Report information
The Basics
Id:
45840
Status:
open
Priority:
Medium/Medium
Queue:
dhcp-public
People
Owner:
Nobody in particular
Requestors:
Paul B. Henson <henson@cpp.edu>
Cc:
AdminCc:
BugTracker
Version Fixed:
(no value)
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
(no value)
Severity:
(no value)
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
(no value)
Dates
Created:Tue, 22 Aug 2017 15:57:26 -0400
Updated:Fri, 26 Jan 2018 14:57:53 -0500
Closed:Not set

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Tue, 22 Aug 2017 15:57:26 -0400 Paul B. Henson <henson@cpp.edu> - Ticket created
From: "Paul B. Henson" <henson@cpp.edu>
Subject: 4.3.3P1 - V6 - dhcpd: Unable to pick client address: no addresses available
To: dhcp-bugs@isc.org
Date: Tue, 22 Aug 2017 19:57:22 +0000

Bug Report from www.isc.org: Name: Paul B. Henson Email: henson@cpp.edu Software Version: 4.3.3P1 OS: Gentoo Linux Subject:V6 - dhcpd: Unable to pick client address: no addresses available Bug Detail =========== In a /64 pool with only 5577 addresses allocated, the server says no addresses are available: dhcpd: Unable to pick client address: no addresses available - shared network 2620:df:8000:4701::/64: 4294967296 total, 5577 active, 0 abandoned It seems with over 4 *billion* to choose from one could be found 8-/. It looks like this issue comes from: https://github.com/mpalmer/isc-dhcp/blob/6a90108410e9dcf22e458ca950b055e1ece3761 8/server/mdb6.c#L931-L1080 where it arbitrarily hashes the DUID only 100 times looking for an address to give out before giving up. The comment at the top says "Realistically this will only happen in very full pools", I hereby introduce the author to the difference between statistics and real life ;). It seems when there are 4 billion free addresses this function should not throw up its hands and give a "no addresses available" error :(. Thanks... --- This email was received through isc.org Bug Submission Form
  Wed, 23 Aug 2017 10:08:51 -0400 Thomas Markwalder <tmark@isc.org> - Correspondence added

Hello Paul: What you are most likely seeing is the result of one or more devices that appear to be the same client because they have the same DUID. This often opens when client VMs are cloned from a template. They alternate with one client getting the address while the other issues a decline because the DAD test fails. The 100 tries is essentially per DUID. In a given subnet if the algorithm cannot find an available address after 100 attempts of hashing into the pool for a given DUID, you'll see that error. Clients that do not have duplicates should be getting addresses without issue. You'd need to examine the server logs. If you need further help we would we need to see at least the server log and pcaps. Regards, Thomas Markwalder ISC Software Engieering On Tue Aug 22 19:57:26 2017, henson@cpp.edu wrote: > Bug Report from www.isc.org: > > Name: Paul B. Henson > Email: henson@cpp.edu > Software Version: 4.3.3P1 > OS: Gentoo Linux > Subject:V6 - dhcpd: Unable to pick client address: no addresses > available > > > Bug Detail > =========== > In a /64 pool with only 5577 addresses allocated, the server says no > addresses are available: > > dhcpd: Unable to pick client address: no addresses available - shared > network 2620:df:8000:4701::/64: 4294967296 total, 5577 active, 0 > abandoned > > It seems with over 4 *billion* to choose from one could be found 8-/. > It looks like this issue comes from: > > https://github.com/mpalmer/isc- > dhcp/blob/6a90108410e9dcf22e458ca950b055e1ece3761 > 8/server/mdb6.c#L931- > L1080 > > where it arbitrarily hashes the DUID only 100 times looking for an > address to give out before giving up. The comment at the top says > "Realistically this will only happen in very full pools", I hereby > introduce the author to the difference between statistics and real > life ;). > > It seems when there are 4 billion free addresses this function should > not throw up its hands and give a "no addresses available" error :(. > > Thanks... > > --- > This email was received through isc.org Bug Submission Form
Wed, 23 Aug 2017 10:08:52 -0400 The RT System itself - Status changed from 'new' to 'open'
  Wed, 23 Aug 2017 15:46:21 -0400 Paul B. Henson <henson@cpp.edu> - Correspondence added
From: "Paul B. Henson" <henson@cpp.edu>
Subject: Re: [ISC-Bugs #45840] 4.3.3P1 - V6 - dhcpd: Unable to pick client address: no addresses available
To: "Thomas Markwalder via RT" <dhcp-confidential@isc.org>
CC: bldewolf@cpp.edu
Date: Wed, 23 Aug 2017 12:45:43 -0700

