DHCP协议工作过程
由于在IP地址动态获取过程中采用广播方式发送报文,因此要求DHCP客户端和服务器位于同一个网段内。如果DHCP客户端和DHCP服务器位于不同的网段,则需要通过DHCP中继来中继转发DHCP报文。
通过DHCP中继完成动态配置的过程中,客户端与服务器的处理方式与不通过DHCP中继时的处理方式基本相同。下面仅以DHCP客户端与DHCP服务器在同一网段的情况为例,说明DHCP协议的工作过程。
为了动态获取并使用一个合法的IP地址,需要经历以下几个阶段:
(1) 发现阶段:即DHCP客户端寻找DHCP服务器的阶段。
(2) 提供阶段:即DHCP服务器提供IP地址的阶段。
(3) 选择阶段:即DHCP客户端选择某台DHCP服务器提供的IP地址的阶段。
(4) 确认阶段:即DHCP服务器确认所提供的IP地址的阶段。
【组网情况】
SW5--E0/4/5-----------------------------E0/4/0--R5
SW5作为DHCP服务器 R5与SW5相连的口都在vlan5中
SW5的主要配置:
#
dhcp server ip-pool 5
network 192.168.50.0 mask 255.255.255.0
gateway-list 192.168.50.10
#
interface Vlan-interface5
ip address 192.168.50.10 255.255.255.0
R5的主要配置:
#
interface Vlan-interface5
ip address dhcp-alloc
【实验需求】
将R5和SW5互联的口先shutdown 然后再R5主SW5上都开启debugging dhcp ,再开启互联口,观察服务器和客户端的信息。
【客户端debugging信息】
<R5>
%Mar 11 11:45:11:00 2013 R5 IFNET/4/LINK UPDOWN:
Ethernet0/4/0: link status is DOWN
%Mar 11 11:45:11:00 2013 R5 IFNET/4/LINK UPDOWN:
Vlan-interface5: link status is DOWN
%Mar 11 11:45:11:15 2013 R5 IFNET/4/UPDOWN:
Line protocol on the interface Vlan-interface5 is DOWN
*Mar 11 11:45:11:15 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Move to HALT state.
*Mar 11 11:45:11:31 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Send a Dhcp packet...
Head : op(BOOTPREQUEST); htype(ETHERNET); hlen(6); xid(0x37890204); op:报文的操作类型,分为请求报文和响应报文,1为请求报文;2为响应报文。 htype:硬件地址类型。 hlen:硬件地址长度。系统目前只对以太网支持,硬件地址长度固定为6。 xid:由客户端软件产生的随机数,用于匹配请求和应答报文。
ciaddr(192.168.50.1); yiaddr(0.0.0.0); chaddr(00e0-fc00-0501); ciaddr:DHCP客户端的IP地址。(这里有地址有是因为刚刚已经获得了) yiaddr:DHCP服务器分配给客户端的IP地址。
Options :
63 82 53 63 35 01 07 36 04 C0 A8 32 0A 3D 1F 00
30 30 65 30 2E 66 63 30 30 2E 30 35 30 31 2D 56
6C 61 6E 2D 69 6E 74 65 72 66 61 63 65 35 FF
*Mar 11 11:45:11:31 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Sending DHCPRELEASE packet succeeded. 发送DHCP释放报文
*Mar 11 11:45:11:31 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: FSM state transfer(BOUND-->HALT) successfully.
%Mar 11 11:45:39:547 2013 R5 IFNET/4/LINK UPDOWN:
Ethernet0/4/0: link status is UP
%Mar 11 11:45:39:562 2013 R5 IFNET/4/LINK UPDOWN:
Vlan-interface5: link status is UP
%Mar 11 11:45:39:562 2013 R5 IFNET/4/UPDOWN:
Line protocol on the interface Vlan-interface5 is UP
在接口起来后,需要经过如下四个阶段才能获取到IP
*Mar 11 11:45:39:562 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Move to INIT state.
*Mar 11 11:45:39:562 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: FSM state transfer(HALT-->INIT) successfully.
*Mar 11 11:45:39:562 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Send DHCPDISCOVER in 10000 ms.
*Mar 11 11:45:47:234 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Send a Dhcp packet...
Head : op(BOOTPREQUEST); htype(ETHERNET); hlen(6); xid(0xc96419d);
ciaddr(0.0.0.0); yiaddr(0.0.0.0); chaddr(00e0-fc00-0501);
Options :
63 82 53 63 35 01 01 0C 02 52 35 32 04 C0 A8 32
01 37 05 01 03 06 0F 2B 39 02 04 80 3C 0C 48 33
43 2E 20 53 49 4D 57 41 52 45 3D 1F 00 30 30 65
30 2E 66 63 30 30 2E 30 35 30 31 2D 56 6C 61 6E
2D 69 6E 74 65 72 66 61 63 65 35 FF
*Mar 11 11:45:47:234 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Sending DHCPDISCOVER packet succeeded. //在发现阶段,DHCP客户端通过发送DHCP-DISCOVER报文来寻找DHCP服务器。广播方式发送
*Mar 11 11:45:47:234 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: FSM state transfer(INIT-->SELECTING) successfully.
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Receive a packet.
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Receive a DHCP packet... 收到一个服务器的回包 //如果有多台DHCP服务器向DHCP客户端回应DHCP-OFFER报文,则DHCP客户端只接受第一个收到的DHCP-OFFER报文。然后以广播方式发送DHCP-REQUEST请求报文,该报文中包含Option 54(服务器标识选项),即它选择的DHCP服务器的IP地址信息。
Head : op(BOOTPREPLY); htype(ETHERNET); hlen(6); xid(0xc96419d);
ciaddr(0.0.0.0); yiaddr(192.168.50.1); chaddr(00e0-fc00-0501);
Option : type(DHCPOFFER); mask(255.255.255.0); lease(86400);
T1(43200); T2(75600); server(192.168.50.10); default router(192.168.50.10);
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Select 192.168.50.10 as the server. 将192.168.50.10 设置为DHCP服务器 //网络中接收到DHCP-DISCOVER报文的DHCP服务器,会选择一个合适的IP地址,连同IP地址租约期限和其他配置信息(如网关地址,域名服务器地址等)一同通过DHCP-OFFER报文发送给DHCP客户端。
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Send a Dhcp packet...
Head : op(BOOTPREQUEST); htype(ETHERNET); hlen(6); xid(0xc96419d);
ciaddr(0.0.0.0); yiaddr(0.0.0.0); chaddr(00e0-fc00-0501);
Options :
63 82 53 63 35 01 03 0C 02 52 35 32 04 C0 A8 32
01 36 04 C0 A8 32 0A 37 05 01 03 06 0F 2B 39 02
04 80 3C 0C 48 33 43 2E 20 53 49 4D 57 41 52 45
3D 1F 00 30 30 65 30 2E 66 63 30 30 2E 30 35 30
31 2D 56 6C 61 6E 2D 69 6E 74 65 72 66 61 63 65
35 FF
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Sending DHCPREQUEST packet succeeded.
*Mar 11 11:45:47:656 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: FSM state transfer(SELECTING-->REQUESTING) successfully.
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Receive a packet.
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Receive a DHCP packet...
Head : op(BOOTPREPLY); htype(ETHERNET); hlen(6); xid(0xc96419d);
ciaddr(0.0.0.0); yiaddr(192.168.50.1); chaddr(00e0-fc00-0501);
Option : type(DHCPACK); mask(255.255.255.0); lease(86400);
T1(43200); T2(75600); server(192.168.50.10); default router(192.168.50.10);
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Begin to detect IP address conflict via ARP. 开始检测是否有IP地址冲突 //DHCP客户端收到DHCP服务器返回的DHCP-ACK确认报文后,会以广播的方式发送免费ARP报文,探测是否有主机使用服务器分配的IP地址,如果在规定的时间内没有收到回应,客户端才使用此地址。否则,客户端会发送DHCP-DECLINE报文给DHCP服务器,通知DHCP服务器该地址不可用,并重新申请IP地址。
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Sending arp request for address(192.168.50.1) succeeded.
*Mar 11 11:45:47:672 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Move to BOUND state in 1500 milliseconds if no arp reply is received.
*Mar 11 11:45:48:844 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Receive no arp reply for 192.168.50.1, begin to use the address.
*Mar 11 11:45:48:844 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: FSM state transfer(REQUESTING-->BOUND) successfully.
*Mar 11 11:45:48:844 2013 R5 DHCPC/7/DHCP_Client:
Vlan-interface5: Sending arp request for address(192.168.50.10) succeeded.
<R5>
<R5>
<R5>
【服务器debugging信息】
Checking for expired lease.
<SW5>sy
System View: return to User View with Ctrl+Z.
[SW5]int e0/4/5
[SW5-Ethernet0/4/5]shut
*Mar 11 11:45:11:235 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
Checking for expired lease.
