[unisog] Microsoft Windows 'Resumes Using Old IP Address Bug'

Irwin Tillman irwin at princeton.edu
Tue Mar 23 15:23:12 GMT 2004

On March 4, I wrote:

>At Princeton we've been seeing IP address conflicts due to a bug introduced
>recently in Windows.  Since I suspect many other schools with
>many mobile clients are experiencing the same bug, I thought I'd post the
>details for you.
>We call this the "Microsoft Windows Resumes Using Old IP Address Bug." Briefly,
>a Windows 2000 client configured to obtain its IP address via DHCP will
>sometimes re-use its last IP address briefly as it comes up, just before it
>requests a new DHCP lease. Naturally, if that IP address has since been awarded
>to another client, this can interfere with service to the other client.
>We've reported the problem to Microsoft, and they have identified the 
>ARP Request as being generated in support of a new Windows feature. This new
>feature (according to a Microsoft white paper) involves the Windows client
>(at start) probing the network to determine if it is attached to the same IP
>network to which it was last attached. It apparently makes this decision by
>ARPing for the old IP router.
>It appeared that for a brief time, Microsoft agreed that this was a bug, but the
>most-recent information I've received from our support folks here is that
>Microsoft has decided this is not a Windows bug, and the behavior will not be changed.
>Microsoft has suggested to our support folks a workaround: they suggest setting
>a per-interface registry key on each Windows 2000 client. (The per-interface
>registry key tells the client to issue a DHCPRELEASE for that interface at
>shutdown. It's not clear to me if this configuration change will indeed cause
>the client to stop transmitting the erroneous ARP Request when it brings up the
>interface, but we're trying it. Even if it does work, at best this is a
>workaround for a bug that shouldn't be present in the first place.)
>I wanted to alert other schools to this bug, in the hopes this will save some of
>you time tracking down the problem. 

Just to close the loop: Princeton's test of Microsoft's proposed workaround
has shown that it does not work around this particular bug.

The new behavior in Windows that the bug is related to appears
to be a new feature described in draft-ietf-dhc-dna-ipv4-06.txt,
"Detection of Network Attachment (DNA) in IPv4", authored at Microsoft.

My reading of this draft is that strict adherence to the draft would not allow the 
device to broadcast the erroneous ARP request with arp_spa == the IP address from an 
expired DHCP lease.  Microsoft's implementation in Windows 2000 violates their
own IETF draft.

At Princeton, we find that this bug makes Windows 2000 an unacceptable DHCP
client for use with dynamically-assigned IP addresses at Princeton. (It is
possible other recent versions of Windows have the same bug.)  At Princeton, we
are disabling "Mobile IP Service" for each Windows client when it exhibits the
bug a second time.   

We continue to provide "statically-assigned" IP addresses to such devices, so
they can continue to be used on the "home" wired network, but they no longer
can visit other IP subnets, including the University's wireless service.

More information about the unisog mailing list