Login
Login

Dynamic Host Configuration Protocol#Reliability

{{short description|Principal protocol used to assign IPv4 addresses on an IPv4 network}}

{{hatnote group|

{{Redirect|DHCP}}

{{Confusion|HDCP}}

}}

{{Internet protocol suite}}

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.{{Ref RFC|2131}}{{rp|Introduction}}

The technology eliminates the need for individually configuring network devices manually, and consists of two network components, a centrally installed network DHCP server and client instances of the protocol stack on each computer or device. When connected to the network, and periodically thereafter, a client requests a set of parameters from the server using DHCP.

DHCP can be implemented on networks ranging in size from residential networks to large campus networks and regional ISP networks.{{cite book |last1=Peterson |first1=Larry L. |last2=Davie |first2=Bruce S. |date=2011 |url=https://books.google.com/books?id=BvaFreun1W8C&pg=PA372 |title=Computer Networks: A Systems Approach |publisher=Elsevier |isbn=978-0-12-385060-7 |edition=5th |access-date=March 21, 2019}} Many routers and residential gateways have DHCP server capability. Most residential network routers receive a unique IP address within the ISP network. Within a local network, a DHCP server assigns a local IP address to each device.

DHCP services exist for networks running Internet Protocol version 4 (IPv4), as well as version 6 (IPv6). The IPv6 version of the DHCP protocol is commonly called DHCPv6.

History

The Reverse Address Resolution Protocol (RARP) was defined in 1984 for the configuration of simple devices, such as diskless workstations, with a suitable IP address.{{Ref RFC|903}} Acting in the data link layer, it made implementation difficult on many server platforms. It required that a server be present on each individual network link. RARP was superseded by the Bootstrap Protocol (BOOTP) defined in September 1985.{{Ref RFC|951}} This introduced the concept of a relay agent, which allowed the forwarding of BOOTP packets across networks, allowing one central BOOTP server to serve hosts on many IP subnets.

DHCP was first defined in October 1993.{{Ref RFC|1531}}{{Ref RFC|1541}} It is based on BOOTP, but can dynamically allocate IP addresses from a pool and reclaim them when they are no longer in use. It can also be used to deliver a wide range of extra configuration parameters to IP clients, including platform-specific parameters.Network+ Certification 2006 Published By Microsoft Press.

Four years later, the DHCPINFORM message type (used for WPAD) and other small changes were added. This definition, from 1997,{{Ref RFC|2131}} remains the core of the standard for IPv4 networks.

DHCPv6 was initially defined in 2003.{{Ref RFC|3315}} After updates by many subsequent RFCs, its definition was replaced in 2018,{{Ref RFC|8415}} where prefix delegation and stateless address autoconfiguration were now merged.

{{Anchor|LEASE}}Overview

Internet Protocol (IP) defines how devices communicate within and across local networks on the Internet. A DHCP server can manage IP settings for devices on its local network, e.g., by assigning IP addresses to those devices automatically and dynamically.{{Cite web |title=DHCP - Dynamic Host Configuration Protocol |url=https://routeripnet.com/dhcp/ |website=}}

DHCP operates based on the client–server model. When a computer or other device connects to a network, the DHCP client software sends a DHCP broadcast query requesting the necessary information. Any DHCP server on the network may service the request. The DHCP server manages a pool of IP addresses and information about client configuration parameters such as default gateway, domain name, the name servers, and time servers. On receiving a DHCP request, the DHCP server may respond with specific information for each client, as previously configured by an administrator, or with a specific address and any other information valid for the entire network and for the time period for which the allocation (lease) is valid. A DHCP client typically queries this information immediately after booting, and periodically thereafter before the expiration of the information. When a DHCP client refreshes an assignment, it initially requests the same parameter values, but the DHCP server may assign a new address based on the assignment policies set by administrators.

On large networks that consist of multiple links, a single DHCP server may service the entire network when aided by DHCP relay agents located on the interconnecting routers. Such agents relay messages between DHCP clients and DHCP servers located on different subnets.

Depending on implementation, the DHCP server may have three methods of allocating IP addresses:

;Dynamic allocation: A network administrator reserves a range of IP addresses for DHCP, and each DHCP client on the LAN is configured to request an IP address from the DHCP server during network initialization. The request-and-grant process uses a lease concept with a controllable time period, allowing the DHCP server to reclaim and then reallocate IP addresses that are not renewed.

;Automatic allocation: The DHCP server permanently assigns an IP address to a requesting client from a range defined by an administrator. This is like dynamic allocation, but the DHCP server keeps a table of past IP address assignments, so that it can preferentially assign to a client the same IP address that the client previously had.

;Manual allocation: This method is also variously called static DHCP allocation, fixed address allocation, reservation, and MAC/IP address binding. An administrator maps a unique identifier (a client id or MAC address) for each client to an IP address, which is offered to the requesting client. DHCP servers may be configured to fall back to other methods if this fails.

DHCP services are used for Internet Protocol version 4 (IPv4) and IPv6. The details of the protocol for IPv4 and IPv6 differ sufficiently that they may be considered separate protocols.{{cite book |title = The DHCP Handbook |year = 2003 |isbn = 978-0-672-32327-0 |first1= Ralph |last1=Droms |first2= Ted |last2=Lemon |publisher = SAMS Publishing |page = 436 }} For the IPv6 operation, devices may alternatively use stateless address autoconfiguration. IPv6 hosts may also use link-local addressing to achieve operations restricted to the local network link.

Operation

File:DHCP session.svg, depending on the DHCP client capabilities.{{Ref RFC|2131}}]]

The DHCP employs a connectionless service model, using the User Datagram Protocol (UDP). It is implemented with two UDP port numbers for its operations which are the same as for the bootstrap protocol (BOOTP). The server listens on UDP port number 67, and the client listens on UDP port number 68.

DHCP operations fall into four phases: server discovery, IP lease offer, IP lease request, and IP lease acknowledgement. These stages are often abbreviated as DORA for discovery, offer, request, and acknowledgement.

The DHCP operation begins with clients broadcasting a request. If the client and server are in different Broadcast Domains, a DHCP Helper or DHCP Relay Agent may be used. Clients requesting renewal of an existing lease may communicate directly via UDP unicast, since the client already has an established IP address at that point. Additionally, there is a BROADCAST flag (1 bit in 2 byte flags field, where all other bits are reserved and so are set to 0) the client can use to indicate in which way (broadcast or unicast) it can receive the DHCPOFFER: 0x8000 for broadcast, 0x0000 for unicast.{{Ref RFC|2131}} Usually, the DHCPOFFER is sent through unicast. For those hosts which cannot accept unicast packets before IP addresses are configured, this flag can be used to work around this issue.

=Discovery=

The DHCP client broadcasts a DHCPDISCOVER message on the network subnet using the destination address {{IPaddr|255.255.255.255}} (limited broadcast) or the specific subnet broadcast address (directed broadcast). A DHCP client may also request an IP address in the DHCPDISCOVER, which the server may take into account when selecting an address to offer.

