Dynamic Host Configuration Protocol (DHCP) The Dynamic Host Configuration Protocol (DHCP) is a network service that enables host computers to be automatically assigned settings from a server as opposed to manually configuring each network host. Computers configured to be DHCP clients have no control over the settings they receive from. Config file – /etc/dhcp/dhcpd6.conf. This file, just like in the IPv4 version, contains the global DHCP options and the subnet statements, reservations, etc. I am using it in conjunction with SLAAC, so DHCPv6 is only used to hand out the DNS info. Note – For IPv6 subnets, you need to use the subnet6 statement.
In my previous article, IPv6 Tunneling over IPv4 Networks, Idiscussed how to connect a LAN to the IPv6 public Internet. This articlecontinues the theme, discussing the issues surrounding the LAN’s configurationfor IPv6.
Looking at how LAN’s are configured for IPv4 proves to be instructive. Many ofthe techniques, and all of the patterns turn out to have parallels in IPv6.During the design of IPv6 engineers took the opportunity for refactoring usinglessons learned from IPv4. Initial host configuration was an area that receivedsome attention, and so, we will explore the new methods provided by IPv6 as wellas the traditional techniques carried forward from IPv4.
The goal here is to identify how hosts joining an IPv6 network can come todiscover and then interoperate on that network. The network may also haveIPv4, but it should not be required. Specifically, the goal is to show howhosts can, with emphasis towards automation, configure themselves on an IPv6only network. The same (pre)configuration should also work if the networkhappens to support IPv4, and the hosts should then configure and join the IPv4network as well.
There are two use cases that are used to vet the proposed methods. The first isthe “small lab” use case. Think of a small, less than 100 hosts, labenvironment, or SOHO office. In this sort of environment some of the hosts arevery dynamic, and some are more static with specific functions assigned to them;for instance, a mail, or IRC server. The second use case is the prototypeenvironment for a distributed application. Often such environments are createdwith VM’s using tools such as Vagrant inside adeveloper’s laptop. Such environments can be paused and restarted, relocated,and the hosts are often destroyed and recreated for a “fresh install”. In bothcases, formal rigor in configuring and maintaining the network are not asimportant as a degree of automation combined with flexibility to manually adjustthings as needed for the task at hand.
In an IPv4 world, DHCP combined with DNS are the go-to tools for suchconfiguration. As luck has it, both are available in the IPv6 world aswell. DNS remains unchanged, except for the addition of the AAAA record thatholds IPv6 addresses; AAAA records are retrievable via IPv4 as well. DHCPfunctions the same, but the specifics are adapted for IPv6 and to disambiguate,it is known as DHCPv6; there is a separate RFC: RFC-3315.
IPv6 Autoconfiguration
During the design of IPv6, then codenamed ‘IPng’, the design of“autoconfiguration” for IP was refactored to support a more automated method bywhich hosts could join an IPv6 network. In the base IPv4 protocol there is noexplicit support for autoconfiguration. In IPv6 autoconfiguration support wasinitially integrated into ICMPv6. This comes in the form of NeighborDiscovery Protocol (NDP) and includes the ability for a host to automaticallydiscover:
- Neighbor Discovery and Advertisement, replacing IPv4’s ARP.
- Network address prefix value.
- Note: network address prefix length is fixed in IPv6 to /64.
- Link (L2) parameter discovery, such as MTU.
- Next-hop routing determination through Router Solicitation and Advertisement(RA).
- Duplicate address detection, thus allowing hosts to generate a host addressand determine if it is a duplicate. (If so, they will pick another).
The above tools that made up the original NDP allow a host to perform what isformally called Stateless address autoconfiguration (SLAAC). Additionally,NDP, through Router Solicitation and Router Advertisement (RA), allows a host todefine itself a unique host address, determine its network address, androuter(s). These are all the necessary details a host needs to start sendingand receiving IP packets. The IPng designers believed they had successfullyrefactored the base IP protocol, including ICMP, to handle autoconfiguration.
In hindsight, the refactoring was not agile enough. While hosts can configurethe IP layer with SLAAC, it turns out that DHCPv4 is used provide addedfunctionality beyond simply configuring the IP layer of a host. The almostuniversally used feature of DHCP, beyond the IP layer, is communicating the DNSserver’s IP address. SLAAC did not initially have support for this and thusDHCPv6 was born. The ICMPv6 Router Advertisement was extended in RFC-6106 toallow the inclusion of DNS configuration information in the RA message.
