DHCP request on broadcast address at an earlier stage

hannuse

Hello.

When my network operator has a disruption in operation, due to maintenance or something else, they often change the IP on their DHCP server, I have noticed.
My problem is that it takes a very long time before pfsense asks for a new IP number on the broadcast address.
It tries to contact the last known DHCP server IP number for about 6 hours before it finally asks for the broadcast address, gets an ack, and everything starts working again.
I've looked but haven't found a solution to this, so sorry if this question has already been answered, but then maybe I can just get a link to it?
I have pfsense on a preinstalled firewall (Netgate) and have the newest version number for it, 2.7.2-RELEASE (amd64).
I have an incoming fiber optic link, and then there is a media converter with an RJ45 socket on it, which I connect to the firewall and I do not get an IP number from the media converter, but the only DHCP server that exists, it is somewhere out in the fiber network.

I would still like pfsense to ask the broadcast address at an earlier stage, because a short interruption, when the DHCP server's IP changes, becomes a long interruption in the connection for me (if I'm not at home and can log into the firewall and do a "renew" manually.)

Thanks in advance.

/Tobias, Sweden

johnpoz

@hannuse dhcp will not send out a discover, ie broadcast for any dhcp server until the lease expires. How long that is dependent on the length of the lease you got from the first dhcp server.

hannuse

@johnpoz Hello.

Thanks for the feedback.
Interesting.
Then it is actually my ISP's DHCP server that has that setting, and then it is actually by design?

But is there anything to do to restart the process at pfsense?
I think that when pfsense gets the answer "host in down" when the link is up, then you would like it to make the decision to make a "release" and "renew" after a shorter time, but maybe it's not that simple?

I am attaching a screenshot from my DHCP log where you can see that it finally does a broadcast, but the malfunction originally occurred at 00:06.

Many thanks for your answer!

/Tobias, Sweden

johnpoz

@hannuse said in DHCP request on broadcast address at an earlier stage:

Interesting.

Yeah that is how dhcp works..

Lets say a client gets a lease for 24 hours, at around the 50% mark it will try a renew, if not then it starts asking more and more often until it either renews the lease or it finally expires. Once the lease has expired it will then discover and ask any dhcp server for a lease.

As to how to work around that - hmmm would have to think about that for a bit.

hannuse

@johnpoz Hello.

Thanks for the reply.
Then there is not much to do on this right now, but thank you very much for your explanations, it means a lot to me!

If I reboot the firewall, it seems to immediately go out and ask on the broadcast address, but maybe that's because it then empties some cash memory?

johnpoz

@hannuse yeah on a restart it will do that, it will try its old lease and if no answer it will discover right away.

You could prob script something up if gateway is down for x amount of time, do a dhcp release and renew.

hannuse

@johnpoz Thanks for all your replies, now I feel like I have it figured out.
This has been very helpful, and has saved me a lot of hours, and I probably would never have felt that I have real control over the technique :)
But now I know more, and can face the answers with my ISP in a better way.

Thanks and regards!

/Tobias, Sweden

JKnott

@johnpoz

I have often wondered about gateway monitoring. It doesn't seem to do much beyond clearing states. Perhaps it would be a good idea to have it do periodic DHCP discovers when down.

Of course, another question is why the DHCP server is forgetting the lease. A DHCP server should try to use the previous address, as requested by the client.

johnpoz

@JKnott as to why he is not able to renew.. Its quite possible as he suggest that they changed the dhcp server, so a unicast to the old server for a renew would just not hit anything.

Its been a minute since I have had to dive into the deepend on the inner workings of dhcp.. But generally speaking a renew would normally be unicast to the server you got the lease from.. What all can kick off a actual discover would be lease expired, but there could be other things to kick that off, and possible even configuration of the dhclient to always send broadcast, etc.

Typically if you had to replace your dhcp server, you would bring it up on the old IP and import all your old leases.. But you have no idea what some of these ISPs might be doing.. They are use to the typical user, and have trained them hey if not working reboot everything ;)

But pretty sure you could script something up that if renew doesn't work, do a discover - I would think.. There are some pretty talented folks around here that sure could come up with something or know of some option you could set in dhclient, even if not exposed in the gui of pfsense, etc.

JKnott

@johnpoz said in DHCP request on broadcast address at an earlier stage:

Its quite possible as he suggest that they changed the dhcp server, so a unicast to the old server for a renew would just not hit anything.

That should be a rare event. I've had a cable modem for over 25 years and can only think of one occasion when I didn't get the same address. This was after my ISP renumbered the network. My IPv4 address only changes when I change hardware. I've had the same one since I bought a mini PC for my firewall/router And yes, I know the same server address is tried on renewal. However, if pfSense determines the gateway is down or otherwise unreachable, then a new discover might be in order. Don't forget, DHCP discover supports multiple servers and takes the first to respond. This helps if a server has failed.

hannuse

@johnpoz That's exactly what my ISP says on their support page:
-If you experience problems, you should start by rebooting all your equipment before reporting an error.

I have had my fiber connection for 3 months, and had 6 different IP numbers, on different subnets!

So with the responses I've received here, I suspect that my ISP doesn't really know what they're doing, or at least wants to hide their mistakes from me as a customer.
So they change something in their network, which causes the IP structure to change, and the routing has to change.
I will then have to get a new IP number, as my connection will be moved to a new IP network.
Unfortunately I don't get notifications from my ISP so I don't know when this happens, incredibly annoying.

But at least now I know that my firewall with pfsense is probably just acting as it should, and that feels good!

johnpoz

@JKnott I hear yeah.. it should be really rare I would agree. The only time I have had to manually release and renew my wan lease was when the isp merged with another and they redid a lot of their IP scheme and moved IPs around, etc.

And that was years ago, had my current IP for easy before covid, etc.