For example, if HTYPE is set to 1, to specify that the medium used is Ethernet, HLEN is set to 6 because an Ethernet address (MAC address) is 6 octets long. The CHADDR is set to the MAC address used by the client. Some options are set as well.

{{APHD|start|title=Example Ethernet frame with a DHCPDISCOVER message}}

{{APHD|0|bits1=32|border1=bottom|field1=Source MAC|value1={{MACaddr|00:05:3c:04:8d:59}}}}

{{APHD|4|bits1=16|border1=top|field1={{nbsp}}|bits2=16|border2=bottom|field2={{nbsp}}}}

{{APHD|8|bits1=32|border1=top|field1=Destination MAC|value1={{MACaddr|ff:ff:ff:ff:ff:ff}}}}

{{APHD|12|bits1=16|field1=EtherType|value1={{Mono|0x0800}}|hint1=0x0800 indicates IPv4|bits2=16|border2=bottom|background2=mistyrose|field2={{nbsp}}}}

{{APHD|16|bits1=0|border1=top|background1=mistyrose|field1=IPv4 packet, containing a UDP PDU with DHCP payload...}}

{{APHD|999|bits1=32|field1=Frame Check Sequence|short1=FCS}}

{{APHD|end}}

{{APHD|start|header=yew|title=IPv4 Header}}

{{APHD|0|bits1=64|field1=IPv4 header start}}

{{APHD|8|bits1=8|bits2=8|bits3=16|field1=TTL|field2=Protocol|value2={{Mono|17}} UDP|field3=Header Checksum}}

{{APHD|end}}

{{APHD|start|header=no|title=UDP Header}}

{{APHD|12|bits1=32|field1=Source Address|value1={{IPaddr|0.0.0.0}}}}

{{APHD|16|bits1=32|field1=Destination Address|value11={{IPaddr|255.255.255.255}}}}

{{APHD|20|bits1=16|bits2=16|field1=Source Port|value1=68|field2=Destination Port|value2=67}}

{{APHD|24|bits1=16|bits2=16|field1=Length|field2=Checksum}}

{{APHD|end}}

{{APHD|start|header=no|title=DHCP Payload: DHCPDISCOVER}}

{{APHD|28|bits1=8|bits2=8|bits3=8|bits4=8|field1=OP|value1={{Mono|0x01}}|hint1=BOOTREQUEST|field2=HTYPE|value2={{Mono|0x01}}|hint2=Ethernet|field3=HLEN|value3={{Mono|0x06}}|hint3=MAC addresses are 6 octets|field4=HOPS|value4={{Mono|0x00}}}}

{{APHD|32|bits1=32|field1=XID|value1={{Mono|0x3903F326}}}}

{{APHD|36|bits1=16|bits2=16|field1=SECS|value1={{Mono|0x0000}}|field2=FLAGS|value2={{Mono|0x0000}}}}

{{APHD|40|bits1=32|field1=CIADDR|value1=Client IP address: {{Mono|0x00000000}}}}

{{APHD|44|bits1=32|field1=YIADDR| value1=Your IP address: {{Mono|0x00000000}}}}

{{APHD|48|bits1=32|field1=SIADDR|value1=Server IP address: {{Mono|0x00000000}}}}

{{APHD|52|bits1=32|field1=GIADDR|value1=Gateway IP address: {{Mono|0x00000000}}|hint1=A zero GIADDR means client and DHCP server are on the same subnet.}}

{{APHD|56|bits1=128|field1=CHADDR|value1=Client Hardware address: {{Mono|0x00053C04
0x8D590000
0x00000000
0x00000000}}}}

{{APHD|72|bits1=1536|field1=192 octets of 0s, or overflow space for additional options; BOOTP legacy.}}

{{APHD|264|bits1=32|field1=Magic Cookie|value1={{Mono|0x63825363}}}}

{{APHD|end}}

{{APHD|start|header=no|title=DHCP Options (in TLV format)}}

{{APHD|268|bits1=24|background1=linen|field1=First option: {{Mono|0x350101}}: Option 53 (DHCP Message Type) 1 octet (containing DHCPDISCOVER)|bits2=8|background2=linen|border2=right|field2=Second option:}}

{{APHD|272|bits1=32|background1=linen|border1=left|field1={{Mono|0x3204c0a80164}}: Option 50 (Request IP address) 4 octets (containing {{IPaddr|192.168.1.100}})}}

{{APHD|276|bits1=32|background1=linen|field1=Third option: {{Mono|0x370401030f06}}: Option: 55 (Parameter Request List) 4 octets|hint1=0x01: Request Subnet Mask; 0x03: Router; 0x0f: Domain Name|border1=right}}

{{APHD|280|bits1=8|background1=linen|border1=left|field1=PRL cont...|hint1=0x06: Domain Name Server|bits2=1|field2={{Mono|ff}}|hint2=0xff Option end mark}}

{{APHD|end}}

=Offer=

When a DHCP server receives a DHCPDISCOVER message from a client, which is an IP address lease request, the DHCP server reserves an IP address for the client and makes a lease offer by sending a DHCPOFFER message to the client. This message may contain the client's Client ID (Option 61, containing a unique value, traditionally a MAC address), the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer. The DHCP server may also take notice of the hardware-level MAC address (as specified in the CHADDR field). This field must be used to identify the client, if no Client ID is provided in the DHCP packet.{{Ref RFC|2131|rsection=4.2}}

The DHCP server determines the configuration based on the client's hardware address as specified in the CHADDR (client hardware address) field. In the following example the server ({{IPaddr|192.168.1.1}}) specifies the client's IP address in the YIADDR (your IP address) field.

{{APHD|start|title=Example Ethernet frame with a DHCPOFFER message}}

{{APHD|0|bits1=32|border1=bottom|field1=Source MAC|value1={{MACaddr|b4:0c:25:e3:7d:62}}}}

{{APHD|4|bits1=16|border1=top|field1={{nbsp}}|bits2=16|border2=bottom|field2={{nbsp}}}}

{{APHD|8|bits1=32|border1=top|field1=Destination MAC|value1={{MACaddr|00:05:3c:04:8d:59}}}}

{{APHD|12|bits1=16|field1=EtherType|value1={{Mono|0x0800}}|hint1=0x0800 indicates IPv4|bits2=16|border2=bottom|background2=mistyrose|field2={{nbsp}}}}

{{APHD|16|bits1=0|border1=top|background1=mistyrose|field1=IPv4 packet, containing a UDP PDU with DHCP payload...}}

{{APHD|999|bits1=32|field1=Frame Check Sequence|short1=FCS}}

{{APHD|end}}

{{APHD|start|header=yew|title=IPv4 Header}}

{{APHD|0|bits1=64|field1=IPv4 header start}}

{{APHD|8|bits1=8|bits2=8|bits3=16|field1=TTL|field2=Protocol ({{Mono|17}} UDP)|field3=Header Checksum}}

