Anyone who maintains an IP-based network knows the headaches. Each device on the network, including routers, printers, firewalls, and workstations requires a unique IP address. As networks expand, most network managers find that they quickly run out of addresses. In addition, maintaining tables of IP addresses takes time. Managers must add subnets to increase the number of IP addresses, and they need to update their tables of IP addresses. Changes to the infrastructure also force the manager to reassess and reassign IP addresses. Further, the increase in mobile computers and remote connections can force a continual expansion of IP addresses.
An Easier Way
Dynamic Host Configuration Protocol (DHCP) offers a solution. Using DHCP, network managers can create a flexible, self-configuring network. DHCP works on the principal that most users and devices do not need a constant connection with the server. When a user logs onto the network, the server assigns an IP address to that device. This IP address remains in effect for a period of time and, if it is not active when that time expires, the server releases the IP address. The server can then reassign that address to another device.
In general, DHCP networks support a mix of three modes of operation to allocate IP addresses.
How It Works
Under DHCP, each device or workstations that connects to the network requests an IP address from the server. The process of negotiating this address includes:
DHCP, in theory, seems simple. However, it takes time to set up a DHCP-based network. Older devices may not support DHCP. In some cases, these devices only support BOOTP, an older, simplified version of DHCP. Although many DHCP-enabled servers can support these devices, managers will need to configure the server. In other cases, some devices require a permanent IP address, and these must be identified and assigned. Some network managers prefer to manually assign IP addresses to routers, printers and other "permanent" devices.
In addition, managers using dynamic allocation techniques must take time to calculate the proper lease time for the IP addresses. The server verifies each connection when the lease time reaches the halfway point. If a network supports multiple remote sessions that last a relatively short amount of time, the lease time can be set minutes. This ensures that IP addresses will be released and available for subsequent users. For more stable networks, a lease time can be set for several hours or days. The lease time can effect network performance, so the manager must consider this parameter carefully.
|Additional Resources on CIN|
Each Technology Briefing acts as a reference on individual technologies and products,
providing a knowledge base and guide to IT decision-makers in purchasing and deployment.
here to reach a collection of previous Technology Briefings. Topics include: Firewalls, WLANs, network
storage and others.
You can also go to the Great Docs section to find these Technology Briefings and other informative resources and documents on training and staffing, e-mail and Internet usage policies, a guide to project management and other topics.
Managers also need to consider the impact of service interruptions. Scheduled server maintenance or server failures can create havoc in a DHCP configuration. Longer lease times generally recover better from interruptions, but managers can implement multiple servers that share a pool of IP addresses to help resolve the problem. Managers can implement servers that share all available IP addresses, or they can select a subset of addresses to share among servers. Each approach requires that the servers synchronize their database of IP assignments, and this requires server processing.
Security also presents a problem. Firewalls, for example, generally allow managers to configure a list of acceptable IP addresses. If these addresses are dynamically assigned, it is more difficult to determine whether the device connecting to the network is authorized. Similarly, DHCP does not specify links to authentication programs, so managers may encounter difficulties implementing these types of security.