[Kea-users] Relay Gateway-IP not on same subnet as pool
Chris Tuska
ctuska at imperiumdata.com
Tue Dec 17 14:51:27 UTC 2024
I am having issues with Kea DHCP, so need some help from the inter-web's here. This should be a simple Option 82 check and giaddr check then assign a network range. I am starting with just the giaddr and what to add the Option 82 check later but the first check doesn't seem to work, I have changed the IP Address's to protect the innocent.
The network is a VxLAN setup with a anycast address as the gateway across multiple routers. The DHCP relay is using "overrides relay-source loopback" this way the DHCP request comes back to the same relay agent on the same router that sent it.
Loopback range: 100.79.255.0/24 { this will be the router source address of the gi-addr }; Site1 network: 100.64.0.0/24; Site 2 network: 100.64.1.0/24
Router 1 lo: 100.79.255.10/32, vlan 111 100.64.0.0/24
Router 2 lo: 100.79.255.11/32, vlan 111 100.64.0.0/24
Router 3 lo: 100.79.255.12/32, vlan 121 100.64.1.0/24
Router 4 lo: 100.79.255.13/32, vlan 121 100.64.1.0/24
Here is the Juniper Config for Router 1:
set interfaces et-0/0/1 ether-options 802.3ad ae1
set interfaces ae1 unit 111 encapsulation vlan-bridge
set interfaces ae1 unit 111 vlan-id 111
set interfaces lo0 unit 0 family inet address 100.79.255.10/32
set interfaces irb unit 111 family inet address 100.64.0.1/24
set interfaces irb unit 111 mac 00:00:00:00:00:01
set forwarding-options dhcp-relay relay-option-82 circuit-id
set forwarding-options dhcp-relay forward-only
set forwarding-options dhcp-relay server-group DHCP-RELAY 10.255.0.10
set forwarding-options dhcp-relay server-group DHCP-RELAY 10.255.0.11
set forwarding-options dhcp-relay group Relay_Group1 active-server-group DHCP-RELAY
set forwarding-options dhcp-relay group Relay_Group1 overrides trust-option-82
set forwarding-options dhcp-relay group Relay_Group1 overrides relay-source lo0.0
set forwarding-options dhcp-relay group Relay_Group1 relay-option-82 server-id-override
set forwarding-options dhcp-relay group Relay_Group1 interface irb.111
In the config I have two different ways to handle the subnets, here is the Kea Config:
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "ens4" ],
"dhcp-socket-type": "udp"
},
"authoritative": true,
"control-socket": {
"socket-type": "unix",
"socket-name": "/tmp/kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"hooks-libraries": [
{
"library": "/usr/lib64/kea/hooks/libdhcp_lease_cmds.so"
},
{
"library": "/usr/lib64/kea/hooks/libdhcp_stat_cmds.so"
}
],
"option-data": [
{ "name": "domain-name-servers", "data": "8.8.8.8, 8.8.4.4" },
{ "name": "domain-name", "data": "test.lab" }
],
"subnet4": [
{
"subnet": "100.64.0.0/24",
"pools": [ { "pool": "100.64.0.10 - 100.64.0.254" } ],
"relay": { "ip-addresses": [ "100.79.255.10", "100.79.255.11" ] },
"option-data": [ { "name": "routers", "data": "100.64.0.1" },
{ "name": "domain-name", "data": "vlan111.test.lab" }
]
},
],
"shared-networks": [
{
"name": "VLAN121",
"relay": { "ip-addresses": [ "100.79.255.12", "100.79.255.13" ] },
"subnet4": [
{ "subnet": "100.79.255.12/32" },
{ "subnet": "100.79.255.13/32" },
{
"subnet": "100.64.1.0/24",
"pools": [ { "pool": "100.64.1.10 - 100.64.1.254" } ],
"option-data": [ { "name": "routers", "data": "100.64.1.1" },
{ "name": "domain-name", "data": "vlan121.test.lab" }
]
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea-dhcp4.log"
}
],
"severity": "DEBUG",
"debuglevel": 0
}
]
}
}
Here are the logs from Kea DHCP, both subnets show the same error:
2024-12-16 13:51:18.204 ERROR [kea-dhcp4.bad-packets/5311.140177694668928] DHCP4_PACKET_NAK_0001 [hwtype=1 50:01:05:1b:00:01], cid=[01:50:01:05:1b:00:01], tid=0x96b8dc10: failed to select a subnet for incoming packet, src 100.79.255.10, type DHCPDISCOVER
2024-12-16 13:51:34.516 ERROR [kea-dhcp4.bad-packets/5311.140177694668928] DHCP4_PACKET_NAK_0001 [hwtype=1 50:01:05:1b:00:01], cid=[01:50:01:05:1b:00:01], tid=0x3e70df2d: failed to select a subnet for incoming packet, src 100.79.255.10, type DHCPDISCOVER
Here is a TCPDUMP from the DHCP Server to see the inbound packets, both subnets show the same:
12:04:55.200602 50:01:05:02:00:09 > 50:01:05:18:00:01, ethertype IPv4 (0x0800), length 364: (tos 0x0, ttl 63, id 38129, offset 0, flags [DF], proto UDP (17), length 350)
100.79.255.10.bootps > 10.255.0.10.bootps: [udp sum ok] BOOTP/DHCP, Request from 50:01:05:1b:00:01, length 322, hops 1, xid 0x39d0c398, secs 7, Flags [none] (0x0000)
Gateway-IP 100.79.255.10
Client-Ethernet-Address 50:01:05:1b:00:01
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Discover
Client-ID (61), length 7: ether 50:01:05:1b:00:01
Parameter-Request (55), length 17:
Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
Default-Gateway (3), Static-Route (33), YD (40), YS (41)
NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
RP (17)
MSZ (57), length 2: 576
Hostname (12), length 10: "cpe-test01"
Agent-Information (82), length 32:
Circuit-ID SubOption 1, length 18: ae1.111:vlan-111
Unknown SubOption 5, length 4:
0x0000: ac1c c801
Unknown SubOption 11, length 4:
0x0000: ac1c c801
Thanks for the help here,
Chris Tuska
Imperium Data
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20241217/dc97b754/attachment-0001.htm>
More information about the Kea-users
mailing list