Urgent: Query on dhclient in handling IP conflict

[sathya sai]

Hi All,

 

This is Sathya, a debian etch user who uses dhclient package to configure the IP address. 

 

Firstly, I would like to give my heartily thanks to you all for your great dedicated contribution towards this package. As I am newbie to this mailing list, I am not aware on where to post this query. So, thought of this mail directly sending it to you all.

 

My system has following dhclient packages,

 

ii  dhcp3-client                     3.0.4-13+etch2                    DHCP Client
ii  dhcp3-common                 3.0.4-13+etch2                   Common files used by all the dhcp3* packages
ii  dhcp3-server                     3.0.4-13+etch2                   DHCP server for automatic IP address assignm

 

Following is the problem which I am facing now,

 

I have a subnet whose IP addressing is managed by DHCP server. But, one system in that is intentionally assigned a static IP address. In multiple occasions, I am now getting IP conflicts in my subnet. 

 

On further analysing this problem, I could undertand that this probelm is happening because,

 

1.  As DHCP server is un-aware of this statically configured system; upon receiving the DHCPREQUEST from a system (which is running dhclient) from this subnet, the DHCP server gets an unused IP from its IP pools offers it to that client. In somecases, dhcp server is giving the same IP address as that of statically configured system.

 

2. As on receiving the IP address, our dhclient is not performing a final check on the existence of IP conflict for prior received IP address using ARP broadcast, it goes ahead in configuring the system with this IP address. This results in an IP conflict to exist between these two systems (with this system and a system with statically configured IP).

 

I could also see that, our debian dhclient presently DOES NOT HAVE AN OPTION TO IMPLICITLY SUPPORT THIS. 

 

But as per RFC 2131,  the client should perform a final check to detect the IP conflict and send DHCPDECLINE message. Please find the RFC snippet as in below,

 

"5. The client receives the DHCPACK message with configuration
     parameters.  The client SHOULD perform a final check on the
     parameters (e.g., ARP for allocated network address), and notes the
     duration of the lease specified in the DHCPACK message.  At this
     point, the client is configured.  If the client detects that the
     address is already in use (e.g., through the use of ARP), the
     client MUST send a DHCPDECLINE message to the server and restarts
     the configuration process."

 

 

And also I could find the following information on dhclient manpage regarding this,

 

"      Before actually configuring the address, dhclient-script should somehow
       ARP for it and exit with a nonzero status if it receives a reply.    In
       this case, the client will send a DHCPDECLINE message to the server and
       acquire a different address.   This may also  be  done  in  the  RENEW,
       REBIND,  or  REBOOT  states, but is not required, and indeed may not be
       desirable."

 

 

As changes to DHCP server is out of our control & we are not sure on what IP would be statically configured to the system, could you please let me know your thoughts on how do this we can fix this in dhclient code to automatically detect duplicate address using ARP broadcast ?

 

If this support this not there in present dhclient, could you please let me know by when this the community planning to give a patch for this.

 

As I am in need of urgent need for fix on this issue, it would be really helpful if I can get your thoughts on this by earliest.

 

Thanks a lot in advance for understanding.

 

Regards,

Sathya

 

[sathya sai]

[Stan Hoeppner]

sathya sai put forth on 12/22/2009 12:26 AM:

> *I could also see that, our debian dhclient presently DOES NOT HAVE AN
> OPTION TO IMPLICITLY SUPPORT THIS.*

>
> But as per RFC 2131, the client should perform a final check to detect
> the IP conflict and send DHCPDECLINE message. Please find the RFC
> snippet as in below,

Why aren't you able to create a reservation on the dhcp server? That is the
very very simple and _correct_ solution to this problem. This is exactly why
dhcp servers have code to allow reservations.

--
Stan

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

[sathya sai]

Hi Stan,

 

I have already thought about this. But the problem here is, we dont have a control over neither over our DHCP server nor the system which statically configures the IP address in our subnet. I hope that, this true even with the real time deployment scenario.

 

So, to overcome I will that it would be better if our dhcp client does an ARP broadcast to detect an IP conflict (as per RFC 2131) and send DHCPDECLINE if it has found IP conflict.

 

Could you please let me know your thoughts on this.

 

Thanks and regards,

Sathya

[Stan Hoeppner]

sathya sai put forth on 12/22/2009 3:17 AM:

> Hi Stan,
>
> I have already thought about this. But the problem here is, we dont have
> a control over neither over our DHCP server nor the system which
> statically configures the IP address in our subnet. I hope that, this
> true even with the real time deployment scenario.

That's what I figured.

> So, to overcome I will that it would be better if our dhcp client does
> an ARP broadcast to detect an IP conflict (as per RFC 2131) and send
> DHCPDECLINE if it has found IP conflict.
>
> Could you please let me know your thoughts on this.

Sure. First, talk to the people in charge of your network, and ask them to
create a dhcp reservation for the host with the static IP. The problem you have
is not technical in nature, but administrative.

Second, have you confirmed that your Debian client is in fact not sending the
decline packet? Or are you just assuming this?

How do you know it's not sending the decline packet but the dhcp server isn't
responding and offering a new address? If the server doesn't respond to the
decline, I believe the default dhclient behavior is to use the first address
given by the dhcp server.

Unless you grab some packets you won't really know what's happening. Have you
applied tcpdump to this problem, or another packet sniffer? Also, you haven't
posted any relevant log information. It's difficult to diagnose a problem
without seeing the error messages in the log file(s).

[sathya sai]

Hi All,

I COULD FIX this problem with the following solution,

I could distinguish the IP conflict in the network by using following command in dhclient-script. We need to install “arping” debian package for this.

arping -d -I eth0 -c 3 {IP address got from DHCP server}  >/dev/null; echo $?

The above command will return “1” if IP conflict doesn’t exist and returns “0” if IP conflict exists.

And when IP conflict is detected, exit from dhclient-script with positive exit status. dhclient already has a code to send DHCPDECLINE packet (with which dhcpserver will assign a new IP to the dhclient client) when dhclient-script returns  positive value.

Hope this helps !!

Thanks and regards,
Sathya

On Tue, Dec 22, 2009 at 8:36 PM, Boyd Stephen Smith Jr. <b...@iguanasuicide.net> wrote:

In <a30ddc1c0912210639h491...@mail.gmail.com>, sathya sai
wrote:

>I had already thought on these possiblities. But the problem here is, we
>dont have control over neither our DHCP server (it can be either Windows or
>Linux based servers) nor the client PC which configures static IP (anybody
>in the subnet can configure the IPs on their wish). I hope, this is true

>with the real time deployment scenario.

Wait, what?  You don't control the server AND you don't control the clients
AND you want to change how the server and client interact?  I'm sorry, I think
you are asking for the logically impossible.
--
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
b...@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/