In this free course from ITFreeTraining, we’ll take a look at Dynamic Host Configuration Protocol, better known as DHCP.
In this video from ITFreeTraining I will look at how DHCP reservations work in DHCP for IPv4 and IPv6. Reservations in DHCP allow a device to receive the same IP Address every time that it connects to the network.Show lesson content
Next, I will look at IPv6. Reservations in IPv6 work very differently to IPv4. IPv6 reservations use the DUID and IAID. These are both essentially numbers. In Windows, the combination of these two numbers is used to determine the reservation that is used by the device and thus the IP Address. This has been done to address some of the limitations in IPv4 which only uses the MAC address.
Media Access Control (MAC)
0:56 Before I look at how reservations work, I will first look at the Media Access Control otherwise known as MAC. All network devices have a unique MAC address. This is configured when the network device is manufactured and is 48 bits in length. It is unique to that device and no other network device will have the same MAC address. Just like a serial number it is guaranteed to be unique, and therefore so is the MAC address.
The MAC address is used to communicate on the network. Each packet sent on the network will use that MAC address. This is how computers on the same network can tell each other apart. The MAC address is only used to communicate on the local network. So now that you have a unique way to identify the network card, how does this work with DHCP reservations?
Reserving an IP Address
1:45 The idea behind creating a reservation is to ensure a device on the network will always get the same IP Address. In this case, an IPv4 address. To understand how this works, consider that there is a desktop computer on the network. This desktop computer has a network card which has a MAC address.
The desktop computer will send a request to the DHCP server for an IP Address. Normally the DHCP server will allocate an IP Address to the device from the pool of free IP Addresses. In this case, a reservation has been created on the DHCP server. This reservation links an IP Address to a MAC address. The desktop computer will be given this IP Address. The only thing you need to know is how to get the MAC address.
Getting the MAC Address
2:32 Shown here are the commands you can run to get the MAC address of a network card on Windows and Linux. In some cases, it may be difficult to get the MAC address. For example, you have a device that you may not be able to access. When this occurs, one trick you can use is to get the MAC address from the DHCP server.
For example, if I open the DHCP admin tool on my Windows Server, notice that there are currently no leases that have been allocated by this server. I will connect my Windows 10 computer to the network and allow it to obtain an IP Address.
Now, if I press F5 for refresh, notice that the lease has appeared. Notice on the right is the MAC address. This is what is required to create a reservation. This is one way that you can obtain the MAC address from a device that you do not have access to. That covers it for how to create IPv4 reservations in DHCP.
DHCP IPv4 Limitations
3:31 I will now have a look at some of the limitations of DHCP IPv4. Since the MAC address is used as the identifier for the reservation, the first problem occurs when you have a device with a network card and the network card was to fail. When this occurs, a new network card needs to be put into the device. When this network card is installed, it will have a different MAC address.
When a new network card is installed, since the MAC address has changed, the reservation on the DHCP server needs to change to match the new MAC address. This is the first limitation of DHCP for IPv4.
The next limitation is once again based on the MAC address. Since each network adapter only has the one MAC address, multiple IP Addresses are not supported. It is possible to statically assign multiple IP Addresses to the same network adapter; however, it is not possible to allocate multiple IP Addresses using IPv4 DHCP. Let’s have a look at how DHCP in IPv6 gets around these problems.
Reservations IPv6 DHCP
4:37 The problem with using the MAC address of the network card is that it can change. To get around this, IPv6 uses two different values. The first is the DHCP unique identifier or DUID. This value is a unique value given to all DHCP clients and servers on the network. Just like a serial number, every DHCP client and DHCP server has a different DUID. This allows them to be uniquely identified. I will go into more detail on this later in the video.
The next value a reservation requires is the Identity Association Identifier or IAID. This is a unique value given to every interface on the device. So to put it simply, you have a unique value that identifies the device and a unique value that identifiers an interface on that device. Let’s have a closer look at how they work.
DHCP Unique Identifier (DUID)
5:31 To start with, I will look at the DHCP unique identifier or DUID. This is generated by each DHCP client or DHCP server and is unique on the network. Each DHCP client and server has one DUID and thus is a way of identifying it. If you have watched our previous videos on DHCP and IPv6, you will remember the DUID was used when obtaining a lease to identify the client and server. This helped to reduce the number of broadcasts that were required on the network.
There are three different ways that are used to generate the DUID. The first is Link Layer Address. This essentially is when the MAC address is used to generate the DUID. The second is the Link Layer Address plus a timestamp. This is the same as the first, but a timestamp is added. More on why this is important later in the video. The last type is vendor assigned. This is when the hardware manufacturer generates their own DUID. Let’s have a close look at each and see what they achieve.
Link Layer Address
6:36 The first method I will look at is the Link Layer Address method. This can be configured to be used in Linux computers, but is not the method used by Windows. To understand how the Link Layer Address generates and uses the DUID, consider a computer on the network. This computer has a network card installed. This network card has a MAC address assigned to it by the manufacturer.
Using this method, the following is done to generate the DUID. The first value will be zero three. This indicates that the Link Layer Address method was used. Next is the hardware type. This will be zero one in this example since Ethernet is being used. If a different type of hardware is being used, this may change to something else.
Following this the MAC address is added to the end. This is now a complete DUID. The next step is the DUID is stored in local storage. In Windows, this will be stored in the registry. In Linux it will be stored in a configuration file. This means the DUID will still be recorded and used again the next time the computer is restarted.
Now that a DUID has been generated, the DUID is assigned to the computer. The computer now has a unique number that identifies itself on the network.
The question is now, what happens when a second network card is added to the computer? It does not matter if it is a second network card or if it replaces the first network card, the process is the same. That is, the DUID is retrieved from local storage and used with the network adapter.
