Tài liệu Module 3: DHCP as a Solution for IP Configuration pptx

• Emphasize that, in a routed network, in which broadcast domains are restricted, the DHCP Relay Agent provided in Windows 2000 forwards broadcast traffic from the DHCP Client to the DHC

Enhancing a DHCP Design for Availability 23

Enhancing a DHCP Design for

Performance 28

Lab A: Designing a DHCP Solution 32

Review 40

Module 3: DHCP as a Solution for IP

Configuration

with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2000 Microsoft Corporation All rights reserved

Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting, PowerPoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media, Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries/regions

Project Lead: Don Thompson (Volt Technical)

Instructional Designers: Patrice Lewis (S&T OnSite), Renu Bhatt NIIT (USA) Inc

Instructional Design Consultants: Paul Howard, Susan Greenberg

Program Managers: Jack Creasey, Doug Steen (Independent Contractor)

Technical Contributors: Thomas Lee, Bernie Kilshaw, Joe Davies

Graphic Artist: Kirsten Larson (S&T OnSite)

Editing Manager: Lynette Skinner

Editor: Kristen Heller (Wasser)

Copy Editor: Kaarin Dolliver (S&T Consulting)

Online Program Manager: Debbi Conger

Online Publications Manager: Arlo Emerson (Aditi)

Online Support: Eric Brandt (S&T Consulting)

Multimedia Development: Kelly Renner (Entex)

Test Leads: Sid Benevente, Keith Cotton

Test Developer: Greg Stemp (S&T OnSite)

Production Support: Lori Walker (S&T Consulting)

Manufacturing Manager: Rick Terek (S&T OnSite)

Manufacturing Support: Laura King (S&T OnSite)

Lead Product Manager, Development Services: Bo Galford

Lead Product Manager: Ken Rosen

Group Product Manager: Robert Stewart

Other product and company names mentioned herein may be the trademarks of their respective owners

Instructor Notes

This module provides students with the information and decision-making experiences needed to design an Internet Protocol (IP) configuration service by using the DHCP service in Microsoft® Windows® 2000 Students will evaluate and create DHCP solutions to support the IP configuration requirements of an organization

At the end of this module, students will be able to:

Recognize DHCP as a solution for the IP configuration needs of an organization

Evaluate and create a DHCP solution for nonrouted networks, routed networks, and various client types

Select the appropriate strategies to secure a DHCP solution

Select the appropriate strategies to enhance the availability of a DHCP design

Select the appropriate strategies to enhance the performance of a DHCP design

Upon completion of the lab, students will be able to analyze and design a DHCP solution that supports the IP configuration requirements of an organization

Course Materials and Preparation

This section provides you with the materials and preparation needed to teach this module

Required Materials

To teach this module, you need the following materials:

Microsoft PowerPoint® file 1562B_03.ppt

Preparation Tasks

To prepare for this module, you should:

Review the contents of this module

Review RFCs 951, 2131, and 2132, and the Internet Engineering Task Force (IETF) draft “Multicast Address Dynamic Client Allocation Protocol (MADCAP)”, dated May 24, 1999, or the latest revision, which is available

Understand how and why to create user or vendor options within DHCP scopes

Review the discussion material and be prepared to lead class discussions on the topics

Complete the lab and be prepared to elaborate beyond the solutions found there

Read the review questions and be prepared to elaborate beyond the answers provided in the text

Module Strategy

Use the following strategy to present this module

Introducing DHCP The DHCP service in Windows 2000 provides an automated and centrally managed Transmission Control Protocol/Internet Protocol (TCP/IP) configuration scheme For IP configuration management, a DHCP solution provides automation for hosts on single or multiple subnets

In this section:

• Explain that the network designer needs to determine the host population, the subnet configuration, and the network topology This information provides the basis for defining the subnets and the options for the DHCP Client

• Emphasize the message-driven protocol of requests and responses between the DHCP Server and the DHCP Client Explain that Scopes, Superscopes, and TCP/IP options are the three management features supported by DHCP

• Make sure the students understand that DHCP Server and DHCP Client, with capital S and capital C, respectively, are used throughout the module to indicate a server or client running the DHCP Server service in Windows 2000 or a Microsoft Windows–based DHCP Client

• Point out that, to extend service capabilities and reduce network management, the DHCP service integrates with other Windows 2000 networking services

Designing a Functional DHCP Solution

A functional DHCP service supports various types of hosts in simple, routed, and dial-up networks

In this section:

• Emphasize that in a simple, nonrouted environment, a single DHCP Server may be all that is required Discuss the placement of DHCP Servers, and the selection of TCP/IP options

• Emphasize that, in a routed network, in which broadcast domains are restricted, the DHCP Relay Agent provided in Windows 2000 forwards broadcast traffic from the DHCP Client to the DHCP Server Point out that the decision whether to use single or multiple DHCP Servers depends on routing configuration, network configuration, and server hardware architecture

• Point out that DHCP supports non-Microsoft DHCP clients, Bootstrap Protocol (BOOTP) clients, and non-DHCP clients

• Make sure students understand the illustration, scenario description, and directions for the Discussion Direct them to read through the scenario and answer the questions Be prepared to clarify if necessary Lead a class discussion on the students’ responses

• Describe the problems that are caused by the use of unauthorized DHCP Servers in a network Point out that the exclusive use of Windows 2000–based DHCP Servers, and the authorization of the DHCP Servers in Active Directory, prevents the use of unauthorized DHCP Servers in the network

• Emphasize that there are risks of unauthorized access when using the DHCP service in screened subnets Describe the methods available to deal with these risks

Enhancing a DHCP Design for Availability

A highly available DHCP solution ensures that the DHCP service is available whenever required

In this section:

• Describe the use of distributed scopes to provide DHCP Server redundancy, and to share the DHCP Client load

• Describe how the use of Windows Clustering increases the availability

of an individual DHCP Server Point out that the benefits that are achieved by using Windows Clustering must be weighed against the additional hardware requirements

• Make sure students understand the illustration, scenario description, and directions for the Discussion Direct them to read through the scenario and answer the questions Be prepared to clarify if necessary Lead a class discussion on the students’ responses

Enhancing a DHCP Design for Performance The performance of the DHCP service can be optimized to provide the fastest possible response to DHCP Client requests

Lab Strategy

Use the following strategy to present this lab

Lab A: Designing a DHCP Solution

In this lab, students will design a DHCP solution based on specific requirements outlined in the given scenario

Students will review the scenario and the design limitations and requirements, and read any supporting materials They will use this information, and the knowledge gained from the module, to develop a detailed design that uses DHCP as the solution

To conduct the lab:

Read through the lab carefully, paying close attention to the instructions and

to the details of the scenario

Divide the class into teams of two or more students

Present the lab and make sure students understand the instructions and the purpose of the lab

Explain that the design worksheet is to be used to develop their solution

Remind students to consider any functionality, security, availability, and performance criteria that are provided in the scenario, and how they will incorporate strategies to meet these criteria in their design

Allow some time to discuss the solutions after the lab is completed A solution is provided on the Instructor CD to help you review the lab results Encourage students to critique each other’s solutions and to discuss any ideas for improving their designs

Overview

The increasing complexity of network infrastructures demonstrates the need for

an automated and centrally managed Internet Protocol (IP) configuration scheme The DHCP service in Microsoft® Windows® 2000 provides an automated IP addressing service and centralized management of Transmission Control Protocol/Internet Protocol (TCP/IP) configuration parameters

At the end of this module, you will be able to:

Recognize DHCP as a solution for the IP configuration needs of an organization

Evaluate and create a DHCP solution for nonrouted networks, routed networks, and various client types

Select the appropriate strategies to secure a DHCP solution

Select the appropriate strategies to improve the availability of a DHCP design

Select the appropriate strategies to improve the performance of a DHCP design

In this module, you will

evaluate and design DHCP

solutions for IP

configuration

The Dynamic Host Configuration Protocol (DHCP) is a message-driven protocol that allows hosts on the network to acquire an IP address and TCP/IP client option information from a DHCP server There are two components to DHCP in Windows 2000, a DHCP Server service and a DHCP Client

DHCP Server and DHCP Client, with capital S and capital C, respectively, are used throughout the module to indicate a server or client running the DHCP Server service in Windows 2000 or a Microsoft Windows–based DHCP Client

When designing a DHCP solution, the network designer must:

Define the requirements for a DHCP solution for the network

Identify the features provided by DHCP and how these features support the design requirements for the DHCP solution

Identify the benefits of integration between DHCP and other Windows 2000 services

requests and responses

between the DHCP Client

and the DHCP Server Refer

students to the relevant

RFCs, the online

Windows 2000 Help files,

and the Windows 2000

Resource Kit, for further

information

Note

be supplied by the DHCP service to allow successful DHCP Client operation on the IP network

In an IP network that uses DHCP, you must allocate each DHCP Client an IP address and configuration information to enable IP communication The DHCP Server maintains a database that includes available and allocated IP addresses for defined subnets and the client TCP/IP options

you must determine the

number of hosts, the

number of subnets, and the

configuration of the network

To design an effective DHCP service infrastructure, you must understand the features of the DHCP service and how these features solve the IP configuration requirements of an organization

RFC Compliance

The DHCP service in Windows 2000 complies with RFCs 951, 2131, and 2132 The three primary management features that DHCP supports are:

subnet Superscopes allow easy extension of the IP address range being offered to a subnet, particularly if the range offered is noncontiguous

to the DHCP Client

For each DHCP Server, the TCP/IP options can be defined by using default (global) server options; or for each scope by using scope options, class options, and reserved options

DNS Integration

DHCP and DNS integration allows earlier versions of Windows-based clients, and non-Microsoft DHCP clients, to have their records automatically updated in the DNS database by the DHCP Server

Active Directory Integration

The integration of the DHCP service with the Active Directory™ directory service allows DHCP Servers to be authorized within Active Directory

Windows 2000–based DHCP Servers do not start unless authorized

you need to understand the

DHCP features and how

these features support the

IP configuration

requirements of an

organization

For Your Information

The IETF draft cited in the

student notes is subject to

change Refer to the IETF

documents to ensure that

the latest revision is

communicated to the

students

Note

Microsoft’s Vendor-Specific Options

In addition to RFC 2131-compliant DHCP options, Microsoft supports several vendor-specific options Defined in RFC 2132, these vendor options in the DHCP service in Windows 2000 include:

on Windows 2000 DHCP Clients Earlier Windows clients require NetBT; therefore, they do not support this option

enabled computers send a release for their current DHCP lease to the DHCP

Server when the computer shuts down

configured here as the base metric for its default gateways

Some DHCP Server options supported by Windows 2000 are only recognized by a Windows 2000 DHCP Client Previous versions of Windows clients and non-Microsoft clients might not support all options

Microsoft Support for Multicast IP Address Allocation

The DHCP service in Windows 2000 supports the Multicast Address Dynamic Client Allocation Protocol (MADCAP), in addition to DHCP These protocols are supported independently by the DHCP service MADCAP is used to enable multicast clients to join multicast groups The DHCP service in Windows 2000 supports multicast scopes independently of the DHCP scopes

Valid addresses for a multicast scope are in the following ranges:

239.255.0.0 to 239.255.255.255 239.254.0.0 to 239.254.255.255 239.253.0.0 to 239.253.255.255

For more information on MADCAP and support for multicast groups, see the IETF draft: "Multicast Address Dynamic Client Allocation Protocol

(MADCAP)", dated May 24, 1999, or the latest revision, which is available at ftp://www.ietf.org/internet-drafts/draft-ietf-malloc-madcap-07.txt

