On Friday, January 11, 2013 8:29:23 PM, Jean-Francois Mezei wrote:
Many thanks. In particular, you need "cable-source-verify dhcp" to prevent self assigned IPs that are unused by neighbours.
Is this something that is now basically a default for all cable operators ? Or does this command add sufficient load to the CMTS that some cable operators choose to not use it for performance purposes ?
Nobody would turn it off for that reason. They might fail to turn it on if they didn't read best practices for at least 10 years. It's pretty much part of a fundamental set of commands turned on to prevent cable modem theft (along with requiring BPI+ and other things) Here's an article I just found searching for "docsis bpi+" http://volpefirm.com/blog/security/hacking-docsis-cable-modems/
What happens when a CMTS reboots and has an enpty database of DHCP leases ? Does it then query the DHCP server for every IP/MAC it sees that it doesn't yet know about ?
Most of the time when a CMTS reboots they don't even get to the point of failing due to DHCP issues. In any case the CMTS would ask the DHCP server and be happy with it's reply since it's the equivalent of a new modem coming online. Most of the time the modems would fail into reject(pk) due to the public key negotiation not being valid now that the CMTS has been rebooted. To fix that you could either wait for the modems to try again or run "clear cable modem reject delete" if it's a Cisco CMTS.