Contents Overview 1 Introducing DHCP 2 Designing a Functional DHCP Solution 8 Securing a DHCP Solution 18 Enhancing a DHCP Design for Availability 23 Enhancing a DHCP Design for Performance 28 Lab A: Designing a DHCP Solution 32 Review 40 Module 3: DHCP as a Solution for IP Configuration Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting, PowerPoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media, Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries/regions. Project Lead: Don Thompson (Volt Technical) Instructional Designers: Patrice Lewis (S&T OnSite), Renu Bhatt NIIT (USA) Inc. Instructional Design Consultants: Paul Howard, Susan Greenberg Program Managers: Jack Creasey, Doug Steen (Independent Contractor) Technical Contributors: Thomas Lee, Bernie Kilshaw, Joe Davies Graphic Artist: Kirsten Larson (S&T OnSite) Editing Manager: Lynette Skinner Editor: Kristen Heller (Wasser) Copy Editor: Kaarin Dolliver (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T Consulting) Multimedia Development: Kelly Renner (Entex) Test Leads: Sid Benevente, Keith Cotton Test Developer: Greg Stemp (S&T OnSite) Production Support: Lori Walker (S&T Consulting) Manufacturing Manager: Rick Terek (S&T OnSite) Manufacturing Support: Laura King (S&T OnSite) Lead Product Manager, Development Services: Bo Galford Lead Product Manager: Ken Rosen Group Product Manager: Robert Stewart Other product and company names mentioned herein may be the trademarks of their respective owners. Module 3: DHCP as a Solution for IP Configuration iii Instructor Notes This module provides students with the information and decision-making experiences needed to design an Internet Protocol (IP) configuration service by using the DHCP service in Microsoft® Windows® 2000. Students will evaluate and create DHCP solutions to support the IP configuration requirements of an organization. At the end of this module, students will be able to:  Recognize DHCP as a solution for the IP configuration needs of an organization.  Evaluate and create a DHCP solution for nonrouted networks, routed networks, and various client types.  Select the appropriate strategies to secure a DHCP solution.  Select the appropriate strategies to enhance the availability of a DHCP design.  Select the appropriate strategies to enhance the performance of a DHCP design. Upon completion of the lab, students will be able to analyze and design a DHCP solution that supports the IP configuration requirements of an organization. Course Materials and Preparation This section provides you with the materials and preparation needed to teach this module. Required Materials To teach this module, you need the following materials:  Microsoft PowerPoint® file 1562B_03.ppt Preparation Tasks To prepare for this module, you should:  Review the contents of this module.  Review RFCs 951, 2131, and 2132, and the Internet Engineering Task Force (IETF) draft “Multicast Address Dynamic Client Allocation Protocol (MADCAP)”, dated May 24, 1999, or the latest revision, which is available at ftp://www.ietf.org/internet-drafts/draft-ietf-malloc-madcap-07.txt  Read any relevant information provided in the Windows 2000 Help files, the Windows 2000 Resource Kit, or materials on the Instructor CD.  Be familiar with installing, configuring, and managing DHCP Server in Windows 2000.  Know how to set up DHCP scopes. Presentation: 75 Minutes Lab: 30 Minutes iv Module 3: DHCP as a Solution for IP Configuration  Understand how and why to create user or vendor options within DHCP scopes.  Review the discussion material and be prepared to lead class discussions on the topics.  Complete the lab and be prepared to elaborate beyond the solutions found there.  Read the review questions and be prepared to elaborate beyond the answers provided in the text. Module Strategy Use the following strategy to present this module.  Introducing DHCP The DHCP service in Windows 2000 provides an automated and centrally managed Transmission Control Protocol/Internet Protocol (TCP/IP) configuration scheme. For IP configuration management, a DHCP solution provides automation for hosts on single or multiple subnets. In this section: • Explain that the network designer needs to determine the host population, the subnet configuration, and the network topology. This information provides the basis for defining the subnets and the options for the DHCP Client. • Emphasize the message-driven protocol of requests and responses between the DHCP Server and the DHCP Client. Explain that Scopes, Superscopes, and TCP/IP options are the three management features supported by DHCP. • Make sure the students understand that DHCP Server and DHCP Client, with capital S and capital C, respectively, are used throughout the module to indicate a server or client running the DHCP Server service in Windows 2000 or a Microsoft Windows–based DHCP Client. • Point out that, to extend service capabilities and reduce network management, the DHCP service integrates with other Windows 2000 networking services.  