This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2228850 - [RFE] Option to avoid sending a client-identifier (option 61) when using the 'internal' dhcp client
Summary: [RFE] Option to avoid sending a client-identifier (option 61) when using the ...
Keywords:
Status: CLOSED MIGRATED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: NetworkManager
Version: 9.4
Hardware: All
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: NetworkManager Development Team
QA Contact: Vladimir Benes
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-03 12:01 UTC by Juanma Sanchez
Modified: 2023-08-21 15:35 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-21 15:35:47 UTC
Type: Story
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker NMT-708 0 None None None 2023-08-09 09:34:12 UTC
Red Hat Issue Tracker   RHEL-1469 0 None Migrated None 2023-08-23 14:44:59 UTC
Red Hat Issue Tracker RHELPLAN-164984 0 None None None 2023-08-09 09:35:06 UTC

Description Juanma Sanchez 2023-08-03 12:01:02 UTC 
Description of problem:

      NetworkManager permits to configure different possible
      "client-identifier" values via dhcp-client-id option: "mac",
      "perm-mac", "duid", "stable", or a fixed value. However there's no
      option to avoid sending the "client-identifier" at all when using
      the `internal` DHCP client.
      
      I'm requesting to add a special option 'none' as valid dhcp-client-id
      value, which would instruct NetworkManager to send the DHCP request
      message without including a "client-identifier" option.


      * Background:

      On RHEL7, NetworkManager defaults to `dhclient`. dhclient by default
      is installed with an empty configuration. This results in the OS
      sending a DHCP DISCOVER with no "client-identifier" (option 61) for
      any network interface configured with DHCP.

      On RHEL8, NetworkManager switches to the `internal` DHCP client by
      default. The `internal` DHCP client can be configured with different
      options to manipulate the "client-identifier", but there's no option
      to avoid sending it.

      When a machine that was previously running RHEL7 is reinstalled with
      RHEL8+, it will now send a "client-identifier" by default where
      RHEL7 didn't send any "client-identifier" at all.

      Some DHCP servers will interpret this as a completely different client. 
      As result, the machine (same NIC, same MAC) will receive a different IP
      address even when there's a previous non-expired lease for the same MAC
      address on the DHCP server.

      * Current workaround:

      On RHEL8+, it's still possible to force `dhclient` as DHCP client,
      instead of the default `internal`.

      The following configuration produces that the system mimics the RHEL7
      behavior (no option 61/client-identifier is sent):

          - Setting "dhcp=dhclient" in NetworkManager.conf
          - Adding the following to dhclient.conf:

              send dhcp-client-identifier = "";

      While `dhclient` seems still available on RHEL9, according to [1] the
      ISC DHCP client development as ended as of 2022, so I understand that
      it will be eventually removed from RHEL.

      See "Additional info" below and the RFE notes for further details.

      [1] https://www.isc.org/dhcp/


    Version-Release number of selected component (if applicable):

      No specific version.
    
    
    How reproducible:

      Always.
    
    
    Steps to Reproduce:

    1. Run a DHCP server with a basic configuration
      $ sudo ip link add link enp7s0 name vlan1234 type vlan id 1234
      $ sudo ip add add 10.23.4.1/24 dev vlan1234
      $ sudo ip link set dev vlan1234 up
      $ sudo stdbuf -o0 tshark -i vlan1234 -Y "dhcp.option.dhcp eq 1" -V -O dhcp 2>/dev/null| egrep --line-buffered "Message type|Option" -A 2 &
      $ sudo dnsmasq -dC- <<EOF
      interface=vlan1234
      port=0
      dhcp-range=10.23.4.100,10.23.4.200,255.255.255.0,infinite
      dhcp-option=3,10.23.4.1
      EOF

    2. Configure a RHEL7 host with DHCP

      $ cat /etc/redhat-release 
      Red Hat Enterprise Linux Server release 7.9 (Maipo)

      $ ip l show dev eth0
      2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
          link/ether 56:6f:c1:3e:00:0c brd ff:ff:ff:ff:ff:ff

      $ sudo nmcli con add type vlan con-name vlan1234 ifname vlan1234 dev eth0 id 1234 connection.autoconnect no 
      Connection 'vlan1234' (50da750d-dc73-4440-824a-fc8fba7cfe92) successfully added.

