1. Introduction to DHCP
DHCP: Dynamic Host Configuration Protocol, which is a local area network protocol working in the application layer. UDP is used for data transmission. It works with unreliable transmission protocol. It is usually used in large-scale local area network environment. Its main function is to centrally manage and allocate network resources;
In the network environment, not all devices can dynamically obtain ip addresses, gateways, etc,
If DHCP is assigned to the client, the speed limit can be unified and the device can be managed;
In fact, the operation is very simple, that is, turn on the device – > automatically obtain the IP address,
2. How DHCP works
Lease Trilogy
The client is connected to the network environment
- Then it will issue DHCP discover, which will find whether there is a dhcp server;
- Simple understanding: the client is shouting: can anyone assign an ip address
- And it uses 0.0.0.0 as a bit source address; Use 255.255.255.255 as the destination address
- Who is the DHCP server? You can give me an ip address
- I'm a client. Use MAC address or computer name to confirm yourself;
Server side:
- With this DHCP service, it found that someone asked if there was a DHCP device
- So they will send him a DHCP Offer and ask him if this is OK, accept it or not, and so on
- When the DHCP server receives the ip address information requested by the client,
- He will find out whether there is a legal IP address in his IP resource pool,
- He will record the ip address and package it into the offer package
- offer package: the mac address of the customer;
- There are legal IP, subnet, mask, default gateway, etc
- Also have their own ip address, and mac address, tell the server;
- It will use UDP 68 to broadcast these messages;
client:
- After receiving the offer, he just sends another request to the server
- The client finally received the offer information from the server;
- Then the IP address will be selected,
- After you have selected it, you will reply to a requested message,
- The client sends the requested information content
- Including the ip he wants to select. He wants to tell the dhcp server that it wants to use this ip
- However, the client still does not use this ip address, and it will continue to use 0.0.0.0 as the source address; Then it is sent to the dhcp server to broadcast the request information;
The server:
- Received the request from the client. OK, I'll send you an ack confirmation message;
- After the server receives the request information from the client, it will judge whether this address is used
- If someone uses it, they will send NACK reply to reject it
- If no one uses it, all right, here you are
Renewal
The client and server have reached an agreement before, and it is already using this dhcpip
Because dhcp ip has a lease term;
If the client is 50% past the lease term;
The client will send the message packet of DHCP request to the server in time;
If DHCP does not reply, the longest lease will start
client
- When the lease reaches 50%, it sends a request to the server
- If you receive a reply from the server, it will update the lease term; So continue to use
- If no reply is received from the server
- Then the client will continue to use it because it still has 50% of the time
- Until 87.5%, it will still send request information to the dhcp server
- What if you haven't received a reply? When it reaches 100%, it will directly discard the ip
- Then broadcast the request and try every 5 minutes;
3. DHCP service setup
Preparation environment:
Two servers:
-
The network mode is vmnet mode
-
192.168.75.40: HDCP server
-
192.168.75.41: acting as a client
-
Turn off firewall and selinux
-
Be sure to turn off the dhcp function of vmware;
[root@master ~]# iptables -F [root@master ~]# service iptables stop iptables: Set chain as policy ACCEPT: filter [determine] iptables: Clear firewall rules: [determine] iptables: Uninstalling module: [determine] [root@master ~]# getenforce Disabled [root@slave41 ~]# setenforce 0 setenforce: SELinux is disabled
DHCP server configuration
DHCP information
- Software name:
- dhcp: dhcp Server package
- dhcp common: installation package of dhcp related commands (installed by default)
- service name
- dhcp PD: dhcp service name
- dhcp relay: dhcp intermediate service name
- Port number:
- udp: 67 – > the target port of the client, which accepts the request of the client and DHCP request
- udp: 68 – > can be the source port of the server, which is used to recover packets from the client
- Profile:
- /etc/dhcp/dhcpd.conf: the default is an empty configuration file
- /usr/share/doc/dhcp-4.1.1/dhcpd6.conf.sample: the default template file for the configuration file
- /etc/sysconfig/dhcrelay: the configuration file used in the relay experiment
/etc/dhcp/dhcpd. Explanation of conf configuration file
When you see conf.sample, it is basically the template file of the configuration file
Note: at least one subnet segment is consistent with the local ip segment, otherwise an error will be reported
There are too many semicolons at the end of each statement; End, or you will report an error
#Check it out
[root@master ~]# vim /etc/dhcp/dhcpd.conf
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample #Here you are prompted to take a look at the configuration template file
# see 'man 5 dhcpd.conf' #The methods are all given to you. You can use the man 5 configuration file
#Copy the template file to the real configuration file
[root@master dhcp-4.1.1]# cp -a dhcpd.conf.sample /etc/dhcp/dhcpd.conf
cp: Overwrite"/etc/dhcp/dhcpd.conf"? y
#Real configuration file explanation
[root@master ~]# vim /etc/dhcp/dhcpd.conf
#Global configuration
default-lease-time 600; #The default lease is s
max-lease-time 7200; #Maximum lease by s
log-facility local7; #The log storage device is actually under / var/log/message
............
