6

In RFC2131 (page 12) it's been mentioned that

The server should use whatever information is available in the configuration information repository to choose an address to reuse. For example, the server may choose the least recently assigned address. As a consistency check, the allocating server SHOULD probe the reused address before allocating the address, e.g., with an ICMP echo request, and the client SHOULD probe the newly received address, e.g., with ARP.

Can you please explain to me how ICMP echo requests and ARPs are helpful in DHCP?

Thank You

Ryan Foley
  • 5,479
  • 4
  • 23
  • 43
dillip_beta
  • 449
  • 1
  • 5
  • 13

2 Answers2

12

An ICMP Echo request from the DHCP server to the IP address its about to allocate is used to determine if the IP address about to be assigned is already in use on the network. If a response is received from that IP the DHCP server will assign a different address.

The ARP request on the newly received address from the client would do the same, check if another device is using that address and responding to ARP. If so it knows the address it received is already in use.

The RFC you linked to does mention later on:

Servers need not reserve the offered network address, although the protocol will
work more efficiently if the server avoids allocating the offered
network address to another client.  When allocating a new address,
servers SHOULD check that the offered network address is not
already in use; e.g., the server may probe the offered address
with an ICMP Echo Request.  Servers SHOULD be implemented so that
network administrators MAY choose to disable probes of newly
allocated addresses.

I am not certain if all DHCP servers implement this requirement but as far as I am aware there is no other way a DHCP server could reliably become aware of another device using an IP that is available in its DHCP pool.

Also from the same RFC regarding ARP from the clients:

if the client is on a network that
supports ARP, the client may issue an ARP request for the suggested
request.  ...  If the network address appears to be in use, the client MUST send a
DHCPDECLINE message to the server
GerryEgan
  • 661
  • 8
  • 13
  • So these two are the most followed procedures used by DHCP ? or is there any other way to detect about existing IP ? – dillip_beta Jul 11 '14 at 10:16
  • Yes Gerry, its been mentioned like that, Ty Very much for your help. – dillip_beta Jul 11 '14 at 11:19
  • Minor Addition: Most DHCP Servers will neither ARP or PING any IP address before they give that IP to a client. They save all information about their leases in a database which makes sense because a DHCP lease can have a longer lifespan than the device is switched on. A lease does not become invalid if you turn off a device. So most DHCP servers will determine which IP address is available by relying on their database. Using ICMP Echo would fail if the device currently owning that IP has a strict firewall that blocks them, which could result in giving out the same lease twice. – konqi Jul 11 '14 at 12:55
  • If the DHCP servers send an ICMP echo request to the IP address, it will cause the last router on the path from the DHCP server to that IP to send the ARP request. If there are no routers between the two, the ARP request will be generated by the IP layer in the kernel the DHCP server is running on. In the later case, where the DHCP server is directly connected to the network segment of that IP, it would be more reliable for the DHCP server to just do an ARP request rather than ICMP echo request. – kasperd Jul 11 '14 at 13:40
  • @JoSo It wouldn't be the first time somebody blocked packets, which are important to correct operation of IP. No matter how you design a protocol it will break if you block important packets with a firewall. Why would anybody block ICMP echo request in the first place? I am guessing they heard about "ping of death" and had no clue, what it really meant. – kasperd Jul 11 '14 at 13:48
  • @kasperd Your question is more of a philosophical nature; why would anyone every block anything? If all services were safe and secure and all people were good people than there'd be no need to block anything. Also there would be very little need for security specialists - but anyway: The reason why many server owners block ICMP is to obfuscate their presence. Of course you can do a SYN scan on an ip but it takes longer. So a simple ping can reveal a host much faster. It's paranoia i guess, but many free and commercial firewalls block icmp none the less. – konqi Jul 11 '14 at 13:57
  • 1
    @JoSo Your first comment above makes quite a claim without and backup to that claim "Most DHCP Servers will neither ARP or PING" I know that Microsoft DHCP server does and it is important managing split scopes and DHCP server failures. I don't think we can can deny that M$ DHCP server is in use on thousands of netowrs world wide. Be careful with your wording :) – jwbensley Jul 11 '14 at 15:16
  • 2
    @jwbensley Aggreed, the wording should probably be something like this: Most DHCP Servers will mostly rely on their databses containing dhcp lease information when handing out ip addresses to clients. A DHCP lease can have a longer lifespan than the device is switched on. A lease does not become invalid if you turn off a device. So most DHCP servers will determine which IP address is available by relying on their database. Using ICMP Echo would fail if the device currently owning that IP has a strict firewall that blocks them, which could result in giving out the same lease twice. – konqi Jul 14 '14 at 07:44
2

Please see the ICMP codes section of the this link ICMP Codes.

Some operating systems only show "time-out" whenever a code is returned other than reply or host unreachable, remember this is just a catchall. So a well-programmed DHCP server can make assumptions based on the specific codes returned. For instance, if you have devices with a firewall installed the ICMP code 10 (Communication with Destination Host is Administratively Prohibited) would be returned. At this point the DHCP server can reliable assume the address is in use and not assign it to another device.

Since ARP is a layer 2 protocol it is only useful if the DHCP Server is on the same network segment. A DHCP server would send out an ARP request asking who is address x.x.x.x. If no response is given then the server know the address is free and can be allocated.

nobody
  • 105
  • 3
user7505
  • 21
  • 1
  • what do you mean by "Since ARP is a layer 2 protocol it is only useful if the DHCP Server is on the same network segment." I think it can travel over the internet by the help of proxy ARP. So can you please explain what the difference would it (your answer) make if we were using layer 3 ICMP echo request message ? – dillip_beta Aug 08 '14 at 06:37