{{APHD|end}}

{{APHD|start|header=no|title=UDP Header}}

{{APHD|12|bits1=32|field1=Source Address ({{IPaddr|192.168.1.1}})}}

{{APHD|16|bits1=32|field1=Destination Address ({{IPaddr|192.168.1.100}})}}

{{APHD|20|bits1=16|bits2=16|field1=Source Port (67)|field2=Destination Port (68)}}

{{APHD|24|bits1=16|bits2=16|field1=Length|field2=Checksum}}

{{APHD|end}}

{{APHD|start|header=no|title=DHCP Payload: DHCPOFFER}}

{{APHD|28|bits1=8|bits2=8|bits3=8|bits4=8|field1=OP ({{Mono|0x02}})|hint1=BOOTREPLY|field2=HTYPE ({{Mono|0x01}})|field3=HLEN ({{Mono|0x06}})|field4=HOPS ({{Mono|0x00}})}}

{{APHD|32|bits1=32|field1=XID ({{Mono|0x3903F326}})}}

{{APHD|36|bits1=16|bits2=16|field1=SECS ({{Mono|0x0000}})|field2=FLAGS ({{Mono|0x0000}})}}

{{APHD|40|bits1=32|field1=CIADDR (Client IP address: {{Mono|0x00000000}})}}

{{APHD|44|bits1=32|field1=YIADDR (Your IP address: {{Mono|0xC0A80164}} or {{IPaddr|192.168.1.100}})}}

{{APHD|48|bits1=32|field1=SIADDR (Server IP address: {{Mono|0xC0A80101}} or {{IPaddr|192.168.1.1}})}}

{{APHD|52|bits1=32|field1=GIADDR (Gateway IP address: {{Mono|0x00000000}})}}

{{APHD|56|bits1=128|field1=CHADDR (Client Hardware address: {{Mono|0x00053C04
0x8D590000
0x00000000
0x00000000}})}}

{{APHD|72|bits1=1536|field1=192 octets of 0s, or overflow space for additional options; BOOTP legacy.}}

{{APHD|264|bits1=32|field1=Magic Cookie ({{Mono|0x63825363}})}}

{{APHD|end}}

{{APHD|start|header=no|title=DHCP Options (in TLV format)}}

{{APHD|268|bits1=24|background1=linen|field1=First option: {{Mono|0x350102}}: Option 53 (DHCP Message Type) 1 octet (containing DHCPOFFER)|bits2=8|background2=linen|border2=right|field2=Second option:}}

{{APHD|272|bits1=32|background1=linen|border1=left|field1={{Mono|0x0104ffffff00}}: Option 1 (Subnet mask) 4 octets (containing {{IPaddr|255.255.255.0}})}}

{{APHD|276|bits1=32|background1=linen|field1=Third option: {{Mono|0x0304c0A80101}}: Option: 3 (Router) 4 octets (containing {{IPaddr|192.168.1.1}})|border1=right}}

{{APHD|280|bits1=8|bits2=24|background1=linen|border1=left|field1=Router cont...||background2=linen|border2=right|field2=Fourth option: {{Mono|0x330400015080}}: Option 51 (Address time) 4 octets (a 86400 second lease time)}}

{{APHD|284|bits1=16|background1=linen|border1=left|field1=Address time cont...|bits2=16|border2=bottom|field2=Fifth option:|background2=linen}}

{{APHD|288|bits1=96|background1=linen|border1=top-bottom|field1={{Mono|0x060c09070a0f09070a1009070a13}}:{{Break}}Option 6 (Domain Server) 14 octets (containing {{IPaddr|9.7.10.15}},{{IPaddr|9.7.10.16}},{{IPaddr|9.7.10.18}})}}

{{APHD|300|bits1=12|background1=linen|field1= |border1=top|field2={{Mono|ff}}|hint2=0xff Option end mark}}

{{APHD|end}}

=Request=

In response to the DHCP offer, the client replies with a DHCPREQUEST message, broadcast to the server,{{Efn|name="optional-unicasts"|As an optional client behavior, some broadcasts, such as those carrying DHCP discovery and request messages, may be replaced with unicasts in case the DHCP client already knows the DHCP server's IP address.{{Ref RFC|2131}}{{rp|section=4.4.4}}}} requesting the offered address. A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer.

The client must send the server identification option in the DHCPREQUEST message, indicating the server whose offer the client has selected.{{Ref RFC|2131}}{{rp|Section 3.1, Item 3}} When other DHCP servers receive this message, they withdraw any offers that they have made to the client and return their offered IP address to the pool of available addresses.

{{APHD|start|title=Example Ethernet frame with a DHCPREQUEST message}}

{{APHD|0|bits1=32|border1=bottom|field1=Source MAC|value1={{MACaddr|00:05:3c:04:8d:59}}}}

{{APHD|4|bits1=16|border1=top|field1={{nbsp}}|bits2=16|border2=bottom|field2={{nbsp}}}}

{{APHD|8|bits1=32|border1=top|field1=Destination MAC|value1={{MACaddr|ff:ff:ff:ff:ff:ff}}|hint1=Destination MAC (DHCPREQUESTs are broadcast)}}

{{APHD|12|bits1=16|field1=EtherType|value1={{Mono|0x0800}}|hint1=0x0800 indicates IPv4|bits2=16|border2=bottom|background2=mistyrose|field2={{nbsp}}}}

{{APHD|16|bits1=0|border1=top|background1=mistyrose|field1=IPv4 packet, containing a UDP PDU with DHCP payload...}}

{{APHD|999|bits1=32|field1=Frame Check Sequence|short1=FCS}}

{{APHD|end}}

{{APHD|start|header=yew|title=IPv4 Header}}

{{APHD|0|bits1=64|field1=IPv4 header start}}

{{APHD|8|bits1=8|bits2=8|bits3=16|field1=TTL|field2=Protocol ({{Mono|17}} UDP)|field3=Header Checksum}}

{{APHD|end}}

{{APHD|start|header=no|title=UDP Header}}

{{APHD|12|bits1=32|field1=Source Address ({{IPaddr|0.0.0.0}})}}

{{APHD|16|bits1=32|field1=Destination Address ({{IPaddr|255.255.255.255}})}}

{{APHD|20|bits1=16|bits2=16|field1=Source Port (68)|field2=Destination Port (67)}}

{{APHD|24|bits1=16|bits2=16|field1=Length|field2=Checksum}}

{{APHD|end}}

{{APHD|start|header=no|title=DHCP Payload: DHCPREQUEST}}

{{APHD|28|bits1=8|bits2=8|bits3=8|bits4=8|field1=OP ({{Mono|0x01}})|hint1=BOOTREQUEST|field2=HTYPE ({{Mono|0x01}})|field3=HLEN ({{Mono|0x06}})|field4=HOPS ({{Mono|0x00}})}}

