question

DmitryKarmazin-4249 avatar image
0 Votes"
DmitryKarmazin-4249 asked ·

DHCP server ignores link selection option when client send option 50 (requested address)

Hello!

We're using dhcp server on windows server 2019, configured to assign addresses, based on option 82, suboption 5 (link selection).

When client doesn't have any previously assigned addresses everything works well, but if client has an address (or had it in the past) - there are some problems.

Looks like, when dhcp server receives request with option 50 (requested address) set, it prefer to assign address specified by client regardless of value of the link selection suboption.

Here are some scenarios:
1. Client got an address and then moved to another location (another subnet). dhcp server renews existing lease instead of issuing new address fron new subnet (from another scope). Client loses it's network connectivity, because its network parameters are wrong for new subnet.

  1. We have preconfigured images for virtual machines. When we had preparing them, they had an IP address, but since then correspondin lease was expired and it was removed from dhcp server database. When virtual machine deploys in subnet, different that one, where image was prepared, dhcp client also send option 50 with that old IP address. Dhcp server issues lease for that address, and again VM gets wrong network parameters from wrong scope and doesn't get network connectivity.

2'. But when old IP is taken by another client, dhcp server issues lease from correct scope.

This completely vioaltes rfc 3527:

When the DHCP server is allocating an address and this sub-option is present, then the DHCP server MUST allocate the address on either:
- the subnet specified in the link-selection sub-option, or;
- a subnet on the same link (also known as a network segment) as the subnet specified by the link-selection sub-option

Dhcp server does not allocate address on subnet or segment, specified in link-selection sub-option.

How to make dhcp server honor link selection option?

I'm attaching screenshots of dhcp request/reply and scopes config

client on subnet 10.81.25.0/24 specifies requested address 10.81.19.52
104717-dhcp-request.png


dhcp ACKs adress 10.81.19.52, ignoring subnet in link-selection suboption
104812-dhcp-reply.png


scopes config
104804-dhcp-scopes.png




windows-serverwindows-dhcp-dns
dhcp-request.png (62.3 KiB)
dhcp-reply.png (88.6 KiB)
dhcp-scopes.png (153.2 KiB)
· 2
10 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.

0 Votes 0 ·

did you get any help from MS support? We're encountering the same issue

0 Votes 0 ·
CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered ·

Hi,

Based on my understanding, your issue is that DHCP Server ignore Link Selection Option 82, sub-option 5 value in DHCP Request packets. Because of this, when a renewal request is received, DHCP servers allow the client to keep the previous IP address which is invalid for the current network. Please feel free to let me know if I have any misunderstanding.

Make sure you have patched your windows server 2019 with fully windows updates, then enable the following registry value:

Path: HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\DhcpServer\Parameters

Value: DhcpFlagSubnetChangeDHCPRequest

Type: REG_DWORD

Value: 0 (disabled, default), 1 (enabled)

Check if this can resolve the issue.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

10 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DmitryKarmazin-4249 avatar image
0 Votes"
DmitryKarmazin-4249 answered ·

Hello Candy!
You understood me absolutely right.

I've patched server to latest updates (2021-06 Cumulative update, server has 17763.1999 version now) and enabled suggested option. Unfortunately, nothing changed: server still ACKs wrong IP address for client.

Also I tried to reproduce behavior without that option (saw that KB5003217 Addresses an issue that might prevent the Windows Dynamic Host Configuration Protocol (DHCP) Server from offering a lease to a DHCPv6 client after the client moves to a different virtual LAN (VLAN)) - also no changes.

10 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered ·

Hi,

If the above step still didn't work, we need to trace network traffic to find more clues. However, analysis of network traffic is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So, we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

Here is the link:

https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

10 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DmitryKarmazin-4249 avatar image
0 Votes"
DmitryKarmazin-4249 answered ·

Hello, Candy!
I just had an on-call with support engineer and we tried to modify registry as you suggested one more time. And this time it helped.
Maybe I've somehow incorrectly copied parameter name to registry that first time :(

· 1
10 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your efforts you have put into this case. If there is anything else we can do for you, please feel free to post in the forum.

Wish you have a wonderful day! :)

0 Votes 0 ·