#The declared resource network segment and subnet mask. At least one of the network segments declared by dhcp is the same as the network segment used by the local machine;
subnet 192.168.75.0 netmask 255.255.255.0 {
##Declare the available IP address pool and the range that can be given to the client
#This network segment should be noted that broadcast address and gateway address cannot be assigned
range 192.168.75.100 192.168.75.110;
#Here is the dns address specified
option domain-name-servers 114.114.114.114;
#dns domain name is represented here
option domain-name "liangjiawei.net";
#Gateway address, which specifies the gateway address assigned to the client
option routers 192.168.75.2;
#This is the broadcast address
option broadcast-address 192.168.75.255;
#Default lease
default-lease-time 600;
#Maximum lease time
max-lease-time 7200;
}
#Assign a fixed ip to a host for ip address binding;
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
#Superscope
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
DHCP basic function test
dhcp server configuration
#Install software
[root@master ~]# yum -y install dhcp dhcp-common
#Prepare profile
[root@master ~]# cp -a dhcpd.conf.sample /etc/dhcp/dhcpd.conf
#Modify profile
[root@master ~]# cp -a /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bak
[root@master ~]# vim /etc/dhcp/dhcpd.conf
#Put all the previous notes
subnet 192.168.75.0 netmask 255.255.255.0 {
range 192.168.75.100 192.168.75.110;
#option domain-name-servers 114.114.114.114;
#option domain-name "liangjiawei.net";
option routers 192.168.75.2;
#option broadcast-address 192.168.75.255;
default-lease-time 600;
max-lease-time 7200;
}
#start-up
[root@master ~]# service dhcpd start
Starting dhcpd: [determine]
#Check whether port 67 is enabled
[root@master ~]# netstat -ntulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1118/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1197/master
tcp 0 0 :::22 :::* LISTEN 1118/sshd
tcp 0 0 ::1:25 :::* LISTEN 1197/master
udp 0 0 0.0.0.0:67 0.0.0.0:* 1422/dhcpd
Check the log file on the server side
[root@master ~]# tail -10 /var/log/messages .......... May 5 10:28:45 master dhcpd: Sending on Socket/fallback/fallback-net #The logs are recorded here. dhcp finds that there are requests from this mac address May 5 10:31:05 master dhcpd: DHCPDISCOVER from 00:0c:29:57:c1:ff via eth0 #dhcp gives an offer May 5 10:31:06 master dhcpd: DHCPOFFER on 192.168.75.100 to 00:0c:29:57:c1:ff (slave41) via eth0 #There's something here. I got a request May 5 10:31:06 master dhcpd: DHCPREQUEST for 192.168.75.100 (192.168.75.40) from 00:0c:29:57:c1:ff (slave41) via eth0 #ack is restored here May 5 10:31:06 master dhcpd: DHCPACK on 192.168.75.100 to 00:0c:29:57:c1:ff (slave41) via eth0
Client authentication
#Modify profile
[root@slave41 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=dhcp #This is modified to dhcp
#IPADDR=192.168.75.41 #Note original
#PREFIX=24
#GATEWAY=192.168.75.2
#DNS1=114.114.114.114
NAME="System eth0"
#Then restart the network check
