3.1.0 failover and dynamic bootp clients
Carlos Vicente
cvicente at network-services.uoregon.edu
Mon Aug 13 20:33:05 UTC 2007
Simon Hobson wrote:
> I believe it is, but the times don't look right. AIUI, for dhcp
> clients under failover, both servers will respond to a client and
> offer different addresses from their free pool. They will create a
> short lease of 2 mins duration so as to 'reserve' the address should
> the client decide to accept the offer. The client will pick an offer
> (typically the first it receives) and request it from the server that
> offered it, and the server will confirm it - offering a longer lease.
> The offer which was not accepted will simply expire and the address
> will return to the free pool. At each stage, the servers will
> communicate the lease state changes to each other.
>
I'm not sure that's a correct description of the failover protocol
implementation.
> So I would expect one server to show a lease that was only valid for
> 2 minutes and then expired - but I don't know if it's different for
> bootp clients. If it is, then this would be a simple attack vector
> for a malicious client since it does not even have to keep up a
> decent request rate to keep a pool exhausted !
>
>
bootp is a totally different protocol. There is no confirmation from
the client. So yes, the operation you described would not work with
bootp clients, even if it was accurate.
I still think that what I'm seeing is a bug.
cv
More information about the dhcp-users
mailing list