Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Occasional Contributor II
Posts: 14
Registered: ‎06-06-2011
Need assistance with Android DHCP issue

We are experiencing an uncommon situation on our campus wireless network.  An unknown aspect of our network is causing our Android clients to exercise several bugs in the Android operating system with regards to DHCP.  As a result these clients continue to use IP addresses well after their leases expire causing IP conflicts and failures to create new user table entries on the controller.

 

At this point, I am trying to determine what is different in our network configuration which is causing this issue.  If you have a few moments I would greatly appreciate any feedback you can give on the following questions.  If you are actually experiencing this issue I would appreciate a chance to compare experiences with you.

 

DHCP Configuration

  • What type of DHCP server are you using?
  • Are you using real world or private address space?
  • What size DHCP pools do you use?
  • Are your pools available across all APs or assigned to specific buildings?
  • What are your lease timers?
  • Where is your DHCP relay configured?

Controller configuration

  • What is your controller architecture?
  • What version of ArubaOS are you running?
  • Do you have “Enforce DHCP” configured?
  • What is your setting for “User Idle Timeout”?
  • What is your setting for “Station Ageout Time”?

Thank you for your time,

 

John Pearson

Wright State University

 

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007
Re: Need assistance with Android DHCP issue

wright-johnp,

 

It could help if you answer all of your questions for your environment and we might be able to help you from there.  Which android clients and which bug are you referring to?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎06-06-2011
Re: Need assistance with Android DHCP issue

Colin,

 

Just FYI:  I've been looking into this Android issue for several years.  I no longer think that the devices can be fixed; however, most institutions do not experience it (Princeton is an example of another large institution with this issue).  At this point, I am simply trying to identify anything that we have configured here outside the norm in an attempt to stop exercising these bugs.

 

Here's information on our existing configuration:

 

DHCP:

 

1) Server is a generic Bind 9 implementation on Redhat.

2) The vast majority of our wireless IP space is private; however, we do have around 8000 real world addresses assigned.  Our problem occurs on both.

3) We currently use multiple /22s with VLAN grouping.

4) Our campus is divided into 7 regions with 5 x /22s for address space.

5) Our lease timers are 15 minutes.

 

Note the large address pools and small lease timers are in place in an attempt to mitigate the DHCP issue.

 

Controller:

 

1) We have 2 x 7240 controllers configured as master/standby.

2) Running 6.3.1.11 currently.  Our SE has recommended an upgrade to 6.4.2.4.

3) We do not have "Enforce DHCP" configured.  I have tested this, and it is not effective for the issue at hand.

4) "User Idle Timeout" is at 300 seconds.

5) "Station Ageout Time" is at 1000 seconds.

Note the large address pools and small lease timers are in place in an attempt to mitigate the DHCP issue.

 

A quick description of the issues we see with Android:  1) The devices respond to gratuitous ARPs while asleep.  This prevents the controller from aging them out of the user table 2) Upon waking from sleep the devices continue to use their previous leased address without communicating with DHCP.  In many cases the address has been freed and assigned to a new device.  3) The Android device can begin using a second IP address without a DHCP conversation.  This address is one that has been leased by the device previously.

 

For more information  I will point to the detailed analysis at Princeton:  https://www.net.princeton.edu/android/  

 

I will add to this that Google has closed all of these issues as resolved in Android 4.2.  However, I have seen these issues on every version of Android from its inception through the current release.

 

Thank you in advance for any insight.

 

John

 

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007
Re: Need assistance with Android DHCP issue

wright-johnp,

 

Let us see who else can add their experiences to your post here.  I just wanted your experience to be out there so that others could respond.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 498
Registered: ‎04-03-2007
Re: Need assistance with Android DHCP issue
This sounds awful. The client you describe is not abiding by the RFC for DHCP. We see >100K unique clients daily, but we have not come across this issue. (Not to say it’s not there; we just haven’t heard/found it.) I would attempt to reproduce it in a lab environment with no encryption so you can more easily perform packet captures. Most curious would be to see if you can see it never sending DHCPDISCOVER/DHCPREQUEST messages. If you do find this to be prevalent, I’d have them derive addressing in RFC1918 space inside some supernet as to not affect your other clients.

We have many controllers.
AOS 6.3.2.11
Not enforcing DHCP in aaa profile.
User idle = 300s
DHCP max/default/min lease time = 600s
BOOTP disallowed

- Ryan -
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Frequent Contributor I
Posts: 125
Registered: ‎07-06-2010
Re: Need assistance with Android DHCP issue

I still do not understand exactly why people use such short lease times, especially when they have authenticated networks.  Do some vlan pools if you have a lot of users and use longer lease times.  This to me would solve the problem.  Though we do not have as many users (not even close) we have never seen any issues with androide devices, but that is most likely due to a much longer lease time for our DHCP server.

 

Having only a 15 minute lease timer seems excessive.  Bump it out a couple of days and I would imagine you would not see this issue crop up.  I think the small lease times are what are causing the issue...

 

For guest networks it would make sense to make it shorter, but even then 15 minutes is just way too short... Bump it out a couple of hours.

 

MVP
Posts: 498
Registered: ‎04-03-2007
Re: Need assistance with Android DHCP issue
Dan, I assume our environments are just simply different. We give clients public IP space and have a limited amount of addressing available. We support ~50,000 concurrent clients and use VLAN pooling predominately with /23s. We have 10 minute lease times to ensure that a student pulling their iPhone out of their pocket, looking at the time, and then putting it back in their pocket does not consume an IP address longer than necessary. We experimented going from 1hr -> 30min -> 15min and eventually settled on 10min.

Hopefully this provides an example for why short lease times are essential for some environments (like ours).

- Ryan -
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
New Member
Posts: 2
Registered: ‎03-22-2012
Re: Need assistance with Android DHCP issue
Like Ryan, we also have short lease times for the exact same reasons. Ours are currently set at 15 minutes in most circumstances.

David
--------------------------
David Morton
Director, Mobile Communications
University of Washington
Guru Elite
Posts: 8,335
Registered: ‎09-08-2010
Re: Need assistance with Android DHCP issue

(config)# ipv6 enable

 

 

 

 

 

 

Sorry, I had to. :-)


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 498
Registered: ‎04-03-2007
Re: Need assistance with Android DHCP issue
Aruba’s IPv6 knob is hardly magical…. unless it builds a NAT64 supporting core along with it . . . :)
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Search Airheads
Showing results for 
Search instead for 
Did you mean: