CHAPTER 7: TCP/IP and Routing 326
In a more technical definition, DHCP is a communications protocol that
allows you to manage IP addressing usage centrally and to automate the
assignment of logical addresses in an organization’s network. Remember,
each host on the network needs a unique IP address to be able to commu-
nicate. When an organization sets up its computer users with a connection
to the Internet, an IP address must be assigned to each machine. Without
DHCP, the IP address must be entered manually at each computer and, if
computers move to another location in another part of the network, a new
IP address must be entered. DHCP lets a network administrator supervise
and distribute IP addresses from a central point and automatically sends
a new IP address when a computer is plugged into a different place in the
network.
DHCP uses the concept of a lease, or amount of time, that a given IP
address will be valid for a computer. The lease time can vary depending on
how long a user is likely to require the Internet connection at a particular
location. It’s especially useful in education and other environments where
users change frequently. Using very short leases, DHCP can dynamically
reconfigure networks in which there are more computers than there are
available IP addresses.
DHCP supports static addresses for computers containing Web serv-
ers that need a permanent IP address; you can make reservations for such
addresses.
DHCP is an extension of an earlier network IP management protocol,
Bootstrap Protocol (BOOTP). DHCP is a more advanced protocol, but both
configuration management protocols are commonly used and DHCP can
handle BOOTP client requests. Some organizations use both protocols,
but understanding how and when to use them in the same organization is
important. Some operating systems, including Windows NT/2000, come
with DHCP servers. A DHCP or BOOTP client is a program that is located
in (and perhaps downloaded to) each computer so that it can be configured.

DHCP Operations
DHCP was covered briefly earlier in the chapter. DHCP is responsible for
automatic and dynamic addressing of your network. It has a lot of com-
plexity to it as well. For example, to get DHCP broadcasts to get to remote
Note
DHCP and its operation are thoroughly covered within the DHCP RFC. www.rfc-editor.
org/rfc/rfc2131.txt
Private Network Addresses 327
sites that are connected only by routers and T1 links, you would need to
configure those routers to pass the DHCP broadcast from the client to the
server; if the router is not configured to do so, then it will not pass. This is
a common problem seen on the Network exam. Consider the following:
You need to allow your clients to communicate with the DHCP server to get
an address so they can participate on the network, accessing services and
so on. You have three clients on one remote subnet that cannot get a valid
IP address, but all other clients can. This is a common issue. Because all
other sites work just fine (eliminating the possibility that it could be a server
issues affecting all sites) the problem may be that the remote site’s router
is not configured to pass the broadcast from the client to the server, which
will then give that client a lease on an IP address so it can participate on the
network. In this section we cover the basics of DHCP operations.
As just mentioned, when a DHCP-based client is booted up, unless
already configured with an IP, the client attempts to communicate with a
DHCP server to get its TCP/IP configuration information. The following is
a list of DHCP message types exchanged between client and server. You will
not need to memorize these for the Network exam, although understand-
ing these messages simplifies the understanding of DHCP itself and better
prepares you for the exam.
 Dhcpdiscover The first time a DHCP client computer attempts
to start on the network, it requests IP address information from a

DHCP server by broadcasting a Dhcpdiscover packet. The source
IP address in the packet is 0.0.0.0 because the client does not yet
have an IP address. The attempt is sent out from the client on the
network and as long as the packet can get to the server, the request
process can be officially completed by the server.
 Dhcpoffer When the DHCP server receives the request, it selects
an unleased IP address from the range of available IP addresses and
offers it to the DHCP client. The lease is generally configured as
part of a scope, as mentioned earlier. The lease is good generally for
a week by default, although this can be changed. In most cases, the
DHCP server also returns additional TCP/IP configuration informa-
tion, such as the subnet mask and default gateway in a Dhcpoffer
packet. More than one DHCP server can respond with a Dhcpoffer
packet, and the client accepts the first Dhcpoffer it receives.
 Dhcprequest When the client receives the Dhcpoffer packet, it
responds by broadcasting a Dhcprequest packet that contains the
offered IP address.
CHAPTER 7: TCP/IP and Routing 328
 Dhcpdecline A message from the DHCP client to the server indi-
cating that the offered configuration parameters are invalid.
 Dhcpack The DHCP server acknowledges the client’s Dhcprequest
for the IP address by sending a Dhcpack packet.
 Dhcpnack If the IP address cannot be used by the client because it
is no longer valid or is now used by another computer, the DHCP
server will respond with a Dhcpnack packet.
 Dhcprelease A message from the DHCP client to the server that
releases the IP address and cancels any remaining lease.
DhCP relay Agents
When the DHCP server receives the request from the DHCP client com-
puter, it dynamically assigns an IP address to the requesting computer from

