目錄

• DHCP服務部署
  • 一. 簡介
  • 二. 用途及功能
  • 三. 原理+拓撲圖
  • 四. 實戰搭建
    • 相關文件
    • 配置基礎DHCP伺服器
    • 配置DHCP保留地址
    • 配置DHCP超級作用域
    • 配置DHCP中繼
  • 五. 小結

DHCP服務部署

一. 簡介

    動態主機設置協議（英語：Dynamic Host Configuration Protocol，縮寫：DHCP）是一個用於區域網的網路協議，位於OSI模型的應用層，使用UDP協議工作。

二. 用途及功能

    •  用於內部網或網路服務供應商自動分配IP地址給用戶
    •  用於內部網管理員作為對所有電腦作中央管理的手段
    •  可分配網卡的IP地址，子網掩碼，網路地址，廣播地址，預設網關，DNS，引導文件，TFTP（pxe kickstart無人值守時用）

三. 原理+拓撲圖

1. 原理

      DHCP客戶端第一次登陸時，由於沒有IP，它會以UDP的67埠廣播發送Discover（源0.0.0.0 目標 255.255.255.255），一秒內沒有應答會以1，3，5，7，9+1-2000ms的延遲重發Discovery包，DHCP伺服器收到請求後，以UDP的68埠發起offer包（源DHCP伺服器IP 目標0.0.0.0， 包中包含IP，子網掩碼，租期等信息 # Discover中包含Client的MAC地址）。
      DHCP伺服器通過ICMP協議測試準備分發的IP是否被占用，Client發送Request包(源0.0.0.0 目標255.255.255.255包中包含Client的MAC地址，接受租約的IP地址，提供租約的DHCP伺服器地址)，DHCP發起ACK回包（原地址 DHCP伺服器地址 目標地址0.0.0.0 包中包含這一IP地址的合法租用以及其他的配置信息）。
      租約問題：用到50%的時候會向伺服器發起續約請求，如果伺服器未響應，用到75%時，再次請求續約，如果仍未響應，則用到100%後，再次廣播發送Discover包。
      Client獲取IP成功後，如果網卡斷了，再次連接時，IP若被占用，則重新發起Discover包，否則將原來的IP地址繼續使用。

2. 示意圖

四. 實戰搭建

相關文件

服務名 : dhcpd dhcrelay
主配置文件 /etc/dhcp/dhcpd.conf
模板文件 /usr/share/doc/dhcp-*/dhcpd.conf.simple
中繼配置文件 /etc/sysconfig/dhcrelay
埠 udp 67 68

配置基礎DHCP伺服器

1. 實驗環境

2. 步驟

(1). master機器配置yum源，安裝dhcp包

[root@master ~]# yum install -y dhcp

(2). 複製模板文件並且覆蓋原有配置文件

[root@master ~]# cp -a /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf

(3). 修改配置文件並重啟dhcp服務

[root@master ~]# vim /etc/dhcp/dhcpd.conf

    subnet 192.168.32.0 netmask 255.255.255.0 {     # subnet指定一個網段 netmask 指定子網掩碼
    range 192.168.32.20 192.168.32.30;                      # range指定自動分配的ip子網為20-30段
    option domain-name-servers 114.114.114.114,8.8.8.8;  # 指定dns伺服器
    option routers 192.168.32.1;                                 # 指定網關
    default-lease-time 600;                                         # 預設租約時間
    max-lease-time 7200;                                            # 最大租約時間
}

[root@master ~]# service dhcpd restart
關閉 dhcpd： [確定]
正在啟動 dhcpd： [確定]

(4). 修改slave1、slave2網卡配置文件

[root@slave1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

    DEVICE=eth0
    TYPE=Ethernet
    UUID=021f0b15-fc52-4e9f-912f-4bf79963fab5
    ONBOOT=yes
    NM_CONTROLLED=yes
    BOOTPROTO=dhcp
    HWADDR=00:0C:29:B1:18:8D
    DEFROUTE=yes
    IPV4_FAILURE_FATAL=yes
    IPV6INIT=no
    NAME="System eth0"

slave2同理，將BOOTPROTO改成dhcp
slave1 結果如下:

slave2結果如下:

配置DHCP保留地址

(1). 修改master的dhcp配置文件

[root@master ~]# vim /etc/dhcp/dhcpd.conf

    host fantasia {
      hardware ethernet 00:0C:29:6D:13:A4;
      fixed-address 192.168.32.22;
    }
    host newhost {
      hardware ethernet 00:0C:29:B1:18:8D;
      fixed-address 192.168.32.23;
    }

(2). 客戶機重啟網路查看mac和ip對應關係

slave1:

slave2:

配置DHCP超級作用域

1. 定義超級作用域

    解決DHCP單個作用域中IP地址不足的情況，比如公司中有300台機器需要配置dhcp自動獲取ip，而一個C類IP只有251個可用地址（拋去網關，頭尾，dhcp伺服器IP），此時需要配置dhcp超級作用域以分配IP不足問題。

2. 配置超級作用域
[root@master ~]# vim /etc/dhcp/dhcpd.conf

    # dhcpd.conf
    #
    # Sample configuration file for ISC dhcpd
    #

    # option definitions common to all supported networks...
    option domain-name "example.org";
    option domain-name-servers ns1.example.org, ns2.example.org;

    default-lease-time 600;
    max-lease-time 7200;

    # Use this to enble / disable dynamic dns updates globally.
    #ddns-update-style none;

    # If this DHCP server is the official DHCP server for the local
    # network, the authoritative directive should be uncommented.
    #authoritative;

    # Use this to send dhcp log messages to a different log file (you also
    # have to hack syslog.conf to complete the redirection).
    log-facility local7;

    # No service will be given on this subnet, but declaring it helps the 
    # DHCP server to understand the network topology.


    # Hosts which require special configuration options can be listed in
    # host statements.   If no address is specified, the address will be
    # allocated dynamically (if possible), but the host-specific information
    # will still come from the host declaration.

    host passacaglia {
      hardware ethernet 0:0:c0:5d:bd:95;
      filename "vmunix.passacaglia";
      server-name "toccata.fugue.com";
    }

    # Fixed IP addresses can also be specified for hosts.   These addresses
    # should not also be listed as being available for dynamic assignment.
    # Hosts for which fixed IP addresses have been specified can boot using
    # BOOTP or DHCP.   Hosts for which no fixed address is specified can only
    # be booted with DHCP, unless there is an address range on the subnet
    # to which a BOOTP client is connected which has the dynamic-bootp flag
    # set.

    # You can declare a class of clients and then do address allocation
    # based on that.   The example below shows a case where all clients
    # in a certain class get addresses on the 10.17.224/24 subnet, and all
    # other clients get addresses on the 10.0.29/24 subnet.

    class "foo" {
      match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
    }
    --------------------------------------------------------------------------
    shared-network 224-29 {
    subnet 192.168.32.0 netmask 255.255.255.0 {
      range 192.168.32.20 192.168.32.20;
      option domain-name-servers 114.114.114.114,8.8.8.8;
      option routers 192.168.32.1;
      default-lease-time 600;
      max-lease-time 7200;
    }
    subnet 192.168.33.0 netmask 255.255.255.0 {
      range 192.168.33.20 192.168.33.20;
      option domain-name-servers 114.114.114.114,8.8.8.8;
      option routers 192.168.33.1;
      default-lease-time 600;
      max-lease-time 7200;
    }
    }
    ---------------------------------------------------------------------------

slave1回顯如下:

slave2回顯如下:

註意!! 此時 slave1和slave2機器是ping不通的，因為網段不同，所以將採用單臂路由的方式讓其通信-------dhcp中繼。

配置DHCP中繼

1. 實驗環境

表格裡未填寫的代表自動獲取,“--”代表不需要配置

2. 實驗步驟

(1). 配置master機器網卡
[root@master ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

    DEVICE=eth0
    HWADDR=00:0C:29:63:EA:94
    TYPE=Ethernet
    UUID=70f2ac2f-2ed4-4f12-887c-f545bf45df8f
    ONBOOT=yes
    NM_CONTROLLED=yes
    BOOTPROTO=static
    IPADDR=192.168.32.80
    NETMASK=255.255.255.0
    GATEWAY=192.168.32.1

(2). 重啟網卡
[root@master ~]# service network restart
正在關閉介面 eth0： [確定]
關閉環回介面： [確定]
彈出環回介面： [確定]
彈出界面 eth0： Determining if ip address 192.168.32.80 is already in use for device eth0...
[確定]
[root@master ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.32.1 0.0.0.0 UG 0 0 0 eth0