So essentially, once a DUID is generated, it is used for all network interfaces on the computer. For example, if you had an Ethernet network card and a wireless network card, the DUID would be generated from the first network adapter. Once generated, it would be used for all other network adapters.
If at some stage you want to regenerate the DUID, delete the DUID from the registry or configuration file and restart the computer. When the computer starts up, if a DUID is not found it is generated and saved to local storage. Once generated, all network adapters will use that DUID even if the network card that it was generated from is removed from the computer.
You can see that this allows a unique DUID to be calculated for a computer and it will stay the same even if the network card were to change or additional network devices were added. However, there is a problem with this method.
Link Layer Address Duplication
8:59 Consider you have a computer on the network with a network card. The network card will be used to generate a DUID. So far no problem. The problem occurs if the network card is moved to another computer. When the network card is used on the second computer, if a DUID does not already exist, it will be generated using the MAC address of the network card.
The problem is, there are now two computers on the network with the same DUID. Not something you want and a limitation of the Link Layer Address method. Let’s have a look at the next method and how it addresses this limitation.
Link Layer Address Plus Timestamp
9:35 Link Layer plus timestamp is used by Windows and Linux. It has all the same fields as with the previous method. The only difference is that it adds a time value. The time value is configured based on the current time on the computer.
Like before, once the DUID is generated, it is stored in local storage or the registry. Like before, if additional network adapters are added or the original network adapter is changed, the same DUID is used. Let’s consider what effect adding a time value does.
DUID With Time Example
10:05 Consider that you have a computer with a network card installed. This network card will have a MAC address assigned to it by the manufacturer. If the computer does not have a DUID, a DUID will be generated when the computer starts up. The DUID will be generated based on the current time on the computer.
Now consider what happens, if there is a second computer on the network. The administrator moves the network card from one computer to the other. Perhaps the computer is being replaced. When the computer starts up and no DUID is present, a new DUID is generated.
In this example, only a short amount of time has passed since the network card was moved from one computer to the other. You can see that only one number in the DUID has changed. This however, is enough to make the DUID unique. You can see the advantage of adding the time value to the DUID and thus, why this is generally the preferred method used to generate the DUID.
DUID Vendor Assigned
11:00 The last method of DUID assignment is vendor assigned. Using this method, the vendor obtains a unique enterprise number. This is guaranteed to be unique to that vendor. The vendor then adds their own vendor identification. This is decided by the vendor. Same principal as a serial number.
The result is the vendor has given the device a unique DUID. This method would generally be used by hardware devices, not devices running operating systems. Essentially what happens is the manufacturer will assign the device a unique DUID. This DUID will not change for the life of the device. Essentially this is the same principal as for the MAC address on a network card. Essentially, the DUID in this case would be like a serial number. That is, allocated by the manufacturer, unique and does not change.
Identity Association Identifier (IAID)
11:50 The next topic that I will look at is the Identity Association Identifier otherwise known as an IAID. This is a 32bit number that is determined by the client. The IAID is unique to each interface on that device.
If you consider an example of a computer on the network. This computer has three network adapters. Each of these network adapters will have an IAID assigned to them. You will notice that each of these values appears very random.
The computer is responsible for the allocation of an IAID to each device. It is important to understand that the IAID once determined must remain the same after restarts. To ensure this occurs, the IAID is generated by an algorithm that will always give the same value, or once an IAID is chosen, the IAID is stored in local storage. This will ensure the IAID will always be the same across restarts.
12:45 Now that we have done all the ground work, we can look at how reservations are created in IPv6. To create a reservation, you simply require the DUID and IAID. Once the administrator has these, they can create a reservation using this information on the DHCP server. Once this information has been configured on the DHCP server, the DHCP server will allocate the same IP address to the device each time the device requests an IP Address.
So essentially the IPv6 reservation is asking for two things. It is asking which DHCP client the reservation applies to and which interface is being used on that client. So what happens if you want to assigned multiple IP Addresses to the same device?
Multiple IP Addresses
13:34 IPv6 does support multiple IP Addresses on the same network adapter. In order to do this, create a second virtual adapter on the device. The second network adapter will have a different IAID number. This allows the DHCP server to determine which interface is requesting an IP Address. That covers it for IP reservations. I will now perform a quick summary of the main points covered in the video.
14:02 For IPv4, the MAC address is used for reservations. The MAC address is a unique number that is assigned to the network card by the manufacturer. It is guaranteed to be unique and thus it works as a good identifier but has its limitations.
14:15 IPv6 addresses some of the limitations of using the MAC address by using the DHCP unique identifier or DUID. This allows every DHCP server and client to be assigned a unique number. This means they can be uniquely identified even if the network adapters in the device change later on.
14:33 The next identifier that IPv6 adds is the Identity Association Identifier or IAID. This is a unique number that is assigned to each network adapter. It is possible to have two devices on the network with the same IAID, however it is never possible to have the same IAID used on the same device. This is how DHCP determines which network adapter is to be used when there is more than one or if the network adapter changes.
15:02 Lastly, IPv6 requires both the DUID and IAID in order for a reservation to be created. Essentially the combination of the two is saying that for this DHCP client, assign this IP Address to this interface. This gives you a few more options over IPv4.
I hope you have found this video from ITFreeTraining helpful. For more videos from us, please see our YouTube channel or web page. Until the next video, I would like to thank you for watching.
“Installing and Configuring Windows Server 2012 R2 Exam Ref 70-410” pages 217-218
“Dynamic Host Configuration Protocol for IPv6 (DHCPv6)” https://tools.ietf.org/html/rfc3315
“MAC address” https://en.wikipedia.org/wiki/MAC_address