Does a DHCP server really check for conflicts using "ping"?

I read the following excerpt in a CCNA prep book and it doesn't sit well with me:

So during IP address assignment, a DHCP server checks for conflicts using the Ping program to test the availability of the address before it's assigned from the pool. If no host replies, then the DHCP server assumes that the IP address is not already allocated.

I get the goal and rationale, but is it really an ICMP request? Why not ARP?


Solution 1:

The simple reason that the DHCP server uses ICMP rather than ARP is that there is no guarantee the DHCP server is on the same subnet as the client (because you could have a centralized DHCP server with relay agents).

RFC 2131 thus says:

As a consistency check, the allocating server SHOULD probe the reused address before allocating the address, e.g., with an ICMP echo request, and the client SHOULD probe the newly received address, e.g., with ARP.

Solution 2:

It is the client that uses ARP for conflict detection, as specified in RFC 5227, which clarifies some details that are already mentioned in the DHCP specification:

-- the existing Address Resolution Protocol (ARP) provides an easy way for a host to detect this kind of misconfiguration and report it to the user. The DHCP specification [RFC2131] briefly mentions the role of ARP in detecting misconfiguration, as illustrated in the following three excerpts from RFC 2131:

  • the client SHOULD probe the newly received address, e.g., with ARP

  • The client SHOULD perform a final check on the parameters (e.g., ARP for allocated network address)

  • If the client detects that the address is already in use (e.g., through the use of ARP), the client MUST send a DHCPDECLINE message to the server

The RFC 5227 also extends from DHCP to all IPv4 address usage:

2.1. Probing an Address

Before beginning to use an IPv4 address (whether received from manual configuration, DHCP, or some other means), a host implementing this specification MUST test to see if the address is already in use, by broadcasting ARP Probe packets. This also applies when a network interface transitions from an inactive to an active state, when a computer awakes from sleep, when a link-state change signals that an Ethernet cable has been connected, when an 802.11 wireless interface associates with a new base station, or when any other change in connectivity occurs where a host becomes actively connected to a logical link.

A host MUST NOT perform this check periodically as a matter of course. This would be a waste of network bandwidth, and is unnecessary due to the ability of hosts to passively discover conflicts, as described in Section 2.4.

Assuming Windows DHCP server, the server-side conflict detection using ICMP echo requests (ping) is disabled by default, and it's recommended not to use it except in some rare circumstances:

If your network includes legacy DHCP clients (clients running a version of Windows earlier than Windows 2000), you can use server-side conflict detection provided by the DHCP Server service under specific circumstances. For example, this feature might be useful during failure recovery when scopes are deleted and recreated. For more information, see DHCP Troubleshooting.

By default, the DHCP service does not perform any conflict detection. To enable conflict detection, increase the number of ping attempts that the DHCP service performs for each address before leasing that address to a client. Note that for each additional conflict detection attempt that the DHCP service performs, additional seconds are added to the time needed to negotiate leases for DHCP clients.

Solution 3:

Yes. With conflict detection enabled, the DHCP Server will ping the IP address it wants to grant a lease for to make sure no other computers are using that IP address. If the ping request receives a reply, the server will mark the IP as BAD_ADDRESS. If no response is received, the server will assign the IP address to the requesting client (The DHCP client probes the IP address by sending gratuitous ARP packets).