Community discussions

MikroTik App
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

DHCP dynamic leases

Thu Mar 16, 2023 4:50 pm

Is there a way to "set" or "import" dynamic leases on the DHCP service?
What I am actually looking for is to avoid duplicate addresses across 3 networks that each use a MikroTik router (all still running v6 because of lack of BFD in v7...)
In most cases it works just fine: users devices are initially requesting an IP from router #1 and when they roam to the area of router #2 or #3 their device asks for the same address and gets it, as it was not yet in use on those routers.
But sometimes, devices are first connected to router #2 or #3 and get an address that was already in use on router #1.
So I am looking for some trick to "import" the in-use addresses from #1 into #2 and #3 so it won't issue those to new devices. Without making them "static" leases on any of the routers.
I.e. "copying" the Dynamic entries to another router e.g. once per day (lease period is set to 7 days).
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: DHCP dynamic leases

Thu Mar 16, 2023 5:32 pm

users devices are initially requesting an IP from router #1 and when they roam to the area of router #2 or #3 their device asks for the same address and gets it, as it was not yet in use on those routers.
But sometimes, devices are first connected to router #2 or #3 and get an address that was already in use on router #1.
Why are these separate networks using the same ip network? If they are close enough for people to roam, then why aren't the networks connected, so there is only a single dhcp server per dhcp scope?

It just seems like an "odd problem" to me.

DHCP client may fail to obtain a DHCP-assigned IP address

See resolution.
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: DHCP dynamic leases

Thu Mar 16, 2023 5:49 pm

Would it be possible to work with a single DHCP server? Van you please explain a bit more about the environment? Roaming (makes me think of wireless clients, is this correct?), three routers and leasetimes of 7 days doesn't sound like a regular network.
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: DHCP dynamic leases

Thu Mar 16, 2023 7:03 pm

users devices are initially requesting an IP from router #1 and when they roam to the area of router #2 or #3 their device asks for the same address and gets it, as it was not yet in use on those routers.
But sometimes, devices are first connected to router #2 or #3 and get an address that was already in use on router #1.
Why are these separate networks using the same ip network? If they are close enough for people to roam, then why aren't the networks connected, so there is only a single dhcp server per dhcp scope?
The networks are on different locations of the same company. The routers are interconnected using VPN for management, but these networks are not routed between the locations and only serve phones and computers that connect to internet.
Numbering the same is not something I have originally done (I probably would not have done that) but as it is, it is not that inconvenient.

Note that there is no issue for the connected devices themselves, but the (different manufacturer) WiFi solution has started to complain about it, for no reason at all.
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: DHCP dynamic leases

Thu Mar 16, 2023 7:05 pm

Would it be possible to work with a single DHCP server?
Yes, but I do not like to do that to avoid a single point of failure. These are 3 locations of the same company, each with their own router. The DHCP service of the router is used, rather than a common DHCP server for all 3 (that would depend on the server to be up and reachable).
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: DHCP dynamic leases

Fri Mar 17, 2023 1:27 am

If it's known devices, can you give the devices the same DHCP reservation (called Static in Mikrotik) on all three routers?
Yes, I realize that this is a problem with a lot of devices that randomize the device MAC...
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: DHCP dynamic leases

Fri Mar 17, 2023 8:17 am

Numbering the same is not something I have originally done (I probably would not have done that) but as it is, it is not that inconvenient.

Note that there is no issue for the connected devices themselves, but the (different manufacturer) WiFi solution has started to complain about it, for no reason at all.
It seems to me that it would be easier to renumber the sites so they each use unique subnets. That would also make it easier for the sites to be able to communicate with each using the vpn (without needing to resort to NAT solutions for overlapping networks, something that may be useful even though you are not currently doing so). Just curious, do all the sites use the same SSID as well?

What WiFi solution are you referring to? What does it complain about? I am trying to think of what problem a device with a different "identity" with a different mac requesting a specific ip address (because the dhcp client thinks its lease is still valid, it will probably skip the DHCP discover and try the DHCP request from the "previous" dhcp server. If the subnets were different, then the DHCP server would send a DHCPNAK and the client would respond by starting with a new DHCP Discover. But it isn't clear to me how the Wifi access point would be involved with the ip addresses. Aren't they normally layer 2 devices? (with a possible layer 3 management controller possibly sharing the layer 2 with other traffic)
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: DHCP dynamic leases

Fri Mar 17, 2023 10:40 am

If it's known devices, can you give the devices the same DHCP reservation (called Static in Mikrotik) on all three routers?
Yes, I realize that this is a problem with a lot of devices that randomize the device MAC...
I do not want to assign static leases to each of them. There are many hundreds of devices (the subnet is a /22) and I would not want to track each of them to see if they fell out of usage.... and then indeed they could vary the MAC address.

