Bug 2228850
| Summary: | [RFE] Option to avoid sending a client-identifier (option 61) when using the 'internal' dhcp client | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Juanma Sanchez <juasanch> |
| Component: | NetworkManager | Assignee: | NetworkManager Development Team <nm-team> |
| Status: | CLOSED MIGRATED | QA Contact: | Vladimir Benes <vbenes> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 9.4 | CC: | bgalvani, desktop-qa-list, lrintel, rkhan, sfaye, sukulkar, till |
| Target Milestone: | rc | Keywords: | FutureFeature, MigratedToJIRA, Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-21 15:35:47 UTC | Type: | Story |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug. This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there. To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer. You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like: "Bugzilla Bug" = 1234567 In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. |
Description of problem: NetworkManager permits to configure different possible "client-identifier" values via dhcp-client-id option: "mac", "perm-mac", "duid", "stable", or a fixed value. However there's no option to avoid sending the "client-identifier" at all when using the `internal` DHCP client. I'm requesting to add a special option 'none' as valid dhcp-client-id value, which would instruct NetworkManager to send the DHCP request message without including a "client-identifier" option. * Background: On RHEL7, NetworkManager defaults to `dhclient`. dhclient by default is installed with an empty configuration. This results in the OS sending a DHCP DISCOVER with no "client-identifier" (option 61) for any network interface configured with DHCP. On RHEL8, NetworkManager switches to the `internal` DHCP client by default. The `internal` DHCP client can be configured with different options to manipulate the "client-identifier", but there's no option to avoid sending it. When a machine that was previously running RHEL7 is reinstalled with RHEL8+, it will now send a "client-identifier" by default where RHEL7 didn't send any "client-identifier" at all. Some DHCP servers will interpret this as a completely different client. As result, the machine (same NIC, same MAC) will receive a different IP address even when there's a previous non-expired lease for the same MAC address on the DHCP server. * Current workaround: On RHEL8+, it's still possible to force `dhclient` as DHCP client, instead of the default `internal`. The following configuration produces that the system mimics the RHEL7 behavior (no option 61/client-identifier is sent): - Setting "dhcp=dhclient" in NetworkManager.conf - Adding the following to dhclient.conf: send dhcp-client-identifier = ""; While `dhclient` seems still available on RHEL9, according to [1] the ISC DHCP client development as ended as of 2022, so I understand that it will be eventually removed from RHEL. See "Additional info" below and the RFE notes for further details. [1] https://www.isc.org/dhcp/ Version-Release number of selected component (if applicable): No specific version. How reproducible: Always. Steps to Reproduce: 1. Run a DHCP server with a basic configuration $ sudo ip link add link enp7s0 name vlan1234 type vlan id 1234 $ sudo ip add add 10.23.4.1/24 dev vlan1234 $ sudo ip link set dev vlan1234 up $ sudo stdbuf -o0 tshark -i vlan1234 -Y "dhcp.option.dhcp eq 1" -V -O dhcp 2>/dev/null| egrep --line-buffered "Message type|Option" -A 2 & $ sudo dnsmasq -dC- <<EOF interface=vlan1234 port=0 dhcp-range=10.23.4.100,10.23.4.200,255.255.255.0,infinite dhcp-option=3,10.23.4.1 EOF 2. Configure a RHEL7 host with DHCP $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.9 (Maipo) $ ip l show dev eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 56:6f:c1:3e:00:0c brd ff:ff:ff:ff:ff:ff $ sudo nmcli con add type vlan con-name vlan1234 ifname vlan1234 dev eth0 id 1234 connection.autoconnect no Connection 'vlan1234' (50da750d-dc73-4440-824a-fc8fba7cfe92) successfully added. $ sudo nmcli con up vlan1234 sudo $ ip l show dev vlan1234 8: vlan1234@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 link/ether 56:6f:c1:3e:00:0c brd ff:ff:ff:ff:ff:ff DHCP Discover details: Message type: Boot Request (1) Hardware type: Ethernet (0x01) Hardware address length: 6 Option: (53) DHCP Message Type (Discover) Length: 1 DHCP: Discover (1) Option: (12) Host Name Length: 3 Host Name: v79 Option: (55) Parameter Request List Length: 19 Parameter Request List Item: (1) Subnet Mask Option: (255) End Option End: 255 Padding: 000000000000000000000000000000000000000000000000000000000000 3. Recreate the interface, or install RHEL8 on the same machine: DHCP Discover details: Message type: Boot Request (1) Hardware type: Ethernet (0x01) Hardware address length: 6 Option: (53) DHCP Message Type (Discover) Length: 1 DHCP: Discover (1) Option: (61) Client identifier Length: 7 Hardware type: Ethernet (0x01) Option: (55) Parameter Request List Length: 18 Parameter Request List Item: (1) Subnet Mask Option: (57) Maximum DHCP Message Size Length: 2 Maximum DHCP Message Size: 576 Option: (12) Host Name Length: 3 Host Name: v81 Option: (255) End Option End: 255 NOTE: dnsmasq in this case seems smart (or buggy?) enough to provide the same lease for the same MAC address even when the second request includes a client-identifier. Actual results: Option 61 / client identifier is always sent Expected results: The `internal` DHCP client should have an option to avoid sending Option 61 / client identifier. Additional info: The ISC DHCP client development has ended as of 2022 [1]: ISC has ended development on the ISC DHCP client as of early 2022. This client implementation is no longer maintained and should not be used in production any longer. While I see `dhclient` still available on RHEL9, my understanding is that it will be eventually deprecated and removed. While this behavior of the DHCP server doesn't seem to reproduce on all DHCP servers, I think it's reasonable to have an option to instruct the `internal` DHCP client to avoid sending option 61. According to RFC2131 [2], a "client-identifier" is not mandatory: DHCP defines a new 'client identifier' option that is used to pass an explicit client identifier to a DHCP server. This change eliminates the overloading of the 'chaddr' field in BOOTP messages, where 'chaddr' is used both as a hardware address for transmission of BOOTP reply messages and as a client identifier. The 'client identifier' is an opaque key, not to be interpreted by the server; for example, the 'client identifier' may contain a hardware address, identical to the contents of the 'chaddr' field, or it may contain another type of identifier, such as a DNS name. The 'client identifier' chosen by a DHCP client MUST be unique to that client within the subnet to which the client is attached. If the client uses a 'client identifier' in one message, it MUST use that same identifier in all subsequent messages, to ensure that all servers correctly identify the client. However RFC4361 [3] superseding RFC2131 in section 6.1 seems to suggest that DHCPv4 clients conforming RFC4361 must send a client-identifier: DHCPv4 clients MUST send a 'client identifier' option containing an Identity Association Unique Identifier, as defined in section 10 of RFC 3315, and a DHCP Unique Identifier, as defined in section 9 of RFC 3315. These together constitute an RFC 3315-style binding identifier. Later on the same document states the following change from RFC2131: "The client MUST explicitly provide a client identifier through the 'client identifier' option. The client MUST use the same 'client identifier' option for all messages." * Summary: While it seems that DHCPv4 clients strictly following RFC4361 must provide a "client-identifier" via option 61, this seems to break previous leases obtained via RFC2131 DHCPv4 clients on certain environments/DHCP servers when the DHCP client software is updated. I think it's reasonable to have an option so the user can control whether the "client-identifier" field is sent. This would make the transition to more recent RHEL releases smoother. [1] https://www.isc.org/dhcp/ [2] RFC2131 https://www.rfc-editor.org/rfc/rfc2131 [3] RFC4361 https://www.rfc-editor.org/rfc/rfc4361