U

Visitor

 • 

5 Messages

Tuesday, February 7th, 2023 6:24 AM

Closed

Very short *WAN* DHCP leases and Internet disconnection on every lease renewal

I've spoken with Comcast first-level phone support, second-level phone support, Advanced Technical Support, and Customer Security Assurance about the problem in the subject, all to no avail.  I'm hoping someone here can connect me with the group that can address the issue.

Similar problems have been reported in these forums before.  Some of the reports can be found via https://www.google.com/search?as_q=wan+dhcp+lease+only+2+hours&as_sitesearch=forums.xfinity.com

For more than a year, Comcast has been supplying WAN DHCP leases of two hours or less to my equipment.  While the short WAN DHCP leases would not be a problem by themselves, it is a problem that every time my equipment renews the WAN DHCP lease, the Comcast equipment drops my Internet connection for many seconds.

Because the short WAN DHCP leases require frequent renewals, my Internet gets disconnected more than 24 times a day.  Disconnections occur regularly during my business hours and "freeze" my SSH connections to remote hosts.


Here is a summary of the facts known and diagnosis done to date:

  1. The WAN disconnect problem is not due to signal issues:

    The first thing Comcast first-level support did was send a technician to my house, who replaced a number of connectors and splitters at the premises.  As expected due to the nature of the problem, while the connector/splitter work did improve the signal quality (which was acceptable, if not outstanding, to begin with), it made *no* difference to the WAN disconnect issue.

  2. The WAN disconnect problem is not caused by my router:

    I have removed the router from the network and reproduced the WAN disconnect problem with a computer connected directly to the cable modem.

  3. The WAN disconnect problem is not caused by my cable modem:

    Comcast second-level technical support requested that I test with an Xfinity modem, which I am currently using in place of my cable modem.  The short WAN DHCP leases and the WAN disconnect problem are identical using the Xfinity hardware or my cable modem.

  4. The WAN disconnect problem is not related to customer-premise equipment generally:

    The problem mysteriously "cured" itself for a time during December 2022, then reappeared in January 2023.  My hardware, firmware, and configuration remained the same during that entire time.  Obviously, hardware does not spontaneously "heal" and "re-injure" itself in this fashion, so the problem is not local to my premises.

Thank you

Visitor

 • 

21 Messages

2 years ago

The short DHCP leases shouldn't be a problem by themselves. I checked my connection and I can see that the lease times are between 1 and 2 hours. This isn't a problem as the IP doesn't change so when my router does DHCP request and gets a reply - it doesn't do anything but extend the lease time.

In your case it sounds like the DHCP replies coincide with interruption on Xfinity's side.  The best way to confirm that is to connect the computer directly to the cable modem, run continuous ping and then run tcpdump with a filter that captures ICMP request/replies from the ping with the DHCP request replies. If you see ICMP requests going on but the ICMP replies stopping when the DHCP request/reply happens - that would indicate a problem on Xfinity's side. 

Visitor

 • 

5 Messages

@user_079458​ 

Thank you for the reply.  I've already done pretty much what you suggest a number of times when demonstrating that the problem occurs both with my router in place and with a computer directly attached to the modem.

Official Employee

 • 

2K Messages

@user_de4530  I am sorry to hear you are having these connection issues. It does look like a couple of problem solvers have reached out with information that may help. Have you had a chance to check that over yet? I would be happy to take a closer look for you as well you can share your event/error logs here removing any MAC address and personal information. Or I can check out your connection in private if you would prefer. Send our team a direct message with your full name, the name listed on the account (if different), and the service address associated with your account, I'd be more than happy to look into this for you. 

Here's the detailed steps to direct message us: • Click "Sign In" if necessary • Click the "Peer to peer chat" icon (upper right corner of this page) • Click the "New message" (pencil and paper) icon • Type "Xfinity Support" in the to line and select "Xfinity Support" from the drop-down list • Type your message in the text area near the bottom of the window • Press Enter to send your message

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

Visitor

 • 

5 Messages

Thank you AmandaB, I've sent a direct message.

Problem Solver

 • 

1.5K Messages

2 years ago

Do you have the ability to disable IPV6 on your equipment for a test?

A long term issue in my market is communication with IPV6 servers.  Works for a few days, communication to their IPV6 server is not available for a while (sometimes hours), and it screws up routing.  I've tried various ways to overcome this, including requesting DHCP6 over IPV4, but nothing is stable here.

IPV4 only does actually work.  At least for what I need to talk to.  I'd rather go with a stable connection than a random flake out.  When that no longer works for me, another ISP will be my answer.  Might be your temporary solution too.

Visitor

 • 

5 Messages

@flatlander3​ 

Thank you for the suggestion.  I've never intentionally configured anything to use IPv6, and I just confirmed that my router has IPv6 disabled.  The Mac that I connected directly to the cable modem for testing  has the default MacOS configuration of DHCP for IPv4 and "Automatically" for IPv6.  That results in no IPv6 behind my router, but I didn't look at the IPv6 status when the Mac was connected to the cable modem.  It doesn't see to matter, though, since both the router and the directly connected Mac experience the same Internet disconnection upon WAN DHCP lease renewal.