{{APHD|32|bits1=32|field1=XID ({{Mono|0x3903F326}})}}

{{APHD|36|bits1=16|bits2=16|field1=SECS ({{Mono|0x0000}})|field2=FLAGS ({{Mono|0x0000}})}}

{{APHD|40|bits1=32|field1=CIADDR (Client IP address: {{Mono|0x00000000}})}}

{{APHD|44|bits1=32|field1=YIADDR (Your IP address: {{Mono|0x00000000}})}}

{{APHD|48|bits1=32|field1=SIADDR (Server IP address: {{Mono|0xc0a80101}} or {{IPaddr|192.168.1.1}})}}

{{APHD|52|bits1=32|field1=GIADDR (Gateway IP address: {{Mono|0x00000000}})}}

{{APHD|56|bits1=128|field1=CHADDR (Client Hardware address: {{Mono|0x00053C04
0x8D590000
0x00000000
0x00000000}})}}

{{APHD|72|bits1=1536|field1=192 octets of 0s, or overflow space for additional options; BOOTP legacy.}}

{{APHD|264|bits1=32|field1=Magic Cookie ({{Mono|0x63825363}})}}

{{APHD|end}}

{{APHD|start|header=no|title=DHCP Options (in TLV format)}}

{{APHD|268|bits1=24|background1=linen|field1=First option: {{Mono|0x350103}}: Option 53 (DHCP Message Type) 1 octet (containing DHCPREQUEST)|bits2=8|background2=linen|border2=right|field2=Second option:}}

{{APHD|272|bits1=32|background1=linen|border1=left|field1={{Mono|0x3204c0a80164}}: Option 50 (Request IP address) 4 octets (containing {{IPaddr|192.168.1.100}})|hint1=Must match YIADDR from the DHCPOFFER packet.}}

{{APHD|276|bits1=32|background1=linen|field1=Third option: {{Mono|0x3604c0a801601}}: Option: 54 (DHCP Server) 4 octets (containing {{IPaddr|192.168.1.1}})|hint1=Server Identification: tell which offer you accept.|border1=right}}

{{APHD|280|bits1=8|background1=linen|border1=left|field1=DHCP Server cont...|bits2=1|field2={{Mono|ff}}|hint2=0xff Option end mark}}

{{APHD|end}}

=Acknowledgement=

When the DHCP server receives the DHCPREQUEST message from the client, the configuration process enters its final phase. The acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the IP configuration process is completed.

The protocol expects the DHCP client to configure its network interface with the negotiated parameters.

{{APHD|start|title=Example Ethernet frame with a DHCPACK message}}

{{APHD|0|bits1=32|border1=bottom|field1=Source MAC|value1={{MACaddr|b4:0c:25:e3:7d:62}}}}

{{APHD|4|bits1=16|border1=top|field1={{nbsp}}|bits2=16|border2=bottom|field2={{nbsp}}}}

{{APHD|8|bits1=32|border1=top|field1=Destination MAC|value1={{MACaddr|00:05:3c:04:8d:59}}|hint1=Destination MAC (unicast to the client)}}

{{APHD|12|bits1=16|field1=EtherType|value1={{Mono|0x0800}}|hint1=0x0800 indicates IPv4|bits2=16|border2=bottom|background2=mistyrose|field2={{nbsp}}}}

{{APHD|16|bits1=0|border1=top|background1=mistyrose|field1=IPv4 packet, containing a UDP PDU with DHCP payload...}}

{{APHD|999|bits1=32|field1=Frame Check Sequence|short1=FCS}}

{{APHD|end}}

{{APHD|start|header=yew|title=IPv4 Header}}

{{APHD|0|bits1=64|field1=IPv4 header start}}

{{APHD|8|bits1=8|bits2=8|bits3=16|field1=TTL|field2=Protocol ({{Mono|17}} UDP)|field3=Header Checksum}}

{{APHD|end}}

{{APHD|start|header=no|title=UDP Header}}

{{APHD|12|bits1=32|field1=Source Address ({{IPaddr|192.168.1.1}})}}

{{APHD|16|bits1=32|field1=Destination Address ({{IPaddr|192.168.1.100}})}}

{{APHD|20|bits1=16|bits2=16|field1=Source Port (67)|field2=Destination Port (68)}}

{{APHD|24|bits1=16|bits2=16|field1=Length|field2=Checksum}}

{{APHD|end}}

{{APHD|start|header=no|title=DHCP Payload: DHCPACK}}

{{APHD|28|bits1=8|bits2=8|bits3=8|bits4=8|field1=OP ({{Mono|0x02}})|hint1=BOOTREPLY|field2=HTYPE ({{Mono|0x01}})|field3=HLEN ({{Mono|0x06}})|field4=HOPS ({{Mono|0x00}})}}

{{APHD|32|bits1=32|field1=XID ({{Mono|0x3903F326}})}}

{{APHD|36|bits1=16|bits2=16|field1=SECS ({{Mono|0x0000}})|field2=FLAGS ({{Mono|0x0000}})}}

{{APHD|40|bits1=32|field1=CIADDR (Client IP address: {{Mono|0x00000000}})}}

{{APHD|44|bits1=32|field1=YIADDR (Your IP address: {{Mono|0xC0A80164}} or {{IPaddr|192.168.1.100}})}}

{{APHD|48|bits1=32|field1=SIADDR (Server IP address: {{Mono|0xC0A80101}} or {{IPaddr|192.168.1.1}})}}

{{APHD|52|bits1=32|field1=GIADDR (Gateway IP address: {{Mono|0x00000000}})}}

{{APHD|56|bits1=128|field1=CHADDR (Client Hardware address: {{Mono|0x00053C04
0x8D590000
0x00000000
0x00000000}})}}

{{APHD|72|bits1=1536|field1=192 octets of 0s, or overflow space for additional options; BOOTP legacy.}}

{{APHD|264|bits1=32|field1=Magic Cookie ({{Mono|0x63825363}})}}

{{APHD|end}}

{{APHD|start|header=no|title=DHCP Options (in TLV format)}}

{{APHD|268|bits1=24|background1=linen|field1=First option: {{Mono|0x350105}}: Option 53 (DHCP Message Type) 1 octet (containing DHCPACK)|bits2=8|background2=linen|border2=right|field2=Second option:}}

{{APHD|272|bits1=32|background1=linen|border1=left|field1={{Mono|0x0104ffffff00}}: Option 1 (Subnet mask) 4 octets (containing {{IPaddr|255.255.255.0}})}}

{{APHD|276|bits1=32|background1=linen|field1=Third option: {{Mono|0x0304c0A80101}}: Option: 3 (Router) 4 octets (containing {{IPaddr|192.168.1.1}})|border1=right}}

{{APHD|280|bits1=8|bits2=24|background1=linen|border1=left|field1=Router cont...||background2=linen|border2=right|field2=Fourth option: {{Mono|0x330400015080}}: Option 51 (Address time) 4 octets (a 86400 second lease time)}}

