DHCP, the DLINK DI-724GU and handing out IP addresses in a sequence

"pcooley" hath wroth:

It won't happen. Let's say you have a DHCP pool of some number of IP's. The DHCP server will allocated them sequentially until it runs out. Then, it reverts to a "least recently used" algorithm and starts to reassign previous expired leases. It will get out of order quickly. In addition, clients with leases that have expired because they drove away, can come back the next day and request the same IP address and get it. That creates the situation where even rebooting the router and flushing the DHCP lease cache, won't guarantee that the returning client gets a new (sequential) lease, instead of recycling the old one.

If you convince the DI-724GU to allow 253 IP's in the DHCP address pool, it will remain sequential for a while, but eventially get scrambled.

So, why do you need sequential IP's? Are you just trying to make sure that a given computah always gets assigned the same IP address? That's easy with "static DHCP", "reserved DHCP" or "pre-assigned DHCP" feature. Looks like the DI-724GU has this feature:

URL doesn't work with Firefox but works with IE6. Grrrr....

Jeff,

Thanks for your insight. I understand your points, but to add a little context. I've created a pool of 150 IP addresses for my home network of ~10 machines. From the get-go the router was delving out IP addresses across the map. The first two IPs were 192.168.0.106 and

192.168.0.132 after turning the router on for the first time.

There is no particular reason for this other than cleanliness in a mathematic/sequencial sense.

the same IP address?

You are correct about using the DHCP feature. For servers I have used the DHCP reservation feature, it works well. This is only for the assortment of laptops/desktops that get turned on in my home LAN.

I am just presuming that the DHCP server in the DI-724 has a non-typical configuration by default and maybe D-Link has a fix/configuration change to clean up this tiny little mess.

Paul Cooley

Jeff Liebermann wrote:

"pcooley" hath wroth:

That can happen if the clients were previously connected to a different DHCP server with the same IP address. The client will try to renew the same IP address as it previously obtained from the old DHCP server, even after the lease has expired.

In Windoze XP, if you run: IPCONFIG /RELEASE it will clear the save DHCP address, and try to obtain a new one when you run: IPCONFIG /RENEW

All networking starts out clean and elegant. It then follows entropy towards virtualization, randomness, encryption, and generally messiness.

It's possible that someone might have considered predictable DHCP IP assignments to be some manner of security risk. I you know the next DHCP IP address to be assigned, one could use that IP to hijack a session. However, I'm just guessing and have no idea if this is correct.

the same IP address?

Well, the obvious solution is to use the "reserved IP" feature with all your laptops/desktops.

Dunno.

You are correct. Part of the DHCP protocol, the DHCPDISCOVER phase, allows for an option to request an IP address.

Prior to the installation of this router, these computers were all connected to a DI-624 and when they were they had IP addresses of

192.168.0.100 - 192.168.0.112. In the upgrade to the DI-724DU the machines where powered down appropriately.

Many philosophical debates can start with the above statement ;)

Potentially security could be a problem, but if I've got unwanted hosts on my local LAN I have bigger problems upstream. That is a good theory though. I hadn't thought of it.

Just to try out D-Link support on this issue, I submitted a ticket. Interestingly, but not a surprise, they have the response below. They suggest static IPs for all machines. Not a happy path for myself, for instance having my parents/friends bring over their laptops and have to manually give them IP addresses isn't on my 'I sign up for that' list.

Thank-you, Paul Cooley

Email response from D-Link Technical support: Paul,

We appreciate you writing to us.

Please try assigning a static Ip to all the computers.

Windows 2000/XP

To release and renew IP address, go to Start > Run. Type in CMD and press Enter. At the prompt, type in ipconfig and press Enter. This will display the adapter information such as IP address, Subnet mask, and default gateway.

To view additional information such as Mac address, DNS servers, etc, type in ipconfig /all.

To release IP address, type ipconfig /release.

To renew IP address, type ipconfig /renew.

If you are not able to get an IP address try setting one statically:

Windows 2000

Step 1 Right-click on My Network Places and select Properties.

Step 2 Right-click on the Local Area Connection which represents your network card and select Properties.

Step 3 Highlight Internet Protocol (TCP/IP) and click Properties. Enter your IP information for your network.

If connecting to a router, make sure the default gateway and a DNS server is the IP address of the router (192.168.0.1).

Windows XP

Step 4 Click on Start > Control Panel > Network and Internet Connections > Network connections.

Step 5 See Step 2 for Windows 2000 and continue from there.

Should you require further assistance with your D-Link products, please reply to this message, or call toll free at 877-453-5465.

For D-Link's preferred Home Networking application please try

from Pure Networks. It simplifies Microsoft Networking and may allow you to trouble shoot your network on your own.

Thank you for networking with D-Link.

Sincerely,

******* ******** D-Link Technical Support

Yes, apparently people have considered that. I was asking about IP addresses (and also port numbers) this summer, and someone pointed out that the newer algorithms hand out IP addresses and port numbers randomly to avoid certain man-in-the-middle attacks, and went on to sketch out how such an attack could be conducted.

You don't want your IP addresses or your port numbers to be assigned sequentially as a spoofer can use that to break into your network. It's not trivial to exploit, but it is an additional vulnerability.

snipped-for-privacy@gmail.com hath wroth:

If their leases haven't expired when you changed routers, the clients will request the old address from the new router. Rebooting the computah does nothing. I think (not sure) that: IPCONFIG /release clears the old IP address.

Nope. Just one debate. Every project I've ever worked on started out as an elegant proposition, where all the parts and pieces were to fit together neatly, and nothing could go wrong. The final results were usually the opposite. Any bright ideas along the way, that promised more elegance, were met with firm opposition by management, claiming that it would "ruin the schedule" or some such rot. This insured that any complexities and messiness that were originally required to salvage the design, were deemed permanent. Much to my amazement, some of the the stuff I designed and worked on actually worked despite the conspicuous lack of elegance and neatness.

If you have unwanted hosts, then use encryption to keep them off.

Masochist.

(boiler plate answer excavated from the support database.)

Yech. I remove that thing when installed (usually by AOL). I guess it might be useful, but I haven't found it so.

As you recall these were all well ordered at one time, so if they requested their old IP and got it all would be well in my bubble.

Indeed. Many times my desire for clean solutions aren't necessary. However, I always feel that the cost of maintaining and supporting these systems isn't often considered. If the design/implementation was clean(er) then often the modifications 3 years down the road fall out easier.

I assure you that I don't have any unwanted hosts, all is encrypted. I was only using that as an example.

:-). In all truth I used the same email that I posted and it didn't cost me much time. They responded quickly. Kodos to them.

Thanks for the interesting conversation.

Paul Cooley