Numbering the same is not something I have originally done (I probably would not have done that) but as it is, it is not that inconvenient.

Note that there is no issue for the connected devices themselves, but the (different manufacturer) WiFi solution has started to complain about it, for no reason at all.
It seems to me that it would be easier to renumber the sites so they each use unique subnets. That would also make it easier for the sites to be able to communicate with each using the vpn (without needing to resort to NAT solutions for overlapping networks, something that may be useful even though you are not currently doing so). Just curious, do all the sites use the same SSID as well?
Yes, they use the same SSID. And the devices normally pick (and get) the same address on all networks. But of course only when it is still available.
When a device picks an address on router #1 (the head office) the same address is normally still available on #2 and #3, and they get it and use it there.
However in some cases (about 5 out of 300) there is a collision and the same address gets used for different devices, especially when the user does not often come to the head office.
Not a problem at all for the network, but the WiFi solution (not MikroTik, of course!) is centrally managed and after an update it started sending alerts "duplicate IP in use", which is a bit annoying. So I am trying to work around it.
Renumbering the networks would mean that "stick to the same IP" would be lost, and there would be no benefit as there is no need whatsoever for these subnets to be routed.
We have different subnets, the "LAN subnets" for the locations, which are routed, and which now are mostly used for some legacy stuff and indeed for the management of the routers, and the "WiFi subnets" which only require routing towards internet, not towards the LAN or to devices on the other locations. "everything in the cloud", you know...
What WiFi solution are you referring to?
It is from the well known competitor with the U.
They try to do all kinds of health monitoring that sometimes goes a bit too far. But unfortunately it does not appear to be configurable.
It needs a config page with a list of checkmarks where you can enable/disable the monitoring of all that stuff....
(e.g. they also alert when a user's DNS request is not replied to within a certain time by the router, but that of course depends on the global DNS speed which is not always fast)

I'm thinking if it would be an option (I have done that before) to setup a "delay threshold" of e.g. 3 seconds in the DHCP servers of the branch routers, and then configure a "dhcp relay" towards the main office router. That should make most requests be handled by that single router, and the branch office DHCP servers be used in case of an outage of the VPN or the head office router.
However, up to now I have only done that with an ISC DHCP server as the main DHCP server, not with the MikroTik DHCP. So I will need to find if it correctly handles those request that are from "a local IP range" but come in from a remote network via VPN on a completely different IP address... (outside that range). Because of course I cannot just route that same range.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: DHCP dynamic leases

Fri Mar 17, 2023 2:19 pm

Renumbering the networks would mean that "stick to the same IP" would be lost, and there would be no benefit as there is no need whatsoever for these subnets to be routed.
And the advantage of "stick to the same IP" is?
I'm thinking if it would be an option (I have done that before) to setup a "delay threshold" of e.g. 3 seconds in the DHCP servers of the branch routers, and then configure a "dhcp relay" towards the main office router. That should make most requests be handled by that single router, and the branch office DHCP servers be used in case of an outage of the VPN or the head office router.
However, up to now I have only done that with an ISC DHCP server as the main DHCP server, not with the MikroTik DHCP. So I will need to find if it correctly handles those request that are from "a local IP range" but come in from a remote network via VPN on a completely different IP address... (outside that range). Because of course I cannot just route that same range.
It is your time and you will do what you feel is best, but to me it seems you have decided on the solution, and the Einstellung effect is at work.

