Using conflict detection in your IP Management design should be highly considered. Conflict detection can be used by either DHCP servers or clients to determine whether an IP address is already in use on the network before leasing or using the address.
DHCP client computers running Windows 2000 or later that obtain an IP address use a gratuitous ARP request to perform client-based conflict detection before completing the configuration and use of a server offered IP address. If the DHCP client detects a conflict, it will send a DHCP decline message (DHCPDECLINE) back to the DHCP server that offered the IP lease.
If your network includes legacy DHCP clients, that is, clients running a version of Windows earlier than Windows 2000, you can use server-side conflict detection provided by the DHCP Server service under specific circumstances. For example, this feature might be useful during failure recovery when scopes are deleted and recreated. In addition, conflict detection can be very beneficial when upgrading or migrating to a new DHCP server without having a backup of the DHCP database available.
By default, the DHCP service does not perform any conflict detection. To enable conflict detection, increase the number of PING attempts that the DHCP service performs for each address before leasing that address to a client. Note that for each additional conflict detection attempt that the DHCP service performs, additional seconds are added to the time needed to negotiate leases for DHCP clients. Typically, if DHCP server-side conflict detection is used, you should set the number of conflict detection attempts made by the server to use one or two pings at most. This provides the intended benefits of this feature without decreasing DHCP server performance.
If the DHCP server detects a conflict with the IP address that it offered to the DHCP client, the DHCP server will create a temporary lease called "BAD ADDRESS". This lease will be configured with a one (1) hour lease period. At the end of the lease, it is automatically removed from the scope. If you find a lease of this type re-occuring for the same IP address over a period of time, you should locate the networked node and verify that it is not configured with a static IP address that is part of a DHCP scope. If you do find this situtation, you can either re-IP that conflicting device, or create an exclusion in your DHCP scope for that particular IP address so that your DHCP server will no longer attempt to issue that IP address to other DHCP clients.
To enable address conflict detection
- Open the DHCP administrative console.
- In the console tree, click the applicable DHCP server.
- On the Action menu, click Properties. For Windows 2008, you first need to highlight IPv4. There is no option for configuring IPv6 scopes.
- Click the Advanced tab.
- For Conflict detection attempts, type a number greater than 0 (zero) and less than six, and then click OK.
The number you type determines how many times the DHCP server tests an IP address before leasing it to a client.
- When conflict detection attempts are set, the DHCP server uses the Packet Internet Groper (ping) process to test available scope IP addresses before including these addresses in DHCP lease offers to clients.
- A successful ping means the IP address is in use on the network. Therefore, the DHCP server does not offer to lease the address to a client. If the ping request fails and times out, the IP address is not in use on the network. In this case, the DHCP server offers to lease the address to a client.
- Each additional conflict detection attempt delays the DHCP server response by a second while waiting for the ping request to time out. This increases the load on the server. A value of no greater than two (2) for ping attempts is recommended.
Recommended Books & Training Resources