ISC DHCP Users

dhcp relay from multiple switches

classic Classic list List threaded Threaded
5 messages Options
Mark Starling
Reply | Threaded
Open this post in threaded view
|

dhcp relay from multiple switches

Mark Starling

I have dhcp server to use option 82 fields from procurve switches to assign IP addresses based on switch port. This works fine, however there are multiple switches in the same VLAN which are all relaying to the same DHCP server. The dhcp server receives dhcp request from the switch device attaches to, but also from the second switch with trunk port in circuit.id

The exchange goes like this for device connected to switch 1:

1.       DHCPDISCOVER via switch 1

2.       DHCPOFFER via switch 1

3.       DHCPDISCOVER via switch 2 (same transaction, circuit.id is trunk port) No free leases

4.       DHCPREQUEST via switch 1

5.       DHCPACK via switch 1

6.       DHCPREQUEST via switch 2 (repeat of  step 4)

7.       DHCPNAK via switch 2 because the lease is not associated with this switch as agent.

 

Depending on the device the NAK will cause it to begin a new DISCOVER and network will never stabilise.

 

I need to stop the NAK. From the procurve switches the dhcp relay is set per vlan so as far as I can see I can’t prevent them from forwarding requests received on the trunk ports.

I’m at a loss as to how to get around this short of running a separate DHCP server per switch.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
perl-list
Reply | Threaded
Open this post in threaded view
|

Re: dhcp relay from multiple switches

perl-list
There is no offer via switch 2?  Only one offer?

From: "Mark Starling" <[hidden email]>
To: [hidden email]
Sent: Monday, July 10, 2017 8:14:07 PM
Subject: dhcp relay from multiple switches

I have dhcp server to use option 82 fields from procurve switches to assign IP addresses based on switch port. This works fine, however there are multiple switches in the same VLAN which are all relaying to the same DHCP server. The dhcp server receives dhcp request from the switch device attaches to, but also from the second switch with trunk port in circuit.id

The exchange goes like this for device connected to switch 1:

1.       DHCPDISCOVER via switch 1

2.       DHCPOFFER via switch 1

3.       DHCPDISCOVER via switch 2 (same transaction, circuit.id is trunk port) No free leases

4.       DHCPREQUEST via switch 1

5.       DHCPACK via switch 1

6.       DHCPREQUEST via switch 2 (repeat of  step 4)

7.       DHCPNAK via switch 2 because the lease is not associated with this switch as agent.

 

Depending on the device the NAK will cause it to begin a new DISCOVER and network will never stabilise.

 

I need to stop the NAK. From the procurve switches the dhcp relay is set per vlan so as far as I can see I can’t prevent them from forwarding requests received on the trunk ports.

I’m at a loss as to how to get around this short of running a separate DHCP server per switch.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Mark Starling
Reply | Threaded
Open this post in threaded view
|

Re: dhcp relay from multiple switches

Mark Starling
In reply to this post by Mark Starling
No offer via switch 2 because there is no pool for it. The DHCP request from switch 2 comes with switch 2 agent and circuit ids. I only have a pool for the switch 1 agent/circuit.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Sten Carlsen
Reply | Threaded
Open this post in threaded view
|

Re: dhcp relay from multiple switches

Sten Carlsen
Just an idea, you probably want to have a pool for the subnet the
switches are in and state that the server is NOT authoritative for that
network to prevent it from issuing the NAK in that case.


On 11-07-2017 07.18, Mark Starling wrote:
> No offer via switch 2 because there is no pool for it. The DHCP request from switch 2 comes with switch 2 agent and circuit ids. I only have a pool for the switch 1 agent/circuit.
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

--
Best regards

Sten Carlsen

No improvements come from shouting:

"MALE BOVINE MANURE!!!"

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Mark Starling
Reply | Threaded
Open this post in threaded view
|

Re: dhcp relay from multiple switches

Mark Starling
In reply to this post by Mark Starling
It is not NAKing due to being authoritative. It is NAKing because it has an active lease for IP address 1 given to device Y switch 1 port 6 and gets a DHCPREQUEST for IP address 1 from device Y on switch 2 port 26. So device details don't match the lease. This is reasonable behaviour, I just wish there was a way to stop it.

Anyway I have a workaround. My DHCP server is given multiple IP addresses on the same interface and each switch relays to a different address. Then I run multiple instances of dhcpd each listening to a different address and with pools only for 1 switch (non authoritative). Works reliably so I'm happy.

For any Googlers, you need to configure a unique pid and lease file for each instance and in my case disable apparmour for dhcpd (this is an apparmour bug in ubuntu 16.04).
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Free forum by Nabble Edit this page