All Collections
Testing
Sensor DHCP process, DORA timing breakdown
Sensor DHCP process, DORA timing breakdown

Peeking into DHCP discover, offer, request, and acknowledge timings when there is an issue

sabine avatar
Written by sabine
Updated over a week ago

Sensor DHCP process:

For IPv4, when the sensor connects to an SSID or ethernet network when testing DHCP the sensor will do the full DHCP DORA{Discover/Offer/Request/ACK] process. When it’s finished testing the network, the IP address is released. The sensors do not test DHCP renewal.

The sensor will try to get an IP for 60 seconds. If the sensor is unable to complete the DORA process an error is raised. For example “No response from DHCP server”. You can refer to the triage page to show you where the error in the DORA process occurred. These types of errors are not configurable. The sensor retries with exponential backoff as well.

There are also configurable threshold errors when you can set what time and UXI will alert you if the DORA time is over that threshold. For example, these errors might say “High DHCP response time”. DHCP is successful, but the time was higher than the threshold set. For these types of errors, if they happen often you should request an on-demand pcap from the sensor to identify which part of the DORA is taking the longest.


How it's different from the client DHCP process?

When any client requests an IP address, that IP address is good for some period of time which is nothing but DHCP lease time. For example, if your DHCP lease time = 90 days. So in theory, if you had a client/laptop always on and always connected to the network, that client would only request to renew the IP address 90 days from now. The sensors are not always connected to the network. They disconnect and move on to the next thing to be tested. The sensors explicitly release the IP when finished testing a network. This IP can now be assigned to any device that needs it.
When connecting to a new network, the sensors do the full DORA process. This is actually the same as what you might see when connecting your laptop/handset from one SSID to another. So if sensors start obeying the lease time, is the ask that the sensor stays connected to the network and does not test association, authentication, or DHCP? The downside of not testing these things is sensors wouldn’t be able to tell you when they are broken.

DHCP DORA timings breakdown:

On the left side of the new screen you can see current and historical (normally the last 24 hours) DHCP issues. Click one to proceed:

This will open the triage screen, where you can see more information about the issue. Find the DHCP line item and click the + to expand it:

With this expanded view you can see exactly what the dhclient tool was spending time on:

Did this answer your question?