{{APHD|284|bits1=16|background1=linen|border1=left|field1=Address time cont...|bits2=16|border2=bottom|field2=Fifth option:|background2=linen}}

{{APHD|288|bits1=96|background1=linen|border1=top-bottom|field1={{Mono|0x060c09070a0f09070a1009070a13}}:{{Break}}Option 6 (Domain Server) 14 octets (containing {{IPaddr|9.7.10.15}},{{IPaddr|9.7.10.16}},{{IPaddr|9.7.10.18}})}}

{{APHD|300|bits1=12|background1=linen|field1= |border1=top|field2={{Mono|ff}}|hint2=0xff Option end mark}}

{{APHD|end}}

=Selecting and configuring IP addresses=

When the server is reusing an IP address from its pool, it may first check (using ping) to see if it is not taken already.{{Ref RFC|2131}}{{rp|sec. 2.2}} This may happen if a host is configured manually with an IP address that lies within the DHCP scope.

Before claiming an IP address, the client should probe the newly received address (e.g. with ARP), in order to find if there is another host present in the network with the proposed IP address.{{Ref RFC|2131}}{{rp|sec. 2.2}} If there is no reply, this address does not conflict with that of another host, so it is free to be used. If this probe finds another computer using that address, the client should broadcast a DHCPDECLINE to the DHCP server(s).

=Information=

A DHCP client may request more information than the server sent with the original DHCPOFFER. The client may also request repeat data for a particular application. For example, browsers use DHCP Inform to obtain web proxy settings via WPAD.

=Releasing=

The client sends a request to the DHCP server to release the DHCP information and the client deactivates its IP address. As client devices usually do not know when users may unplug them from the network, the protocol does not mandate the sending of DHCP Release.

Client configuration parameters

A DHCP server can provide optional configuration parameters to the client. RFC 2132 describes the available DHCP options defined by Internet Assigned Numbers Authority (IANA) - DHCP and BOOTP PARAMETERS.{{cite web|url=https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml|title=Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) Parameters|publisher=iana.org|access-date=2018-10-16}}

A DHCP client can select, manipulate and overwrite parameters provided by a DHCP server. In Unix-like systems this client-level refinement typically takes place according to the values in the configuration file /etc/dhclient.conf.

Options

Options are octet strings of varying length. This is called Type–length–value encoding. The first octet is the option code, the second octet is the number of following octets and the remaining octets are code dependent.

For example, the DHCP message-type option for an offer would appear as 0x35, 0x01, 0x02, where 0x35 is code 53 for "DHCP message type", 0x01 means one octet follows and 0x02 is the value of "offer".

The following tables list the available DHCP options.{{Ref RFC|2132}}

class="wikitable sortable"

|+ RFC 1497 (BOOTP Vendor Information Extensions) vendor extensions{{rp|Section 3}}

CodeNameLengthNotes
0Pad0 octetsCan be used to pad other options so that they are aligned to the word boundary; is not followed by length byte
1Subnet mask4 octetsClient's subnet mask as per [https://datatracker.ietf.org/doc/html/rfc950 RFC 950]. If both the subnet mask and the router option (option 3) are included, the subnet mask option must be first.
2Time offset4 octetsOffset of the client's subnet in seconds from Coordinated Universal Time (UTC). The offset is expressed as a two's complement 32-bit integer. A positive offset indicates a location east of the zero meridian and a negative offset indicates a location west of the zero meridian.
3RouterMultiples of 4 octetsAvailable routers, should be listed in order of preference
4Time serverMultiples of 4 octetsAvailable Time Protocol servers to synchronise with, should be listed in order of preference
5Name serverMultiples of 4 octetsAvailable IEN 116 name servers, should be listed in order of preference
6Domain name serverMultiples of 4 octetsAvailable DNS servers, should be listed in order of preference
7Log serverMultiples of 4 octetsAvailable log servers, should be listed in order of preference
8Cookie serverMultiples of 4 octetsCookie in this case means "fortune cookie" or "quote of the day", a pithy or humorous anecdote often sent as part of a logon process on large computers; it has nothing to do with cookies sent by websites.
9LPR ServerMultiples of 4 octetsA list of Line Printer Daemon protocol servers available to the client, should be listed in order of preference
10Impress serverMultiples of 4 octetsA list of Imagen Impress servers available to the client, should be listed in order of preference
11Resource location serverMultiples of 4 octetsA list of Resource Location Protocol servers available to the client, should be listed in order of preference
12Host nameMinimum of 1 octetName of the client. The name may be qualified with the local domain name.
13Boot file size2 octetsLength of the boot image in 512B blocks
14Merit dump fileMinimum of 1 octetPath where crash dumps should be stored
15Domain nameMinimum of 1 octet
16Swap server4 octets
17Root pathMinimum of 1 octet
18Extensions pathMinimum of 1 octet
255End0 octetsUsed to mark the end of the vendor option field

class="wikitable sortable"

|+ IP layer parameters per host{{rp|Section 4}}

CodeNameLengthNotes
19IP forwarding enable/disable1 octet
20Non-local source routing enable/disable1 octet
21Policy filterMultiples of 8 octets
22Maximum datagram reassembly size2 octets
23Default IP time-to-live1 octet
24Path MTU aging timeout4 octets
25Path MTU plateau tableMultiples of 2 octets

class="wikitable sortable"

|+ IP Layer Parameters per Interface{{rp|Section 5}}

CodeNameLengthNotes
26Interface MTU2 octets
27All subnets are local1 octet
28Broadcast address4 octets
29Perform mask discovery1 octet
30Mask supplier1 octet
31Perform router discovery1 octet
32Router solicitation address4 octets
33Static routeMultiples of 8 octetsA list of destination/router pairs

class="wikitable sortable"

|+ Link layer parameters per interface{{rp|Section 6}}

CodeNameLengthNotes
34Trailer encapsulation option1 octet
35ARP cache timeout4 octets
36Ethernet encapsulation1 octet

class="wikitable sortable"

|+ TCP parameters{{rp|Section 7}}

CodeNameLengthNotes
37TCP default TTL1 octet
38TCP keepalive interval4 octets
39TCP keepalive garbage1 octet

class="wikitable sortable"