Note

Note

Integration Benefits

DNS Server

IP Address

Server Authorization

Name Registration

DHCP Server

Active Directory

Routing and Remote Access Server

DNS

To extend service capabilities and reduce network management, the DHCP service integrates with other Windows 2000 networking services

Routing and Remote Access Integration

The integration of Routing and Remote Access and DHCP allows a remote access server to obtain IP address leases from DHCP These address leases are then assigned to remote access clients connecting to the server Upon

initialization, the remote access server contacts the DHCP Server and requests

IP addresses—one used internally and ten for issue to clients As the number of simultaneous remote access clients increases, the server requests additional IP addresses from the DHCP Server in blocks of ten

If the remote access server is configured to use the DHCP Relay Agent, all DHCP configuration information is provided to the remote access clients If the DHCP Relay Agent is not configured on the remote access server, the remote access clients receive only the IP address and subnet mask provided by the DHCP Server

DNS Integration

For clients with dynamically allocated IP addresses, you cannot manually update the client name information in DNS The integration of DHCP with DNS allows you to configure the DHCP Server to update the client records in DNS when an IP address is leased

DHCP and DNS integration allows non–Active Directory, previous versions of Windows-based clients, and non-Microsoft DHCP clients, to have their records automatically updated in the DNS database by the DHCP Server

Windows 2000–based DHCP Clients automatically update their own records in DNS, but you must enable the DHCP Server to update the DNS database for other clients, if required

Slide Objective

To describe how the DHCP

service integrates with other

services in Windows 2000

Lead-in

You can integrate the DHCP

service with other

Windows 2000 services to

extend service capabilities

and reduce network

management

Active Directory Integration

Non-authorized DHCP servers have the potential to disrupt network operation

by issuing incorrect IP addresses or option information to clients The integration of the DHCP service with Active Directory allows DHCP Servers to

be authorized within Active Directory Non-authorized Windows 2000–based DHCP Servers will not start, which eliminates the potential for disruption of IP address leases on a network

The authorization of DHCP servers in Active Directory functions only with Windows 2000–based DHCP Servers At least one DHCP Server must be installed on an Active Directory domain controller, or server, to allow

authorization to work

Note

Designing a Functional DHCP Solution

You can design an IP configuration service by using DHCP to support various types of hosts in simple, routed, and dial-up networks You can design the DHCP service to integrate with other Windows 2000 services, such as DNS, to simplify the name registration of hosts that have dynamically allocated IP addresses

Slide Objective

To describe the various host

types that the DHCP service

supports

Lead-in

A DHCP service supports

various host types in a LAN,

routed network, or dial-up

network

Designing a DHCP Service for a LAN

SuperScope 1

DHCP 1

Scope A Active

Scope B Active

SuperScope 2

DHCP 2

Scope X Active

Scope Y Active

Configuration for 2 DHCP Servers

Reserved Class Scope Global

TCP/IP Options

“Portable” Reserved Class Scope Global

“Desktop”

A single DHCP Server can potentially support the DHCP service for several thousand DHCP clients in a nonrouted local area network (LAN) Many small

to medium-sized LANs are built by using ISO layer 2 switches, thereby allowing large client counts on a single logical subnet

A DHCP service for switched environments with multiple broadcast domains may require DHCP Relay Agents even though the network is not routed

Placement of DHCP Servers

With a single DHCP Server, DHCP Client requests are allocated from a single scope This single scope defines all addresses and TCP/IP options offered for the LAN

With multiple DHCP Servers, it is unknown which server will answer a DHCP Client broadcast first In this case, share the IP address range equally between the DHCP scopes For each server, define a superscope that includes all scopes for the subnet Scopes are enabled only in the server issuing IP addresses from that scope

Server might be all that is

required to issue IP address

and configuration for DHCP

Clients

Caution

Selecting TCP/IP Options for a LAN

In a nonrouted LAN configuration where the computer population is stable or invariant, the following options reduce and control the DHCP traffic:

Set DHCP leases to extended times

If your network is subject to frequent reconfiguration, you may need to reduce the lease time DHCP Clients renew their lease at startup and 50 percent of lease time, so this is the shortest time to update TCP/IP options

Use DHCP classes to customize DHCP scope options, and use names such

as “Portable” and “Desktop” to describe the collections of options used for a particular scope

Tip

Designing a DHCP Service for a Routed Network

DHCP Client

DHCP Client

With BOOTP Forwarding

No BOOTP Forwarding

DHCP Relay Agent

DHCP Server

Non-DHCP Client

Subnet 1

Subnet 2

Subnet 3

DHCP Clients

DHCP Clients and Servers initially establish DHCP leases by using media access control and IP broadcast packets However, in most networking environments, broadcast packets do not propagate through routers, thus limiting the effective range of a DHCP Server to the subnet to which it is connected To provide IP configuration to clients on multiple subnets, you must install a relay agent for DHCP or configure IP routers to support DHCP/Bootstrap Protocol (BOOTP) forwarding

DHCP Relay Agent

The RFC 1542–compliant DHCP Relay Agent provided with Windows 2000 acts as an intermediary between DHCP Clients and DHCP Servers located across routers The DHCP Client communicates with the relay agent by using the dynamic host configuration protocol The DHCP Relay Agent uses unicast packets to communicate with a DHCP Server The DHCP Relay Agent is transparent to a DHCP Client

The DHCP service and DHCP Relay Agent use the same User Datagram Protocol (UDP) ports Neither service works reliably if you install them both on the same computer

Slide Objective

To describe how to place

DHCP Relay Agents and

Servers in a routed network

Lead-in

Your DHCP design must

include a method that allows

broadcast traffic from DHCP

Clients to reach DHCP

Servers

Caution

For a routed network, use DHCP Relay Agents on each subnet if:

There is no DHCP Server with an interface on the subnet

There are computers available to use as DHCP Relay Agents

There are no routers that support DHCP/BOOTP forwarding

You can design a solution that does not require DHCP Relay Agents

by turning on BOOTP/DHCP forwarding on the network routers

You can configure the DHCP Relay Agent to delay forwarding requests to a DHCP Server so that local DHCP Servers can respond to the request You can also configure the DHCP Relay Agent to forward requests to multiple DHCP Servers To prevent multiple requests from flooding the DHCP Servers, configure the forwarding delay if using multiple DHCP Relay Agents, or if including relay agents on a subnet with a DHCP Server

DHCP Server Placement

DHCP Servers need to be placed in a way that provides the best client performance and service availability The decision to use single or multiple server solutions depends on the routing configuration, the network

configuration, and the server hardware architecture

Single Server DHCP Solution

You must place a single server on the subnet with the largest client population All other subnets will use either DHCP Relay Agents, or have BOOTP/DHCP forwarding activated on the routers The following table lists the considerations and requirements for a single server solution

When considering A single server solution requires

Routing configuration Relay agents or routers forwarding subnet broadcasts to

support a routed network

Network configuration High-speed, persistent connections

Server hardware architecture

A single server if the hardware can support the client count A single server can support many thousands of clients, but hardware architecture limitations can limit the client count

Note

Multiple Server DHCP Solutions

Include multiple DHCP Servers if the number of clients exceeds the capabilities

of a single server, if you anticipate increases in DHCP Server–based traffic across subnets, or if your DHCP solution includes wide area network (WAN) links or nonpersistent connections between locations Use multiple servers if your solution must accommodate expansion and increased availability The following table lists the configurations required to provide a multiple server solution

When considering A multiple server solution

Routing configuration Requires relay agents or routers forwarding broadcasts to

provide total coverage, as determined by the number of servers and subnets

Network configuration Permits a DHCP Server at each location This allows you

to service DHCP Clients locally if you have slower WAN links, dial-up links, or a geographically dispersed network