#The original has changed, so the line is broken directly;
[c:\~]$ ssh root@192.168.75.100
Connecting to 192.168.75.100:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Last login: Wed May 5 10:31:16 2021
[root@slave41 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:57:c1:ff brd ff:ff:ff:ff:ff:ff
inet 192.168.75.100/24 brd 192.168.75.255 scope global eth0
inet6 fe80::20c:29ff:fe57:c1ff/64 scope link
valid_lft forever preferred_lft forever
DHCP (fixed address assignment test)
Scenario:
Some servers need to be bound with fixed ip,
This is the requirement of the client;
- Every time you want to get dhcp, you will get a fixed ip address
The server keeps a fixed address for the client;
Server configuration
#View the mac address of the client
[root@slave41 ~]# arp -a
? (192.168.75.1) at 00:50:56:c0:00:08 [ether] on eth0
? (192.168.75.40) at 00:0c:29:fd:e7:9f [ether] on eth0
[root@slave41 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:57:C1:FF
inet addr:192.168.75.100 Bcast:192.168.75.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe57:c1ff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:618 errors:0 dropped:0 overruns:0 frame:0
TX packets:417 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:55303 (54.0 KiB) TX bytes:48062 (46.9 KiB)
#Modify configuration file directly
[root@master ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.75.0 netmask 255.255.255.0 {
range 192.168.75.100 192.168.75.110;
#option domain-name-servers 114.114.114.114;
#option domain-name "liangjiawei.net";
option routers 192.168.75.2;
#option broadcast-address 192.168.75.255;
default-lease-time 600;
max-lease-time 7200;
}
................
host fantasia {
hardware ethernet 00:0C:29:57:C1:FF;
fixed-address 192.168.75.120; #This can be on an ip other than the address
}
#First restart the dhcp service
[root@master ~]# service dhcpd restart
close dhcpd: [determine]
Starting dhcpd: [determine]
Server log information
[root@master ~]# tail -7 /var/log/messages May 5 10:43:06 master dhcpd: Sending on Socket/fallback/fallback-net May 5 10:43:26 master dhcpd: DHCPREQUEST for 192.168.75.100 from 00:0c:29:57:c1:ff via eth0: lease 192.168.75.100 unavailable. May 5 10:43:26 master dhcpd: DHCPNAK on 192.168.75.100 to 00:0c:29:57:c1:ff via eth0 May 5 10:43:26 master dhcpd: DHCPDISCOVER from 00:0c:29:57:c1:ff via eth0 May 5 10:43:26 master dhcpd: DHCPOFFER on 192.168.75.120 to 00:0c:29:57:c1:ff via eth0 May 5 10:43:26 master dhcpd: DHCPREQUEST for 192.168.75.120 (192.168.75.40) from 00:0c:29:57:c1:ff via eth0 May 5 10:43:26 master dhcpd: DHCPACK on 192.168.75.120 to 00:0c:29:57:c1:ff via eth0 #It can also be seen from the log that the experiment was successful
DHCP superscope experiment (same network segment)
What is superscope?
The dhcp server can provide multiple scope renewal addresses for clients on a single physical device;
There is one situation:
- If dhcp ip is not enough and new devices come in, how to solve this problem?
- Multiple addresses can be provided for the LAN,
- Simply put, the client can not only allocate ip, but also communicate
- So what?