the range of valid IP addresses contained within the DHCP scope. The
DHCP server allocates the IP address with a lease that defines how long
the IP address can be used by the client computer. The DHCP server can
also establish other configuration parameters, such as subnet mask and
Domain name system (DNS) and Windows Internet Name Service (WINS)
server identification for the client computer. DNS and WINS are both cov-
ered within this chapter. It’s important to remember that when configuring
DHCP for clients, it’s not just an IP address that is delivered to the cli-
ent, but many other parameters such as DNS server address, WINS server
address, subnet mask, default gateway, and routing metrics, all of which are
covered within this chapter.
To get this information to the client so that it can be used, the client must
be able to contact the DHCP server. As mentioned earlier, if it cannot, then
you may have a router issue that prevents the broadcast request from getting
through. Understanding and configuring DHCP relay agents on a router is
a very important part of DHCP to consider as a network engineer. TCP/IP
networks are interconnected by routers that connect network segments (sub-
nets) and pass IP packets between the subnets. Because routers do not pass
broadcasts by default, a configuration change must be added to the router.
As mentioned earlier, one of the major components of the DHCP specifica-
tion is the DHCP protocol for communications between DHCP servers and
clients. If this communication is disrupted or not allowed, DHCP will not
function on your network.
On the Network exam, you may come across a question or two that
tests your knowledge of RFC 1542 and broadcast-based communications
when working with an RFC 1542-compliant router. A DHCP server can
Multicast, Broadcast, and Unicast 329
only provide IP addresses to clients in multiple subnets, if the router that
connects the subnets is an RFC 1542-compliant router. The configuration is
commonly called an IP helper address in Cisco Systems-based routers. If the

router cannot function as a relay agent, each subnet that has DHCP clients
requires a DHCP server.
A relay agent is a program used to pass specific types of IP packets between
subnets. A DHCP/BOOTP relay agent is simply a hardware or software pro-
gram that can pass DHCP/BOOTP messages (packets) from one subnet to
another subnet according to the RFC 1542 specification.
Now that you understand the basics of network protocols such as IPX/
SPX, AppleTalk, and TCP/IP, let’s continue learning about the TCP/IP suite’s
other functionalities, services, applications, and protocols. In the next sec-
tion, we will briefly cover the use of multicasting and the TCP/IP used to
provide it.
MULTICAST, BROADCAST, AND UNICAST
With the continuously expanding use of networks, more and more people
are deciding that one-to-one networking is not enough anymore. The need
to have one-to-many networks has become more important. This is true
for large corporations that benefit from e-mail, file sharing, and mirrored
servers in two different cities (or countries). New technologies are developed
every day.
Multicasting can reduce travel expenses while maximizing benefits.
Imagine the cost of sending several employees halfway around the world for
a conference that lasts less than a day. Not only would you incur the cost of
travel, but also the cost of the employees’ time as they travel.
A better solution in this case would be to videoconference (which is a
very popular and always-developing technology), which allows viewing a
Note
BOOTP is described in RFC 951 and RFC 1084 and is used for booting diskless
nodes. Updated in RFC 1395 and RFC 1497 and superseded by DHCP, BOOTP is still
supported for legacy applications on most, if not all DHCP server implementations. The
way it works is that when the client is ready to boot up on the network, it sends out a
broadcast message requesting information and waits for a reply. The client only has to