Server hardware architecture

Allows you to scale the design to support any number of clients and subnets

Providing DHCP Service to Non-Microsoft Hosts

Non-DHCP Client

DHCP Server

Non-Microsoft DHCP Client Diskless Workstation BOOTP Client

The DHCP service in Windows 2000 supports any clients that are compliant with RFCs 951, 2131, and 2132

Non-Microsoft DHCP Clients

Always test the support required by non-Microsoft clients to ensure that the clients are compatible with the DHCP service in Windows 2000 These clients may require support for non-mandatory features or for vendor-specific options

In addition, these clients may not support Microsoft-specific vendor extensions that are implemented on the DHCP Server For example, non-Microsoft DHCP clients may not recognize the base cost provided for the default gateways

(Default Router Metric base) TCP/IP option

BOOTP Clients

The BOOTP client requests an address each time it starts because it does not recognize an IP lease BOOTP client support in previous implementations of DHCP required an explicit client reservation to be made for each BOOTP client This IP allocation was marked as an infinite lease or reserved IP address

in the DHCP Server scope You could not reclaim these addresses, which created IP address management problems

you may have to support

non-Microsoft hosts that

require dynamic IP

addresses

Key Points

Non-Microsoft clients may

require support for

non-mandatory features or for

The DHCP service in Windows 2000 supports RFC 951-compliant BOOTP clients and can be configured to reclaim the IP addresses when you remove clients from the network or turn them off BOOTP clients are assigned dynamic

IP addresses from a pool of addresses designated specifically for BOOTP clients The DHCP Server reclaims these addresses after the lease time has elapsed and it has verified that the address is not still in use by the BOOTP client

Non-DHCP Clients

You configure IP addresses for non-DHCP clients manually You can document these addresses in the DHCP scope by manually entering them as reserved addresses DHCP does not issue or reclaim these reserved addresses

Discussion: Evaluating DHCP Functional Requirements

Subnet A1

Proxy Server

The following scenario describes an organization’s current network configuration Read through the scenario and then answer the questions Be prepared to discuss your answers with the class

Scenario

An organization has decided to restructure an existing network to include DHCP services You are assigned the task of evaluating how DHCP can provide an automated solution for host IP configuration

The current network configuration provides:

Intranet access to all shared folders and Web-based applications at all locations

Access to the Internet from all locations

Support for the existing infrastructure by using the manual allocation of host

IP addresses

DHCP/ BOOTP forwarding enabled on all routers

Support for a mission-critical Web-based application that requires a-day, 7-days-a-week operation

24-hours-
Isolation of the organization’s network from the Internet by using a firewall and proxy server

DHCP solution, you must

decide how many servers

are needed, whether relay

agents are required, and

where to use scopes and

superscopes

Delivery Tip

Read the scenario to the

students and review the

questions as a group Give

the students time to

consider their answers, and

then lead a discussion

based on their responses

Questions

Answer the following questions to determine how you can plan a DHCP solution for automated host IP configuration

Circle the correct answer(s)

1 Given the number of hosts, and ignoring reliability considerations, how

many DHCP Servers are required for a DHCP solution?

a One server

b Two servers

c Five servers

d Six servers

The correct answer is a One server is required

2 Given the number of hosts, and ignoring reliability considerations, how many DHCP Relay Agents are required for a DHCP solution?

4 Given the number of subnets, what is the minimum number of superscopes required for a DHCP solution?

a None

b One superscope

c Unknown, superscopes may be required for any subnet to extend address ranges in the future

d None, superscopes will never be required

The correct answer is c It is unknown if any superscopes are required Future requirements may allocate non-contiguous address ranges to a subnet, so it is possible that a superscope could be used

Securing a DHCP Solution

To prevent disruptions in DHCP service, it is essential to ensure that only authorized servers are started, and that only authorized personnel can alter server configurations To secure the administration and authorization of the DHCP Servers, and to limit access to the service by unauthorized hosts, you can:

Secure the DHCP service

Prevent unauthorized servers on your network

Include a DHCP Server in a screened subnet