It's imperative for sys admins to manage IP addressing properly, even in simple networks. Routers, firewalls and monitoring tools all use IP addresses to uniquely identify and organize network devices.
Network nodes usually have the following three identities:
- Internet Protocol (IP) address
- media access control (MAC) address
Hostnames are assigned by administrators and are descriptive names helpful to human users, such as webserver3.mydomain.internal. MAC addresses are hardcoded on the network interface card (NIC) and are unique to it. IP addresses are logical addresses managed by administrators.
Each network node needs an IP address. These addresses are assigned and configured in two primary ways: static assignment and dynamic assignment.
This article discusses both static and dynamic addressing, what these concepts mean and when to use each one.
Rules to keep in mind
At a minimum, IP address settings consist of the actual IP address and a subnet mask. It is likely, however, that sys admins will also configure the IP address of a default gateway (router) and name resolution servers. These configurations can't contain mistakes or typos, and no duplicate IP addresses on the network are permitted. These are critical factors to keep in mind.
Static IP address assignment
An administrator manually configures static IP addresses on a node. The admin sets the desired IP address, subnet mask, default gateway, name server and other values. While the process is usually simple, admins should keep the following points in mind:
- The sys admin can make no mistakes or typographical errors and must avoid any duplicate IP address assignments for either static or dynamic addressing.
- The process is easy but time-consuming when calculated against every device on the network.
- Any updates or modifications to the IP settings also must be configured manually.
In practice, static IP address assignments are usually only made to a specific and relatively small part of the network, such as the following:
- network print devices (though not all admins set static IP addresses on printers)
If these devices are the only ones that are manually configured, how do other devices -- such as workstations, phones or tablets -- get their IP address settings?
The answer: dynamic IP address assignment.
Dynamic IP address assignment
Most network devices temporarily lease an IP address configuration from a central server called a Dynamic Host Configuration Protocol (DHCP) server. Administrators configure the DHCP server with a pool of available IP addresses and any additional options. Client machines then connect to the DHCP server to lease a configuration.
As with static IP address assignment, dynamic configurations consist of several related values, including the following:
- IP address and subnet mask
- default gateway
- name servers
Dynamic assignment is appropriate for client machines that don't need a consistent, unchanging identity on the network. For example, 50 workstations might share and connect to a network print device located at 192.168.2.42. The workstations always expect to find that printer at that address, so that printer needs an unchanging identity. Typically, however, client devices don't host services or resources that must be consistently found at the same address.
Further, client devices tend to be much more temporary than servers, routers and printers. Laptops, tablets and phones come and go on the network daily or even hourly, especially in environments such as coffee shops or libraries.
Static addressing pros and cons
Static IP address configurations are usually for unchanging network devices.
Advantages of static IP addresses include the following:
- The network identity does not change.
- The node can be connected to regardless of name resolution issues.
- Administrators retain tight control over identities.
- Network resources can be mapped to unchanging IP addresses.
Static IP addresses have their disadvantages as well:
- Mistakes cannot be made during static assignment.
- Administrators must not accidentally assign duplicate addresses.
- Setting and changing the IP address configuration is manual and time-consuming.
Dynamic addressing pros and cons
Dynamic IP assignments are best for nonpermanent devices and those that don't often need to be found by other network nodes.
Dynamic IP addresses offer the following advantages:
- The server does not make typographical errors.
- Duplicate IP address assignments are reduced.
- Changing the IP address configuration is quick and efficient.
- Network nodes are easy to identify.
Disadvantages of dynamic IP addresses include the following:
- Nodes will have different identities over time.
- It is more difficult to identify specific nodes on the network.
Tracking IP address configurations
Administrators must track IP address configurations. Tracking doesn't have to be complex, and network services can help.
At its most basic, tracking may consist of a simple spreadsheet that clearly notes the statically assigned IP addresses and the nodes on which they are configured. The spreadsheet should also list the range of addresses included in the DHCP scope that will be dynamically assigned.
Various network services also help administrators track IP address settings. For example, IP address management can track which nodes have which IP addresses. Regardless of which method sys admins use, it's essential for them to document the IP address configuration of their network.
Lease generation and renewal
DHCP clients go through a four-step process to lease an IP address configuration: discover, offer, request and acknowledge -- or DORA.
Because the client devices don't yet have a valid IP address, the entire process takes place via broadcasts. Below is a breakdown of the lease process:
- The client broadcasts a discover message asking for DHCP servers to provide an IP address.
- The DHCP server offers an unassigned IP address from its scope.
- The client formally requests the use of the IP address from the first DHCP server to respond.
- The server acknowledges the request and logs the IP address leased to that network device.
Note that the clients initiate the process, not the server. DHCP servers are passive, awaiting lease requests from clients.
One parameter set by a DHCP server is the lease duration. The leased IP address is not permanent, meaning the client must periodically attempt to renew the address. This enables administrators to update the DHCP configuration and the updates to eventually reach the client devices.
Windows DHCP servers use an eight-day lease by default. This means clients that lease an IP address from the server have a valid configuration for eight days. At the halfway point in the lease -- in this case, four days -- the client attempts to renew its configuration. The renewal is steps three and four of the DORA process: request and acknowledge. The renewal will likely be successful, and the lease duration will reset.
So, why wouldn't a renewal attempt be successful? The DHCP server may have an updated configuration, meaning the client is attempting to renew outdated settings. In this case, the DHCP server fails the renewal attempt, which causes the client device to initiate an entirely new lease generation attempt. Such an attempt provides it with the updated settings.
Automatic private IP addressing
If a client computer cannot lease an IP address configuration from a DHCP server, it uses Automatic Private IP Addressing (APIPA) to create a self-generated address.
APIPA addresses use the Class B range 169.254.0.0. The client will generate random values between 1 and 254 for the last two octets. While these addresses may enable a little network connectivity, they are more like error messages. If a client has an APIPA address, sys admins can know the lease generation process failed and begin troubleshooting based on that information.
Sys admins can use tools such as Nmap to identify nodes on the network. These nodes will be displayed by their IP addresses, and admins can use that information for tracking and documenting IP address configurations.
Another useful exercise is to capture the DORA process as it happens by using Wireshark. This is a great way to learn and visualize the lease generation process.
Intrusion detection systems often identify utilities such as Wireshark and Nmap as hacker tools. Such systems may send a warning to the organization's security administrators. Do not run these tools on a production network without express authorization.
We'll dive deeper into troubleshooting in another article. But sys admins can use ipconfig /release and ipconfig /renew on Windows to force the lease generation process. The ipconfig command and its related switches can be helpful for troubleshooting. Use dhclient -r and dhclient on Linux systems to accomplish the same result.
Network nodes require unique IP addresses, and these addresses can be manually assigned by administrators or dynamically assigned by a DHCP server.
Most network environments rely on a combination of the two approaches: Admins directly configure devices such as servers and routers, while DHCP configures client devices. Each method has its advantages and disadvantages, with benefits centered around convenience and consistency.
The dynamic method uses the four-step DORA process in which a client leases a configuration from a DHCP server and must periodically renew that address. If this process fails, the client assigns itself an address from the reserved Class B range, 169.254.0.0 -- the APIPA range.
Setting up a Windows DHCP server is relatively straightforward, as is managing DHCP client configurations. We'll provide details on both those topics in future articles.