[SW5-Ethernet0/4/5]
%Mar 11 11:45:11:313 2013 SW5 IFNET/4/LINK UPDOWN:
Ethernet0/4/5: link status is DOWN
%Mar 11 11:45:11:328 2013 SW5 IFNET/4/LINK UPDOWN:
Vlan-interface5: link status is DOWN
%Mar 11 11:45:11:328 2013 SW5 IFNET/4/UPDOWN:
Line protocol on the interface Vlan-interface5 is DOWN
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
*Mar 11 11:45:26:110 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
Checking for expired lease.
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]undo shut
[SW5-Ethernet0/4/5]
%Mar 11 11:45:39:860 2013 SW5 IFNET/4/LINK UPDOWN:
Ethernet0/4/5: link status is UP
%Mar 11 11:45:39:875 2013 SW5 IFNET/4/LINK UPDOWN:
Vlan-interface5: link status is UP
%Mar 11 11:45:39:875 2013 SW5 IFNET/4/UPDOWN:
Line protocol on the interface Vlan-interface5 is UP
[SW5-Ethernet0/4/5]
*Mar 11 11:45:41:00 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
Checking for expired lease.
*Mar 11 11:45:47:578 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Receive DHCPDISCOVER from 00e0.fc00.0501-Vlan-interface5. //网络中接收到DHCP-DISCOVER报文的DHCP服务器,会选择一个合适的IP地址,连同IP地址租约期限和其他配置信息(如网关地址,域名服务器地址等)一同通过DHCP-OFFER报文发送给DHCP客户端。
DHCP服务器通过地址池保存可供分配的IP地址和其他配置信息。当DHCP服务器接收到DHCP请求报文后,将从IP地址池中取得空闲的IP地址及其他的参数,发送给DHCP客户端。
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:
Rx, interface Vlan-interface5
Message type: request
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 2638321164
Seconds: 0, Broadcast flag: 0
Client IP address: 0.0.0.0 Your IP address: 0.0.0.0
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 00e0-fc00-0501
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Discover
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Find the lease successfully.
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Assign Used Lease from global pool.
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Requesting security module(s) to delete a security entry (192.168.50.1 00e0-fc00-0501) succeeded.
*Mar 11 11:45:47:610 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Sending ICMP ECHOREQUEST to target IP: 192.168.50.1. //DHCP服务器为客户端分配IP地址时,服务器首先需要确认所分配的IP没有被网络上的其他设备所使用。DHCP服务器通过发送ICMP Echo Request(ping)报文对分配的IP进行探测。如果在规定的时间内没有应答,那么服务器就会再次发送ping报文。到达规定的次数后,如果仍没有应答,则所分配的IP地址可用。否则将探测的IP地址记录为冲突地址,并重新选择IP地址进行分配。
*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: ICMP Timeout! Ping 超时
*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: ICMP detecting finished. The target IP can be used for dhcp allocation.
*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:
Tx, interface Vlan-interface5
Message type: reply
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 2638321164
Seconds: 0, Broadcast flag: 0
Client IP address: 0.0.0.0 Your IP address: 192.168.50.1 你的IP是 192.168.50.1
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 00e0-fc00-0501
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Offer
*Mar 11 11:45:47:953 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DhcpServer: Send DHCPOFFER to 00e0.fc00.0501-Vlan-interface5 Offer IP=> 192.168.50.1. 发送dhcp offer报文
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Receive DHCPREQUEST from 00e0.fc00.0501-Vlan-interface5.
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:
Rx, interface Vlan-interface5
Message type: request
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 2638321164
Seconds: 0, Broadcast flag: 0
Client IP address: 0.0.0.0 Your IP address: 0.0.0.0
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 00e0-fc00-0501
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Request
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Acknowledge the DHCPREQUEST message! 收到DHCP客户端发送的DHCP-REQUEST请求报文 客户端以广播方式发送DHCP-REQUEST请求报文,是为了通知所有的DHCP服务器,它将选择Option 54中标识的DHCP服务器提供的IP地址,其他DHCP服务器可以重新使用曾提供的IP地址。
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_PACKET:
Tx, interface Vlan-interface5
Message type: reply
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 2638321164
Seconds: 0, Broadcast flag: 0
Client IP address: 0.0.0.0 Your IP address: 192.168.50.1
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 00e0-fc00-0501
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Ack
*Mar 11 11:45:47:969 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DhcpServer: Send DHCPACK to 00e0.fc00.0501-Vlan-interface5 Offer IP=> 192.168.50.1. 收到DHCP客户端发送的DHCP-REQUEST请求报文后,DHCP服务器根据DHCP-REQUEST报文中携带的MAC地址来查找有没有相应的租约记录。如果有,则发送DHCP-ACK报文作为应答,通知DHCP客户端可以使用分配的IP地址。
*Mar 11 11:45:48:00 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
DHCPServer: Requesting security module(s) to add a security entry (192.168.50.1 00e0-fc00-0501) succeeded.
