DHCP is like Costco and Walt Disney. Almost everyone has heard of it! We all know that DHCP is the magic that dishes out IP addresses to our computers. And we know that DHCP just works. But how does it really work?
I’m all about the why. When I was kid I bet I importuned my parents by inundating them with “Why’s”.
- Me: “Dad, why is the sky blue?”
- Dad: “Because that’s the way God made it.”
- Me: “Why?”
- Dad: “He has his own purposes”
- Me: “Why?”
- Dad: “Oh my gosh… stop already!”
A day in the life of DHCP
When a DHCP client wakes up in the morning the first thing it does is flood the local area network. The machine says, “Hey I can’t do anything without an IP address. Are there any servers out here that can give me an IP address? A default gateway would be nice too.”
The DHCP server on my local subnet is a Cisco router named R1. Let’s configure it real fast:
Alright, now that we have that out of the way, let’s check out how DHCP works.
I started up my Windows 8.1 PC this morning, and since it doesn’t have a static IP address, it asked everyone on the network for a DHCP server. Technically, the machine sends out a layer 2 broadcast frame to all hosts in the local subnet. This is called a DHCP Discover because it’s trying to find a DHCP server.
The source MAC address is set to the DHCP client and the destination MAC is FF:FF:FF:FF:FF:FF which means: “send this thing out to everyone in my broadcast domain”.
So every device gets the frame and starts peeling back the upper layers of the frame. Each computer, printer, PC, and smartphone on the local subnet says, “Hmm, I’ve got this interesting frame what’s this all about? Let’s look at layer 3”
Since the DHCP client doesn’t have an IP address yet, the source address is set to 0.0.0.0 and the destination address is 255.255.255.255 which means the packet isn’t bound for a specific device. It’s asking for something but that question is located at layer 4.
So each computer, printer, PC and smartphone on the local subnet checks out the layer 4 stuff.
At layer 4, you’ll see the DHCP UDP segment went to port 67. So all the devices that aren’t listening on UDP port 67 discard the frame. Only the DHCP server is listening on this port so it’s the only device that should respond.
So the first part of the DHCP process, a DHCP Discover frame is injected into the network.
In the second part, the server listening on UDP port 67, sends a DHCP segment to the client. The segment includes a bunch of settings for that client. These are known as DHCP Options and usually include stuff like the client IP address, lease time and renewal time.
In the packet capture below you can see the server is offering the client 10.0.0.2. If you scrolled down the option list you would see an option for the subnet mask and a few other things too.
The DHCP Lease Time is how long the DHCP client should be allowed to use the IP address. We don’t want to permanently assign the IP address to every DHCP client that connects to the network or else that would eventually starve the DHCP pool from dishing out IP addresses.
So each client gets a lease that expires after a certain amount of time. It’s usually 86,400 seconds (1 day) but can be anything the DHCP server admin configured.
The other option I should mention is the DHCP Renewal Time Value. When this value is reached the client will automatically renew its lease. It’s like leasing a car and then mid-way through your lease you decide you want to extend the car lease. The Renewal Time is just a way to tell the DHCP server “Hey, I’m still here actively using this IP Address, please don’t assign it out”
So the client says:
Heck yeah, I’ll take that IP address!
And the server says:
Have at it!
So with the request acknowledged, it dishes out the first valid IP address.
Check it out!
My PC grabbed 10.0.0.51.
The amazing thing is that this Discover, Offer, Request, ACK thing is just four packets and it happens in less than a second. You can remember it like this:
DORA the Explorer.
Reservations and Scopes
Before we wrap up, I should mention that DHCP also lets you do reservations. You can tell a printer to use a DHCP server and add the MAC address of the printer to the server. That way your printer will always get the same IP address. So when the printer sends a DHCP Offer to the server it’ll look at the layer 2 MAC address and assign it an IP address that won’t change. It’s almost liek a static address but it a little different because you’re using DHCP to assign that address.
If you ever heard about DHCP scopes just think about streets.
DHCP scopes are streets.
In other words, if you have one scope for 10.0.0.0/24 that means you’ve defined a pool of address for all hosts on the 10.0.0 street. Remember the /24 bit mask tells us the first 24 bits belongs to the street (the network) and the last 8 bits belong to the house (the host number).
The Bottom Line
DHCP is awesome. It just works. And for that reason most people don’t bother to see what happens behind the scenes. But you know me – I’m curious and always looking to understand how things work – so I hope this little post helped!