|+ Application and service parameters{{rp|Section 8}}

CodeNameLengthNotes
40Network information service domainMinimum of 1 octet
41Network information serversMultiples of 4 octets
42Network Time Protocol (NTP) serversMultiples of 4 octets
43Vendor-specific informationMinimum of 1 octets
44NetBIOS over TCP/IP name serverMultiples of 4 octets
45NetBIOS over TCP/IP datagram Distribution ServerMultiples of 4 octets
46NetBIOS over TCP/IP node type1 octet
47NetBIOS over TCP/IP scopeMinimum of 1 octet
48X Window System font serverMultiples of 4 octets
49X Window System display managerMultiples of 4 octets
64Network Information Service+ domainMinimum of 1 octet
65Network Information Service+ serversMultiples of 4 octets
68Mobile IP home agentMultiples of 4 octets
69Simple Mail Transfer Protocol (SMTP) serverMultiples of 4 octets
70Post Office Protocol (POP3) serverMultiples of 4 octets
71Network News Transfer Protocol (NNTP) serverMultiples of 4 octets
72Default World Wide Web (WWW) serverMultiples of 4 octets
73Default Finger protocol serverMultiples of 4 octets
74Default Internet Relay Chat (IRC) serverMultiples of 4 octets
75StreetTalk serverMultiples of 4 octets
76StreetTalk Directory Assistance (STDA) serverMultiples of 4 octets

class="wikitable sortable"

|+ DHCP extensions{{rp|Section 9}}

CodeNameLengthNotes
50Requested IP address4 octets
51IP address lease time4 octets
52Option overload1 octet
53DHCP message type1 octet
54Server identifier4 octets
55Parameter request listMinimum of 1 octet
56MessageMinimum of 1 octet
57Maximum DHCP message size2 octets
58Renewal (T1) time value4 octets
59Rebinding (T2) time value4 octets
60Vendor class identifierMinimum of 1 octet
61Client identifierMinimum of 2 octets
66TFTP server nameMinimum of 1 octet
67Bootfile nameMinimum of 1 octet

=DHCP message types=

This table lists the DHCP message types.

These codes are the value in the DHCP extension 53, shown in the table above.

class="wikitable sortable"

|+ DHCP message types

CodeNameLengthRFC
1DHCPDISCOVER1 octet{{Sum RFC|2132|plain=yes}}{{Ref RFC|2132|rsection=9.6}}
2DHCPOFFER1 octet{{Sum RFC|2132|plain=yes}}
3DHCPREQUEST1 octet{{Sum RFC|2132|plain=yes}}
4DHCPDECLINE1 octet{{Sum RFC|2132|plain=yes}}
5DHCPACK1 octet{{Sum RFC|2132|plain=yes}}
6DHCPNAK1 octet{{Sum RFC|2132|plain=yes}}
7DHCPRELEASE1 octet{{Sum RFC|2132|plain=yes}}
8DHCPINFORM1 octet{{Sum RFC|2132|plain=yes}}
9DHCPFORCERENEW1 octet{{Sum RFC|3203|plain=yes}}{{Ref RFC|3203|rsection=4}}
10DHCPLEASEQUERY1 octet{{Sum RFC|4388|plain=yes}}{{Ref RFC|4388|rsection=6.1}}
11DHCPLEASEUNASSIGNED1 octet{{Sum RFC|4388|plain=yes}}
12DHCPLEASEUNKNOWN1 octet{{Sum RFC|4388|plain=yes}}
13DHCPLEASEACTIVE1 octet{{Sum RFC|4388|plain=yes}}
14DHCPBULKLEASEQUERY1 octet{{Sum RFC|6926|plain=yes}}{{Ref RFC|6926|rsection=6.2.1}}
15DHCPLEASEQUERYDONE1 octet{{Sum RFC|6926|plain=yes}}
16DHCPACTIVELEASEQUERY1 octet{{Sum RFC|7724|plain=yes}}{{Ref RFC|7724|rsection=5.2.1}}
17DHCPLEASEQUERYSTATUS1 octet{{Sum RFC|7724|plain=yes}}
18DHCPTLS1 octet{{Sum RFC|7724|plain=yes}}

==Client vendor identification==

An option exists to identify the vendor and functionality of a DHCP client. The information is a variable-length string of characters or octets which has a meaning specified by the vendor of the DHCP client. One method by which a DHCP client can communicate to the server that it is using a certain type of hardware or firmware is to set a value in its DHCP requests called the Vendor Class Identifier (VCI) (Option 60).

The value to which this option is set gives the DHCP server a hint about any required extra information that this client needs in a DHCP response. Some types of set-top boxes set the VCI to inform the DHCP server about the hardware type and functionality of the device. An Aruba campus wireless access point, for example, supplies value 'ArubaAP' as option 60 in its DHCPDISCOVER message.{{cite web|title=Aruba DHCP Option 60|date=7 October 2020 |url=https://the-ethernets.com/2020/10/aruba-dhcp-option-60/}} The DHCP server can then augment its DHCPOFFER with an IP address of an Aruba wireless controller in option 43, so the access point knows where to register itself.

Setting a VCI by the client allows a DHCP server to differentiate between client machines and process the requests from them appropriately.

=Other extensions=

class="wikitable sortable"

|+ Documented DHCP options

CodeNameLengthRFC
77User ClassMinimum of 2 octets{{Sum RFC|3004|plain=yes|ref=yes}}
82Relay agent informationMinimum of 2 octets{{Sum RFC|3046|plain=yes|ref=yes}}
85Novell Directory Service (NDS) serversMinimum of 4 octets, multiple of 4 octets{{Sum RFC|2241|plain=yes}}{{Ref RFC|2241|rsection=2}}
86NDS tree nameVariable{{Sum RFC|2241|plain=yes}}{{Ref RFC|2241|rsection=3}}
87NDS contextVariable{{Sum RFC|2241|plain=yes}}{{Ref RFC|2241|rsection=4}}
100Time zone, POSIX styleVariable{{Sum RFC|4833|plain=yes|ref=yes}}
101Time zone, tz database styleVariable{{Sum RFC|4833|plain=yes}}
114DHCP Captive-PortalVariable{{Sum RFC|8910|plain=yes|ref=yes}}
119Domain searchVariable{{Sum RFC|3397|plain=yes|ref=yes}}
121Classless static routeVariable{{Sum RFC|3442|plain=yes|ref=yes}}
209Configuration FileVariable{{Sum RFC|5071|plain=yes|ref=yes}}
210Path PrefixVariable{{Sum RFC|5071|plain=yes}}
211Reboot TimeVariable{{Sum RFC|5071|plain=yes}}

==Relay agent information sub-options==

The relay agent information option (option 82) specifies container for attaching sub-options to DHCP requests transmitted between a DHCP relay and a DHCP server.{{cite journal|last1=Patrick|first1=Michael|title=DHCP Relay Agent Information Option|url=https://tools.ietf.org/html/rfc3046|website=IETF Documents|publisher=IETF|access-date=22 July 2017|doi=10.17487/RFC3046|date=January 2001|doi-access=|url-access=subscription}}

class="wikitable sortable"

|+ Relay agent sub-options

CodeNameLengthRFC
1Agent Circuit IDMinimum of 1 octet{{Sum RFC|3046|plain=yes|ref=yes}}
2Agent Remote IDMinimum of 1 octet{{Sum RFC|3046|plain=yes}}
4Data-Over-Cable Service Interface Specifications (DOCSIS) device class4 octets{{Sum RFC|3256|plain=yes|ref=yes}}

Relaying

In small networks, where only one IP subnet is being managed, DHCP clients communicate directly with DHCP servers. However, DHCP servers can also provide IP addresses for multiple subnets. In this case, a DHCP client that has not yet acquired an IP address cannot communicate directly with a DHCP server not on the same subnet, as the client's broadcast can only be received on its own subnet.