*Mar 11 11:45:56:328 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
Checking for expired lease.
*Mar 11 11:46:11:141 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
Checking for expired lease.
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
*Mar 11 11:46:26:875 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
Checking for expired lease.
*Mar 11 11:46:42:188 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
Checking for expired lease.
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
[SW5-Ethernet0/4/5]
*Mar 11 11:46:57:360 2013 SW5 DHCPS/7/DHCPS_DEBUG_COMMON:
综 上:
1. 发现阶段
在发现阶段,DHCP客户端通过发送DHCP-DISCOVER报文来寻找DHCP服务器。
由于DHCP服务器的IP地址对于客户端来说是未知的,所以DHCP客户端以广播方式发送DHCP-DISCOVER报文。所有收到DHCP-DISCOVER报文的DHCP服务器都会发送回应报文,DHCP客户端据此可以知道网络中存在的DHCP服务器的位置。
2. 提供阶段
网络中接收到DHCP-DISCOVER报文的DHCP服务器,会选择一个合适的IP地址,连同IP地址租约期限和其他配置信息(如网关地址,域名服务器地址等)一同通过DHCP-OFFER报文发送给DHCP客户端。
DHCP服务器通过地址池保存可供分配的IP地址和其他配置信息。当DHCP服务器接收到DHCP请求报文后,将从IP地址池中取得空闲的IP地址及其他的参数,发送给DHCP客户端。
DHCP服务器为客户端分配IP地址的优先次序如下:
(1) 与客户端MAC地址或客户端ID静态绑定的IP地址;
(2) DHCP服务器记录的曾经分配给客户端的IP地址;
(3) 客户端发送的DHCP-DISCOVER报文中Option 50字段指定的IP地址;
(4) 在DHCP地址池中,顺序查找可供分配的IP地址,最先找到的IP地址;
(5) 如果未找到可用的IP地址,则依次查询租约过期、曾经发生过冲突的IP地址,如果找到则进行分配,否则将不予处理。
DHCP服务器为客户端分配IP地址时,服务器首先需要确认所分配的IP没有被网络上的其他设备所使用。DHCP服务器通过发送ICMP Echo Request(ping)报文对分配的IP进行探测。如果在规定的时间内没有应答,那么服务器就会再次发送ping报文。到达规定的次数后,如果仍没有应答,则所分配的IP地址可用。否则将探测的IP地址记录为冲突地址,并重新选择IP地址进行分配。
3. 选择阶段
如果有多台DHCP服务器向DHCP客户端回应DHCP-OFFER报文,则DHCP客户端只接受第一个收到的DHCP-OFFER报文。然后以广播方式发送DHCP-REQUEST请求报文,该报文中包含Option 54(服务器标识选项),即它选择的DHCP服务器的IP地址信息。
以广播方式发送DHCP-REQUEST请求报文,是为了通知所有的DHCP服务器,它将选择Option 54中标识的DHCP服务器提供的IP地址,其他DHCP服务器可以重新使用曾提供的IP地址。
4. 确认阶段
收到DHCP客户端发送的DHCP-REQUEST请求报文后,DHCP服务器根据DHCP-REQUEST报文中携带的MAC地址来查找有没有相应的租约记录。如果有,则发送DHCP-ACK报文作为应答,通知DHCP客户端可以使用分配的IP地址。
DHCP客户端收到DHCP服务器返回的DHCP-ACK确认报文后,会以广播的方式发送免费ARP报文,探测是否有主机使用服务器分配的IP地址,如果在规定的时间内没有收到回应,客户端才使用此地址。否则,客户端会发送DHCP-DECLINE报文给DHCP服务器,通知DHCP服务器该地址不可用,并重新申请IP地址。
如果DHCP服务器收到DHCP-REQUEST报文后,没有找到相应的租约记录,或者由于某些原因无法正常分配IP地址,则发送DHCP-NAK报文作为应答,通知DHCP客户端无法分配合适IP地址。DHCP客户端需要重新发送DHCP-DISCOVER报文来请求新的IP地址。