 11 11:45:11:313 2013 SW5 IFNET/4/LINK UPDOWN:

 Ethernet0/4/5: link status is DOWN 

%Mar 11 11:45:11:328 2013 SW5 IFNET/4/LINK UPDOWN:

 Vlan-interface5: link status is DOWN 

%Mar 11 11:45:11:328 2013 SW5 IFNET/4/UPDOWN:

 Line protocol on the interface Vlan-interface5 is DOWN 

[SW5-Ethernet0/4/5]

[SW5-Ethernet0/4/5]

[SW5-Ethernet0/4/5]

*Mar 11 11:45:26:110 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

 Checking for expired lease.

[SW5-Ethernet0/4/5]

[SW5-Ethernet0/4/5]undo shut

[SW5-Ethernet0/4/5]

%Mar 11 11:45:39:860 2013 SW5 IFNET/4/LINK UPDOWN:

 Ethernet0/4/5: link status is UP 

%Mar 11 11:45:39:875 2013 SW5 IFNET/4/LINK UPDOWN:

 Vlan-interface5: link status is UP 

%Mar 11 11:45:39:875 2013 SW5 IFNET/4/UPDOWN:

 Line protocol on the interface Vlan-interface5 is UP 

[SW5-Ethernet0/4/5]

*Mar 11 11:45:41:00 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

 Checking for expired lease.

*Mar 11 11:45:47:578 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: Receive DHCPDISCOVER from 00e0.fc00.0501-Vlan-interface5.    //网络中接收到DHCP-DISCOVER报文的DHCP服务器,会选择一个合适的IP地址,连同IP地址租约期限和其他配置信息(如网关地址,域名服务器地址等)一同通过DHCP-OFFER报文发送给DHCP客户端。

DHCP服务器通过地址池保存可供分配的IP地址和其他配置信息。当DHCP服务器接收到DHCP请求报文后,将从IP地址池中取得空闲的IP地址及其他的参数,发送给DHCP客户端。

 

 

*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:

Rx, interface Vlan-interface5         

    Message type: request        

    Hardware type: 1, Hardware address length: 6        

    Hops: 0, Transaction ID: 2638321164        

    Seconds: 0, Broadcast flag: 0        

    Client IP address: 0.0.0.0   Your IP address: 0.0.0.0        

    Server IP address: 0.0.0.0   Relay agent IP address: 0.0.0.0        

    Client hardware address: 00e0-fc00-0501        

    Server host name: Not Configured, Boot file name: Not Configured        

    DHCP message type: DHCP Discover

 

*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: Find the lease successfully.

*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: Assign Used Lease from global pool.

*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: Requesting security module(s) to delete a security entry (192.168.50.1 00e0-fc00-0501) succeeded.

*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: Sending ICMP ECHOREQUEST to target IP: 192.168.50.1.          //DHCP服务器为客户端分配IP地址时,服务器首先需要确认所分配的IP没有被网络上的其他设备所使用。DHCP服务器通过发送ICMP Echo Request(ping)报文对分配的IP进行探测。如果在规定的时间内没有应答,那么服务器就会再次发送ping报文。到达规定的次数后,如果仍没有应答,则所分配的IP地址可用。否则将探测的IP地址记录为冲突地址,并重新选择IP地址进行分配。

*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: ICMP Timeout!      Ping 超时

*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: ICMP detecting finished. The target IP can be used for dhcp allocation.

*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:

Tx, interface Vlan-interface5         

    Message type: reply        

    Hardware type: 1, Hardware address length: 6        

    Hops: 0, Transaction ID: 2638321164        

    Seconds: 0, Broadcast flag: 0        

    Client IP address: 0.0.0.0   Your IP address: 192.168.50.1     你的IP是   192.168.50.1  

    Server IP address: 0.0.0.0   Relay agent IP address: 0.0.0.0        

    Client hardware address: 00e0-fc00-0501        

    Server host name: Not Configured, Boot file name: Not Configured        

    DHCP message type: DHCP Offer

 

*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DhcpServer: Send DHCPOFFER to 00e0.fc00.0501-Vlan-interface5 Offer IP=> 192.168.50.1.  发送dhcp offer报文

*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: Receive DHCPREQUEST from 00e0.fc00.0501-Vlan-interface5.

*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:

Rx, interface Vlan-interface5         

    Message type: request        

    Hardware type: 1, Hardware address length: 6        

    Hops: 0, Transaction ID: 2638321164        

    Seconds: 0, Broadcast flag: 0        

    Client IP address: 0.0.0.0   Your IP address: 0.0.0.0        

    Server IP address: 0.0.0.0   Relay agent IP address: 0.0.0.0        

    Client hardware address: 00e0-fc00-0501        

    Server host name: Not Configured, Boot file name: Not Configured        

    DHCP message type: DHCP Request

 

*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: Acknowledge the DHCPREQUEST message!       收到DHCP客户端发送的DHCP-REQUEST请求报文  客户端以广播方式发送DHCP-REQUEST请求报文,是为了通知所有的DHCP服务器,它将选择Option 54中标识的DHCP服务器提供的IP地址,其他DHCP服务器可以重新使用曾提供的IP地址。

*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:

Tx, interface Vlan-interface5         

    Message type: reply        

    Hardware type: 1, Hardware address length: 6        

    Hops: 0, Transaction ID: 2638321164        

    Seconds: 0, Broadcast flag: 0        

    Client IP address: 0.0.0.0   Your IP address: 192.168.50.1        

    Server IP address: 0.0.0.0   Relay agent IP address: 0.0.0.0        

    Client hardware address: 00e0-fc00-0501        

    Server host name: Not Configured, Boot file name: Not Configured        

    DHCP message type: DHCP Ack

 

*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DhcpServer: Send DHCPACK to 00e0.fc00.0501-Vlan-interface5 Offer IP=> 192.168.50.1.  收到DHCP客户端发送的DHCP-REQUEST请求报文后,DHCP服务器根据DHCP-REQUEST报文中携带的MAC地址来查找有没有相应的租约记录。如果有,则发送DHCP-ACK报文作为应答,通知DHCP客户端可以使用分配的IP地址。

*Mar 11 11:45:48:00 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

DHCPServer: Requesting security module(s) to add a security entry (192.168.50.1 00e0-fc00-0501) succeeded.

*Mar 11 11:45:56:328 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

 Checking for expired lease.

*Mar 11 11:46:11:141 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

 Checking for expired lease.

[SW5-Ethernet0/4/5]

[SW5-Ethernet0/4/5]

*Mar 11 11:46:26:875 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

 Checking for expired lease.

*Mar 11 11:46:42:188 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

 Checking for expired lease.

[SW5-Ethernet0/4/5]

[SW5-Ethernet0/4/5]

[SW5-Ethernet0/4/5]

*Mar 11 11:46:57:360 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:

 

 

 

综 上:

 

1. 发现阶段

在发现阶段,DHCP客户端通过发送DHCP-DISCOVER报文来寻找DHCP服务器。

由于DHCP服务器的IP地址对于客户端来说是未知的,所以DHCP客户端以广播方式发送DHCP-DISCOVER报文。所有收到DHCP-DISCOVER报文的DHCP服务器都会发送回应报文,DHCP客户端据此可以知道网络中存在的DHCP服务器的位置。

 

2. 提供阶段

网络中接收到DHCP-DISCOVER报文的DHCP服务器,会选择一个合适的IP地址,连同IP地址租约期限和其他配置信息(如网关地址,域名服务器地址等)一同通过DHCP-OFFER报文发送给DHCP客户端。

DHCP服务器通过地址池保存可供分配的IP地址和其他配置信息。当DHCP服务器接收到DHCP请求报文后,将从IP地址池中取得空闲的IP地址及其他的参数,发送给DHCP客户端。

DHCP服务器为客户端分配IP地址的优先次序如下:

(1)        与客户端MAC地址或客户端ID静态绑定的IP地址;

(2)        DHCP服务器记录的曾经分配给客户端的IP地址;

(3)        客户端发送的DHCP-DISCOVER报文中Option 50字段指定的IP地址;

(4)        在DHCP地址池中,顺序查找可供分配的IP地址,最先找到的IP地址;

(5)        如果未找到可用的IP地址,则依次查询租约过期、曾经发生过冲突的IP地址,如果找到则进行分配,否则将不予处理。

DHCP服务器为客户端分配IP地址时,服务器首先需要确认所分配的IP没有被网络上的其他设备所使用。DHCP服务器通过发送ICMP Echo Request(ping)报文对分配的IP进行探测。如果在规定的时间内没有应答,那么服务器就会再次发送ping报文。到达规定的次数后,如果仍没有应答,则所分配的IP地址可用。否则将探测的IP地址记录为冲突地址,并重新选择IP地址进行分配。

 

3. 选择阶段

如果有多台DHCP服务器向DHCP客户端回应DHCP-OFFER报文,则DHCP客户端只接受第一个收到的DHCP-OFFER报文。然后以广播方式发送DHCP-REQUEST请求报文,该报文中包含Option 54(服务器标识选项),即它选择的DHCP服务器的IP地址信息。

以广播方式发送DHCP-REQUEST请求报文,是为了通知所有的DHCP服务器,它将选择Option 54中标识的DHCP服务器提供的IP地址,其他DHCP服务器可以重新使用曾提供的IP地址。

 

4. 确认阶段

收到DHCP客户端发送的DHCP-REQUEST请求报文后,DHCP服务器根据DHCP-REQUEST报文中携带的MAC地址来查找有没有相应的租约记录。如果有,则发送DHCP-ACK报文作为应答,通知DHCP客户端可以使用分配的IP地址。

DHCP客户端收到DHCP服务器返回的DHCP-ACK确认报文后,会以广播的方式发送免费ARP报文,探测是否有主机使用服务器分配的IP地址,如果在规定的时间内没有收到回应,客户端才使用此地址。否则,客户端会发送DHCP-DECLINE报文给DHCP服务器,通知DHCP服务器该地址不可用,并重新申请IP地址。

如果DHCP服务器收到DHCP-REQUEST报文后,没有找到相应的租约记录,或者由于某些原因无法正常分配IP地址,则发送DHCP-NAK报文作为应答,通知DHCP客户端无法分配合适IP地址。DHCP客户端需要重新发送DHCP-DISCOVER报文来请求新的IP地址。

你可能感兴趣的:(服务器,客户端,动态,IP地址,组网)