RFC-6106, which allows DNS details in router advertisements, is not the end ofthe story. Firstly, its adoption has been slow, and secondly, there remainadditional configuration details not covered by the RFC that are desired whenautoconfiguring hosts on an IP network. In fact, IANA cites well over 150option parameters registered for DHCP [1].
Stateful and Stateless DHCPv6
The ability for a host to autoconfigure, through SLAAC, it’s IPv6 details givesrise to a new mode of use for DHCP - “Stateless DHCPv6”. In this mode, the hostfirst uses SLAAC to configure its IPv6 details and then uses DHCPv6 to requestadditional details like DNS, NTP, etc. In this mode the host indicates it isoperating “stateless” and the server does not perform address assignment.
In addition to the stateless mode, DHCPv6 can also be used in a “stateful” modewhere an IPv6 address is assigned from the server’s pool of addresses. IPv6allows and most often requires hosts to have multiple IPv6 addresses assigned toa single interface; the link-local address is an excellent example of this.Because hosts must support multiple addresses per interface it is possible touse both SLAAC and stateful DHCPv6 to configure a host. If both methods areused then there will be multiple IPv6 addresses assigned to the interface. Thelink-local address is also required, so using both methods will ensure theinterface has at least three addresses.
The late arrival of DNS configuration as part of SLAAC caused some vendors,Microsoft Windows most notably, to pursue client IPv6 autoconfiguration whichrequired DHCPv6. This makes the use of DHCPv6 a near requirement in any networkthat has liberal requirements for operating system support.
Host Registration in DNS
Providing DNS configuration to an autoconfiguring host does not implyregistering that host in the local DNS tables. In fact, neither DHCPv4, norDHCPv6 address the issue of DNS registration for newly configured hosts. Inmany environments, including lab and prototype use case environments,registering configured hosts ranges from very helpful to required. Some clientswill perform this task, but this behavior is not common enough to rely on it.
There are a number of different tools to support registering hosts in DNS asthey join a network, but one project is more appealing than the others for ourgiven use cases: Dnsmasq. The Dnsmasq project combines DHCP and DNS in asingle daemon and supports both IPv4 and IPv6. Dnsmasq also supports portionsof IPv6 autoconfiguration, including router advertisement (RA). The featurethat places Dnsmasq in the most appealing position is that its DHCP and DNSintegration includes automatically registering DHCP leases in the DNS tableswhen a hostname is provided in the DHCP request; solving exactly the problem notexplicitly addressed in DHCP or DNS specifications.
Through experimentation it was determined that Windows and Mac OSX based systemsconsistently provide the hostname as part of their DHCP request. Unfortunately,the most popular, and widely used, DHCP client, from ISC, either does not, or israrely configured to send the hostname. Fortunately, an alternative DHCP clientdoes: the dhcpcd client. Investigating the dhcpcd client also revealed thatit is trivial to swap the ISC client for dhcpcd on most Linux hosts.
The following is the Dnsmasq_ configuration applied on the router that allowsfor the most effective autoconfiguration of IPv6:
The configuration is broken down as follows:
no-resolve
- Disable using /etc/resolv.conf as a basis for configuring the dnsmasq server.This was done to make this example clearly explicit.
server=10.3.7.1
- Configure the server that dnsmasq forwards all DNS requests it can not handlelocally to. Note that the forwarder does not need to be a IPv6 address,although it could be. Multiple forwarders are configurable if desired.
local=/cloud1/
- Declare the domain “cloud1” as the domain being served locally.
domain=cloud1
- Declare the domain “cloud1” as the domain for all DHCP requests
dhcp-fqdn
- Force all DHCP clients to be placed in the “cloud1” domain, regardless of whatdomain they specify in the DHCP request.
enable-ra
- Perform IPv6 Router Advertisement as part of Dnsmasq’s operation. Otherrouter advertisement daemons should not be run. If the host Dnsmasq isrunning on is not the router then disable this.
dhcp-option...dns-server
- Explicitly configure and ensure the
dns-server
option is sent in the DHCPreply. The address listed is an address assigned to the ‘em1’ interface onthis host. dhcp-option...dns-name
- Send ‘cloud1’ as the assigned domain to all clients performing DHCP requests.
dhcp-range...
