Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
1
Replies

BNG, problem with antivirus software, rate limiting DHCP discovery packets?

lowinger42
Level 1
Level 1

‎03-06-2019 02:26 AM

Hello.

Running two ASR9006 with XR 6.1.4 SP5 in geo-red.

 

We have a bunch of customers using Avast antivirus software in their Windows PCs.

 

Avast seems to do some type of probing (not sure why, could not find any info), sending three DHCP discover packets back to back, all with different xid.  BNG proxy responds to the first one, the other two seems to be silently discarded. Avast want a response to the third one.

This affects customers badly, they cannot get an IP address :(

 

We have verified this with multiple customers, uninstalling Avast fixes the issue. We have also done some packet capture verifiying that BNG only responds to the first DHCP discovery.

 

Telling customers to uninstall antivirus to get an IP address is not the path we want to go. If customer is behind their own NAT device it of course works, since the NAT router and its DHCP server responds to all three requests.

 

So, is there any type of rate limiting being done in the DHCP proxy, and can it be adjusted?

 

/Anders Lowinger

 

Labels:
0 Helpful
1 Reply 1

lowinger42
Level 1
Level 1

‎04-06-2019 05:00 PM

For the record, retried with last Avast two days ago, they seem to have fixed their code, no more fake dhcp options.

 

case closed.

 

0 Helpful
Customers Also Viewed These Support Documents