know its own hardware (Media Access Control, MAC) address. With this information, the
BOOTP server will respond with an IP address.
CHAPTER 7: TCP/IP and Routing 330
presentation in one window while watching the speaker in another. Ques-
tions can be typed while the presentation is in progress, and prioritized for
answering at the end of the conference. These are just a few of the features
that can be provided by multicasting. Other benefits can include interactive
distance learning and corporate announcement transmissions.
Multicasting benefits are not limited to video/audio needs. Multicast can
be used to push updates to multiple hosts simultaneously, thus reducing the
effort and time involved in doing one update at a time. Multicasting can also
push computer operating system images to their hosts.
The possibilities seem endless and are rapidly growing. The following
sections cover the basics of multicasting and how the multicasting address-
ing scheme is laid out.
Understanding the Basics of Multicasting
For the Network exam, you will neither need to understand the dozens of
commands that you can program into a router to enable and control multi-
casting, nor will you need to know the exact detailed operation of how mul-
ticasting protocols such as Internet Group Management Protocol (IGMP)
work. However, you do need to know about multicasting fundamentals for
the exam. You have already learned about Class D addressing space, which
is where multicasting was originally mentioned. Why is there so much con-
cern about it? Well, for one, because the use of it is growing, it must mean
that the pressure placed on networks today is warranting its use. Bandwidth
utilization is the first thing most network technicians and administrators
think about when discussing streaming video and other live information
feeds to an individual’s PC or across a WAN link that may not have the
bandwidth to accommodate it. To simply increase your bandwidth because
of a single application’s requirements could be expensive when dealing with

telecommunications providers.
To understand multicast traffic completely, we have to discuss the other
types of traffic. It is important to understand the differences between uni-
cast, broadcast, and multicast traffic. Multicasting is UDP-based. Although
UDP is not a great example of reliability, it makes more sense for multicast-
ing than TCP. For starters, having a multitude of hosts acknowledge receipt
of a multicast packet stream would be counterproductive. Additionally, UDP
has lower overhead, which provides the speed necessary to support the traffic
needs of multicasting.
Multicast addresses cannot be used as source addresses for any traffic.
Although multicast addresses can be associated with particular interfaces on
particular devices (such as 224.0.0.5 for Open Shortest Path First- enabled
Multicast, Broadcast, and Unicast 331
(OSPF) interfaces on a router), traffic cannot be sourced from a multicast
address because it does not identify a specific host; rather, a multicast address
identifies a group of hosts sharing the same address.
Multicast addresses are not assigned to a device; rather, a device pro-
ceeds to listen for and receive traffic destined to a multicast group that
it has joined by some process. For example, routers can join the OSPF
multicast group on their network by having OSPF configured, and hav-
ing interfaces configured to participate in OSPF routing. In this case, it
means that the router will receive traffic destined to multicast IP addresses
reserved for OSPF routing. Hosts can opt to join a multicast group by hav-
ing certain applications (such as videoconferencing software) installed and
configured.
Note
Remember, the Network+ exam does not dig as deeply into these concepts as this
chapter does (such as our last discussion on OSPF). You need to remember facts, such
as which protocols are used, which IP address class is used, which IP range is within
that class, as well as being able to single out any wrong answers that may be placed

