DHCP: Dynamic Host Configuration Protocol
lease:租约
报文:
首次获取IP地址(广播包)
- client 向服务器端发送DHCPDISCOVER 的UDP报文
- server端回应 DHCPOFFER报文
- client 发送DHCPREQUEST报文,向服务器请求使用该报文
- server端发送DHCPACK 报文,发送确认报文
续租(单播)
- client 向服务器端发送DHCPREQUEST报文
- server端发送DHCPACK 报文,发送确认报文
在一个公司中有多个部门,配置一个DHCP服务器,但是路由器是不能转发广播报文的,为解决该问题,需要将路由器配置DHCP中继服务器
保留地址:保留给某个特定主机使用的地址。(地址池之外的地址)
测试环境
代码语言:javascript复制[root@miner-k ~]# cat /etc/redhat-release
CentOS release 6.8 (Final)Jetbrains全家桶1年46,售后保障稳定
安装DHCP包
代码语言:javascript复制[root@miner-k ~]# yum -y install dhcp[root@miner-k ~]# rpm -ql dhcp.x86_64
/etc/dhcp
/etc/dhcp/dhcpd.conf # DHCP的配置文件
/etc/dhcp/dhcpd6.conf
.......
/usr/sbin/dhcpd # DHCP的服务器端的主进程
/usr/sbin/dhcrelay # DHCP的中继服务器的进程
/var/lib/dhcpd/dhcpd.leases #DHCP的租约记录修改配置文件
代码语言:javascript复制option domain-name "isc.org"; # 指定/etc/resolv.conf 中search后的参数
option domain-name-servers 114.114.115.115, 114.114.114.114; # DNS服务器的地址
subnet 10.254.239.0 netmask 255.255.255.224 {
option routers 204.254.239.1; #指定网关
range 10.254.239.10 10.254.239.20; # 指定DHCP的地址池,Linux分配IP地址是由大到小的分配,windows中分配是由小到大分配
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
# 通过MAC地址指定IP对应的主机
host fantasia {
hardware ethernet 08:00:07:26:c0:a5; #网卡的mac地址
fixed-address 10.254.239.30; # 指定不在Range范围内的地址
}DHCP 对应端口
服务器端 UDP 67 客户端 UDP 68
实例部署DHCP服务器
修改配置文件
代码语言:javascript复制[root@miner-k ~]# vim /etc/dhcp/dhcpd.confsubnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.200 192.168.100.210;
option domain-name-servers 114.114.114.114,114.114.115.115;
option domain-name "miner.example.org";
option routers 192.168.100.1;
default-lease-time 600;
max-lease-time 7200;
}启动DHCP服务器
代码语言:javascript复制[root@miner-k ~]# service dhcpd restart
Starting dhcpd: [ OK ]检查DHCP的监听端口
代码语言:javascript复制[root@miner-k ~]# netstat -anlp | grep 67
udp 0 0 0.0.0.0:67 0.0.0.0:* 4841/dhcpd 客户端检查
方法一,重启网络服务器
代码语言:javascript复制[root@miner-k ~]# service network restart方法二: 重启网卡
代码语言:javascript复制[root@miner-k ~]# ifdown eth0
[root@miner-k ~]# ifup eth0方法三:使用dhclinet启动
代码语言:javascript复制[root@miner-k ~]# dhclient #后端启动
[root@miner-k ~]# dhclient -d #前台运行,会输出打印结果
查看DNS服务器的配置
查看客户端监听的端口
代码语言:javascript复制[root@localhost ~]# netstat -anlp | grep 68
tcp 0 64 192.168.100.202:22 192.168.100.1:51352 ESTABLISHED 2581/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 2579/dhclient 服务器端检查租约信息
代码语言:javascript复制[root@miner-k ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1
server-duid "[root@miner-k ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1
server-duid "�00�01�00�01"246243345�00�14)z>344";
lease 192.168.100.200 {
starts 0 2018/06/03 13:28:13;
ends 0 2018/06/03 13:38:13;
cltt 0 2018/06/03 13:28:13;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:eb:f0:21;
}
0[root@miner-k ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1
server-duid "�00�01�00�01"246243345�00�14)z>344";
lease 192.168.100.200 {
starts 0 2018/06/03 13:28:13;
ends 0 2018/06/03 13:38:13;
cltt 0 2018/06/03 13:28:13;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:eb:f0:21;
}
1[root@miner-k ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1
server-duid "�00�01�00�01"246243345�00�14)z>344";
lease 192.168.100.200 {
starts 0 2018/06/03 13:28:13;
ends 0 2018/06/03 13:38:13;
cltt 0 2018/06/03 13:28:13;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:eb:f0:21;
}
0[root@miner-k ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1
server-duid "�00�01�00�01"246243345�00�14)z>344";
lease 192.168.100.200 {
starts 0 2018/06/03 13:28:13;
ends 0 2018/06/03 13:38:13;
cltt 0 2018/06/03 13:28:13;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:eb:f0:21;
}
1"635[root@miner-k ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1
