Clients/Hosts send DHCPREQUEST to DHCP Server continualy. | docsis.org

You are here

Clients/Hosts send DHCPREQUEST to DHCP Server continualy.

11 posts / 0 new
Last post
Anonymous (not verified)
Clients/Hosts send DHCPREQUEST to DHCP Server continualy.

Hello! Here is DHCP Server's MRTG below:

You can see that the DHCP server traffic is bursting to 700Kbps since 140Kbps before! I has found several CPEs which in abnormal status(Sending DHCPREQUEST continualy), but I don't know how to resolve this case.

Before posted this message, I had tried reseting CMs what these abnormal CPEs belong to and restarting DHCP daemon several times, but it's no work!
Does anyone tell me kindly what should I do next ?
:(

Anonymous (not verified)
Re: Clients/Hosts send DHCPREQUEST to DHCP Server continualy

chipin_chen wrote:Hello! Here is DHCP Server's MRTG below:

You can see that the DHCP server traffic is bursting to 700Kbps since 140Kbps before! I has found several CPEs which in abnormal status(Sending DHCPREQUEST continualy), but I don't know how to resolve this case.

Before posted this message, I had tried reseting CMs what these abnormal CPEs belong to and restarting DHCP daemon several times, but it's no work!
Does anyone tell me kindly what should I do next ?
:(

First I would track the traffic by Ethereal or tcpdump. If it is not a DoD-attack it might be a software update on routers or PC (Windows Vista ?!? ;-) ) that cause this issue. Maybe a incompatibilty in DHCP-versions, malformed DHCP-messages, a new option or a kind of authenticated DHCP.

If this issue is seriously affecting the DHCP-service in general you should switch the CM off and contact customers.

Anonymous (not verified)
Re: Clients/Hosts send DHCPREQUEST to DHCP Server continualy

Quote:First I would track the traffic by Ethereal or tcpdump. If it is not a DoD-attack it might be a software update on routers or PC (Windows Vista ?!? ;-) ) that cause this issue. Maybe a incompatibilty in DHCP-versions, malformed DHCP-messages, a new option or a kind of authenticated DHCP.

If this issue is seriously affecting the DHCP-service in general you should switch the CM off and contact customers.

Thanks a lot anyway! I had done all your suggestion when it happend in four hours, but unfortunately It was not working.
Till 8:00PM, I tried to set up another DHCP server, copied original lease file and modified CMTS helper address to new dhcp server's IP, then it worked! :lol:

So the origianl dhcp server recieved DHCPREQUEST still, the new dhcp server just recieved DHCPDISCOVER from CMs / CPEs. In fact, I think, if behind firewall exist, and create one rule passing packets from CMTS first, might prevent causing this situation!

Is it right?

Anonymous (not verified)
Clients/Hosts send DHCPREQUEST to DHCP Server continualy.

what about results of:
sho cable modem | exclude online
?

Anonymous (not verified)
Clients/Hosts send DHCPREQUEST to DHCP Server continualy.

boombastic wrote:what about results of:
sho cable modem | exclude online
?

A -> Old DHCP Server
B -> New DHCP Server

Case one:
CMs / CPEs -------( DHCPREQUEST from RENEW state) -----> A
Case two:
CMs / CPEs -------( DHCPDISCOVER from INIT state) -----> B

My opinion is processing CPEs in INIT state more important than in RENEW state when dhcp server meet heavy traffic. Give up RENEW packets instead of INIT packets is my solution in these days!

There are two images explaining my opnion below:

Anonymous (not verified)
Clients/Hosts send DHCPREQUEST to DHCP Server continualy.

there is strange behavior of CM`s on ARRIS Cadant C3 CMTS. CM may hung in init(rc) state.
I`ve thoght that may be it is your situation :)

Anonymous (not verified)
New dhcp server solution for abnormal traffic status

I have tested two solution for resolving dhcp server overloading when abnormal traffic from CPE RENEW on real cable network.
For your reference:

frnkblk
Clients/Hosts send DHCPREQUEST to DHCP Server continualy.

Which DHCP server are you using?

Frank

Anonymous (not verified)
Clients/Hosts send DHCPREQUEST to DHCP Server continualy.

frnkblk wrote:Which DHCP server are you using?

Frank

I use ISC DHCP V3.05

frnkblk
Clients/Hosts send DHCPREQUEST to DHCP Server continualy.

As another poster stated, you should capture the DHCP traffic for a few days, filter for a specific bootp_hwmac, and then see if you can find a pattern or a reason why this happens.

In my case it was because the DHCP server was responding with a source port of 1.

Frank

Anonymous (not verified)
Re: New dhcp server solution for abnormal traffic status

chipin_chen wrote:I have tested two solution for resolving dhcp server overloading when abnormal traffic from CPE RENEW on real cable network.
For your reference:

It's worked for solution B. :)