[c-nsp] DHCP Binding Expiration
Justin Shore
justin at justinshore.com
Mon Feb 9 14:30:16 EST 2009
Church, Charles wrote:
> Interesting. Might be fun (in a dorky networking kind of way) to look
> at a packet capture of it. Maybe the client doesn't like the lease
> time, or it's tied into DDNS somehow. I looked a bit, and found in the
> RFC (http://www.faqs.org/rfcs/rfc2131.html) a blurb about lease times:
>
> "The client may ask for a
> permanent assignment by asking for an infinite lease. Even when
> assigning "permanent" addresses, a server may choose to give out
> lengthy but non-infinite leases to allow detection of the fact that
> the client has been retired. "
>
> I've seen those infinite leases before, never cared enough to look into
> it. Might be interesting to find out why though...
One thing on my to do list is to figure out how to always reject lease
extension requests to force the CPE to pull a new IP every time a lease
expires. This would prevent many of the less technical users from
trying to run a publicly-accessible server. Set the lease time to 2
hours, client tries to extend the lease at 50% of the lease (1hr) and
the server NAKs. The only question is will the client continue to
request the IP until the lease expires before falling back and do a
DISCOVER at the 2hr mark (interrupting the flow of traffic) or will it
do a bcast DISCOVER in response to the NAK and immediately switch to the
new IP once it gets an OFFER 1hr before the original lease expires, thus
interrupting traffic again.
I've seen systems do something similar before (or at least I thought
they were). When I first got Cox CATV I could only keep my IP for about
a day before it changed. One way to mitigate the flow of traffic
problem would be to grant short lease extensions automatically until the
wee hours of the morning and then force the change. Something to think
about.
It's on my list right behind setting up an OSS walled garden and
convincing the boss to replace our 7 different DHCP & provisioning
systems with CNR. Oh, and finishing my IPv6 deployment.
Thanks for the info
Justin
More information about the cisco-nsp
mailing list