in the question as a distracter. Knowing this other information is only going to help you
understand what you are memorizing. Understanding multicasting is very important as
a network engineer, especially if you are working with videoconferencing or any of the
many other applications that use multicasting as an underlying technology.
As mentioned earlier, IGMP allows host computers on the Internet to
participate in IP multicasting. A multicast address identifies a transmission
session instead of a particular physical destination. This allows for sending a
message to a large number of recipients without the necessity for the source
computer to know the addresses of all the recipients. The network routers
translate the multicast address into host addresses. The protocol used to
facilitate this is IGMP. IGMP was originally defined in RFC 1112. Exten-
sions have been developed and are included in IGMP version 2, addressed
in RFC 2236.
A computer uses IGMP to report its multicast group memberships to
multicast routers. IGMPv2 allows group membership terminations to be
reported promptly to the routing protocol. IGMP is required to be used in
host computers that wish to participate in multicasting. IGMPv3 is also
available for use. Knowing all the version types is not necessary for the
Network exam, but it’s important to know if you need to use IGMP, as
some versions have (obviously) more functionality, enhancements, and
security than others.
CHAPTER 7: TCP/IP and Routing 332
Unicast Traffic
What is most commonly seen (and wanted on your network) is what is
called unicast traffic. Unicast is the transmission of data from one host to
another, one host at a time. This is a one-to-one session between one host
and another, such as a client and server arrangement. Unicast can be used
to support multiple sessions (that is, multicasting) by establishing multiple
one-to-one communications to transport the same data stream to multiple
hosts. An example of this is shown in Figure 7.5.

If the session is required by multiple hosts, a one-to-one connection is
established, with the same data transmitted repeatedly to each host. This
form of transmission will not transmit to every computer on a network;
however, multiple requests for the same conference or data would cause that
data to be pushed across the network media at the same time. Thus, as
shown in Figure 7.5, a video feed of 1.5 Mbps unicasted to 10 computers on
a network requires 15 Mbps of bandwidth. Although this might not seem
significant, it can degrade network performance as the feed size and quantity
increase.
The toll of network usage is realized on the network equipment traversed
from source to destination for the video feed. All of the routers and switches
will have a considerable amount of data traffic to process.
FIGURE 7.5 Unicast Network Video Feed Example.
Multicast, Broadcast, and Unicast 333
Broadcast Traffic
Broadcast is another option that can be used for transmitting data to a large
number of host systems simultaneously. Broadcasts can consume a signifi-
cant amount of bandwidth; connections are based on a one-to-all method
transmission. This can be seen when using the NetBIOS and ARP proto-
cols, as well as many others. Any hosts on a network where a broadcast is
generated will process that broadcast (at least far enough to know it is not
intended for that system).
The broadcast traffic is sent to all computer systems that can be reached
on the network. This process launches the 1.5 Mbps video stream to all the
interfaces possible, thus not creating the intense bandwidth consumption of
a unicast.
The problem is that each host receiving the broadcast has to process
the 1.5 Mbps data stream continuously until it is finished. If the receiv-
ing host does not want the broadcast traffic, valuable resources of the
host will still accept the datagram and then determine what to do with

it – accept it or reject it. Because this is also a video feed, this large piece
of data has to be processed, which can take a considerable toll on the host
system.
Another disadvantage of using the broadcast transmission for video
feeds is the network architecture. On a small network with no routers, this
may be a desirable option. On larger networks, or if there are any routers
in the path to a host, the default action is to filter (block) the broadcast,
meaning that broadcasts must be explicitly allowed to traverse the path to
the host.
Multicast Traffic
Obviously, neither unicast nor broadcast is optimized to handle traffic des-
tined for multiple hosts, especially if those hosts are logically assigned to a
specific group. Multicasting and the protocols discussed address this need.
Multicast traffic establishes a one-to-many type of transmission. This allows
the data traffic to only be sent to those who specifically requested the infor-
mation, and only sends one stream of traffic to each requesting broadcast
domain.
Multicast (RFC 1112) is a technology used to address multiple hosts as a
group. A source host multicasts to a group of hosts by sending an IP packet
to a special IP address associated with that group. The IP address that defines
a multicast group is a Class D address (224.0.0.0 to 239.255.255.255), with
unique groups allocated their own IP address in that range. This allows
multiple multicast groups to be defined at the same time with different
CHAPTER 7: TCP/IP and Routing 334
IP addresses. Multicasting sends the data stream only to the group of hosts
that specifically want it. All other hosts ignore and do not process the mul-
ticast traffic.
Multicasting differs from broadcasting because multicasting sends traffic
to a group of hosts, not to all hosts on a network. Hosts that are not part of
the group will not process the multicast packet because it is not addressed