server-duid "�00�01�00�01"246243345�00�14)z>344";
lease 192.168.100.200 {
starts 0 2018/06/03 13:28:13;
ends 0 2018/06/03 13:38:13;
cltt 0 2018/06/03 13:28:13;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:eb:f0:21;
}
04)z>4";
lease 192.168.100.200 {
starts 0 2018/06/03 13:28:13;
ends 0 2018/06/03 13:38:13;
cltt 0 2018/06/03 13:28:13;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:eb:f0:21;
}实例1,指定特定的服务器配置特定的IP地址
配置文件
代码语言:javascript复制subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.200 192.168.100.210;
option domain-name-servers 114.114.114.114,114.114.115.115;
option domain-name "miner.example.org";
option routers 192.168.100.1;
default-lease-time 600;
max-lease-time 7200;
host client1 {
hardware ethernet 00:0c:29:eb:f0:21;
fixed-address 192.168.100.222;
server-name "dhcp-clinet1.example.com";
}
}实例2 一个DHCP服务器为多个不同的网段分配地址
在实际应用中可能会遇到一个比较大的物理网络中存在多个ip子网,而每个ip子网的主机都需要DHCP服务器来动态分配ip地址,实现的方法有两种。 第一种是在每一个子网中设置DHCP服务器,将其分别为每个子网分配ip地址,但此方法会增加开销,浪费资源; 第二种就是只在一个子网内设置DHCP服务器,通过这台DHCP服务器来为所有的子网分配ip地址,这个方法比第一种节省,是可行的,这就要用到DHCP中继代理了。
中继代理的原理
在整个DHCP租约产生的过程中,DHCP服务器和客户端都是使用广播进行通信的,我们知道,网络上上的流量分为单播、广播、组播,单播和组播可以顺利的通过路由器,广播不可以通过路由器,路由器隔离广播,这样就会产生一个问题,如果DHCP客户端和DHCP服务器之间要跨越子网时,中间的路由器会进行阻拦,路由器看到是广播包立马就会扔掉,那怎么办呢?很简单,只需要让这个广播包在进入路由器之前变成单播就行了,
DHCP中继代理的过程
- (1)DHCP客户端广播dhcpdiscover包
- (2)DHCP中继代理将dhcpdiscover包以单播发送到DHCP服务器
- (3)HDCP服务器以单播发送DHCPoffer包给DHCP中继代理
- (4)DHCP中继代理广播dhcpffer包
- (5)DHCP客户端广播dhcprequest包
- (6)DHCP中继代理以单播转发dhcprequest包给DHCP服务器
- (7)DHCP服务器以单播发送dhcpack包给DHCP中继代理
- (8)DHCP中继代理广播dhcpack包。
一般情况下,DHCP中继代理监听所有接口上的DHCP请求。假如某个HDCP服务器位于网络接口为eth0的子网内,那么就可以用中继代理向eth1和eth2连接的子网内提供DHCP服务。
服务器 | 网卡 |
|---|---|
DHCP服务器 | 192.168.30.10/24 |
DHCP中继代理服务器 | 192.168.30.1/24,192.168.40.1/24,192.168.50.1/24 |
测试服务器1 | 192.168.30.202/24 |
测试服务器2 | 192.168.40.202/24 |
DHCP服务器上配置
代码语言:javascript复制[root@DHCP ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see 'man 5 dhcpd.conf'
#
#
#
subnet 192.168.30.0 netmask 255.255.255.0 {
range 192.168.30.200 192.168.30.210;
option domain-name-servers 114.114.114.114,114.114.115.115;
option domain-name "miner.example.org";
option routers 192.168.30.1;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.40.0 netmask 255.255.255.0 {
range 192.168.40.200 192.168.40.210;
option domain-name-servers 114.114.114.114,114.114.115.115;
option domain-name "miner.example.org";
option routers 192.168.40.1;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.50.0 netmask 255.255.255.0 {
range 192.168.50.200 192.168.50.210;
option domain-name-servers 114.114.114.114,114.114.115.115;
option domain-name "miner.example.org";
option routers 10.10.50.1;
default-lease-time 600;
max-lease-time 7200;
}在中继服务器上操作:
在服务器上配置网络的IP为静态IP地址,eth0的配置如下,eth1、eth2的配置类似。
代码语言:javascript复制[root@DHCP ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="static"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR=192.168.30.1
PREFIX=24安装dhcp中继服务器
代码语言:javascript复制[root@zhongji ~]# yum -y install dhcp开启路由转发
代码语言:javascript复制[root@zhongji ~]# vim /etc/sysctl.conf # 修改配置文件
[root@zhongji ~]# sysctl -p
net.ipv4.ip_forward = 1[root@zhongji ~]# vim /etc/sysconfig/dhcrelay
[root@zhongji ~]# cat /etc/sysconfig/dhcrelay
# Command line options here
DHCRELAYARGS=""
# DHCPv4 only
INTERFACES="eth0 eth1 eth2"
# DHCPv4 only
DHCPSERVERS="192.168.30.10"启动dhcrelay服务
代码语言:javascript复制[root@zhongji ~]# /etc/init.d/dhcrelay start客户端测试
启动服务器在DHCP的代理中继服务器网同网段的服务器。
常见错误
- DHCP的服务器的默认网关配置没有指定为代理中继服务器,导致客户端发送请求的时候无法回包 分析原因:抓包查看,DHCP服务器和客户端的网络配置有问题。 解决方法:测试方法,在客户端的服务器上配置临时的公网IP地址。
- DHCP服务器、DHCP代理中继服务器的IP地址会自动变化。 分析原因:这两台服务器上开始dhclient,会向本地的DHCP获取地址。 解决方法:killall dhclinet
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/223037.html原文链接:https://javaforall.cn
