I have Telus FTTP in the Vancouver area.
My network topology is NOKIA GPON ONT->HP Managed switch (untagged VLAN)->machine running pfSense
Starting at 19:42 PDT on May 21st my connection was dropping out (100% packet loss to the default gateway on IPv4. IPv6 was and is unaffected) about every 10 minutes. I previously had a similar problem creep up on December 25th last year so, assuming the 4 hour DHCP lease time wasn't enough due to maintenance I manually override the lease time in my DHCP configuration to renew every 15 minutes. Due to this, my DHCP client was ignoring the lease time from the server causing my connection to drop out every 10 minutes.
Now for some reason pfSense renews the DHCP lease using the IP of the responding DHCP server (which makes sense) but at least in my configuration if it was unable to contact the DHCP server, it didn't fallback to broadcast, instaed getting stuck trying to contact the DHCP server by it's address.
I suspect when the connection drops out due to the expiring DHCP lease some sort of IP source guard blocks the packets from my IP address.
I've compiled a modified dhclient that allows you to exclusively use broadcast packets. I tested it and when the connection drops out due to the DHCP lease problem, at the next renewal, the connection properly comes back up.
I've also changed my DHCP client configuration to renew every 5 minutes, and my connection has been stable since doing that an hour ago.
I took some logs when the issue started. If you look here (read from the bottom up) you can see dhclient trying to renew the lease at 19:46 (DHCP lease at the router was presumably dropped at 19:41 when the connection dropped), it just gets stuck trying to contact the server because I presume the IP Source guard is dropping the packets from the "unknown" source IP. I then manually released and renewed the IP at 19:53, and that made my connection work until the next DHCP lease drop and renewal.
I took some pcaps earlier and the DHCP lease time from the server was fluctuating wildly. Currently it's at 10 minutes, meaning it renews every 5 minutes with a standard DHCP client. I remember with the December 25th incident it was just one DHCP lease drop and no lease times were changed according to the log files and packet captures I took at the time.
Interestingly the Actiontec had no dropouts of it's own. I don't know if Telus does something different for TV packets or the DHCP client, but while my router was in this state I plugged my laptop into the T3200M and was able to access the internet.
Thanks
↧