Upload
githe26200
View
2.645
Download
3
Embed Size (px)
DESCRIPTION
Citation preview
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 1 of 29
Session 3
DHCP Network Design
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 2 of 29
TCP/IP works on four layers: Interface Internet Transport Application.
The subnet mask displays only the network ID. Subnets can be created on a physical or logical
basis. A secure network is one where data and
resources are protected effectively.
Review
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 3 of 29
Objectives Describe DHCP and its working Identify the requirements for a
DHCP solution Identify DHCP design possibilities Secure the DHCP service Identify the methods to enhance
the DHCP service
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 4 of 29
Dynamic Host Configuration Protocol (DHCP)
Automates the allocation of: IP addresses Subnet mask Default gateway WINS server.
IP address allocation takes place using four commands: DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK
IP address allocation can be dynamic, automatic or manual
IP addresses must be renewed periodically
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 5 of 29
Features of DHCP The features of DHCP are:
RFC Compliance Integration with DNS and Active
Directory Support for vendor specific options
and Multicast addresses Integration of Routing and Remote
Access
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 6 of 29
DHCP Design DHCP can be designed for:
LAN Routed Networks Non-Microsoft Clients
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 7 of 29
DHCP Design for the LAN One DHCP server can support thousands
of DHCP clients in a local area network
DHCP Server
LAN
Internet
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 8 of 29
DHCP Design for the LAN Contd…
In a single DHCP environment, one scope that contains the entire TCP/IP configuration required for that network, is defined for all the DHCP clients.
In a multiple DHCP environment, we may need to define one superscope that includes all the scopes.
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 9 of 29
DHCP Design for Routed Network
We have to make use of the DHCP relay agent to forward broadcast requests through the routers to the DHCP servers.
DHCP client uses the dynamic host communication protocol to communicate with the DHCP relay agent.
DHCP relay agent sends unicast packets to the DHCP server.
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 10 of 29
DHCP Relay Agent DHCP relay agent is used if:
No DHCP server is available on that subnet DHCP relay agent can be run on available computers Routers do not support DHCP or BOOTP packets
Subnet 2
DHCP Server
DHCP Clients
Router
DHCP Client
DHCP ClientDHCP Client
Router
DHCP Client
Non-DHCP Client
DHCP Relay Agent
Subnet 1
Subnet 3
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 11 of 29
DHCP Design for Non Microsoft Clients
A network consists of Windows clients and non-Windows based clients.
All the clients in the network may require dynamic IP address configuration
DHCP Server
Diskless Workstation
Non-DHCP Client
Non-Microsoft DHCP Client
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 12 of 29
DHCP Design Enhancement
To increase the availability of the DHCP server, we need to: Create superscopes on multiple DHCP
servers Enable support for Windows Server 2003
clustering solution DHCP server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 13 of 29
Superscopes on multiple DHCP servers
Enables sharing of IP addresses and increase the availability of the DHCP service
The load on the DHCP servers is distributed among all the DHCP servers and reduces redundancy by using distributed scopes
DH CP Server
DHC P Server D HCP Server
DH CP Server
Distributed Scopes
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 14 of 29
DHCP Server and Windows Server 2003 Clustering
Provides immediate failover and the service is restarted when an event fails
Provides quick restoration of failed server as only one DHCP database is referred to
Enables elimination of distributed scope, which reduces overhead
DHCP Server
DHCP ServerDHCP Server
DHCP Server Cluster
Logical DHCP Server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 15 of 29
Installing DHCP Installing DHCP involves:
Installing and authorizing the DHCP service
Creating and configuring the scopes to be used
Setting up optional parameters Activating the scopes
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 16 of 29
DHCP Administration Security
DHCP administrating can be secured by: Securing the DHCP service Identifying and stopping rogue DHCP
servers Using a firewall
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 17 of 29
Securing DHCP
We can provide security by: Authorizing the DHCP Server Controlling user access to the
configuration files of the DHCP server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 18 of 29
Authorization of DHCP Server
There must be one DHCP server with the active directory enabled in the network.
The active directory contains the list of authorized DHCP servers.
When the other Windows Server 2003 DHCP servers start, they contact the Active Directory DHCP server, and are authorized to lease the IP addresses
Authorised ListS1S2
DHCP Server
S2S3
S1
Active Directory
DHCP Server
DHCP Server
DHCP Server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 19 of 29
Control User Access using Windows Server 2003 Groups
DHCP administrators are special group that have permissions for DHCP administration.
The DHCP Users and special local group permit Read Only access.
An authorized user can gain access to information on a DHCP server by being a member of the special group.
A user can be stopped from making any changes to the configuration
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 20 of 29
Rogue DHCP Servers An unauthorized or rogue DHCP server
may cause the network to malfunction. Windows Server 2003 supports server
authorization when DHCP service is installed.
The DHCP service is shut down if the DHCP server is not authorized
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 21 of 29
DHCP in a Firewall Environment
We can reduce unauthorized access by: Configuring the reserved IP address manually Extending the lease duration Reducing the available address range
FIREWALL
FIREWALLServer
Internal Network
DHCP Server
D HCP ServerF ile Server
Internet
Internal FirewallExternel F irewall
W eb Server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 22 of 29
DHCP Performance
DHCP server performance can be increased by: Enhancing the single DHCP server’s
response time Using multiple DHCP servers Modifying the DHCP lease time
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 23 of 29
Single DHCP Server We can improve the DHCP performance in Windows
Server 2003 by: Using multiple CPUs so that the DHCP service
can function faster using multithreading Enhancing the database so that the query
response time can be the best possible We can improve the DHCP server response time by:
Adding more than one CPU Adding enough memory Having high performance disks Having high bandwidth network card or many
network cards
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 24 of 29
Multiple DHCP Servers We can enhance the performance of multiple
DHCP servers by: Having distributed scopes so that the
address range is divided between the servers Placing a DHCP server on the most populated
subnet Placing DHCP servers on either side of the
WAN link Having multi-homed DHCP servers so that
network traffic across subnets is minimized
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 25 of 29
DHCP Server Lease Time
If we reduce the lease time, the network traffic increases, though the IP address is released sooner.
If we increase the lease time, the network traffic decreases and the IP address is released later.
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 26 of 29
Summary DHCP automates allocation of IP addresses
and other networking information IP address allocation uses four commands:
DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK
DHCP can be designed for LANs, Routed Networks, and non-Microsoft clients
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 27 of 29
Summary Contd… DHCP can be secured by stopping rogue
servers and using firewalls One DHCP server can support thousands
of DHCP clients in a local area network DHCP client uses the dynamic host
communication protocol to communicate with the DHCP relay agent
DHCP relay agent sends unicast packets to the DHCP server
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 28 of 29
Summary Contd… Installing DHCP involves:
Installing and authorizing the DHCP service Creating and configuring the scopes to be
used Setting up optional parameters Activating the scopes
DHCP administrating can be secured by: Securing the DHCP service Identifying and stopping rogue DHCP
servers Using a firewall
Microsoft Windows Server 2003 Network Infrastructure – Planning and Maintenance/ Session 3 / Slide 29 of 29
Summary Contd… DHCP server performance can be
increased by:
Enhancing the single DHCP response time of the server
Using multiple DHCP servers
Modifying the DHCP lease time