Technical Mechanics: What is a DHCP Lease?
In modern networking, devices rarely 'own' their IP addresses; they lease them through DHCP (Dynamic Host Configuration Protocol). A lease is a temporary assignment of an IP address, subnet mask, and gateway for a set duration (typically 24 hours). This management system allows an ISP or router to recycle addresses from devices that have left the network, preventing IP address exhaustion. Check your current 'Lease Expiration' and network details here.
The DORA Handshake: Obtaining a Lease
Before a device can communicate, it must complete the four-step DORA process:
- Discover: The client broadcasts a request to find any available DHCP server.
- Offer: The server responds with a proposed IP address and lease terms.
- Request: The client accepts the offer and 'requests' that specific IP.
- ACK (Acknowledge): The server confirms the lease and the client configures its interface.
The Critical Timers: T1 and T2
To prevent a connection from dropping, the DHCP client automatically attempts to renew its lease before it expires using two internal timers:
- T1 (Renewal Timer): Triggers at 50% of the lease duration. The client sends a direct 'Unicast' message to the original DHCP server asking for a renewal.
- T2 (Rebinding Timer): Triggers at 87.5% of the lease. If the original server failed to answer at T1, the client enters a rebinding phase and broadcasts, asking any available DHCP server to extend the current address.
If neither timer succeeds, the lease hits 100%, the IP is released, and the connection is lost. See precisely when your T1 and T2 timers will fire next here.
Comparison: Long Lease vs. Short Lease
| Feature | Long Lease (e.g., 7 Days) | Short Lease (e.g., 10 Mins) |
|---|---|---|
| Environment | Fixed Offices / Home Wi-Fi | Airports / Coffee Shops |
| IP Efficiency | Low (Addresses stay 'busy') | Extremely High (Fast recycling) |
| Network Overhead | Minimal | High (Constant renewals) |
Enterprise and Campus DHCP
Centralized DHCP across many VLANs relies on relay agents (IP helpers) so Discover and Request messages reach the server. Misconfigured helper addresses, asymmetric routing, or inconsistent scopes can delay renewals for whole subnets. Designs that use DHCP relay documentation patterns and Option 82 circuit identifiers should be reviewed whenever mass renew failures appear.
Operational Considerations and Security
- Address pool pressure: Long leases on busy guest networks can exhaust a scope if sessions churn faster than leases expire; shorter leases or larger pools should be reviewed against peak concurrency.
- Unauthorized DHCP servers: A device that answers Discover with attacker-controlled gateway options can steer traffic. Mitigations include DHCP snooping on managed switches where supported and periodic review of first-hop configuration. Learn rogue-device indicators and see how DNS can be abused alongside DHCP.
- Relay agents: In large networks, a DHCP relay forwards requests to a server on another subnet; if the relay or upstream path fails, the DORA or renewal flow stops until routing is restored.
- Client sleep and clones: Laptops that miss T1/T2 while suspended may briefly retain stale parameters, and cloned VMs can duplicate identifiers until DHCP client DUIDs or MACs are regenerated—symptoms that resemble server faults but are client-side.