In order to allow DHCP clients on subnets not directly served by DHCP servers to communicate with DHCP servers, DHCP relay agents can be installed on these subnets. A DHCP relay agent runs on a network device, capable of routing between the client's subnet and the subnet of the DHCP server. The DHCP client broadcasts on the local link; the relay agent receives the broadcast and transmits it to one or more DHCP servers using unicast. The IP addresses of the DHCP servers are manually configured in the relay agent.

The relay agent stores its own IP address, from the interface on which it has received the client's broadcast, in the GIADDR field of the DHCP packet.

The DHCP server uses the GIADDR-value to determine the subnet, and subsequently the corresponding address pool, from which to allocate an IP address.

When the DHCP server replies to the client, it sends the reply to the GIADDR-address, again using unicast.

The relay agent then retransmits the response on the local network, using unicast (in most cases) to the newly reserved IP address, in an Ethernet frame directed to the client's MAC address.

The client should accept the packet as its own, even when that IP address is not yet set on the interface.{{Ref RFC|2131|rp=25}}

Directly after processing the packet, the client sets the IP address on its interface and is ready for regular IP communication, directly thereafter.

If the client's implementation of the IP stack does not accept unicast packets when it has no IP address yet, the client may set the broadcast bit in the FLAGS field when sending a DHCPDISCOVER packet.

The relay agent will use the {{IPaddr|255.255.255.255}} broadcast IP address (and the clients MAC address) to inform the client of the server's DHCPOFFER.

The communication between the relay agent and the DHCP server typically uses both a source and destination UDP port of 67.

Client states

File:Dhcp-client-state-diagram.svg

A DHCP client can receive these messages from a server:{{Ref RFC|2131|rsection=4.4}}

  • DHCPOFFER
  • DHCPACK
  • DHCPNAK

The client moves through DHCP states depending on how the server responds to the messages that the client sends.

Reliability

The DHCP ensures reliability in several ways: periodic renewal, rebinding,{{Ref RFC|2131|rsection=4.4.5}} and failover. DHCP clients are allocated leases that last for some period of time. Clients begin to attempt to renew their leases once half the lease interval has expired.{{Ref RFC|2131|rsection=4.4.5 Paragraph 3}} They do this by sending a unicast DHCPREQUEST message to the DHCP server that granted the original lease. If that server is down or unreachable, it will fail to respond to the DHCPREQUEST. However, in that case the client repeats the DHCPREQUEST from time to time,{{Ref RFC|2131|rsection=4.4.5 Paragraph 8}}{{Efn|The RFC calls for the client to wait one half of the remaining time until T2 before it retransmits the DHCPREQUEST packet}} so if the DHCP server comes back up or becomes reachable again, the DHCP client will succeed in contacting it and renew the lease.

If the DHCP server is unreachable for an extended period of time,{{Ref RFC|2131|rsection=4.4.5 Paragraph 5}} the DHCP client will attempt to rebind, by broadcasting its DHCPREQUEST rather than unicasting it. Because it is broadcast, the DHCPREQUEST message will reach all available DHCP servers. If some other DHCP server is able to renew the lease, it will do so at this time.

In order for rebinding to work, when the client successfully contacts a backup DHCP server, that server must have accurate information about the client's binding. Maintaining accurate binding information between two servers is a complicated problem; if both servers are able to update the same lease database, there must be a mechanism to avoid conflicts between updates on the independent servers. A proposal for implementing fault-tolerant DHCP servers was submitted to the Internet Engineering Task Force, but never formalized.{{cite IETF

| title = DHCP Failover Protocol

| draft = draft-ietf-dhc-failover-12

| last1 = Droms | first1 = Ralph

| last2 = Kinnear | first2 = Kim

| last3 = Stapp | first3 = Mark

| last4 = Volz | first4 = Bernie

| last5 = Gonczi | first5 = Steve

| last6 = Rabil | first6 = Greg

| last7 = Dooley | first7 = Michael

| last8 = Kapur | first8 = Arun

| date = March 2003

| publisher = IETF

| access-date = May 9, 2010

}}{{Efn|The proposal provided a mechanism whereby two servers could remain loosely in sync with each other in such a way that even in the event of a total failure of one server, the other server could recover the lease database and continue operating. Due to the length and complexity of the specification, it was never published as a standard; however, the techniques described in the proposal are in wide use, with open-source and several commercial implementations.}}

If rebinding fails, the lease will eventually expire. When the lease expires, the client must stop using the IP address granted to it in its lease.{{Ref RFC|2131|rsection=4.4.5 Paragraph 9}} At that time it will restart the DHCP process from the beginning by broadcasting a DHCPDISCOVER message. Since its lease has expired, it will accept any IP address offered to it. Once it has a new IP address (presumably from a different DHCP server) it will once again be able to use the network. However, since its IP address has changed, any ongoing connections will be broken.

IPv6 networks

The basic methodology of DHCP was developed for networks based on Internet Protocol version 4 (IPv4). Since the development and deployment of IPv6 networks, DHCP has also been used for assigning parameters in such networks, despite the inherent features of IPv6 for stateless address autoconfiguration. The IPv6 version of the protocol is designated as DHCPv6.{{Cite web|url=https://www.networkworld.com/article/3297800/why-dhcps-days-might-be-numbered.html|title=Why DHCP's days might be numbered|last=Weinberg|first=Neal|date=2018-08-14|website=Network World|language=en|access-date=2019-08-07}}

Security

{{see also|DHCP snooping}}

The base DHCP does not include any mechanism for authentication.{{Ref RFC|3046|rsection=7}}

Because of this, it is vulnerable to a variety of attacks. These attacks fall into three main categories:{{Ref RFC|2131}}{{rp|sec. 7}}

  • Unauthorized DHCP servers providing false information to clients.
  • Unauthorized clients gaining access to resources.
  • Resource exhaustion attacks from malicious DHCP clients.

