Non-persistent DHCPv6 client gets a new IPv6-address at each reboot

[tylital520]

We have started to use IPv6-addresses on our VDA's. The IPv6-addresses are assigned by Windows DHCPv6 and the GW and DNS information comes from the router via RA (M and O = flags set to 1). The problem is that each time IPv6 client reboots it seems to get new IPv6-address even though there's still lease time left on DHCPv6. 

 

In DHCPv6 each client is not recognised by MAC-address, but instead with DUID (DHCP Unique Identifier). Apparently in Windows DUID is created when the DHCP client service starts, and it consists the following:

 

Quote

In general, DUID = DUID type(4 digit) + hardware type + DUID generate data and time + MAC address.
https://social.technet.microsoft.com/Forums/ie/en-US/e6ec69c3-e0f9-4cd8-b0fb-6ade38c137ea/dhcpv6-modify-duid-type-of-windows-client?forum=winserver8gen

 

 

The DUID value is saved in Windows registry:

Quote

 

The DUID of a DHCPv6 message is generated the first time that the DHCP client service starts. The value of the DUID is stored in the Dhcpv6DUID registry entry. If you delete the value of the registry entry, the value is recreated when an interface is enabled or connected on the client computer. The Dhcpv6DUID registry entry is located under the following registry subkey:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters

https://support.microsoft.com/en-us/help/2763523/no-network-connectivity-on-windows-7-based-or-windows-server-2008-r2-b

 

 

The problem is that when a Non-persistent IPv6 client reboots it removes this registry entry, and the client get's a new DUID which means DHCPv6 will assign it a new IPv6-address. This causes problems to VDA <-> Controller communication/registration. Because of that DHCPv6 also has several entries for same Non-Persistent IPv6 client.

 

Apparently there are 3 types of DUID's:

 

Type 1—Link-layer address plus time (DUID-LLT)

Type 2—Vendor-assigned unique ID based on Enterprise Number (DUID-EN)

Type 3—Link-layer address (DUID-LL)

https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/dhcp-unique-id-servers-clients-overview.html

 

So changing the Windows client DUID type to Type 3 might fix this, but I haven't found a way how to change this in Windows.

 

Anyone else having this issue?

[Beat Buser1709156910]

We have the same issue on one of three images. We do not see any conflicting configuration nor that we have different settings on the images.

Why Citrix MCS does creating new DUIDs? And how we should work on that?

[Beat Buser1709156910]

Feedback from Citrix after 2 months wainting.

 

Quote

We have had some internal investigations and discussion with product team. As per the product manager for MCS, for non-persistent machine catalogs, we don't preserve the DUID as of current design. So the experience on your 2016 OS (deletion of DUID) is an expected behavior. The product management team is planning to check the possibilities to implement the desired result (To preserve DUID) in future. This will be worked as an enhancement request (independent of support ticket). I'll update the enhancement ID by this Monday (Aug 15), which you can use in future to check the progress.

 

[larry lambert]

We are going through the same thing, finally deploying IPv6, and ran into this same issue.  Were you able to resolve it?

[tylital520]

On 10/9/2020 at 10:04 PM, larry lambert said:

We are going through the same thing, finally deploying IPv6, and ran into this same issue.  Were you able to resolve it?

Hi,

so far I have not found a solution to this. We are running dual-stack Citrix-environment at the moment, which means that the VDA's have both IPv4 and IPv6 addresses. This is not a supported configuration according to Citrix, but it seems to work (check this discussion to learn more: https://discussions.citrix.com/topic/409215-client-ipv4-gateway-vserver-ipv4-vda-ipv6-is-this-possible/)

 

So at the moment our VDA's register themselves to the controllers using IPv4, but they also receive IPv6-address from DHCPv6 server. Whenever the non-persistent VDA reboots it receives a new IPv6-addresses, but this does not cause problems to the VDA <-> Controller communication anymore because that happens now in IPv4.

 

Because our DHCPv6 server is part of Active Directory domain it updates the new IPv6-address to DNS. The host AAAA is changed, and also a new PTR record is created. The problem at the moment is that there are several PTR records (tens of them) for the same machine. This is not good.