The referenced technology is superscope;
- There are two network segments involved. Normally, it is impossible to communicate normally,
- The function of supporting routing and forwarding is required;
- For example, 192.168.75.0 and 192.168.72.0 cannot communicate;
Experimental planning
DHCP server:
- You need to set up a single arm and another network card with sub interface;
- The server needs to have routing and forwarding function
Client: two
- You need to set dhcp to obtain IP
Server configuration
#Prepare subinterface network card
[root@master network-scripts]# cp -a ifcfg-eth0 ifcfg-eth0:0
#Modify sub profile
[root@master network-scripts]# vim ifcfg-eth0:0
DEVICE=eth0:0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.72.40
PREFIX=24
GATEWAY=192.168.75.2
DNS1=114.114.114.114
NAME="System eth0:0"
#Restart the network card
[root@master network-scripts]# service network restart
Closing interface eth0: [determine]
Close loopback interface: [determine]
Pop up loopback interface: [determine]
Pop up interface eth0: Determining if ip address 192.168.75.40 is already in use for device eth0...
Determining if ip address 192.168.72.40 is already in use for device eth0...
[determine]
#Check whether the configuration is successful
[root@master network-scripts]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:FD:E7:9F
inet addr:192.168.75.40 Bcast:192.168.75.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fefd:e79f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4381 errors:0 dropped:0 overruns:0 frame:0
TX packets:2886 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:384017 (375.0 KiB) TX bytes:432768 (422.6 KiB)
eth0:0 Link encap:Ethernet HWaddr 00:0C:29:FD:E7:9F
inet addr:192.168.72.40 Bcast:192.168.72.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
#Turn on routing forwarding
[root@master network-scripts]# vim /etc/sysctl.conf
.........
net.ipv4.ip_forward = 1
#Use the command to reread the load file
[root@master network-scripts]# sysctl -p
net.ipv4.ip_forward = 1 #It's good to see this
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
#The reference of superscope has been modified
#Modify dhcp configuration file
[root@master ~]# vim /etc/dhcp/dhcpd.conf
#Just keep the content
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 75-72 { #The name of the superscope is specified here,
subnet 192.168.75.0 netmask 255.255.255.0 { #Here is the network segment of 75.0
option routers 192.168.75.40; #Note that the gateway specifies the ip address of the local machine
range 192.168.75.90 192.168.75.90; #The specially specified range is a
}
subnet 192.168.72.0 netmask 255.255.255.0 { #This is the network segment of 72.0
option routers 192.168.72.40; #This is also the local ip gateway
range 192.168.72.80 192.168.72.80;
}
#Restart dhcp service
[root@master ~]# service dhcpd restart
close dhcpd: [determine]
Starting dhcpd: [determine]
test
Change the client to dhcp and restart the network view
- After direct restart, it is found that a device obtains 75.90
- The other one got 72.80
ping the two devices to each other. ping 192.168.75.90 or 192.168.72.80 can absorb each other,
The experiment is successful ~!
DHCP relay experiment
What is dhcp relay?
- dhcp relay (dhcp PR) is a small program,
- It can process and forward dhcp information between different subnets and physical network segments
- Breaking through the physical layer, dhcp can allocate dhcp ip for different network segments
Understanding experiment
dhcp server:
DHCP relay: consistent with DHCP server network segment
Client 2: different from dhcp server network segment,
Simple understanding:
- DHCP server: the network segment used is 75.0,
- Client: the network segment used is 72.0;
- The client cannot communicate with the dhcp server, so it cannot automatically dhcp to ip
- dhcp relay:
- This server can communicate with the dhcp server through the eth0 network card
- You can also communicate with the network segment of client 72.0 – > eth1 is used
- Then it can accept the request from the client and tell the dhcp server
- Let the dhcp server assign ip to the client
The general understanding is like this;
Experimental process:
plan:
- Prepare three servers
- dhcp server – > 192.168.75.0 network segment is used;
- dhcp relay server:
- eth0: the network segment of net card – > 192 is used to communicate with DHCP server
- eth1: host only mode – > 1100 network segment, used to communicate with clients
- client:
- eth0: host mode only – > 100 network segments. The mode is dhcp;
dhcp server configuration
- Install dhcp and dhcp common software
- Configure two network segments, one 192 and one 172 subnet
#Configure host name
[root@master ~]# hostname dhcp-server
[root@master ~]# su
[root@dhcp-server ~]#
#Prepare local yum source
[root@dhcp-server ~]# mount /dev/cdrom /mnt/cdrom/
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@dhcp-server ~]# vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt/cdrom
enabled=1
gpgcheck=0
#Turn off firewall and selinux
[root@dhcp-server ~]# iptables -F
[root@dhcp-server ~]# service iptables stop
iptables: Set chain as policy ACCEPT: filter [determine]
iptables: Clear firewall rules: [determine]
iptables: Uninstalling module: [determine]
[root@dhcp-server ~]# setenforce 0
setenforce: SELinux is disabled
#Install the corresponding software
[root@dhcp-server ~]# yum -y install dhcp dhcp-common
#Prepare configuration file
[root@dhcp-server ~]# cp -a /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
cp: Overwrite"/etc/dhcp/dhcpd.conf"? y
[root@dhcp-server ~]# cp -a /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bak
#Modify configuration file directly
[root@dhcp-server ~]# vim /etc/dhcp/dhcpd.conf
.........