Because the client has no way to validate the identity of a DHCP server, unauthorized DHCP servers (commonly called "rogue DHCP") can be operated on networks, providing incorrect information to DHCP clients. This can serve either as a denial-of-service attack, preventing the client from gaining access to network connectivity,{{cite book |first= Derrick |last=Rountree |title = Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure |url = https://books.google.com/books?id=NFzou_d4MGUC&pg=SA2-PA13 |year = 2013 |publisher = Newnes |isbn = 978-1-59749-965-1 |page = 22 }} or as a man-in-the-middle attack.{{cite book |first= Timothy |last=Rooney |title = Introduction to IP Address Management |url = https://books.google.com/books?id=QgRDxkuI1MkC&pg=PA180 |year = 2010 |publisher = John Wiley & Sons |isbn = 978-1-118-07380-3 |page = 180 }} Because the DHCP server provides the DHCP client with server IP addresses, such as the IP address of one or more DNS servers,{{Ref RFC|2131}}{{rp|sec. 7}} an attacker can convince a DHCP client to do its DNS lookups through its own DNS server, and can therefore provide its own answers to DNS queries from the client.{{cite web |url = http://www.securelist.com/en/blog/208188095/TDSS_loader_now_got_legs |title = TDSS loader now got "legs" |first= Sergey |last=Golovanov (Kaspersky Labs) |date = June 2011 | archive-url=https://web.archive.org/web/20210125194521/https://securelist.com/tdss-loader-now-got-legs/30844/| archive-date=25 January 2021}} This in turn allows the attacker to redirect network traffic through itself, allowing it to eavesdrop on connections between the client and network servers it contacts, or to simply replace those network servers with its own.

Because the DHCP server has no secure mechanism for authenticating the client, clients can gain unauthorized access to IP addresses by presenting credentials, such as client identifiers, that belong to other DHCP clients. This also allows DHCP clients to exhaust the DHCP server's store of IP addresses—by presenting new credentials each time it asks for an address, the client can consume all the available IP addresses on a particular network link, preventing other DHCP clients from getting service.{{cite book |first= Timothy |last=Stapko |title = Practical Embedded Security: Building Secure Resource-Constrained Systems |url = https://books.google.com/books?id=Mly55VntuYMC&pg=PA39 |year = 2011 |publisher = Newnes |isbn = 978-0-08-055131-9 |page = 39 }}

DHCP does provide some mechanisms for mitigating these problems. The Relay Agent Information Option protocol extension{{Ref RFC|3046}} (usually referred to in the industry by its actual number as Option 82{{cite book |first1 = Francisco J. |last1=Hens |first2 = José M. |last2=Caballero |title = Triple Play: Building the converged network for IP, VoIP and IPTV |url = https://books.google.com/books?id=aS1ZngveBIkC&pg=PA239 |year = 2008 |publisher = John Wiley & Sons |isbn = 978-0-470-75439-9 |page = 239 }}{{cite book |first= David H. |last=Ramirez |title = IPTV Security: Protecting High-Value Digital Contents |url = https://books.google.com/books?id=70tr_hSDULwC&pg=PA55 |year = 2008 |publisher = John Wiley & Sons |isbn = 978-0-470-72719-5 |page = 55 }}) allows network operators to attach tags to DHCP messages as these messages arrive on the network operator's trusted network. This tag is then used as an authorization token to control the client's access to network resources. Because the client has no access to the network upstream of the relay agent, the lack of authentication does not prevent the DHCP server operator from relying on the authorization token.{{Ref RFC|3046}}{{rp|sec. 7}}

Another extension, Authentication for DHCP Messages{{Ref RFC|3118}} (RFC 3118), provides a mechanism for authenticating DHCP messages. As of 2002, this extension had not seen widespread adoption because of the problems of managing keys for large numbers of DHCP clients.{{cite web |url = http://www.ietf.org/mail-archive/web/dhcwg/current/msg00876.html |title = Implementation of RFC 3118 |first= Ted |last=Lemon |date = April 2002 }} A 2007 book about DSL technologies remarked that:

[T]here were numerous security vulnerabilities identified against the security measures proposed by RFC 3118. This fact, combined with the introduction of 802.1X, slowed the deployment and take-rate of authenticated DHCP, and it has never been widely deployed.{{cite book |first1 = Philip |last1=Golden |first2 = Hervé |last2=Dedieu |first3 = Krista S. |last3=Jacobsen |title = Implementation and Applications of DSL Technology |url = https://books.google.com/books?id=Jjkd74jY47oC&pg=PA484 |year = 2007 |publisher = Taylor & Francis |isbn = 978-1-4200-1307-8 |page = 484 }}
A 2010 book notes that:
[T]here have been very few implementations of DHCP Authentication. The challenges of key management and processing delays due to hash computation have been deemed too heavy a price to pay for the perceived benefits.{{cite book |first= Timothy |last=Rooney |title = Introduction to IP Address Management |url = https://books.google.com/books?id=QgRDxkuI1MkC&pg=PA181 |year = 2010 |publisher = John Wiley & Sons |isbn = 978-1-118-07380-3 |pages = 181–182 }}

Architectural proposals from 2008 involve authenticating DHCP requests using 802.1X or PANA (both of which transport EAP).{{cite book |first= Rebecca |last=Copeland |title = Converging NGN Wireline and Mobile 3G Networks with IMS |url = https://books.google.com/books?id=ruWv8RGkBGgC&pg=PA142 |year = 2008 |publisher = Taylor & Francis |isbn = 978-1-4200-1378-8 |pages = 142–143 }} An IETF proposal was made for including EAP in DHCP itself, the so-called EAPoDHCP;{{cite book |first1 = Ramjee |last1=Prasad |first2 = Albena |last2=Mihovska |title = New Horizons in Mobile and Wireless Communications: Networks, services, and applications |url = https://books.google.com/books?id=w9bEwBwd33MC&pg=PA339 |year = 2009 |publisher = Artech House |isbn = 978-1-60783-970-5 |page = 339 |volume = 2 }} this does not appear to have progressed beyond IETF draft level, the last of which dates to 2010.{{cite web |url=http://tools.ietf.org/search/draft-pruss-dhcp-auth-dsl-07 |title=Draft-pruss-DHCP-auth-DSL-07 - EAP Authentication Extensions for the Dynamic Host Configuration Protocol for Broadband |access-date=2013-12-12 |archive-url=https://web.archive.org/web/20150403091552/http://tools.ietf.org/search/draft-pruss-dhcp-auth-dsl-07 |archive-date=2015-04-03 }}

IETF standards documents

  • {{Sum RFC|2131|ref=yes}}
  • {{Sum RFC|2132|ref=yes}}
  • {{Sum RFC|3046|ref=yes}}
  • {{Sum RFC|3203|ref=yes}}
  • {{Sum RFC|3397|ref=yes}}
  • {{Sum RFC|3442|ref=yes}}
  • {{Sum RFC|3942|ref=yes}}
  • {{Sum RFC|4361|ref=yes}}
  • {{Sum RFC|4388|ref=yes}}
  • {{Sum RFC|4436|ref=yes}}
  • {{Sum RFC|6926|ref=yes}}
  • {{Sum RFC|7724|ref=yes}}
  • {{Sum RFC|8415|ref=yes}}

See also

{{cols}}

{{colend}}

Notes

{{Notelist}}

References

{{Reflist|30em}}

External links

  • {{commons category-inline|Dynamic Host Configuration Protocol (DHCP)}}

{{Authority control}}

Category:Application layer protocols

Category:Internet Standards

Category:Network service