DHCP defined and how it works

The ability to network devices quickly and easily is critical in a hyper-connected world, and although it has been around for decades, DHCP remains an essential method to ensure that devices are able to join networks and are configured correctly.

 DHCP greatly reduces the errors that are made when IP addresses are assigned manually, and can stretch IP addresses by limiting how long a device can keep an individual IP address.

DHCP definition

DHCP stands for dynamic host configuration protocol and is a network protocol used on IP networks where a DHCP server automatically assigns an IP address and other information to each host on the network so they can communicate efficiently with other endpoints.

In addition to the IP address, DHCP also assigns the subnet mask, default gateway address, domain name server (DNS) address and other pertinent configuration parameters. Request for comments (RFC) 2131 and 2132 define DHCP as an Internet Engineering Task Force (IETF)- defined standard based on the BOOTP protocol.

DHCP simplifies IP address management

The primary reason DHCP is needed is to simplify the management of IP addresses on networks.  No two hosts can have the same IP address, and configuring them manually will likely lead to errors. Even on small networks manually assigning IP addresses can be confusing, particularly with mobile devices that require IP addresses on a non-permanent basis. Also, most users aren’t technically proficient enough to locate the IP address information on a computer and assign it. Automating this process makes life easier for users and the network administrator.

Components of DHCP

When working with DHCP, it’s important to understand all of the components.  Below is a list of them and what they do:

• DHCP server: A networked device running the DCHP service that holds IP addresses and related configuration information. This is most typically a server or a router but could be anything that acts as a host, such as an SD-WAN appliance.
• DHCP client: The endpoint that receives configuration information from a DHCP server. This can be a computer, mobile device, IoT endpoint or anything else that requires connectivity to the network.  Most are configured to receive DHCP information by default.
• IP address pool: The range of addresses that are available to DHCP clients. Addresses are typically handed out sequentially from lowest to highest.
• Subnet: IP networks can be partitioned into segments known as subnets. Subnets help keep networks manageable.
• Lease: The length of time for which a DHCP client holds the IP address information. When a lease expires, the client must renew it.
• DHCP relay: A router or host that listens for client messages being broadcast on that network and then forwards them to a configured server. The server then sends responses back to the relay agent that passes them along to the client. This can be used to centralize DHCP servers instead of having a server on each subnet.

Benefits of DHCP servers

In addition to simplified management, the use of a DHCP server provides other benefits.  These include:

• Accurate IP configuration: The IP address configuration parameters must be exact and when dealing with inputs such as “192.168.159.3”, it’s easy to make a mistake. Typographical errors are typically very difficult to troubleshoot and the use of a DHCP server minimizes that risk.
• Reduced IP address conflicts: Each connected device must have an IP address. However, each address can only be used once and a duplicate address will result in a conflict where one or both of the devices cannot be connected. This can happen when addresses are assigned manually, particularly when there are a large number of endpoints that only connect periodically, such as mobile devices.  The use of DHCP ensures that each address is only used once.
• Automation of IP address administration: Without DHCP, network administrators would need to assign and revoke addresses manually.  Keeping track of which device has what address can be an exercise in futility as it’s nearly impossible to understand when devices require access to the network and when they leave.  DHCP allows this to be automated and centralized so network professionals can manage all locations from a single location.
• Efficient change management: The use of DHCP makes it very simple to change addresses, scopes or endpoints. For example, an organization may want to change its IP addressing scheme from one range to another. The DHCP server is configured with the new information and the information will be propagated to the new endpoints. Similarly, if a network device is upgraded and replaced, no network configuration is required.

DHCP poses security risks  

The DHCP protocol requires no authentication so any client can join a network quickly. Because of this, it opens up a number of security risks, including unauthorized servers handing out bad information to clients, unauthorized clients being given IP addresses and IP address depletion from unauthorized or malicious clients.

Since the client has no way of validating the authenticity of a DHCP server, rouge ones can be used to provide incorrect network information. This can cause denial-of-service attacks or man-in-the-middle attacks where a fake server intercepts data that can be used for malicious purposes. Conversely, because the DHCP server has no way of authenticating a client, it will hand out IP address information to any device that makes a request.  A threat actor could configure a client to continually change its credentials and quickly exhaust all available IP addresses in the scope, preventing company endpoints from accessing the network.

The DHCP specification does addresses some of these issues. There is a Relay Agent Information Option that enables engineers to tag DHCP messages as they arrive on the network. This tag can be used to control access to the network. There is also a provision to authenticate DHCP messages, but key management can be complicated and has held back adoption. The use of 802.1x authentication, otherwise known as network access control (NAC), can be used to secure DHCP.  Most of the leading network vendors support NAC, and it has become significantly simpler to deploy.