subnet 192.168.75.0 netmask 255.255.255.0 { #Specifies the address pool for dhcp
range 192.168.75.80 192.168.75.85;
option routers 192.168.75.60; #Mainly note that this gateway needs to use the ip of DHCP relay
}
subnet 100.100.100.0 netmask 255.255.255.0 { #This is also the address pool of another network segment
range 100.100.100.10 100.100.100.15;
option routers 100.100.100.60; #The gateway also uses the ip of the dhcp relay as the gateway of the client
}
#Restart dhcp service
[root@dhcp-server ~]# service dhcpd start
Starting dhcpd: [determine]
dhcp relay server configuration
- In the whole experiment, this server plays a vital role
- It needs routing and forwarding to support the communication of 192 and 100 network segments
- On the other hand, it needs to help the client forward to the dhcp server
#Modify host name
[root@master60 ~]# hostname dhcp-relay
[root@master60 ~]# su -
[root@dhcp-relay ~]#
#Turn off the firewall and selinux
[root@dhcp-relay ~]# service iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@dhcp-relay ~]# setenforce 0
#Configure local source
[root@dhcp-relay ~]# mount /dev/cdrom /mnt/cdrom/
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@dhcp-relay ~]# vim /etc/yum.repos.d/local.repo
[local]
name=local-repo
baseurl=file:///mnt/cdrom
enabled=1
gpgcheck=0
#Install corresponding services
[root@dhcp-relay ~]# yum -y install dhcp dhcp-commom
#Configure relay rules
[root@dhcp-relay ~]# vim /etc/sysconfig/dhcrelay
# Command line options here
DHCRELAYARGS=""
# DHCPv4 only
INTERFACES="eth0 eth1" #The specified ports are eth0, and eth1
# DHCPv4 only
DHCPSERVERS="192.168.75.40" #dhcp server specified
#Turn on relay function
[root@dhcp-relay ~]# service dhcrelay start
Starting dhcrelay: [ OK ]
#Enable routing forwarding function
[root@dhcp-relay ~]# vim /etc/sysctl.conf
...
net.ipv4.ip_forward = 1
#Reloading kernel files
[root@dhcp-relay ~]# sysctl -p
net.ipv4.ip_forward = 1
...........
#Modify the ip address of network card eth1
[root@dhcp-relay ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=00:0C:29:DA:1E:97
TYPE=Ethernet
UUID=d03f8a0c-db47-4129-83ec-36f5f686ab42
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
USERCTL=no
PEERDNS=yes
IPV6INIT=no
IPADDR=100.100.100.60 #Add these two lines
NETMASK=255.255.255.0
#Restart the network
[root@dhcp-relay ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 192.168.75.60 is already in use for device eth0...
[ OK ]
Bringing up interface eth1: Determining if ip address 100.100.100.60 is already in use for device eth1...
[ OK ]
Client test
- Modify profile view
- Check the ip address and send the experiment successfully
You can also view it through the monitoring log