WEBVTT

0:00:03.020000 --> 0:00:08.880000
 Hello and welcome to this video titled
 an overview of DHCP operations.

0:00:08.880000 --> 0:00:10.620000
 And that's exactly what
 I'm going to talk about.

0:00:10.620000 --> 0:00:14.740000
 We're just going to do a brief review
 of how DHCP works in this video.

0:00:14.740000 --> 0:00:19.780000
 So let's start out by looking
 at the DHCP packet format.

0:00:19.780000 --> 0:00:23.180000
 Actually let's come back to that in
 a minute and just look at the basic

0:00:23.180000 --> 0:00:26.060000
 operation of DHCP and then we'll
 go back to that packet format.

0:00:26.060000 --> 0:00:33.360000
 So we know that DHCP is a client server
 protocol with your laptop or your

0:00:33.360000 --> 0:00:37.140000
 tablet or your smartphone
 being the DHCP client.

0:00:37.140000 --> 0:00:46.620000
 And then some of the device typically
 a server acting as the DHCP server.

0:00:46.620000 --> 0:00:53.420000
 And the idea behind DHCP is to dynamically
 obtain your IP information.

0:00:53.420000 --> 0:00:58.000000
 So the way DHCP works is when the client
 boots up, the first DHCP message

0:00:58.000000 --> 0:01:04.540000
 he sends is called a DHCP offer.

0:01:04.540000 --> 0:01:13.400000
 This goes out as a broadcast, which
 means that when it hits the switch,

0:01:13.400000 --> 0:01:17.640000
 any other ports that are in that same
 VLAN will see that DHCP discover

0:01:17.640000 --> 0:01:21.800000
 because it is a broadcast and broadcasts
 get flooded by switches.

0:01:21.800000 --> 0:01:26.760000
 So that will presumably make its
 way over to the DHCP server.

0:01:26.760000 --> 0:01:32.880000
 The DHCP server then in turn will respond
 back with what's called a DHCP

0:01:32.880000 --> 0:01:41.140000
 offer. And that's where he will actually
 say things like your IP address

0:01:41.140000 --> 0:01:46.520000
 is, let's just say 1.1.1.1.

0:01:46.520000 --> 0:01:51.740000
 He'll give your subnet mask, whatever
 that happens to be at the time.

0:01:51.740000 --> 0:01:55.640000
 He'll give your default gateway, your
 DNS server as well as a variety

0:01:55.640000 --> 0:01:56.800000
 of other things.

0:01:56.800000 --> 0:02:00.020000
 Now this goes as a unicast.

0:02:00.020000 --> 0:02:05.300000
 So that message will be just switched
 by the switch back to you.

0:02:05.300000 --> 0:02:09.580000
 Anybody else in the same VLAN will
 not see that because that's unicast

0:02:09.580000 --> 0:02:15.180000
 traffic. Alright, at this point the
 server doesn't know if you accepted

0:02:15.180000 --> 0:02:20.680000
 that information or not.

0:02:20.680000 --> 0:02:28.820000
 So the next message you will send out
 then is a DHCP request message.

0:02:28.820000 --> 0:02:36.480000
 Just like the offer was a broadcast,
 this is a broadcast.

0:02:36.480000 --> 0:02:42.300000
 Which once again means that anybody
 on the same VLAN as you will see it.

0:02:42.300000 --> 0:02:46.100000
 And in that DHCP request you will
 say, hey, I like what you gave me.

0:02:46.100000 --> 0:02:53.680000
 I'm requesting that I'm able to keep 1.1
.1.1.1.24 and whatever other information

0:02:53.680000 --> 0:02:55.440000
 the server gave you.

0:02:55.440000 --> 0:02:59.500000
 At this point the server knows that that
 IP information has been allocated

0:02:59.500000 --> 0:03:05.940000
 to you for a defined amount of time
 which is what we call the lease.

0:03:05.940000 --> 0:03:09.320000
 And so the DHCP server will send one
 message back to you one last time

0:03:09.320000 --> 0:03:14.320000
 which is called a DHCP
 acknowledgement.

0:03:14.320000 --> 0:03:17.780000
 This is where he says, okay, great, I'm
 not going to give that information

0:03:17.780000 --> 0:03:19.360000
 to anybody else.

0:03:19.360000 --> 0:03:24.400000
 It is now yours for the
 duration of the lease.

