Saturday, 22 August 2015

DHCP Client Behaviour

In this post, we'll take a look at how DHCP clients behave when they are getting new IPs or renewing their lease or when they cannot renew their lease because the DHCP server is unavailable. 

DHCP Messages

DHCP has a number of standard messages that can be sent/received between the server and the client. These are below:


Obtaining a new lease

When a client connects to a new network or a network it was on currently where its lease has expired, it needs to get a new lease. First a DHCPDISCOVER message is sent (broadcast). The server then replies with a DHCPOFFER message which is also a broadcast message as the client doesn't yet have an IP on the same subnet as the server. From here, a DHCPREQUEST message is sent by the client which is then acknowledged by the server as a DHCPACK message. The client can then use the IP and has received a list of options to use. The process is summarised below:

  1. DHCPDISCOVER (client > server)
  2. DHCPOFFER (server > client)
  3. DHCPREQUEST (client > server)
  4. DHCPACK (server > client)

Renewing a lease

When renewing a lease, the DHCP converstation is below:

  1. DHCPREQUEST (client > server)
  2. DHCPACK or DHCPNACK (server > client)

The client sends a DHCPREQUEST which is unicast this time as the client already has a valid IP address. The server then responds with DHCPACK if the IP is still available to the client or DHCPNACK if the client is to have another IP. 

Renewing a lease is first attempted when the client has had the lease for 50% of the total lease period. It first attempts to contact the DHCP server that leased the IP. If this DHCP server is not available then it'll wait till 7/8 of the lease is up before sending a broadcast message to find any other available DHCP server. This is in fact what happens in the case of a DHCP failover where the server that assigned the IP to the client is now offline. For more information, see my three part series on DHCP failover here.

Below is a network capture using Message Analyzer showing my laptop receiving a DHCPACK message. You can see a DHCPACK message from the server which shows that the lease is 28800s and the time to renew is 14400 and the second time to renew is 25200 (28800 * 7/8). You can also see the server address and the DHCP options (DomainName, Router and DomainNameServer).


DHCP server unavailable

When the DHCP server is unavailable, the client keeps trying to access it. It does this by sending DHCPDISCOVER packets in this pattern which repeats every 5mins:


On restart, the client will usually try to get a new lease however if the DHCP server is not available, it doesn't fall back to the alternate or APIPA address (Automatic Private IP Address, 169.254.0.0/16) if it can still ping the default gateway and there is time on the lease. It uses the default gateway to identify the network and if it can find it then it assumes it's on the same network it was on before it was restarted.

APIPA and alternate addresses


If there is no time on the lease or the default gateway is unavailable, the client uses the alternate address it was configured with or it uses an APIPA address. Before using either address, the client uses ARP to ensure that the address is not in use. 

When using either an alternate or APIPA address, the client will continue trying to contact a DHCP server every 5mins to get a lease. 

Conclusion

In this post, we looked at the way DHCP clients and servers communicate and what happens in the scenarios where there is no DHCP server available. For more information, see the articles below. 

No comments:

Post a Comment