Multiple dhcrelay setup causing multiple duplicate DHCP requests

Michael Hodgkinson Michael.Hodgkinson at solnetsolutions.co.nz
Mon Aug 16 21:52:12 UTC 2010 

I'm sorry, you are correct there is a mistake in the topology. One of the
VLANs should have been 220.

    [ dhcpd1 ]
         |
   eth0/vlan120
  [ fw1/dhcrelay ]
       eth5
         |
       eth5
  [ fw2/dhcrelay ]
   eth0/vlan220
         |
     [ dhcpd2 ]

The clients are broadcasting requests/discovers and the dhcrelays are
unicasting to both dhcpd servers.

I ran tcpdump on the firewalls and confirmed the dhcrelays are the cause of
the duplicate packets. The capture was many MB and probably a security
concern, otherwise I would attach it.

It appears that the client sends a request, which is received by fw1's
dhcrelay, the request is sent to both dhcp1 and dhcpd2 which is intercepted
by fw2's dhcrelay which also sends the request to both dhcp1 and dhcpd2
causing a loop between the two dhcrelays.

Also the switches used in this network are dumb switches, they won't be
interfering in this manner.

>From man dhcrelay - "When forwarding packets, dhcrelay discards packets
which have reached a hop count of 10.  If a lower or higher threshold (up
to 255) is desired, depending on your environment, you can specify the max
hop count threshold as a number following the -c option."

That would explain the 10+ duplicates. Perhaps I could control this looping
by restricting this value down to 3. Will give it a try.

Can anyone think of a nicer way to resolve this otherwise?

Cheers

Mike Hodgkinson
Support & Managed Services
Solnet Solutions Limited
Level 12, Solnet House
70 The Terrace, Wellington 6011, New Zealand
PO Box 397, Wellington 6140, New Zealand
DDI +64 4 462 5064, Mobile +64 21 754 339
Main +64 4 462 5000, Fax +64 4 462 5012

www.solnetsolutions.co.nz
A Solnet Group Company



                                                                                                                
  From:       Simon Hobson <dhcp1 at thehobsons.co.uk>                                                             
                                                                                                                
  To:         Users of ISC DHCP <dhcp-users at lists.isc.org>                                                      
                                                                                                                
  Date:       16/08/2010 23:45                                                                                  
                                                                                                                
  Subject:    Re: Multiple dhcrelay setup causing multiple duplicate DHCP requests                              
                                                                                                                
  Sent by:    dhcp-users-bounces+michael.hodgkinson=solnetsolutions.co.nz at lists.isc.org                         
                                                                                                                





Can you sniff the network traffic and see exactly what's going on ?

You should be getting just ONE packet per client request per relay
agent on the clients network. So normally you'd two packets per
client request if you run two relay agents on a network.

I'm guessing you may be getting a broadcast storm - each relay agent
is picking up relayed packets from the other and throwing them back
again. Does dhcrelay us unicast or broadcast packets to the server ?
I've not used dhcrelay myself, but in the man page it has :

>Bugs
>The relay agent should not relay packets received on a physical
>network to DHCP servers on the same physical network - if they do,
>the server will receive duplicate packets. In order to fix this,
>however, the relay agent needs to be able to learn about the network
>topology, which requires that it have a configuration file.

Also, can you elaborate on the network topology a bit. Looking back I
see you gave the topology as :

>    [ dhcpd1 ]
>         |
>   eth0/vlan120
>  [ fw1/dhcrelay ]
>       eth5
>         |
>       eth5
>  [ fw2/dhcrelay ]
>   eth0/vlan120
>         |
>     [ dhcpd2 ]

That doesn't look right to me - you have two networks that are
apparently on VLAN120. If it's the same VLAN120 in each case, then I
think you may well have a loop as far as DHCP requests go.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users





Attention:
This email may contain information intended for the sole use of
the original recipient. Please respect this when sharing or
disclosing this email's contents with any third party. If you
believe you have received this email in error, please delete it
and notify the sender or postmaster at solnetsolutions.co.nz as
soon as possible. The content of this email does not necessarily
reflect the views of Solnet Solutions Ltd.

More information about the dhcp-users mailing list