Problem Solver

 • 

948 Messages

2 years ago

Well I just remembered a trick from back in the day, so right now I have my router set to static ip instead of automatic, static might not be the correct identification, but the box is labeled that, works great, protocol prevents you from trying to inject a random ip address in to the dhcp server, but since I already know the ip, submask and default gateway, you can kind of trick it, it only lasts until Comcast changes your ip, then it breaks, but how long is that, mine is over a year, since the methods you tried involved most likely a dhcp server and client, it might possibly make a difference… 

Problem Solver

 • 

1.5K Messages

@Jlavaseur​  Default here currently is 345600 seconds, but it sounds like he's running into an hour or two lease time. Usually means the network is going to be in flux when they do that.  IP block change, or equipment upstream somewhere.  Part of a larger upgrade.  Maybe even the DHCP servers themselves.  Setting static in that case may fail even more often due to stomping on IP addresses and wrong routing.

I did try not releasing an IPV6 lease before the renew, and it was a little more stable, but still failed often.  It wasn't protocol.  I can verbose debug the entire dhcp6 conversation.  It was simply timeouts while trying to talk to the DHCP6 server.  It's like they're just not there sometimes.

It's probably something they're aware of in my market and they don't seem to have any answers for me.  Hostile traffic and an DoS issue?  Just over subscribed and not able to handle the requests?  Too many misconfigured devices on subnets by me?  Meh.  Who knows?  The OP may have the same issue.

Visitor

 • 

5 Messages

Interestingly, Comcast notified us in advance that there would be service disruptions (and there were minor ones) Tuesday before last as they did work in our area for future network upgrades.  The WAN IP address had been in the 92.x.x.x net for quite some time prior to the work, but has been in 73.x.x.x since the work finished.  No difference to my short WAN IP leases and associated disconnects before or after the work though.

Problem Solver

 • 

948 Messages

2 years ago

My point is that ip combination is already assigned, you have to use it exactly, any deviation and it will fail, so when Comcast sends out dhcp info on my routers end there is no dhcp client to accept it, like i said it kind of tricks it...

Problem Solver

 • 

1.5K Messages

@Jlavaseur​ DHCP server doesn't send, or have any means of doing a "notify".  It does not check to see if an IP is "active".  The request for a lease comes from the client side.  If the client goes static, the lease expires just like normal.  The server remembers the expired lease in a file, but when the pool exhausts, the IP can be reused/issued to a different client.  Then you'll have an IP address conflict.

The way to migrate an IP block is to 1st change to a short lease duration, then leave both routes active until the leases expire, and pass out the new address/subnet/gateway with the new DHCP server config.  In an emergency, Xfinity can send a reset down the coax, your gateway/modem reboots, and your client can get the new IP that way when you boot back up.  If you set static, you'll still be on the old default route with no connectivity.

Problem Solver

 • 

948 Messages

2 years ago

You can’t really go static, because a real static ip falls outside of the dhcp ip server range, it’s just a trick, I just thought a different approach might reveal something or not, I did specify that when the Comcast ip changed it would break….

Visitor

 • 

21 Messages

2 years ago

I did this on my connection:

tcpdump -i cxl0 -n -vv -e -K ether host [Edited: "Personal Information"] and \(host 9.9.9.9 or port 67 or port 68\)

the cxl0 is my WAN interface and [Edited: "Personal Information"] is the MAC of the WAN interface. Xfinity doesn't filter traffic for neighbors so without it you would see traffic for other people connected to the same segment.  After tcpdump was running, I started a ping to 9.9.9.9 and waited for IP to be renewed. These are the lines when it happened:

...
[Edited: "Personal Information"] [Edited: "Personal Information"] > [Edited: "Personal Information"], ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 50088, offset 0, flags [DF], proto ICMP (1), length 84)
    X.X.X.X > 9.9.9.9: ICMP echo request, id 33674, seq 262, length 64
[Edited: "Personal Information"] [Edited: "Personal Information"] > [Edited: "Personal Information"], ethertype IPv4 (0x0800), length 98: (tos 0x20, ttl 56, id 51793, offset 0, flags [none], proto ICMP (1), length 84)
    9.9.9.9 > X.X.X.X: ICMP echo reply, id 33674, seq 262, length 64
[Edited: "Personal Information"] [Edited: "Personal Information"] > [Edited: "Personal Information"], ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 34060, offset 0, flags [none], proto UDP (17), length 328)
    X.X.X.X.68 > [Edited: "Personal Information"]: BOOTP/DHCP, Request from [Edited: "Personal Information"], length 300, xid 0xa2674ae4, Flags [none] (0x0000)
          Client-IP X.X.X.X
          Client-Ethernet-Address [Edited: "Personal Information"]
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Client-ID Option 61, length 7: ether [Edited: "Personal Information"]
            Hostname Option 12, length 2: "fw"
            Parameter-Request Option 55, length 10: 
              Subnet-Mask, BR, Time-Zone, Classless-Static-Route
              Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
              Option 119, MTU
[Edited: "Personal Information"] [Edited: "Personal Information"] > [Edited: "Personal Information"], ethertype IPv4 (0x0800), length 358: (tos 0x48, ttl 56, id 35672, offset 0, flags [DF], proto UDP (17), length 344)
    [Edited: "Personal Information"] > X.X.X.X.68: BOOTP/DHCP, Reply, length 316, xid 0xa2674ae4, Flags [none] (0x0000)
          Client-IP X.X.X.X
          Your-IP X.X.X.X
          Client-Ethernet-Address [Edited: "Personal Information"]
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: [Edited: "Personal Information"]
            Lease-Time Option 51, length 4: 7200
            Subnet-Mask Option 1, length 4: 255.255.252.0
            BR Option 28, length 4: 255.255.255.255
            Default-Gateway Option 3, length 4: X.X.Y.Y
            Domain-Name Option 15, length 20: "hsd1.ca.comcast.net."
            Domain-Name-Server Option 6, length 8: 75.75.75.75,75.75.76.76
            RN Option 58, length 4: 4039
            Hostname Option 12, length 2: "fw"
[Edited: "Personal Information"] [Edited: "Personal Information"] > [Edited: "Personal Information"], ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 50303, offset 0, flags [DF], proto ICMP (1), length 84)
    X.X.X.X > 9.9.9.9: ICMP echo request, id 33674, seq 263, length 64
[Edited: "Personal Information"] [Edited: "Personal Information"] > [Edited: "Personal Information"], ethertype IPv4 (0x0800), length 98: (tos 0x20, ttl 56, id 52128, offset 0, flags [none], proto ICMP (1), length 84)
    9.9.9.9 > X.X.X.X: ICMP echo reply, id 33674, seq 263, length 64

...

As you can see, 600ms after the last ping reply, my computer sends a DHCP request to renew its IP. Xfinity replies right away with the same IP. 400ms later another ping request goes out and the reply comes immediately. At no point the lines goes down and the lease is extended.

Perhaps if you try the same and show how Xfinity stops replying to the ping requests after the DHCP reply - that would be a good clue that the problem is on Xfinity's side.

(edited)

Problem Solver

 • 

1.5K Messages

@user_079458​  I got persistent connections across 3 states and I'm logging latency between them all - even graphing it with rrdtool.  I know exactly when the connections are up or down.  They're fine, the connections were already established, but when it comes time for a dhcp6 renew, then sometimes this stuff happens.  Super random when it does drop out.  It can work for days, and then, it will stall like this for quite some time.  30 seconds.  5 minutes.  Sometimes longer:

Aug 4 10:19:37 dhcp6c[19265]: no responses were received
Aug 4 10:19:34 dhcp6c[19265]: no responses were received
Aug 4 10:19:33 dhcp6c[19265]: no responses were received
Aug 4 10:19:28 dhcp6c[19265]: Sending Solicit

Now while this mess is going on, anything trying to establish a NEW connection that has dhcp6 enabled, will have messed up routing and they won't connect to anything.  As I say, not releasing a lease before a renew helps, but eventually, I'll hit the same condition.  It's like the dhcp6 server vanishes.  I can also "prefer IPV4 over IPV6" and that helps too, but it will stall again and screw up.

I do try it from time to time just to see if Xfinity did anything different on their end, but so far, no joy.

Expert

 • 

109.1K Messages

2 years ago

@user_079458 

Please redact MAC addresses and the IP addresses from your post for your privacy. They are considered to be personal information. The posting of personally identifiable information is a violation of their forum guidelines. The forum bot will not allow your post to be seen publically. It flagged your post as "Private".

(edited)

Expert

 • 

109.1K Messages

@user_079458 

Thank you. The post is now publicly viewable.

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Please mark an Accepted Answer!tick

Expert

 • 

109.1K Messages

2 years ago

@user_079458 

Please also redact the MAC addys and the IP addys from your post that begins with this sentence;

"I wouldn't say a problem solvers as these suggestions are not about solving the problem but more like determining that it is Xfinity that is at fault or not.

I did this on my connection:"

It's still marked "Private".

(edited)

Visitor

 • 

21 Messages

2 years ago

@flatlander3 The dhcp6 is a different issue. In my case Xfinity stopped responding to dhcp6 solicit requests 20 days ago. Now ipv6 only works if using Xfinity's modem and only if set with bridge mode disabled. It is as if they placed a firewall rule that they will only respond to dhcp6 solicits from they own modem. I tried with my own modem - no response anymore. The Xfinity modem has an ipv6 address on the WAN in all cases. When their modem is configured with bridge mode disabled, I can see how their modem gets a /64 network and starts serving ipv6 ips on the lan interface. Prefix delegation doesn't work anymore. Previously I would get prefix /60 with the dhcp6 reply. Now I started getting "No prefix available"

forum icon

New to the Community?

Start Here