 |
DCHP in Windows 2000
Thomas LeeThis article was first
published in Back Office Magazine in Aug/Sept 1999
|
||||
| So Who Am I? |
Welcome to the inaugural version of this the Technical Windows 2000 column. Before getting started on this month’s topic, let me provide a brief introduction to myself and my aims for this column. So Who Am I?I have worked with computers since my university days in the late 1960’s, and worked on two operating system projects in the 1970’s. I was introduced to Windows NT in March 1993, when the UPS man brought me the first of many packages I was to receive from Microsoft, containing the Windows NT 3.1 beta. I’ve been working with Windows 2000 for nearly 2 years, including 15 months spent working at the Redmond campus developing Windows 2000 training material. Of course, all the computers in my home network now run Beta 3 (or later). I’m writing this column for a few reasons. Obviously, the fame and money are a large part of it (NOT). As some of you may know, I’m quite excited about the Windows 2000 product. I want to try to explain some of the internals workings of Windows 2000, while making it relevant. I want to make the inner workings of Windows 2000 a little clearer and to focus on what it means to you. Stuff More of the “What is it and so what” if you will, aimed at the administrator and support professionals. I know Windows 2000 has not been released yet (at the time I am writing this, RC1 is just being finalised). However, the product workings are well enough understood for me to be able to explain some of the new features. I hope that the changes in the product between now and when you are able to purchase it will be minimal. If not, then don’t blame me! Windows 2000 IP Stack ImprovementsIn Windows 2000, Microsoft has expended a considerable amount of effort improving and adding to the TCP/IP stack and the related services and utilities. Since the Windows 2000 directory services infrastructure is all TCP/IP based, the functionality, and reliability of TCP/IP has been an important focus within the development team. There are a lot of new features now shipped as standard which were previously part of add-ons, such as the Internet Authentication Server, or the Connection Manager Administration Kit (both previously part of the Option Pack) as well as brand new services, such as Connection Sharing (NAT for Windows 2000) and IP Security. In addition, Microsoft has improved most of the existing services. DHCP in Windows 2000In future columns, I will be looking at many of these new features. This month I want to look at one of the most fundamental TCP/IP services: Dynamic Host Control Protocol (DHCP). DHCP is a service that provides client computers with all their necessary TCP/IP configuration details, without manual intervention. DHCP has been around for a while, and either already is or is becoming standard for many organizations. I travel a good deal with my laptop. The places I tend to travel to are DHCP enabled and I can to a meeting, or come back home – and just plug in and turn on my laptop to get onto the network . For me, DHCP just works. So, what have MS done in Windows 2000 to improve DHCP? Quite a lot, really. While the basic concept is the same, there’s a lot of new features. For a start, the RFCs that define DHCP have been updated, and the Windows 2000 DHCP Service now supports RFC 2131 and RFC 2132. Perhaps the first thing that most administrators will see is that DHCP is now managed and controlled by a Microsoft Management Console snap-in. Figure 1 shows this new Snap-in. As you can see from Figure 1, you can manage multiple DHCP servers from a single MMC console. While experienced DHCP administrators will need some time getting comfortable with this new tool, it should make it easier to manage large DHCP installations.
Figure 1 - The MMC Once you start using the MMC, you may notice that
the design of the DHCP MMC snap-in is sufficiently different from the
design of the DNS and WINS
snap-ins to make it very confusing.
It really looks like these three snap-ins were designed by
totally different people who never talked to each other. I filed a bug
on this (3SRZ) but Microsoft have responded: “We believe Windows 2000
is operating as intended.”. Oh well… A new feature that will be very popular with network administrators is Server Authorization. With Windows NT 4 and earlier, it was quite possible for someone to bring up a rogue server, and start serving out invalid addresses. I once ran a training course for a large computer manufacturer in Ireland. I’d asked their tech support guys to make sure I was off the network I demonstrated how easy it was to setup a DHCP server. A few seconds after activating the scope, we notices that every address had been taken. We never did found out what devices were using those addresses, but we got yanked off the factory network very, very quickly! With Windows 2000, the DHCP server will query the active directory to find out if the particular server has been authorized. If not, the service just fails to start. To achieve this, the server will broadcast a DHCPINFORM message on all interfaces. This message contains a vendor extension field. If any other DHCP server is on an attached subnet, it responds with a DHCPACK message, containing its domain name. This allows the server which is initializing to check with a domain controller in that domain to see if it is authorized. If so, it will complete the start up process. If not, it will shut down immediately, writing a message to the DHCP log. This process is repeated ever hour, which puts a very small amount of extra traffic on the network. To authorize a new DHCP server, the administrator uses the DHCP manager and types in the name or IP address of the server to be authorized. The DHCP manager then updates the Active Directory with the new authorization information. Integration with DNSThe Windows 2000 DNS service supports dynamic updates as defined in RFC 2136 which enables a client computer to automatically update the DNS server information with details of forward and reverse address mappings. Previously, this is something that would have required the DNS administrator to manually enter (and get right). For a DHCP enabled network, with lots of mobile users sharing data with colleagues and co-workers, it would probably be virtually impossible to manually keep the DNS information up to date. Windows 2000 clients can automatically update their DNS information. The Windows 2000 DHCP server is based around a new draft RFC describing DHCP and DNS interaction. You can find this document at ftp://ftp.ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dhc-dhcp-dns-04.txt, although by the time you read this, a newer version may be out (or possibly this document may have been published as a full RFC). This draft describes how a DHCP server registers and updates the address (A) and pointer (PTR) resource records on behalf of its DHCP-enabled clients. This draft also specifies the use of a new DHCP option code (option code 81). This option code will cause the client to return its fully qualified domain name (FQDN) to the DHCP server which can then updating the individual host's resource records with a dynamic DNS server. SuperscopesA superscope is an administrative feature in the MMC snap-in that enables you to manage multiple scopes as a single administrative entity. With this feature, a DHCP server can support DHCP clients on a single physical network segment (such as a single Ethernet LAN segment) where multiple logical IP networks are used. In NT4, a DHCP server could only activate a single scope per subnet. With superscopes, multiple scopes can be allocated to a physical network. This can be useful in cases such as when an existing DHCP scope’s available address pool is fully utilized and additional computers need to be supported, or when you want to migrate clients to a new scope to support renumbering an existing network. Superscopes also allow you to use multiple DHCP servers on a single network segment to manage separate logical subnets. Superscopes add flexibility and are very easy to manage with the MMC. Vendor and User ClassesDHCP provides the administrators with a very much simpler life – they can set the parameters for a subnet or subnets in the DHCP server and leave all the details of handing out leases to the DHCP server. But DHCP can also be inflexible, handing out the same parameters for every client on a subnet. You might, for example, only want certain clients to have a default gateway (and therefore be able to forward traffic to other networks), or you might want to give a Windows 2000 client different IP configuration details from a Windows 98 client. RFC 2031 defines a new facility, Vendor and User classes, which is implemented in Windows 2000. This feature is not fully working in Beta 3 (build 2031) and although it will be added in prior to the final release of Windows 2000. A DHCP client computer has both a client class and a user class identifier that is sent to the DHCP server when a lease is acquired or extended. The client class is vendor specific and is based on the client itself. This allows the administrator to distinguish between, for example a Windows 2000 computer and a Windows 98 computer. The user class is something that is set using IPCONFIG (See Figure 2). Once configured, any options configured for either of the user or vendor class can be sent, over riding default options set for the Scope.
Figure 2 - DHCP classes from the Command Prompt Auto ConfigurationIf a Windows 2000 computer, configured to obtain its IP address information from DHCP is unable to find a DHCP server, it will auto-configure an IP address and subnet mask. The IP address will be randomly selected from a special Microsoft-reserved class B network, 169.254.0.0, and will use a subnet mask, 255.255.0.0. To ensure that this address is not presently in use, the DHCP client will issue a gratuitous ARP. If an address conflict is found, the DHCP client will randomly select another IP address to try and use. The client will try up to 10 addresses before giving up. Once the auto-configured client completes initialization, it will continue to check for a DHCP server in the background every five minutes. To minimize disruption to a DHCP client that has previously obtained a lease from a DHCP server, auto configuration tries to be intelligent. If the client’s lease has not expired when it boots, and it can’t find a DHCP server, the client will attempts to ping the default gateway it obtained as part of its lease. If the default gateway is reached, then the DHCP client assumes that it hasn’t moved. It then continues to use the existing lease as normal. If the default gateway can not be reached, the client assumes it has been moved and in the absence of a DHCP server, will perform auto-configuration. For small networks, auto configuration enables TCP/IP to be self-configuring, which is a great feature for those sites with little or no TCP/IP expertise (and only a single subnet). For large companies,
the auto configuration feature allows a computer to come up when the
DHCP server is not currently available, and not generate error messages
that can be confusing to end users. But this may make the support
group’s job more difficult, since a computer will start up, apparently
normally, but will not be able to communicate with any other computer.
Auto-configuration can be disabled by setting IPAutoconfigurationEnabled
to 0. This value is held in the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters In summaryThere are a lot of new functions in the Windows 2000 DHCP server, and in the space available, I’ve only been able to touch on a few of them. Hopefully this will give you a great head start to using DHCP with Windows 2000. In next month’s column, I will be writing about System File Protection, a new feature in Windows 2000 that aims to make “DLL Hell” a thing of the past. I’ll look at what it is, how it works, and how it should help (and how to turn it off if it doesn’t help). If you have any comments on this column or suggestions for future columns, please email me at tfl@psp.co.uk. |