      $ sudo nmcli con up vlan1234

      sudo $ ip l show dev vlan1234
      8: vlan1234@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
          link/ether 56:6f:c1:3e:00:0c brd ff:ff:ff:ff:ff:ff

      DHCP Discover details:

          Message type: Boot Request (1)
          Hardware type: Ethernet (0x01)
          Hardware address length: 6
          Option: (53) DHCP Message Type (Discover)
              Length: 1
              DHCP: Discover (1)
          Option: (12) Host Name
              Length: 3
              Host Name: v79
          Option: (55) Parameter Request List
              Length: 19
              Parameter Request List Item: (1) Subnet Mask
          Option: (255) End
              Option End: 255
          Padding: 000000000000000000000000000000000000000000000000000000000000


    3. Recreate the interface, or install RHEL8 on the same machine:

      DHCP Discover details:

          Message type: Boot Request (1)
          Hardware type: Ethernet (0x01)
          Hardware address length: 6
          Option: (53) DHCP Message Type (Discover)
              Length: 1
              DHCP: Discover (1)
          Option: (61) Client identifier
              Length: 7
              Hardware type: Ethernet (0x01)
          Option: (55) Parameter Request List
              Length: 18
              Parameter Request List Item: (1) Subnet Mask
          Option: (57) Maximum DHCP Message Size
              Length: 2
              Maximum DHCP Message Size: 576
          Option: (12) Host Name
              Length: 3
              Host Name: v81
          Option: (255) End
              Option End: 255


      NOTE: dnsmasq in this case seems smart (or buggy?) enough to provide
      the same lease for the same MAC address even when the second request 
      includes a client-identifier.


    Actual results:

      Option 61  / client identifier is always sent
    
    Expected results:

    The `internal` DHCP client should have an option to avoid sending Option
    61 / client identifier.
    
    
    Additional info:

      The ISC DHCP client development has ended as of 2022 [1]:
      
        ISC has ended development on the ISC DHCP client as of early 2022. This
        client implementation is no longer maintained and should not be used in
        production any longer.

      While I see `dhclient` still available on RHEL9, my understanding is
      that it will be eventually deprecated and removed.


      While this behavior of the DHCP server doesn't seem to reproduce on
      all DHCP servers, I think it's reasonable to have an option to
      instruct the `internal` DHCP client to avoid sending option 61.

      According to RFC2131 [2], a "client-identifier" is not mandatory:

        DHCP defines a new 'client identifier' option that is used to pass an
        explicit client identifier to a DHCP server.  This change eliminates
        the overloading of the 'chaddr' field in BOOTP messages, where
        'chaddr' is used both as a hardware address for transmission of BOOTP
        reply messages and as a client identifier.  The 'client identifier'
        is an opaque key, not to be interpreted by the server; for example,
        the 'client identifier' may contain a hardware address, identical to
        the contents of the 'chaddr' field, or it may contain another type of
        identifier, such as a DNS name.  The 'client identifier' chosen by a
        DHCP client MUST be unique to that client within the subnet to which
        the client is attached. If the client uses a 'client identifier' in
        one message, it MUST use that same identifier in all subsequent
        messages, to ensure that all servers correctly identify the client.

      However RFC4361 [3] superseding RFC2131 in section 6.1 seems to suggest
      that DHCPv4 clients conforming RFC4361 must send a client-identifier:

          DHCPv4 clients MUST send a 'client
          identifier' option containing an Identity Association Unique
          Identifier, as defined in section 10 of RFC 3315, and a DHCP Unique
          Identifier, as defined in section 9 of RFC 3315.  These together
          constitute an RFC 3315-style binding identifier.

      Later on the same document states the following change from RFC2131:

          "The client MUST explicitly provide a client
          identifier through the 'client identifier' option.  The client MUST
          use the same 'client identifier' option for all messages."


    * Summary:
      
      While it seems that DHCPv4 clients strictly following RFC4361 must
      provide a "client-identifier" via option 61, this seems to
      break previous leases obtained via RFC2131 DHCPv4 clients on certain
      environments/DHCP servers when the DHCP client software is updated.

      I think it's reasonable to have an option so the user can control
      whether the "client-identifier" field is sent. This would make the
      transition to more recent RHEL releases smoother.



      [1] https://www.isc.org/dhcp/
      [2] RFC2131 https://www.rfc-editor.org/rfc/rfc2131
      [3] RFC4361 https://www.rfc-editor.org/rfc/rfc4361
Comment 6 RHEL Program Management 2023-08-21 15:30:07 UTC 
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.
Comment 7 RHEL Program Management 2023-08-21 15:35:47 UTC 
This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues.
Note You need to log in before you can comment on or make changes to this bug.