to them.
As mentioned earlier in the section, a typical multicast application is
videoconferencing. Not all network users want or need to participate in a
videoconference; only those users that need to will join the multicast group
to receive the video feed.
The advantage of multicasting becomes apparent when you consider that
using unicast addresses would result in an individual video feedback to each
receiver. More users and demand mean more bandwidth used. By using mul-
ticasting, only one channel is used, regardless of the number of users: 1000
users only require one channel. Multicast traffic is bidirectional: a host can
receive or send multicast packets.
As mentioned briefly before, it’s important to understand the need for
the group. If only one data stream is being transmitted, how can all of the
requesting systems receive the data? Multicasting uses IP addresses to estab-
lish multicast groups, which host systems can join to receive multicast data.
The multicast data is sent to the group IP address and all listed group mem-
bers receive the traffic.
Multicast IP Address Designations
Class D IP addresses comprise the whole range of multicast addresses, with a
range of 224.0.0.0 through 239.255.255.255. Multicast IP addresses are eas-
ily recognized by their binary numeration, as their high-end bits are always
1110. For instance 11100000 is equal to 224 and 11101111 is equal to 239.
These first 4 bits account for a portion of the IP address; the remaining 28
bits are used for multicast group identification. Two types of multicast IP
addresses are used: dynamic and static.
Transient (dynamic) addresses are used for the duration of the ses-
sion and are relinquished when no longer needed. Dynamic multicast IP
addressing allows applications to acquire an IP address for the length of the
multicast transmission. This IP address allocation has a certain expiration
time and must be considered by the application requesting the address to

retain functionality. For example, a transient address is used to multicast
a videoconference of an event. After the event is finished, the transient
address can be reused. Transient addresses must be coordinated to ensure
Understanding Basic IP Routing 335
that two people or organizations do not use the same transient address for
different needs.
Static multicast IP addresses are a group of IP addresses, ranging from
224.0.0.0 to 224.255.255.255, that have been specifically assigned by the
IANA. The permanent addresses are defined in the protocol itself, such as
the all-hosts (224.0.0.1), all-routers (224.0.0.2), or RIPv2 group (224.0.0.9)
addresses. Permanent addresses can also be assigned by the IANA for other
protocols or uses. These addresses are reserved for particular purposes and
are referred to as well-known addresses. For a complete listing of statically
assigned Class D IP address, see www.iana.org/assignments/multicast-
addresses.
All reserved static Class D addresses that are used for multicast man-
agement and multicast data are never forwarded to these addresses. Static
addresses such as 224.0.0.2 include all multicast-enabled router interfaces.
Multicast-enabled routers automatically join this “all routers” group upon
initialization. In turn, all multicast-enabled hosts must join the all-host sys-
tems group 224.0.0.1. Others become active upon activation or configura-
tion of some features such as OPSF on a router.
UNDERSTANDING BASIC IP ROUTING
In this section, we’re going to explore how data is routed on a network using
the IP protocol. We’ll begin by discussing how names and addresses are
resolved. Then, we’ll look at how packets of data are sent from one network
to another to understand the process of basic IP routing. Understanding how
routing works will help you to understand the concepts behind routing pro-
tocols. In this section, we will thoroughly cover how data is transmitted on
a TCP/IP network. This knowledge is easily converted to other suites (such

as IPX/SPX). Less commonly used protocols are not covered as thoroughly
on the exam, hence we are focused on TCP/IP in this section (and chapter).
However, you will need to know how to use protocols and services within
the other suites to be able to function in a production environment that may
not solely rely on TCP/IP for communication. Consider this as you wrap up
your studies for this exam. Think about moving on to other protocols later
and dig into them at a much more involved level.
Test Day Tip
Memorize the Class D range, not the specific assignments for the exam. The specific
assignments are for your own knowledge.