Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 1884 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ISP DHCP response appears to be dropped

Jacob Rutski

Currently running SFOS 16.05.6 MR-6. I use 2 ISPs with link load balancing. As of a week ago, the connection dropped, and I have not been able to connect. Some background on the Comcast connection:

  • It uses an Arris modem that is connected through a switch to the virt host across an access port to a trunk port
  • The modem boots and issues a DHCP response with an address of 192.168.100.xx
  • As soon as the coax service comes up, the device issues a DHCP renew and attempts to bridge the connection, using the publicly assigned IP address as the DHCP response

The issue is that XG never gets the 2nd DHCP response with the public IP and that interface stays down. Originally I had thought that this was a Comcast issue, but I am able to connect with any other device, including another XG system.

Here is the tcpdump from when the modem is booting: (192.168.100.1 is the modem and .11 is applied to XG temporarily)

19:23:13.374016 Port5, OUT: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:50:56:80:ad:b8, length 286
19:23:13.374689 Port5, IN: IP 192.168.100.1.67 > 192.168.100.11.68: BOOTP/DHCP, Reply, length 300
19:23:13.406080 Port5, OUT: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:50:56:80:ad:b8, length 292
19:23:13.406723 Port5, IN: ARP, Request who-has 192.168.100.11 tell 192.168.100.1, length 46
19:23:14.397701 Port5, IN: IP 192.168.100.1.67 > 192.168.100.11.68: BOOTP/DHCP, Reply, length 300
19:23:15.558308 Port5, OUT: ARP, Request who-has 192.168.100.1 tell 192.168.100.11, length 28
19:23:15.558851 Port5, IN: ARP, Reply 192.168.100.1 is-at 5c:e3:0e:4b:be:b4, length 46
19:23:15.558859 Port5, OUT: IP 192.168.100.11 > 192.168.100.1: ICMP echo request, id 1, seq 1, length 192
19:23:15.559455 Port5, IN: ARP, Request who-has 192.168.100.11 tell 192.168.100.1, length 46
19:23:15.559462 Port5, OUT: ARP, Reply 192.168.100.11 is-at 00:50:56:80:ad:b8, length 28
19:23:15.559889 Port5, IN: IP 192.168.100.1 > 192.168.100.11: ICMP echo reply, id 1, seq 1, length 192
19:23:15.562082 Port5, OUT: IP 192.168.100.11 > 192.168.100.1: ICMP echo request, id 1, seq 2, length 192
19:23:15.562463 Port5, IN: IP 192.168.100.1 > 192.168.100.11: ICMP echo reply, id 1, seq 2, length 192
19:23:16.243319 Port5, OUT: ARP, Request who-has 192.168.100.254 tell 192.168.100.11, length 28
19:23:17.242019 Port5, OUT: ARP, Request who-has 192.168.100.254 tell 192.168.100.11, length 28
19:23:18.242016 Port5, OUT: ARP, Request who-has 192.168.100.254 tell 192.168.100.11, length 28
19:23:19.874655 Port5, OUT: ARP, Request who-has 192.168.100.254 tell 192.168.100.11, length 28
19:23:20.874019 Port5, OUT: ARP, Request who-has 192.168.100.254 tell 192.168.100.11, length 28
19:23:21.874078 Port5, OUT: ARP, Request who-has 192.168.100.254 tell 192.168.100.11, length 28
19:23:25.890072 Port5, OUT: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:50:56:80:ad:b8, length 280
19:23:25.890683 Port5, IN: ARP, Request who-has 192.168.100.11 tell 192.168.100.1, length 46
19:23:25.890697 Port5, OUT: ARP, Reply 192.168.100.11 is-at 00:50:56:80:ad:b8, length 28
19:23:26.262207 Port5, OUT: ARP, Request who-has 192.168.100.254 tell 192.168.100.11, length 28
19:23:26.888145 Port5, IN: IP 192.168.100.1.67 > 192.168.100.11.68: BOOTP/DHCP, Reply, length 300
19:23:27.262011 Port5, OUT: ARP, Request who-has 192.168.100.254 tell 192.168.100.11, length 28
19:23:28.262012 Port5, OUT: ARP, Request who-has 192.168.100.254 tell 192.168.100.11, length 28
19:23:35.422896 Port5, IN: IP6 fe80::201:5cff:fe72:8446 > ff02::1: ICMP6, router advertisement, length 144
19:23:37.786020 Port5, OUT: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:50:56:80:ad:b8, length 280
19:23:38.983066 Port5, IN: IP6 fe80::201:5cff:fe72:8446 > ff02::1: ICMP6, router advertisement, length 144
19:23:42.852788 Port5, IN: IP6 fe80::201:5cff:fe72:8446 > ff02::1: ICMP6, router advertisement, length 144
19:23:42.854018 Port5, OUT: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:50:56:80:ad:b8, length 280
19:23:44.918025 Port5, OUT: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:50:56:80:ad:b8, length 280
19:23:45.990023 Port5, OUT: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:50:56:80:ad:b8, length 280

It does appear that the 2nd DHCP offer is dropped:

2017-10-23 18:48:48 0101021 IP 192.168.100.1.67 > 192.168.100.11.68 : proto UDP: packet len: 308 checksum : 61132
0x0000: 4500 0148 dead 0000 7f11 129a c0a8 6401 E..H..........d.
0x0010: c0a8 640b 0043 0044 0134 eecc 0201 0600 ..d..C.D.4......
0x0020: 2223 e12d 0000 0000 0000 0000 c0a8 640b "#.-..........d.
0x0030: c0a8 6401 0000 0000 0050 5680 adb8 0000 ..d......PV.....
0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0100: 0000 0000 0000 0000 6382 5363 3501 0501 ........c.Sc5...
0x0110: 04ff ffff 0003 04c0 a864 0133 0400 0000 .........d.3....
0x0120: 1436 04c0 a864 01ff 0000 0000 0000 0000 .6...d..........
0x0130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0140: 0000 0000 0000 0000 ........
Date=2017-10-23 Time=18:48:48 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port5 out_dev=Port2 inzone_id=2 outzone_id=2 source_mac=5c:e3:0e:4b:be:b4 dest_mac=00:50:56:80:ad:b8 l3_protocol=IP source_ip=192.168.100.1 dest_ip=192.168.100.11 l4_protocol=UDP source_port=67 dest_port=68 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8002 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=2842724800 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-10-23 18:49:00 0103021 IP 192.168.100.1.67 > 192.168.100.11.68 : proto UDP: packet len: 308 checksum : 61132
0x0000: 4500 0148 dead 0000 8011 119a c0a8 6401 E..H..........d.
0x0010: c0a8 640b 0043 0044 0134 eecc 0201 0600 ..d..C.D.4......
0x0020: 2223 e12d 0000 0000 0000 0000 c0a8 640b "#.-..........d.
0x0030: c0a8 6401 0000 0000 0050 5680 adb8 0000 ..d......PV.....
0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 ................
Date=2017-10-23 Time=18:49:00 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port5 out_dev= inzone_id=2 outzone_id=4 source_mac=5c:e3:0e:4b:be:b4 dest_mac=00:50:56:80:ad:b8 l3_protocol=IP source_ip=192.168.100.1 dest_ip=192.168.100.11 l4_protocol=UDP source_port=67 dest_port=68 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8002 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=2757447328 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

Of note is that this has worked 100% for the past year...

Any thoughts?



This thread was automatically locked due to age.