DHCP服务部署
dhcp服务部署
一. 简介
动态主机设置协议(英语:dynamic host configuration protocol,缩写:dhcp)是一个用于局域网的网络协议,位于osi模型的应用层,使用udp协议工作。
二. 用途及功能
• 用于内部网或网络服务供应商自动分配ip地址给用户
• 用于内部网管理员作为对所有计算机作*管理的手段
• 可分配网卡的ip地址,子网掩码,网络地址,广播地址,默认网关,dns,引导文件,tftp(pxe kickstart无人值守时用)
三. 原理+拓扑图
1. 原理
dhcp客户端第一次登陆时,由于没有ip,它会以udp的67端口广播发送discover(源0.0.0.0 目标 255.255.255.255),一秒内没有应答会以1,3,5,7,9+1-2000ms的延迟重发discovery包,dhcp服务器收到请求后,以udp的68端口发起offer包(源dhcp服务器ip 目标0.0.0.0, 包中包含ip,子网掩码,租期等信息 # discover中包含client的mac地址)。
dhcp服务器通过icmp协议测试准备分发的ip是否被占用,client发送request包(源0.0.0.0 目标255.255.255.255包中包含client的mac地址,接受租约的ip地址,提供租约的dhcp服务器地址),dhcp发起ack回包(原地址 dhcp服务器地址 目标地址0.0.0.0 包中包含这一ip地址的合法租用以及其他的配置信息)。
租约问题:用到50%的时候会向服务器发起续约请求,如果服务器未响应,用到75%时,再次请求续约,如果仍未响应,则用到100%后,再次广播发送discover包。
client获取ip成功后,如果网卡断了,再次连接时,ip若被占用,则重新发起discover包,否则将原来的ip地址继续使用。
2. 示意图
四. 实战搭建
相关文件
服务名 : dhcpd dhcrelay
主配置文件 /etc/dhcp/dhcpd.conf
模板文件 /usr/share/doc/dhcp-*/dhcpd.conf.simple
中继配置文件 /etc/sysconfig/dhcrelay
端口 udp 67 68
配置基础dhcp服务器
1. 实验环境
| 机器 | master | slave1 | slave2 |
|---|---|---|---|
| 作用 | dhcp服务端 | 客户端 | 客户端 |
| ip地址 | 192.168.32.80 | 192.168.32.81 | 192.168.32.82 |
2. 步骤
(1). master机器配置yum源,安装dhcp包
[root@master ~]# yum install -y dhcp
(2). 复制模板文件并且覆盖原有配置文件
[root@master ~]# cp -a /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
(3). 修改配置文件并重启dhcp服务
[root@master ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.32.0 netmask 255.255.255.0 { # subnet指定一个网段 netmask 指定子网掩码
range 192.168.32.20 192.168.32.30; # range指定自动分配的ip子网为20-30段
option domain-name-servers 114.114.114.114,8.8.8.8; # 指定dns服务器
option routers 192.168.32.1; # 指定网关
default-lease-time 600; # 默认租约时间
max-lease-time 7200; # 最大租约时间
}
[root@master ~]# service dhcpd restart
关闭 dhcpd: [确定]
正在启动 dhcpd: [确定]
(4). 修改slave1、slave2网卡配置文件
[root@slave1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
device=eth0
type=ethernet
uuid=021f0b15-fc52-4e9f-912f-4bf79963fab5
onboot=yes
nm_controlled=yes
bootproto=dhcp
hwaddr=00:0c:29:b1:18:8d
defroute=yes
ipv4_failure_fatal=yes
ipv6init=no
name="system eth0"
slave2同理,将bootproto改成dhcp
slave1 结果如下:
slave2结果如下:
配置dhcp保留地址
(1). 修改master的dhcp配置文件
[root@master ~]# vim /etc/dhcp/dhcpd.conf
host fantasia {
hardware ethernet 00:0c:29:6d:13:a4;
fixed-address 192.168.32.22;
}
host newhost {
hardware ethernet 00:0c:29:b1:18:8d;
fixed-address 192.168.32.23;
}
(2). 客户机重启网络查看mac和ip对应关系
slave1:
slave2:
配置dhcp超级作用域
1. 定义超级作用域
解决dhcp单个作用域中ip地址不足的情况,比如公司中有300台机器需要配置dhcp自动获取ip,而一个c类ip只有251个可用地址(抛去网关,头尾,dhcp服务器ip),此时需要配置dhcp超级作用域以分配ip不足问题。
2. 配置超级作用域
[root@master ~]# vim /etc/dhcp/dhcpd.conf
# dhcpd.conf
#
# sample configuration file for isc dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# if this dhcp server is the official dhcp server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# no service will be given on this subnet, but declaring it helps the