- Issue IPv6 addresses between ::100 and ::1ff in response to DHCP requests.The clause, “
constructor:em1
” directs the configuration to use the networkprefix of the ‘em1’ interface as the network prefix for the leased addresses.The actual address returned will be [em1 prefix]::[100-1ff].
Enabling the log-dhcp
or log-queries
parameters in Dnsmasq will enableverbose reporting of either DHCP or DNS is debugging is required.
Client DHCP Configuration
No explicit configuration is required on the client side except replacing theISC DHCP client with the dhcpcd client. For Debian derived Linuxinstallations:
No configuration files need to be modified.
By utilizing the Dnsmasq_ and dhcpcd_ projects a very simple configuration canbe constructed that supports autoconfiguration of an IPv6 network. This patterncan be utilized in both a heterogeneous lab and prototype environments,including Vagrant based setups on developer laptops.
- DHCPv6
- https://en.wikipedia.org/wiki/DHCPv6
- https://tools.ietf.org/html/rfc3315
- ICMPv6
- https://en.wikipedia.org/wiki/ICMPv6
- https://tools.ietf.org/html/rfc4443
- https://tools.ietf.org/html/rfc6106
- NDP - Neighbor Discovery Protocol:
- https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
- Dnsmasq - DHCP + DNS daemon
- http://www.thekelleys.org.uk/dnsmasq/doc.html
- dhcpcd - alternative DHCP client
- http://roy.marples.name/projects/dhcpcd/index
- DHCP and BOOTP Parameters: https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml↩
Contents
|
The Dynamic Host Configuration Protocol (DHCP) is a network service that enables host computers to be automatically assigned settings from a server as opposed to manually configuring each network host. Computers configured to be DHCP clients have no control over the settings they receive from the DHCP server, and the configuration is transparent to the computer's user.
![Isc Dhcp Ipv6 Example Isc Dhcp Ipv6 Example](https://www.howtoforge.com/images/install_and_configure_isc_dhcp_server_in_debian_9/big/Debian_9_LEMP-2017-09-10-17-54-49.png)
note: this package was called dhcp3-server in versions prior to precise 12.04 LTS.
At a terminal prompt, enter the following command to install dhcpd:
You will probably need to change the default configuration by editing /etc/dhcp3/dhcpd.conf to suit your needs and particular configuration.
You also need to edit /etc/default/isc-dhcp-server to specify the interfaces dhcpd should listen to. By default it listens to eth0.
Also, you have to assign a static ip to the interface that you will use for dhcp. If you will use eth0 for providing addresses in the 192.168.1.x subnet then you should assign for instance ip 192.168.1.1 to the eth0 interface using NetworkManager. Without this step you will get an error from dhcpd when starting the service.
The error message the installation ends with might be a little confusing, but the following steps will help you configure the service:
Most commonly, what you want to do is assign an IP address randomly. This can be done with settings as follows:
This will result in the DHCP server giving a client an IP address from the range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will lease an IP address for 600 seconds if the client doesn't ask for a specific time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The server will also 'advise' the client that it should use 255.255.255.0 as its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers.
If you need to specify a WINS server for your Windows clients, you will need to include the netbios-name-servers option, e.g.
Start and stop service
multiple interfaces example
Interface
Select Interface card
Configure Subnet
Check Route
Sometimes upon rising DHCP server informs about permission errors like
or
If after checking the permissions are found to be correct, check apparmor profile for dhcpd:
If /usr/sbin/dhcpd is in the list of profiles do the following:
- 1.Stop apparmor deamon
- 2.Edit /etc/apparmor.d/usr.sbin.dhcpd with root permissions and ensure that file has following lines:
- /var/lib/dhcp/dhcpd6.leases and /etc/dhcp/dhcpd6.conf are needed to run DHCP server in IPV6 mode, for example:
- 3.Start apparmor deamon
After this operation apparmor deamon will allow dhcp server to open /etc/dhcp/dhcpd.conf or /var/lib/dhcp/dhcpd.leases files. For more information see man apparmor