Designing a Functional DHCP Solution A functional DHCP service supports various types of hosts in simple, routed, and dial-up networks. In this section: • Emphasize that in a simple, nonrouted environment, a single DHCP Server may be all that is required. Discuss the placement of DHCP Servers, and the selection of TCP/IP options. • Emphasize that, in a routed network, in which broadcast domains are restricted, the DHCP Relay Agent provided in Windows 2000 forwards broadcast traffic from the DHCP Client to the DHCP Server. Point out that the decision whether to use single or multiple DHCP Servers depends on routing configuration, network configuration, and server hardware architecture. Module 3: DHCP as a Solution for IP Configuration v • Point out that DHCP supports non-Microsoft DHCP clients, Bootstrap Protocol (BOOTP) clients, and non-DHCP clients. • Make sure students understand the illustration, scenario description, and directions for the Discussion. Direct them to read through the scenario and answer the questions. Be prepared to clarify if necessary. Lead a class discussion on the students’ responses.  Securing a DHCP Solution A secure DHCP solution ensures that only authorized servers are allowed to start and only authorized personnel can configure the servers. In this section: • Emphasize that, to prevent disruptions in DHCP service, at least one DHCP Server must be authorized in the Active Directory ™ directory service. Describe how to use Windows 2000 groups to provide either administrative or read-only access to DHCP configuration information. • Describe the problems that are caused by the use of unauthorized DHCP Servers in a network. Point out that the exclusive use of Windows 2000– based DHCP Servers, and the authorization of the DHCP Servers in Active Directory, prevents the use of unauthorized DHCP Servers in the network. • Emphasize that there are risks of unauthorized access when using the DHCP service in screened subnets. Describe the methods available to deal with these risks.  Enhancing a DHCP Design for Availability A highly available DHCP solution ensures that the DHCP service is available whenever required. In this section: • Describe the use of distributed scopes to provide DHCP Server redundancy, and to share the DHCP Client load. • Describe how the use of Windows Clustering increases the availability of an individual DHCP Server. Point out that the benefits that are achieved by using Windows Clustering must be weighed against the additional hardware requirements. • Make sure students understand the illustration, scenario description, and directions for the Discussion. Direct them to read through the scenario and answer the questions. Be prepared to clarify if necessary. Lead a class discussion on the students’ responses.  Enhancing a DHCP Design for Performance The performance of the DHCP service can be optimized to provide the fastest possible response to DHCP Client requests. In this section: • Point out that you can optimize the performance of a single DHCP Server to reduce the response time to client requests. • Emphasize that you can use multiple servers to enhance the performance of the DHCP solution. • Emphasize that you can modify IP address lease lengths so that the addresses can be available for use by other hardware resources. vi Module 3: DHCP as a Solution for IP Configuration Lab Strategy Use the following strategy to present this lab. Lab A: Designing a DHCP Solution In this lab, students will design a DHCP solution based on specific requirements outlined in the given scenario. Students will review the scenario and the design limitations and requirements, and read any supporting materials. They will use this information, and the knowledge gained from the module, to develop a detailed design that uses DHCP as the solution. To conduct the lab:  Read through the lab carefully, paying close attention to the instructions and to the details of the scenario.  Divide the class into teams of two or more students.  Present the lab and make sure students understand the instructions and the purpose of the lab.  Explain that the design worksheet is to be used to develop their solution.  Remind students to consider any functionality, security, availability, and performance criteria that are provided in the scenario, and how they will incorporate strategies to meet these criteria in their design.  Allow some time to discuss the solutions after the lab is completed. A solution is provided on the Instructor CD to help you review the lab results. Encourage students to critique each other’s solutions and to discuss any ideas for improving their designs. Module 3: DHCP as a Solution for IP Configuration 1 Overview  Introducing DHCP  Designing a Functional DHCP Solution  Securing a DHCP Solution  Enhancing a DHCP Design for Availability  Enhancing a DHCP Design for Performance The increasing complexity of network infrastructures demonstrates the need for an automated and centrally managed Internet Protocol (IP) configuration scheme. The DHCP service in Microsoft ® Windows® 2000 provides an automated IP addressing service and centralized management of Transmission Control Protocol/Internet Protocol (TCP/IP) configuration parameters. At the end of this module, you will be able to:  Recognize DHCP as a solution for the IP configuration needs of an organization.  