DHCP server ignores link selection option when client send option 50 (requested address)

Dmitry Karmazin 21 Reputation points
2021-06-11T13:10:10.273+00:00

Hello!

We're using dhcp server on windows server 2019, configured to assign addresses, based on option 82, suboption 5 (link selection).

When client doesn't have any previously assigned addresses everything works well, but if client has an address (or had it in the past) - there are some problems.

Looks like, when dhcp server receives request with option 50 (requested address) set, it prefer to assign address specified by client regardless of value of the link selection suboption.

Here are some scenarios:
1. Client got an address and then moved to another location (another subnet). dhcp server renews existing lease instead of issuing new address fron new subnet (from another scope). Client loses it's network connectivity, because its network parameters are wrong for new subnet.

  1. We have preconfigured images for virtual machines. When we had preparing them, they had an IP address, but since then correspondin lease was expired and it was removed from dhcp server database. When virtual machine deploys in subnet, different that one, where image was prepared, dhcp client also send option 50 with that old IP address. Dhcp server issues lease for that address, and again VM gets wrong network parameters from wrong scope and doesn't get network connectivity.

2'. But when old IP is taken by another client, dhcp server issues lease from correct scope.

This completely vioaltes rfc 3527:

When the DHCP server is allocating an address and this sub-option is present, then the DHCP server MUST allocate the address on either:
- the subnet specified in the link-selection sub-option, or;
- a subnet on the same link (also known as a network segment) as the subnet specified by the link-selection sub-option

Dhcp server does not allocate address on subnet or segment, specified in link-selection sub-option.

How to make dhcp server honor link selection option?

I'm attaching screenshots of dhcp request/reply and scopes config

client on subnet 10.81.25.0/24 specifies requested address 10.81.19.52

104717-dhcp-request.png

dhcp ACKs adress 10.81.19.52, ignoring subnet in link-selection suboption

104812-dhcp-reply.png

scopes config

104804-dhcp-scopes.png

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,077 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
Accepted answer
  1. Candy Luo 12,656 Reputation points Microsoft Vendor
    2021-06-14T02:09:08.887+00:00

    Hi,

    Based on my understanding, your issue is that DHCP Server ignore Link Selection Option 82, sub-option 5 value in DHCP Request packets. Because of this, when a renewal request is received, DHCP servers allow the client to keep the previous IP address which is invalid for the current network. Please feel free to let me know if I have any misunderstanding.

    Make sure you have patched your windows server 2019 with fully windows updates, then enable the following registry value:

    Path: HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\DhcpServer\Parameters

    Value: DhcpFlagSubnetChangeDHCPRequest

    Type: REG_DWORD

    Value: 0 (disabled, default), 1 (enabled)

    Check if this can resolve the issue.

    Best Regards,
    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dmitry Karmazin 21 Reputation points
    2021-06-15T10:13:23.55+00:00

    Hello Candy!
    You understood me absolutely right.

    I've patched server to latest updates (2021-06 Cumulative update, server has 17763.1999 version now) and enabled suggested option. Unfortunately, nothing changed: server still ACKs wrong IP address for client.

    Also I tried to reproduce behavior without that option (saw that KB5003217 Addresses an issue that might prevent the Windows Dynamic Host Configuration Protocol (DHCP) Server from offering a lease to a DHCPv6 client after the client moves to a different virtual LAN (VLAN)) - also no changes.

    0 comments
  2. Candy Luo 12,656 Reputation points Microsoft Vendor
    2021-06-16T01:53:27.967+00:00

    Hi,

    If the above step still didn't work, we need to trace network traffic to find more clues. However, analysis of network traffic is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So, we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

    Here is the link:

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

    Best Regards,
    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. Dmitry Karmazin 21 Reputation points
    2021-06-30T10:51:52.87+00:00

    Hello, Candy!
    I just had an on-call with support engineer and we tried to modify registry as you suggested one more time. And this time it helped.
    Maybe I've somehow incorrectly copied parameter name to registry that first time :(