SV: DISCOVER bursts

Mon Jan 8 20:24:16 UTC 2007

Glenn Satchell <Glenn.Satchell at uniq.com.au> wrote:
> There was a bug fix recently wrt to lease limit. 

Yes im aware.

> When a lease is
> offered it has a 2 minute lease duration. If the client then
> comes back
> and requests it the lease offered has the normal lease
> duration
> (whatever you configured, or the client asked for). Until
> the lease is
> requested it's a sort-of temporary lease and not part of the
> lease
> limit yet.
> 

So does this mean that if a malicius user /faulty client keeps requesting IP address it would drain the pool - for a 2 minute period -, even thoug the protechtion against this has been made ?
And its not possible to se these "temporary" leases anywhere or ?

> Does the dhcp client eventually accept one of the offers and
> send a
> request for it? If so, then the other temporary leases will
> expire in
> two minutes and go back to being available for other
> clients.

OK fine.

> 
> Yes, it sounds like a client that's not well written, but
> the client
> should handle these cases and try to do something sensible.
> 
> Not sure how many clients you have, but I suspect a Sun V210
> could
> handle 10-50,000 clients easily depending on the lease
> time.
> 
> regards,
> -glenn
> --

Regards
Lars

> Glenn Satchell     mailto:glenn.satchell at uniq.com.au | Some
> days we are
> Uniq Advances Pty Ltd         http://www.uniq.com.au | the
> flies;  some
> PO Box 70 Paddington NSW Australia 2021              | days
> we  are the
> tel:0409-458-580  tel:02-9380-6360  fax:02-9380-6416 |
> windscreens...
> 
> >From: "Lars Jacobsen" <lars-jacobsen at newmail.dk>
> >To: <dhcp-users at isc.org>
> >Subject: SV: DISCOVER bursts
> >Date: Sat, 6 Jan 2007 20:23:35 +0100
> >
> >Well I read the question as regardless of the CPE
> "misbehaver" (asking for
> >an IP address 4 times) the server should NEVER offer more
> than max two
> >addresses to a client in this particular config. But it
> does, why ?
> >
> >I expect Staffan has:
> >spawn with option agent.circuit-id;
> >lease limit 2;
> >somewhere in his config.
> >
> >Maybe as suggested an race/timing issue inside the server,
> keeping track on
> >offered not yet acknowledged leases, compared to some of
> the rules for this
> >specific client.
> >
> >
> >/Lars
> >
> >
> >
> >> -----Oprindelig meddelelse-----
> >> Fra: dhcp-users-bounce at isc.org
> [mailto:dhcp-users-bounce at isc.org] På vegne
> >> af Milton W. Schober, Jr.
> >> Sendt: 5. januar 2007 15:56
> >> Til: dhcp-users at isc.org
> >> Emne: Re: DISCOVER bursts
> >> 
> >> What is the CPE?  We have seen something similar with
> Thomson IPTV set top
> >> boxes, but the problem is in the STB, not the server.
> >> 
> >> Milton Schober
> >> ----- Original Message -----
> >> From: <Staffan.Ungsgard at teliasonera.com>
> >> To: <dhcp-users at isc.org>
> >> Sent: Friday, January 05, 2007 3:55 AM
> >> Subject: DISCOVER bursts
> >> 
> >> 
> >> > Hi
> >> > We have problem with a special customers CPE, where the
> CPE send four
> >> > rapid DHCPDISCOVERS with just 20 milliseconds apart.
> >> > When the DHCP server gets the DISCOVERS it issues
> different addresses on
> >> > each discover. I have snoop logs of the traffic, and
> the DISCOVERS are
> >> > indeed exactly the same in each DHCPDISCOVER. It seems
> that the when the
> >> > server handles the second DISCOVER, it doesn't
> "remeber" that is has
> >> > already offered a fresh ip address from an identical
> DHCPDISCOVER 20 ms
> >> > earlier.
> >> > To furthermore illustrate this, we have a lease limit
> of two, so
> >> > technically it shouldn't offer more than two addresses
> to the same line
> >> > identifier even if the "Client Identifier" differed,
> but it isses three
> >> > different addresses and only barfs at the fourth
> DHCPDISCOVER saying "no
> >> > billing".
> >> >
> >> > Is there a race problem in the dhcp server ?
> >> >
> >> > The hardware is a Sun V210 running Solaris 8. No
> supermachine, but
> >> they're
> >> > still selling them.
> >> >
> >> > Best Regards
> >> >
> >> > -- Staffan Ungsgard
> 