Thank you for the response. The subnet in question is a user wireless subnet, I suppose it's possible somebody has cloned vm's on it, but that wouldn't really be a common use case. The logs don't seem to have the DUID, so you can't really tell if that's happening: Aug 21 22:44:13 altair dhcpd: Relay-forward message from 2620:df:8000:1::14:2 port 547, link address 2620:df:8000:4701::2, peer address fe80::1c3a:33b8:2028:e74a Aug 21 22:44:13 altair dhcpd: Unable to pick client address: noaddresses available - shared network 2620:df:8000:4701::/64: 4294967296 total, 5486 active, 0 abandoned We can try to get a packet capture, but we get a *lot* of dhcp traffic 8-/. Unless I'm missing something in the logs, it would probably be a better first step for us to update the logging code to include the DUID so we'd be able to tell if we're just hitting the scenario you mention and the failed DUID already has an active lease. Thanks... On Wed, Aug 23, 2017 at 02:08:52PM +0000, Thomas Markwalder via RT wrote: > What you are most likely seeing is the result of one or more devices > that appear to be the same client because they have the same DUID. > This often opens when client VMs are cloned from a template. They > alternate with one client getting the address while the other issues a > decline because the DAD test fails. The 100 tries is essentially per > DUID. In a given subnet if the algorithm cannot find an available > address after 100 attempts of hashing into the pool for a given DUID, > you'll see that error. > > Clients that do not have duplicates should be getting addresses > without issue. > > You'd need to examine the server logs. If you need further help we > would we need to see at least the server log and pcaps. > > Regards, > > Thomas Markwalder > ISC Software Engieering > > On Tue Aug 22 19:57:26 2017, henson@cpp.edu wrote: > > Bug Report from www.isc.org: > > > > Name: Paul B. Henson > > Email: henson@cpp.edu > > Software Version: 4.3.3P1 > > OS: Gentoo Linux > > Subject:V6 - dhcpd: Unable to pick client address: no addresses > > available > > > > > > Bug Detail > > =========== > > In a /64 pool with only 5577 addresses allocated, the server says no > > addresses are available: > > > > dhcpd: Unable to pick client address: no addresses available - shared > > network 2620:df:8000:4701::/64: 4294967296 total, 5577 active, 0 > > abandoned > > > > It seems with over 4 *billion* to choose from one could be found 8-/. > > It looks like this issue comes from: > > > > https://github.com/mpalmer/isc- > > dhcp/blob/6a90108410e9dcf22e458ca950b055e1ece3761 > > 8/server/mdb6.c#L931- > > L1080 > > > > where it arbitrarily hashes the DUID only 100 times looking for an > > address to give out before giving up. The comment at the top says > > "Realistically this will only happen in very full pools", I hereby > > introduce the author to the difference between statistics and real > > life ;). > > > > It seems when there are 4 billion free addresses this function should > > not throw up its hands and give a "no addresses available" error :(. > > > > Thanks... > > > > --- > > This email was received through isc.org Bug Submission Form > -- Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/ Operating Systems and Network Analyst | henson@cpp.edu California State Polytechnic University | Pomona CA 91768
Mon, 28 Aug 2017 14:54:33 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #8 to dhcp-public
  Fri, 26 Jan 2018 14:57:52 -0500 Brian De Wolf <bldewolf@cpp.edu> - Correspondence added
From: "Brian De Wolf" <bldewolf@cpp.edu>
Subject: Re: [ISC-Bugs #45840] 4.3.3P1 - V6 - dhcpd: Unable to pick client address: no addresses available
To: "Thomas Markwalder via RT" <dhcp-confidential@isc.org>
Date: Fri, 26 Jan 2018 11:57:38 -0800
CC: "Paul B. Henson" <henson@cpp.edu>

Hi, I work with Paul and I've been investigating this issue. I created a program for analyzing the leases file. It reads the IA-NA and addresses from the lease and performs the hashing function to find how many iterations the given address took to generate. For a leases file from one of our servers, 25,557 of the 79,003 leases took more than one iteration. The total number of addresses generated is 162,112, over double the number of actual leases. For comparison, I used dibbler to load one of our test servers with 398,886 leases and only 19 required two generations. One difference from my test case is that both of our real servers send offers but only one of them is receiving a reply (they serve the same /64s with addresses from independent /96s). Is it possible that the servers are skipping addresses because they've already offered them and somehow they are not expiring correctly?