DHCP Offer in both Unicast and Broadcast for Vista Broadcast Workaround
David W. Hankins
dhankins at isc.org
Tue Feb 9 19:17:35 UTC 2010
On Mon, Jan 25, 2010 at 01:37:40PM -0600, Arthur Winters wrote:
> You may know that Vista forces the entire DHCP process to be in broadcasts.
I've long solicited anyone at Microsoft to research or present the
case for this change in the Windows DHCP client, and am dismayed at
the lack of explanation/use-case or even response.
Not even an Informational draft discussing the reasons why a client
capable of receiving unicasts would ignore RFC 2131's directions and
set the broadcast flag anyway.
> The issue I am having is that I am trying to use Cisco 'arp authorized'
> which only allows ARP entries to be added from a valid source (the DHCP
> server). The problem is the arp authorized commands look at the unicast
> version of the DHCP Offer packet to get the MAC address and IP address of
> the valid client and adds it to the ARP table.
That's broken then. It is correct and proper behaviour in generic
DHCP for some clients to require broadcast responses. Cisco's 'arp
authorized' feature needs to be updated to address this.
Simply put, although Vista is not one of them, there exist DHCP
clients that can not receive unicasts when they are unconfigured.
They require broadcast responses to function correctly.
Why Vista sets the broadcast flag remains a mystery, but there are
others that won't work correctly without it.
> The next option that came up was to some how modify the source code of
> ISC-DHCP to send both a unicast offer and a broadcast offer if the
> broadcast flag is set in the discover packet. There for Cisco will get the
> packet it is looking for and Vista will get its packet it is looking for.
Although I have been considering an "always-unicast" flag for separate
reasons (the pure performance/optimization problem with Vista clients
that demand broadcast replies even when they are capable of receiving
unicast), in this case it does not fix the problem.
The problem is clearly with the 'arp authorized' feature, and the bug
needs to be addressed there.
Aside from that, code changes to ISC DHCP would be more appropriately
discussed on 'dhcp-workers@';
https://lists.isc.org/mailman/listinfo/dhcp-workers
--
David W. Hankins BIND 10 needs more DHCP voices.
Software Engineer There just aren't enough in our heads.
Internet Systems Consortium, Inc. http://bind10.isc.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-hackers/attachments/20100209/4d18fd27/attachment.bin>
More information about the dhcp-hackers
mailing list