Evaluate and create a DHCP solution for nonrouted networks, routed networks, and various client types.  Select the appropriate strategies to secure a DHCP solution.  Select the appropriate strategies to improve the availability of a DHCP design.  Select the appropriate strategies to improve the performance of a DHCP design. Slide Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will evaluate and design DHCP solutions for IP configuration. 2 Module 3: DHCP as a Solution for IP Configuration    Introducing DHCP  Design Decisions  DHCP Features  Integration Benefits As an IP configuration scheme increases in size and in the number of configuration options used, it becomes increasingly difficult to manage the manual configuration of network hosts. The DHCP service in Windows 2000 provides automation for host IP configuration by supporting multiple subnets with unique configuration options and IP address ranges. The Dynamic Host Configuration Protocol (DHCP) is a message-driven protocol that allows hosts on the network to acquire an IP address and TCP/IP client option information from a DHCP server. There are two components to DHCP in Windows 2000, a DHCP Server service and a DHCP Client. DHCP Server and DHCP Client, with capital S and capital C, respectively, are used throughout the module to indicate a server or client running the DHCP Server service in Windows 2000 or a Microsoft Windows– based DHCP Client. When designing a DHCP solution, the network designer must:  Define the requirements for a DHCP solution for the network.  Identify the features provided by DHCP and how these features support the design requirements for the DHCP solution.  Identify the benefits of integration between DHCP and other Windows 2000 services. Slide Objective To introduce DHCP as a solution for IP configuration. Lead-in The DHCP service provides TCP/IP configuration management to hosts on an IP network segment or group of segments. Emphasize that DHCP is a message-driven protocol of requests and responses between the DHCP Client and the DHCP Server. Refer students to the relevant RFCs, the online Windows 2000 Help files, and the Windows 2000 Resource Kit, for further information. Note Module 3: DHCP as a Solution for IP Configuration 3 Design Decisions  Number of Hosts?  Number of Subnets?  Network Configuration? Segment 1 Segment 2 Router To develop a DHCP solution, you must determine the host population, the number of subnets, and the configuration of the network. This information establishes the subnets you must define and the DHCP Client options that must be supplied by the DHCP service to allow successful DHCP Client operation on the IP network. In an IP network that uses DHCP, you must allocate each DHCP Client an IP address and configuration information to enable IP communication. The DHCP Server maintains a database that includes available and allocated IP addresses for defined subnets and the client TCP/IP options. Slide Objective To introduce the decisions required in a DHCP solution. Lead-in To design a DHCP solution, you must determine the number of hosts, the number of subnets, and the configuration of the network. 4 Module 3: DHCP as a Solution for IP Configuration DHCP Features  RFC Compliance  Scopes  Superscopes  TCP/IP Options  DNS Integration  Active Directory Integration  Microsoft’s Vendor-Specific Options  Microsoft Support for Multicast IP Address Allocation To design an effective DHCP service infrastructure, you must understand the features of the DHCP service and how these features solve the IP configuration requirements of an organization. RFC Compliance The DHCP service in Windows 2000 complies with RFCs 951, 2131, and 2132. The three primary management features that DHCP supports are:  Scopes. A range of IP address that are offered on any particular subnet.  Superscopes. A collection of scopes being offered for the same physical subnet. Superscopes allow easy extension of the IP address range being offered to a subnet, particularly if the range offered is noncontiguous.  TCP/IP options. The additional configuration information that can be passed to the DHCP Client. For each DHCP Server, the TCP/IP options can be defined by using default (global) server options; or for each scope by using scope options, class options, and reserved options. DNS Integration DHCP and DNS integration allows earlier versions of Windows-based clients, and non-Microsoft DHCP clients, to have their records automatically updated in the DNS database by the DHCP Server. Active Directory Integration The integration of the DHCP service with the Active Directory ™ directory service allows DHCP Servers to be authorized within Active Directory. Windows 2000–based DHCP Servers do not start unless authorized. Slide Objective To identify DHCP configuration features supported by the DHCP service. Lead-in To design a DHCP solution, you need to understand the DHCP features and how these features support the IP configuration requirements of an organization. For Your Information The IETF draft cited in the student notes is subject to change. Refer to the IETF documents to ensure that the latest revision is communicated to the students. Note [...]