MAC randomisation and DHCP pools
Mike Richardson
mike.richardson at manchester.ac.uk
Wed Jul 29 09:55:46 UTC 2020
Thanks. That's just what I needed. The question about the fixed identifier
is interesting. If devices/DHCP use it then things won't break (as much)
but it's not exactly a great approach to privacy if the device can still be
tracked this way.
Mike
> Going back to the original question where you have a pool of 100 leases and
> 50 clients with a 7 day lease time. Here is what I think might happen.
>
> On day 1 the 50 clients each take one lease. 50 in use, 50 free.
>
> On day 2 the 50 clients all have a new MAC address, now we assume that once
> the new MAC switches over the next time the client tries to renew it will
> not match the old lease but will get a new lease. With a 7 day lease the
> usual renewal time is half way through the lease, so none of these 50
> clients try to renew until 3.5 days after initially getting the lease. So no
> problems for days 2 or 3 until later in the day.
>
> So now we have 50 old leases and 50 new leases. Of course some systems may
> have been shutdown and released their lease, so maybe less than 50 leases in
> use initially so <50 old leases and 50 new leases.
>
> On day 4 the first few clients to renew with a new MAC address use up the
> previous few free leases. Other clients get "no free leases". The dhcp
> server can't revoke a lease it has already legitimately given to a client. I
> would expect this behaviour to continue until the first of the 7 day leases
> expire.
>
> Now the question is, for a client with a new MAC address, but possibly the
> same dhcp-identifier, will it match the existing lease? If it does
> match,then no problem. Behaviour will be much the same as previously.
>
> The other thing with this is that if the client gets a new IP address, all
> existing sessions break, so apps and webpages may have to reload or may not
> pass authentication. So there could be a noticeable interruption.
>
> The above is what I think will happen based on my understanding of ISC
> dhcpd. I don't really know exactly how the new IOS version will behave. I
> would suggest setting up a trial and testing with one of these new devices
> and see what actually happens. There are too many variables to predict what
> will happen exactly.
>
> regards,
> -glenn
>
>
> On 2020-07-27 19:34, Mike Richardson wrote:
> >On Sun, Jul 26, 2020 at 03:13:16PM -0400, Bill Shirley wrote:
> >> Did you see my reply about:?
> >> adaptive-lease-time-threshold 75; # use min-lease-time
> >>when
> >> pool is above this percent
> >
> >I did and thanks for the information, that sounds very useful in the
> >circumstances but I'm not after a solution to a problem, I'm just trying
> >to
> >understand the behaviour of the server in a given configuration. I have
> >to
> >write up a 'these are the implications' type summary to be sent to a large
> >number of different organisations and knowing what happens when using
> >longer
> >leases will help. I don't know their configurations and can't dictate to
> >them. All I can do is say "if you're doing X then Y happens".
> >
> >Thanks,
> >
> >Mike
> _______________________________________________
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
--
Mike Richardson
** This email address will no longer work after 30th September 2018 **
** Please use doctor at perpetual.name instead for personal email **
** For work related communication use mike.richardson at jisc.ac.uk **
More information about the dhcp-users
mailing list