Any IT professional with even a little experience is familiar with DHCP. Dynamic host configuration protocol is responsible for handing out IP addresses on your network. there is generally one device or server responsible for handing out IP addresses on a given Network.
Using DHCP, you can specify the IP address, subnet mask, DNS server, and a variety of other common Network configurations. In smaller Networks, DHCP is used on subnets containing laptops and workstations. however, it is very common to use static IP addresses for servers, printers, and other miscellaneous devices.
Today I will talk about why that may not be the best practice. and some of the many benefits that come with using DHCP even on devices where you would typically use static addresses.
Why do we use Static IP address?
Static IP addresses are used on devices where you need a predictable IP address for a given device. The devices that actually need static IP addresses are your gateway devices, DNS Servers, and your DHCP server.
Outside of that, Static IP addresses are not strictly required if you properly leverage DNS. that said, I will also typically assign static IP addresses to network equipment such as switches and load balancers. When the network is down, you don’t want to worry about whether your switch is able to reach your DHCP server to get an IP address on the management interface.
Even though static IP addresses are not necessarily required for most servers, most on-premise networks, in my experience, still use static IP addresses for pretty much everything.
This is done because the attitude is that it will be less likely to break if the IP address does not change. some applications require you to enter the IP address of the given server. but support DNS host names.
Server administrators also feel safer knowing all the needed IP addresses are properly documented in their IP address management software or more commonly spread sheets.
What is the problem with using Static IP addresses?
The problem with using static IP addresses is it adds management overhead to ensure your spreadsheets are always up-to-date. Or, if you have IP address management software (IPAM), you have yet another system to manage and additional expense. Last I checked, Solarwinds IPAM software starts at around $2,000.
If you ever need to relocate a server, whether it be to a different subnet or a different physical location, you need to change the configuration on the server to specify new a new IP address, DNS server, gateway, etc…
Similarly, if you ever wanted to replace your DNS server or default gateway, you need to keep those IP addresses the same versus simply deploying new devices with new IP addresses. Because the headache of changing those two configurations on your entire server/device population, may be unfeasible.
The benefits of using DHCP over static IP addresses
If you have ever managed a population of laptop to work stations, you are familiar with the benefits of DHCP. It would not be feasible to manage thousands of laptops running across different networks using static IP addresses. As laptops switch between wireless networks or physical Networks all of their network settings are automatically set by a DHCP servers.
By using DHCP to set the network settings for your servers and other network devices, you achieve similar benefits to what you see with your laptop population. As well as dealing with the drawbacks mentioned in the previous section.
if you need to move a server between two data centers, you simply unplug it drive it to the other day to Center and plug it in. As soon as the server is plugged in at registers with DNS in traffic starts routing to that server.
What if my DHCP server is offline?
Worrying about the DHCP server being offline is a valid concern. When you switch from using static IP addresses to DHCP, your DHCP server has become even more critical than they were before.
When the DHCP servers break, it doesn’t just affect laptops and workstations, but instead your entire server population.
For this reason, you should be sure to deploy redundant DHCP servers to allow for maintenance and Hardware failures.
In a windows environment, there are three primary ways to set up redundant DHCP servers:
- Split Scope
- Failover Clustering
- DHCP failover
What if I need my server IP address to not change?
If you have a situation where you need your IP address to not change, you have two options:
- Set a static IP address
- Use DHCP Reservations
DHCP reservations allow you to tell the DHCP server that a specific Mac address should always receive the same IP address. Once you reserve an IP address, no other server will get that IP address unless you delete the reservation.
The nice thing about using the DHCP reservation versus a static address, is you still get all the benefits and flexibility of DHCP, and you also get the benefits of a static IP address.
How do static IP addresses work in the cloud?
If you look at any of the major Cloud providers, you will find that pretty much all servers use DHCP. You are able to assign “Static” addresses to servers. However, these “static” addresses are really just DHCP reservations.
you never set a static IP address on a server. rather you allocate the IP address in your Cloud console, then that IP address gets assigned through the reservation to your server.
The exception is if you are running VMware in the cloud, or some sort of nested virtualization. In those cases, you may see static IP addresses used.
if you’re considering moving infrastructure from your data center to the cloud, you could start getting used to using DHCP servers now. This will make your migration to the cloud a bit easier. In most cases, you don’t use the same IP address scheme in the cloud as you had in the Datacenter.
Are there security concerns with DHCP?
If you have physical network ports that are easily accessible from public areas, it is wise to be careful with deploying DHCP to those Network ports. if someone plugs their laptop into those ports, they don’t need to do much work to get their computer working on your network.
However, if they simply plug in their laptop and run some IP scans, they can still map out your network. it just takes a little bit of extra time.
If you want to use DHCP across your entire network, but not worried about random laptops being plugged in; one method I’ve used in the past is to leave no IP addresses available in the scope. every time you plug in a trusted device, expand the IP address scope by 1 IP address. then create a DHCP reservation for that device. This ensures that only authorized Mac addresses are able to connect to your network.
A better way to handle this would be to use something like Microsofts Network Policy Server (NPS). NPS only works for devices that support radius authentication… such as wireless networks. But, it allows you to set up all sorts of authentication methods including Mac address white listening.
Today we discussed the differences between using static IP addresses and DHCP addresses on your network to manager servers. In some cases you will still want to use static IP addresses. However, you can make your life much easier by using a DHCP address wherever possible.
as a general rule, you should still use static IP addresses on your network infrastructure, load balancers, DHCP servers, and your DNS servers. outside of that, it’s great to start using DHCP.