0:03:24.400000 --> 0:03:30.400000
 So a lot of times people remember this
 process by the acronym or the memory

0:03:30.400000 --> 0:03:33.240000
 aid, the pneumatic of DORA.

0:03:33.240000 --> 0:03:37.660000
 Discover, offer, request,
 acknowledgement.

0:03:37.660000 --> 0:03:43.060000
 So that's the sort of the four
 way handshake there of DHCP.

0:03:43.060000 --> 0:03:47.520000
 And I want to once again call your
 attention to the fact that the DHCP

0:03:47.520000 --> 0:03:52.420000
 client messages are
 broadcast in nature.

0:03:52.420000 --> 0:03:56.740000
 And because switches flood broadcast
 packets that can be very insecure

0:03:56.740000 --> 0:04:03.100000
 and that can lead people to using
 that information against you.

0:04:03.100000 --> 0:04:05.200000
 Now let's just go back
 for a moment here.

0:04:05.200000 --> 0:04:10.280000
 In this entire topology diagram we've
 assumed that the DHCP server was

0:04:10.280000 --> 0:04:15.920000
 actually on the same VLAN on the same
 broadcast domain as you, as PCA.

0:04:15.920000 --> 0:04:20.120000
 Because after all if a broadcast is
 going out for either our discover

0:04:20.120000 --> 0:04:24.620000
 or our request messages and the switch
 floods it, that means the only

0:04:24.620000 --> 0:04:28.580000
 way the DHCP server is going to see
 it is if he's able to receive that

0:04:28.580000 --> 0:04:31.920000
 broadcast. But what if
 that's not the case?

0:04:31.920000 --> 0:04:37.180000
 What if that DHCP server is actually
 separated by a router?

0:04:37.180000 --> 0:04:40.440000
 Is on another side of a router?

0:04:40.440000 --> 0:04:44.600000
 So what if we have here on this router's
 interface, he's already pre-configured

0:04:44.600000 --> 0:04:47.920000
 with some IP address,
 let's say that.

0:04:47.920000 --> 0:04:50.920000
 And this interface right here, he's
 pre-configured with some other IP

0:04:50.920000 --> 0:04:58.100000
 address. Well now we have a problem
 because routers do not forward DHCP

0:04:58.100000 --> 0:05:00.900000
 broadcast by default.

0:05:00.900000 --> 0:05:09.800000
 So as this DHCP discover comes in, as
 a broadcast, the router would check

0:05:09.800000 --> 0:05:12.820000
 it because after all he'd say, well
 I have to check every broadcast.

0:05:12.820000 --> 0:05:16.420000
 Maybe this broadcast is somebody who's
 trying to arp for me or something

0:05:16.420000 --> 0:05:22.760000
 else. But the router would very quickly
 discover that this broadcast was

0:05:22.760000 --> 0:05:26.940000
 not meant for him after all he's not
 running DHCP and he would drop it

0:05:26.940000 --> 0:05:31.360000
 right there. So on the router we have
 to do something to give him the

0:05:31.360000 --> 0:05:37.180000
 ability to get to the server who is maybe
 2, 2, 3 or even in a completely

0:05:37.180000 --> 0:05:38.180000
 different subnet.

0:05:38.180000 --> 0:05:41.720000
 And so the way we do that is on that
 router's interface, let's say that

0:05:41.720000 --> 0:05:47.940000
 router's interface is interface fast ethernet
 0 slash 1, we do the following

0:05:47.940000 --> 0:05:55.280000
 command. We say IP helper
 dash address.

0:05:55.280000 --> 0:06:02.260000
 And then we give it the address
 of the DHCP server.

0:06:02.260000 --> 0:06:06.520000
 So on the under the interface of the
 router that's facing the client,

0:06:06.520000 --> 0:06:10.900000
 we type IP helper dash
 address 2.2.2.3.

0:06:10.900000 --> 0:06:15.020000
 Now this is assuming of course that
 the router knows how to get to 2.2

0:06:15.020000 --> 0:06:17.760000
.3. In this case he's directly
 connected to that.

0:06:17.760000 --> 0:06:21.980000
 But that DHCP server could
 be 3, 4, 5 routers away.

0:06:21.980000 --> 0:06:25.880000
 The main point is this command is useless
 unless the router has a route

0:06:25.880000 --> 0:06:27.400000
 to that destination.

