DHCP-Relay duplicating unicast packets

Marc Haber mh+dhcp-users at zugschlus.de
Fri Sep 11 14:48:35 UTC 2015


On Fri, Sep 11, 2015 at 01:57:47PM +0100, Niall O'Reilly wrote:
> On Fri, 11 Sep 2015 12:28:07 +0100,
> Marc Haber wrote:
> > 
> > Hi,
> > 
> > I have a test network setup with some VLANs.
>   I suspect that something is mismatched between your actual network
>   topology and the mental model thereof which you've used to place and
>   configure the components of your DHCP infrastructure.

This is rather unlikely, I am usually the one saying that sentence to
other. I've been building (and debugging!) VLANned Ethernets for like
15 years, have most probably made all the errors that one can make
here in the past, am quite experienced in building networks and have
of course double-checked this before posting here.

The strongest evidence in this case is that disabling the DHCP relay
elimiates all of the extra packets and one sees only the unicast
DHCPREQUEST and the unicast DHCPACK any more. This of course kills IP
allocation for new clients and is obviously not a solution here.

If you want I can strace the dhcrelay to make even more sure that it's
actually the dhcrelay process sending out those extra packets.

>   How do you maintain separation between your VLANs?  Could you have
>   leakage between the spanning trees of the different VLANs?  Where
>   on your network do you expect to see untagged traffic?

The network consists of a single HP2848 switch, with the router and
the DHCP server both being KVM virtual machines on a Linux host. The
link between the switch and the Linux host is a VLAN trunk, and the
router also gets the networks as tagged VLANs on a virtio ethernet.

This admittedly took me a while to get right a few months ago due to
quicks in Linux' bridging code, but I am reasonably sure that
everything is clean now.

>   How many physical and virtual (VLAN-tagged) interfaces are
>   configured on your DHCP server?

As stated in my original article, the DHCP server has only a single
interface, which is in VLAN 181 (untagged). And all tcpdumps were
pulled from the router.


