12-04-2015 04:32 PM - edited 12-22-2015 01:46 PM
I must admit, I haven't really put much thought into abandoned leases, but it's cropped up a few times recently so thought I would do some testing in the lab. What I have found is this:
- If the DHCP server runs out of free addresses it will start to reclaim abandoned leases. If the client does a full DHCPDISCOVER, this will trigger an ICMP echo (ping), so if something is still using that address, it will remain in abandoned state, however if there is no response then the server will allocate it (note, this behaviour is actually documented in the ISC DHCP docs).
- If a client sends a renewal for an abandoned lease (i.e. it sends a DHCPREQUEST), the DHCP server will ACK the request. I previously thought the server might NACK it and the client would have to get a new lease, but that is not the case.
In both cases, this means it is not "theoretically" necessary to keep manually deleting abandonded leases, the server will take care of it. But it seems some people have to keep deleting their abandoned leases to ensure there are enough free addresses for clients - I do not understand why this is unless something else is going on (maybe badly behaved clients?).
This may be pretty basic stuff to some of you, but I find it helps to test all this out and write about it anyway....
PCN (UK) Ltd
All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
12-07-2015 10:54 AM
Thank you for the info sharing Paul!
I have also seen some situations where certain security solutions on a network may proxy and respond to ICMP requests for IP addresses that do not exist. This is usually an attempt to trick malicous code or devices into a honeypot but can cause issues for DHCP when the "ping before asign" option is enabled.