<div dir="ltr">I was refering to 'xid'. So it sounds like it is expected for the same client to use the same xid across different negotiations, which would explain what I am seeing.</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 12, 2017 at 8:23 AM, Tomek Mrugalski <span dir="ltr"><<a href="mailto:tomasz@isc.org" target="_blank">tomasz@isc.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">W dniu 11.12.2017 o 22:38, Munroe Sollog pisze:<br>
<span class="">> Can someone help me understand how the tsid field is generated? What is<br>
> used to generate that hash? I’m tracking DHCP performance based on the<br>
> tsid and I’m seeing a very small percentage of long transaction time<br>
> that may be explained by colliding tsids.<br>
</span>Are you asking about transaction-id, a 32 (in DHCPv4) or 24 (in DHCPv6)<br>
bit field in the DHCP message or tsig, a signature used to protect DNS<br>
updates? You mentioned a hash, which suggests the latter. Anyway, here<br>
are brief answers to both.<br>
<br>
xid, or transaction-id, is not a hash. It is supposed to be set by a<br>
client to a random value, but some clients set it a special value. Kea<br>
doesn't pay much attention to it, except it being echoed back in its<br>
responses. This value is used by clients to match responses to their<br>
outstanding transmissions. For details, see RFC2131, Section 2, page 10.<br>
<br>
tsig, or transaction signature is used to sign DNS updates. Kea supports<br>
a number of algorithms (hmac-md5, hmac-sha1 and others, see Section<br>
11.3.2 for details:<br>
<a href="http://kea.isc.org/docs/kea-guide.html#d2-tsig-key-list-config" rel="noreferrer" target="_blank">http://kea.isc.org/docs/kea-<wbr>guide.html#d2-tsig-key-list-<wbr>config</a>). This<br>
mechanism is defined in RFC2845. I haven't looked at the details, but I<br>
presume it protects the whole content of the DNS message, so everything<br>
in the DNS update message, a timestamp and a secret key are used to<br>
generate that digest.<br>
<br>
Hope that helps.<br>
Tomek<br>
______________________________<wbr>_________________<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/kea-users</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Munroe Sollog<div>Senior Network Engineer</div><div><a href="mailto:munroe@lehigh.edu" target="_blank">munroe@lehigh.edu</a></div></div></div>
</div>