# dhcp server to understand the network topology.
# hosts which require special configuration options can be listed in
# host statements. if no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
# fixed ip addresses can also be specified for hosts. these addresses
# should not also be listed as being available for dynamic assignment.
# hosts for which fixed ip addresses have been specified can boot using
# bootp or dhcp. hosts for which no fixed address is specified can only
# be booted with dhcp, unless there is an address range on the subnet
# to which a bootp client is connected which has the dynamic-bootp flag
# set.
# you can declare a class of clients and then do address allocation
# based on that. the example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "sunw";
}
--------------------------------------------------------------------------
shared-network 224-29 {
subnet 192.168.32.0 netmask 255.255.255.0 {
range 192.168.32.20 192.168.32.20;
option domain-name-servers 114.114.114.114,8.8.8.8;
option routers 192.168.32.1;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.33.0 netmask 255.255.255.0 {
range 192.168.33.20 192.168.33.20;
option domain-name-servers 114.114.114.114,8.8.8.8;
option routers 192.168.33.1;
default-lease-time 600;
max-lease-time 7200;
}
}
---------------------------------------------------------------------------
slave1回显如下:
slave2回显如下:
注意!! 此时 slave1和slave2机器是ping不通的,因为网段不同,所以将采用单臂路由的方式让其通信-------dhcp中继。
配置dhcp中继
1. 实验环境
表格里未填写的代表自动获取,“--”代表不需要配置
| 机器 | master | slave1 | slave2 | slave3 |
|---|---|---|---|---|
| 网卡配置 | vm1 | vm1 | vm1 vm2 | vm2 |
| 作用 | dhcp服务器 | dhcp客户端 | dhcp 中继 | dhcp中继转发客户端 |
| ip地址 | 192.168.32.80 | vm1 192.168.32.1 vm2 192.168.33.1 |
||
| 网关 | 192.168.32.1 | -- |
2. 实验步骤
(1). 配置master机器网卡
[root@master ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
device=eth0
hwaddr=00:0c:29:63:ea:94
type=ethernet
uuid=70f2ac2f-2ed4-4f12-887c-f545bf45df8f
onboot=yes
nm_controlled=yes
bootproto=static
ipaddr=192.168.32.80
netmask=255.255.255.0
gateway=192.168.32.1
(2). 重启网卡
[root@master ~]# service network restart
正在关闭接口 eth0: [确定]
关闭环回接口: [确定]
弹出环回接口: [确定]
弹出界面 eth0: determining if ip address 192.168.32.80 is already in use for device eth0...
[确定]
[root@master ~]# route -n
kernel ip routing table
destination gateway genmask flags metric ref use iface
192.168.32.0 0.0.0.0 255.255.255.0 u 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 u 1002 0 0 eth0
0.0.0.0 192.168.32.1 0.0.0.0 ug 0 0 0 eth0
(3). 修改配置文件
# dhcpd.conf
#
# sample configuration file for isc dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
subnet 192.168.32.0 netmask 255.255.255.0 {
range 192.168.32.20 192.168.32.200;
option domain-name-servers 114.114.114.114,8.8.8.8;
option routers 192.168.32.1;
default-lease-time 600;
max-lease-time 7200;
}
subnet 192.168.33.0 netmask 255.255.255.0 {
range 192.168.33.30 192.168.33.200;
option domain-name-servers 114.114.114.114,8.8.8.8;
option routers 192.168.33.1;
default-lease-time 600;
max-lease-time 7200;
}
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
(4). 修改slave2中继器网卡配置文件eth0:
(5). 修改slave2的eth1网卡配置文件
(6). slave2开启路由转发
vim /etc/sysctl.conf
sysctl -p 生效
(7). 安装dhcrelay
[root@slave2 ~]# yum install -y dhcp
(8). 修改中继配置文件
[root@slave2 ~]# vim /etc/sysconfig/dhcrelay
# command line options here
dhcrelayargs=""
# dhcpv4 only
interfaces="eth0 eth1"
# dhcpv4 only
dhcpservers="192.168.32.80"
(9). 重启中继服务
[root@slave2 ~]# /etc/init.d/dhcrelay restart
正在启动 dhcrelay: [确定]
(10). slave1和slave3重启网卡(网卡配置文件别忘改成dhcp)
[root@slave1 ~]# service network restart
正在关闭接口 eth0: [确定]
正在关闭接口 eth1: [确定]
关闭环回接口: [确定]
弹出环回接口: [确定]
弹出界面 eth0:
正在决定 eth0 的 ip 信息...完成。
[root@slave1 ~]# ifconfig
eth0 link encap:ethernet hwaddr 00:0c:29:b1:18:8d
inet addr:192.168.32.20 bcast:192.168.32.255 mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb1:188d/64 scope:link
up broadcast running multicast mtu:1500 metric:1
rx packets:1755 errors:0 dropped:0 overruns:0 frame:0
tx packets:818 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
rx bytes:189969 (185.5 kib) tx bytes:104084 (101.6 kib)
[root@slave3 ~]# systemctl restart network
[root@slave3 ~]# ifconfig
ens33: flags=4163<up,broadcast,running,multicast> mtu 1500
inet 192.168.33.30 netmask 255.255.255.0 broadcast 192.168.33.255
inet6 fe80::8fd:c838:d2f4:15ce prefixlen 64 scopeid 0x20
ether 00:0c:29:82:a8:c9 txqueuelen 1000 (ethernet)
rx packets 239 bytes 25362 (24.7 kib)
rx errors 0 dropped 0 overruns 0 frame 0
tx packets 227 bytes 27096 (26.4 kib)
tx errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(11). ping查看是否通信
[root@slave1 ~]# ping 192.168.33.30 -c 1
ping 192.168.33.30 (192.168.33.30) 56(84) bytes of data.
64 bytes from 192.168.33.30: icmp_seq=1 ttl=128 time=0.645 ms
--- 192.168.33.30 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.645/0.645/0.645/0.000 ms
[root@slave3 yum.repos.d]# ping 192.168.32.20 -c 1
ping 192.168.32.20 (192.168.32.20) 56(84) bytes of data.
64 bytes from 192.168.32.20: icmp_seq=1 ttl=63 time=0.645 ms
--- 192.168.32.20 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.645/0.645/0.645/0.000 ms
五. 小结
在中继dhcp配置的过程中可能存在的问题
描述:
dhcp中继分配完的主机只能ping通单向主机
解决办法:
route -n查看路由表,发现配置双网卡,nat模式的网关占用了dhcp分配的网关,导致所有的数据包通过nat模式的网关口出去。最后将nat模式的网卡网关删除,重启网卡即可恢复正常。 上一篇: Mysql—数据类型详解