(3). 修改配置文件

    # dhcpd.conf
    #
    # Sample configuration file for ISC dhcpd
    #

    # option definitions common to all supported networks...
    option domain-name "example.org";
    option domain-name-servers ns1.example.org, ns2.example.org;

    default-lease-time 600;
    max-lease-time 7200;


    # Use this to send dhcp log messages to a different log file (you also
    # have to hack syslog.conf to complete the redirection).
    log-facility local7;

      subnet 192.168.32.0 netmask 255.255.255.0 {
      range 192.168.32.20 192.168.32.200;
      option domain-name-servers 114.114.114.114,8.8.8.8;
      option routers 192.168.32.1;
      default-lease-time 600;
      max-lease-time 7200;
    }
    subnet 192.168.33.0 netmask 255.255.255.0 {
      range 192.168.33.30 192.168.33.200;
      option domain-name-servers 114.114.114.114,8.8.8.8;
      option routers 192.168.33.1;
      default-lease-time 600;
      max-lease-time 7200;
    }

    host passacaglia {
      hardware ethernet 0:0:c0:5d:bd:95;
      filename "vmunix.passacaglia";
      server-name "toccata.fugue.com";
    }

(4). 修改slave2中繼器網卡配置文件eth0:

(5). 修改slave2的eth1網卡配置文件

(6). slave2開啟路由轉發

vim /etc/sysctl.conf

sysctl -p 生效

(7). 安裝dhcrelay

[root@slave2 ~]# yum install -y dhcp

(8). 修改中繼配置文件

[root@slave2 ~]# vim /etc/sysconfig/dhcrelay

    # Command line options here
    DHCRELAYARGS=""
    # DHCPv4 only
    INTERFACES="eth0 eth1"
    # DHCPv4 only
    DHCPSERVERS="192.168.32.80"

(9). 重啟中繼服務

[root@slave2 ~]# /etc/init.d/dhcrelay restart
正在啟動 dhcrelay： [確定]

(10). slave1和slave3重啟網卡（網卡配置文件別忘改成dhcp）

[root@slave1 ~]# service network restart
正在關閉介面 eth0： [確定]
正在關閉介面 eth1： [確定]
關閉環回介面： [確定]
彈出環回介面： [確定]
彈出界面 eth0：
正在決定 eth0 的 IP 信息...完成。
[root@slave1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:B1:18:8D
inet addr:192.168.32.20 Bcast:192.168.32.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb1:188d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1755 errors:0 dropped:0 overruns:0 frame:0
TX packets:818 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:189969 (185.5 KiB) TX bytes:104084 (101.6 KiB)

[root@slave3 ~]# systemctl restart network
[root@slave3 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.33.30 netmask 255.255.255.0 broadcast 192.168.33.255
inet6 fe80::8fd:c838:d2f4:15ce prefixlen 64 scopeid 0x20
ether 00:0c:29:82:a8:c9 txqueuelen 1000 (Ethernet)
RX packets 239 bytes 25362 (24.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 227 bytes 27096 (26.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

(11). ping查看是否通信

[root@slave1 ~]# ping 192.168.33.30 -c 1
PING 192.168.33.30 (192.168.33.30) 56(84) bytes of data.
64 bytes from 192.168.33.30: icmp_seq=1 ttl=128 time=0.645 ms

--- 192.168.33.30 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.645/0.645/0.645/0.000 ms

[root@slave3 yum.repos.d]# ping 192.168.32.20 -c 1
PING 192.168.32.20 (192.168.32.20) 56(84) bytes of data.
64 bytes from 192.168.32.20: icmp_seq=1 ttl=63 time=0.645 ms

--- 192.168.32.20 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.645/0.645/0.645/0.000 ms

五. 小結

在中繼dhcp配置的過程中可能存在的問題

    描述:
        dhcp中繼分配完的主機只能ping通單向主機
    解決辦法:
        route -n查看路由表，發現配置雙網卡，nat模式的網關占用了dhcp分配的網關，導致所有的數據包通過nat模式的網關口出去。最後將nat模式的網卡網關刪除，重啟網卡即可恢復正常。