I am still not sure what the actual problem is. That user's can't keep the ip address that they had in the other branch? Why does that matter at all? You did say "everything in the cloud", so what difference does it make what their local ip address is? Are you tracking users by the IP address locally, e.g. the U* controller? If so, then @k6ccc's suggestion of "reserved addresses" for the mac addresses that frequently move between the locations would solve that problem. What if a user stops for lunch somewhere that has wifi, and they get another ip address? Then they are already going to be "unsynchronized", and when they then go to a location they haven't been to in the last 3.5 days, then it is possible that their pervious lease will already be expired, and they will most likely get a new ip address from the pool. It seems you are trying to reproduce something like Microsoft's DHCP failover with replication. I am not saying you will not be able to get something to work as you envision it, but it will probably take more time than you first estimate, by the time you cover all the edge cases and work out all the bugs.
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: DHCP dynamic leases

Fri Mar 17, 2023 4:02 pm

No need to look for so much behind it!
And BTW, DHCP does not work as you think it does. Devices remember the last IP they got from every network (in this case, by SSID) and when they connect they usually first try to get the remembered address, and only when the DHCP server rejects that they ask for "any address" and get a new address from the pool.
The lease time does not matter. When the address is still available, they will get it again, even after a year.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: DHCP dynamic leases

Sat Mar 18, 2023 10:52 am

There may be devices that remember more than their current lease. What clients are you referring to? While investigating this I found this interesting article (to me, even thought I have never touched a Meraki device), because it describes how MAC randomization works in different versions of iOS and Android. Meraki and MAC Address Randomization.

I am not claiming that I understand every implementation of DHCP, but there are many factors involved, and RFC 2131 is quite flexible in what will work. I've thought I understood things and been wrong before, so that's always a possibility now. For example, I previously thought that the mac address was what was used to identify the client, and often it is, but it isn't the "first thing checked". See RFC 2131 section 4.2 and the discussion of 'client identifier' option. I spent time "troubleshooting" what I though was a buggy dhcp server, because I didn't know about that option.
If a client has a lease, then it should be able to request it and get it. If its lease has expired, it can still "suggest" an IP address in the dhcp discover, but there is no guarantee that it will be given the address it suggested, even if it is available. See section 4.3.1 for what a dhcp server SHOULD do (not MUST do). My understanding is that if the last time the client identifier was seen at the site the client was given ip address a.b.c.d, and the dhcp server still has the record available, then that is what will be offered if that address is available, even if the client identifier has requested a different available address. So for example, if on site A the client got a.b.c.d then went to site B for the first time (the dhcp server has no previous knowledge about this client identifier), the client 'suggested' a.b.c.d but that wasn't available, and instead a.b.c.e was given, then when the client goes back to site A, it will 'suggest' a.b.c.e but will be offered a.b.c.d (as long at that address is available). And when that client goes back to site B it will be offered a.b.c.e (as long as it is available, even if a.b.c.d was requested and is currently available).
But as you have hinted, things may not always work as you expect, and a packet capture may be needed to determine what is really happening.
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: DHCP dynamic leases

Sat Mar 18, 2023 3:41 pm

I.e. "copying" the Dynamic entries to another router e.g. once per day (lease period is set to 7 days).
You can simulate dynamic entries by creating static entries with some comment, eg. "DYN", and synchronizing them with scheduler on each router.
Script can periodically dump all dynamic leases into some file to shared directory accessible for all routers (FTP, SMB...), parse dump files from other routers and create static "DYN" commented entries. Also for cleanup it will need to remove all "DYN" commented entries which ip address is not in dump files from other routers.

Edit: Advanced way to retrieve dynamic leases from other routers can be done to create container which will provide them over http service using ROS API (eg. over PHP service like https://github.com/EvilFreelancer/routeros-api-php) instead of using shared files.
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: DHCP dynamic leases

Sat Mar 18, 2023 4:19 pm

@Buckeye: my topic is "can I synchronize dynamic leases between devices". I am not interested in further discussing DHCP and "why would you want that".
Indeed, you can see it as a DHCP server with failover and replication. If not possible, that can be the answer.
You know, in some other contexts it IS possible to sync dynamic entries, e.g. with address lists.
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: DHCP dynamic leases

Tue Mar 21, 2023 2:49 pm

Well, I have tried to setup my idea using "dhcp relay" (combined with local "dhcp server" with delay), but it seems to be impossible with MikroTik, because the DHCP server will only answer DHCP requests on the interface it is configured for, and it is not possible to configure a DHCP server on a GRE tunnel (which is what is used between the locations).
So, I can configure a DHCP relay on the branch office, I do receive the DHCP requests at the main office, but I cannot make a reply from the same pool as used in the main office.
At least not when using the MikroTik DHCP server. It would be possible to do it using an ISC DHCP server on a separate Linux machine, maybe I will do that....

Who is online

Users browsing this forum: Amazon [Bot], bertus, kiloon, rarriazu, Vyizis and 88 guests