... provide an automated solution for host IP configuration The current network configuration provides: Intranet access to all shared folders and Web-based applications at all locations Access to the Internet from all locations Support for the existing infrastructure by using the manual allocation of host IP addresses DHCP/ BOOTP forwarding enabled on all routers Support for a mission-critical Web-based application... name registration of hosts that have dynamically allocated IP addresses Module 3: DHCP as a Solution for IP Configuration Designing a DHCP Service for a LAN Slide Objective To describe how to design a DHCP service in a nonrouted LAN environment DHCP 1 DHCP 2 Scope A Active Scope X Active Class Scope Global Lead-in In a simple, nonrouted LAN environment, a single DHCP Server might be all that is required... computer 12 Module 3: DHCP as a Solution for IP Configuration For a routed network, use DHCP Relay Agents on each subnet if: There is no DHCP Server with an interface on the subnet There are computers available to use as DHCP Relay Agents There are no routers that support DHCP/ BOOTP forwarding Note You can design a solution that does not require DHCP Relay Agents by turning on BOOTP /DHCP forwarding on the... include a method that allows broadcast traffic from DHCP Clients to reach DHCP Servers DHCP Client Non -DHCP Client No BOOTP Forwarding Subnet 1 DHCP Relay Agent Router DHCP Clients With BOOTP Forwarding Subnet 2 Router DHCP Client DHCP Server Subnet 3 DHCP Relay Agent DHCP Server Placement In a routed network, the broadcast domains are restricted As such, any DHCP solution must allow the broadcast traffic... network configuration Read through the scenario and then answer the questions Be prepared to discuss your answers with the class Scenario An organization has decided to restructure an existing DHCP- based network You are assigned the task of evaluating how to enhance the availability of the DHCP service The current network configuration provides: Intranet access to all shared folders and Web-based applications... applications at all locations Access to the Internet from all locations Support for the existing infrastructure as shown in the preceding diagram DHCP/ BOOTP forwarding enabled on all routers Support for a mission-critical Web-based application that requires 24-hours -a- day, 7-days -a- week operation Isolation of the organization’s network from the Internet by using a firewall and proxy server Module 3: DHCP as a. .. addresses and TCP /IP options offered for the LAN With multiple DHCP Servers, it is unknown which server will answer a DHCP Client broadcast first In this case, share the IP address range equally between the DHCP scopes For each server, define a superscope that includes all scopes for the subnet Scopes are enabled only in the server issuing IP addresses from that scope 9 10 Module 3: DHCP as a Solution for IP. .. the DHCP Clients on the subnets to reach a DHCP Server Windows 2000 provides a DHCP Relay Agent to forward client requests to a DHCP Server You can place the DHCP Relay Agent in a subnet anywhere in the routed network DHCP Clients and Servers initially establish DHCP leases by using media access control and IP broadcast packets However, in most networking environments, broadcast packets do not propagate... addresses are renewed before the failed DHCP Server is repaired 28 Module 3: DHCP as a Solution for IP Configuration Enhancing a DHCP Design for Performance Slide Objective To introduce strategies that improve DHCP performance Lead-in The DHCP service can be enhanced to provide the best possible response to client requests Enhancing DHCP Performance of a Single Server Enhancing DHCP Performance by Using... database by the DHCP Server Windows 2000–based DHCP Clients automatically update their own records in DNS, but you must enable the DHCP Server to update the DNS database for other clients, if required Module 3: DHCP as a Solution for IP Configuration 7 Active Directory Integration Non-authorized DHCP servers have the potential to disrupt network operation by issuing incorrect IP addresses or option information . configuration information to enable IP communication. The DHCP Server maintains a database that includes available and allocated IP addresses for defined. include a method that allows broadcast traffic from DHCP Clients to reach DHCP Servers. Caution 12 Module 3: DHCP as a Solution for IP Configuration