0:06:27.400000 --> 0:06:31.760000
 And so what that's going to do for
 us is as this discover comes in now

0:06:31.760000 --> 0:06:35.460000
 the router will basically be able to
 convert it into a unicast packet

0:06:35.460000 --> 0:06:39.500000
 and he'll unicast it
 to the DHCP server.

0:06:39.500000 --> 0:06:44.600000
 Now when he does that keep in mind that
 this DHCP server could be serving

0:06:44.600000 --> 0:06:47.560000
 up IP addresses for all kinds
 of different subnets.

0:06:47.560000 --> 0:06:52.180000
 In this organization he could have
 a DHCP pool for payroll which is in

0:06:52.180000 --> 0:06:53.760000
 the one network.

0:06:53.760000 --> 0:06:59.400000
 He could have a DHCP pool for human resources
 which is in the 5.5 network.

0:06:59.400000 --> 0:07:05.600000
 So as this DHCP discover now is being
 unicasted to him he has to know

0:07:05.600000 --> 0:07:11.380000
 which DHCP pool to select an
 appropriate address from.

0:07:11.380000 --> 0:07:15.440000
 And the way he does that is that when
 the router converts this into a

0:07:15.440000 --> 0:07:20.260000
 unicast the router is actually going to
 take his own IP address that received

0:07:20.260000 --> 0:07:26.000000
 this packet 1 1 1 1 and he's going to
 put it inside the discover packet

0:07:26.000000 --> 0:07:31.520000
 itself. So inside the discover packet
 there's a field called the gateway

0:07:31.520000 --> 0:07:35.080000
 IP address field.

0:07:35.080000 --> 0:07:40.420000
 The gateway IP address field normally
 when a client first creates a discover

0:07:40.420000 --> 0:07:43.480000
 message that field is just
 left with all zeros.

0:07:43.480000 --> 0:07:50.120000
 But if it passes through a gateway the
 gateway will actually put his own

0:07:50.120000 --> 0:07:52.100000
 IP address in there.

0:07:52.100000 --> 0:07:56.120000
 And that's how the server will know oh
 okay this DHCP message passed through

0:07:56.120000 --> 0:08:03.660000
 router that was 1 1 1 1 let me find an
 IP addressing pool that is appropriate

0:08:03.660000 --> 0:08:06.160000
 for the IP address.

0:08:06.160000 --> 0:08:11.520000
 So from here now we can go back to the
 previous slide I skipped over and

0:08:11.520000 --> 0:08:14.080000
 we can see the DHCP packet format.


0:08:14.080000 --> 0:08:16.860000
 So there's a lot of fields in here
 we don't need to go through all the

0:08:16.860000 --> 0:08:20.740000
 nitty gritty fields of
 this operation code.

0:08:20.740000 --> 0:08:24.360000
 So for example there's an operation
 code for a discover packet.

0:08:24.360000 --> 0:08:28.360000
 Another operation code for a request
 another operation code for an offer.

0:08:28.360000 --> 0:08:32.640000
 So that'll indicate what kind
 of DHCP packet it is.

0:08:32.640000 --> 0:08:37.340000
 And we'll see in here client IP address
 well if your laptop currently

0:08:37.340000 --> 0:08:40.920000
 doesn't have an IP address it'll
 put all zeros in there.

0:08:40.920000 --> 0:08:45.020000
 So in the discover packet this is this
 is the way the client will say

0:08:45.020000 --> 0:08:47.680000
 hey I need some IP information
 I don't have it.

0:08:47.680000 --> 0:08:55.380000
 When the server responds back with the
 offer he'll put the offers address

0:08:55.380000 --> 0:09:02.740000
 in here. In the your IP address field
 he'll also put his own IP address

0:09:02.740000 --> 0:09:06.520000
 the server will say by the way I'm your
 friendly neighborhood DHCP server

0:09:06.520000 --> 0:09:13.340000
 at 2.2.2.3. And here is that gateway
 IP address field normally it's zeroed

0:09:13.340000 --> 0:09:17.620000
 out as the packet leaves the client but
 if it gets routed through a router

0:09:17.620000 --> 0:09:23.360000
 the router will stuff his own
 IP address into that field.

0:09:23.360000 --> 0:09:26.660000
 We also have some other
 stuff in there as well.

0:09:26.660000 --> 0:09:32.820000
 So that is a basic review
 of the DHCP process.

0:09:32.820000 --> 0:09:35.580000
 Thank you very much for
 watching this video.