MAC randomisation and DHCP pools

Wed Jul 29 09:55:46 UTC 2020

Thanks. That's just what I needed. The question about the fixed identifier
is interesting.  If devices/DHCP use it then things won't break (as much)
but it's not exactly a great approach to privacy if the device can still be
tracked this way.

Mike

> Going back to the original question where you have a pool of 100 leases and
> 50 clients with a 7 day lease time. Here is what I think might happen.
> 
> On day 1 the 50 clients each take one lease. 50 in use, 50 free.
> 
> On day 2 the 50 clients all have a new MAC address, now we assume that once
> the new MAC switches over the next time the client tries to renew it will
> not match the old lease but will get a new lease. With a 7 day lease the
> usual renewal time is half way through the lease, so none of these 50
> clients try to renew until 3.5 days after initially getting the lease. So no
> problems for days 2 or 3 until later in the day.
> 
> So now we have 50 old leases and 50 new leases. Of course some systems may
> have been shutdown and released their lease, so maybe less than 50 leases in
> use initially so <50 old leases and 50 new leases.
> 
> On day 4 the first few clients to renew with a new MAC address use up the
> previous few free leases. Other clients get "no free leases". The dhcp
> server can't revoke a lease it has already legitimately given to a client. I
> would expect this behaviour to continue until the first of the 7 day leases
> expire.
> 
> Now the question is, for a client with a new MAC address, but possibly the
> same dhcp-identifier, will it match the existing lease? If it does
> match,then no problem. Behaviour will be much the same as previously.
> 
> The other thing with this is that if the client gets a new IP address, all
> existing sessions break, so apps and webpages may have to reload or may not
> pass authentication. So there could be a noticeable interruption.
> 
> The above is what I think will happen based on my understanding of ISC
> dhcpd. I don't really know exactly how the new IOS version will behave. I
> would suggest setting up a trial and testing with one of these new devices
> and see what actually happens. There are too many variables to predict what
> will happen exactly.
> 
> regards,
> -glenn
> 
> 
> On 2020-07-27 19:34, Mike Richardson wrote:
> >On Sun, Jul 26, 2020 at 03:13:16PM -0400, Bill Shirley wrote:
> >>   Did you see my reply about:?
> >>   adaptive-lease-time-threshold       75;       # use min-lease-time
> >>when
> >>   pool is above this percent
> >
> >I did and thanks for the information, that sounds very useful in the
> >circumstances but I'm not after a solution to a problem, I'm just trying
> >to
> >understand the behaviour of the server in a given configuration.  I have
> >to
> >write up a 'these are the implications' type summary to be sent to a large
> >number of different organisations and knowing what happens when using
> >longer
> >leases will help.  I don't know their configurations and can't dictate to
> >them.  All I can do is say "if you're doing X then Y happens".
> >
> >Thanks,
> >
> >Mike
> _______________________________________________
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Mike Richardson

** This email address will no longer work after 30th September 2018 **
** Please use doctor at perpetual.name instead for personal email      **
** For work related communication use mike.richardson at jisc.ac.uk    **