The maximum lease time must be at least 60 seconds and higher than the default lease time - Why?

OffstageRoller

When I try to enter a the same value for both the default and maximum DHCPv4 lease time, I get this error:

The maximum lease time must be at least 60 seconds and higher than the default lease time.

Why is that? Wouldn't it be valid to have both the default (clients that do not ask for an expiration) and maximum (clients that do ask for an expiration) be the same value?

rcoleman-netgate

@offstageroller DHCP leases start attempting to verify/renew at the 25% of lease time used point. If they don't have it by the 50% time they start to freak out.

Set it too short and you set your router into a packet storm if it's a large network.

mer

I agree with @rcoleman-netgate on what happens at a dhcp client side, but if you're asking why you can't set default and max lease time to be the same value, I don't know, but I suspect there may be something buried in a RFC somewhere that at least implies the "max should be greater than default".

OffstageRoller

@mer said in The maximum lease time must be at least 60 seconds and higher than the default lease time - Why?:

I agree with @rcoleman-netgate on what happens at a dhcp client side, but if you're asking why you can't set default and max lease time to be the same value, I don't know, but I suspect there may be something buried in a RFC somewhere that at least implies the "max should be greater than default".

Thank you @rcoleman-netgate and @mer

I get how DHCP works with timing. I set my DHCPv4 lease time to 24 hours, and most devices send a DHCPREQUEST every 12 hours.

Regarding the RFC comment, that's why I created this question. I assume there's a reason pfSense says the maximum has to be larger then the default lease time. But I'd like to know what that reason is, and the referencing RFC. I can't find it from my searching.

I do see others posting online that the default and maximum can be the same values for other routers. Knowing how DHCP works, I don't see why they can't be the same.

Rather than calling it a maximum lease time, you could instead call it an unspecified lease time. Default lease could be called specified lease time. So if I think of DHCPv4 leases as specified and unspecified, the values should be able to be the same.

rcoleman-netgate

@offstageroller said in The maximum lease time must be at least 60 seconds and higher than the default lease time - Why?:

Rather than calling it a maximum lease time, you could instead call it an unspecified lease time. Default lease could be called specified lease time. So if I think of DHCPv4 leases as specified and unspecified, the values should be able to be the same.

In this case I would recommend opening a redmine suggesting the change.

jimp

It's probably a limitation from an earlier version of ISC DHCPD or perhaps even older than that.

The current man page for dhcpd.conf has an example where max == default so it's probably OK now.

From the EXAMPLES section on https://www.freebsd.org/cgi/man.cgi?query=dhcpd.conf&apropos=0&sektion=0&manpath=FreeBSD+12.3-RELEASE+and+Ports&arch=default&format=html

	    max-lease-time 120;
	    default-lease-time 120;

Git blame shows the input validation check going all the way back to the very first initial pfSense commit in 2004, so it's very old.

Make a Redmine entry as a feature request to relax the input validation and we'll get that adjusted.

OffstageRoller

@jimp said in The maximum lease time must be at least 60 seconds and higher than the default lease time - Why?:

It's probably a limitation from an earlier version of ISC DHCPD or perhaps even older than that.

The current man page for dhcpd.conf has an example where max == default so it's probably OK now.

From the EXAMPLES section on https://www.freebsd.org/cgi/man.cgi?query=dhcpd.conf&apropos=0&sektion=0&manpath=FreeBSD+12.3-RELEASE+and+Ports&arch=default&format=html

	    max-lease-time 120;
	    default-lease-time 120;

Git blame shows the input validation check going all the way back to the very first initial pfSense commit in 2004, so it's very old.

Make a Redmine entry as a feature request to relax the input validation and we'll get that adjusted.

Will do. I'll go ahead and submit a PR/MR to help make that change after creating the ticket.

OffstageRoller

@offstageroller said in The maximum lease time must be at least 60 seconds and higher than the default lease time - Why?:

@jimp said in The maximum lease time must be at least 60 seconds and higher than the default lease time - Why?:

It's probably a limitation from an earlier version of ISC DHCPD or perhaps even older than that.

The current man page for dhcpd.conf has an example where max == default so it's probably OK now.

From the EXAMPLES section on https://www.freebsd.org/cgi/man.cgi?query=dhcpd.conf&apropos=0&sektion=0&manpath=FreeBSD+12.3-RELEASE+and+Ports&arch=default&format=html

	    max-lease-time 120;
	    default-lease-time 120;

Git blame shows the input validation check going all the way back to the very first initial pfSense commit in 2004, so it's very old.

Make a Redmine entry as a feature request to relax the input validation and we'll get that adjusted.

Will do. I'll go ahead and submit a PR/MR to help make that change after creating the ticket.

Redmine ticket:
https://redmine.pfsense.org/issues/13118

Pull Request:
https://github.com/pfsense/pfsense/pull/4581