[Kea-users] [EXTERNAL] Re: Need to have DHCP Relay in order for Kea to work...?
Ubence Quevedo
thatrat at gmail.com
Wed Jul 17 11:30:34 UTC 2024
Thanks for the response.
Here are the interfaces configured on the server. eno2 is the main
interface [untagged] and then there is eno2.11 and eno2.12 respectively for
vlan 11 and 12:
eno2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.3 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::f604:def0:9990:a797 prefixlen 64 scopeid 0x20<link>
ether 50:eb:f6:4f:6c:2e txqueuelen 1000 (Ethernet)
RX packets 21002000 bytes 4720351435 (4.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5775391 bytes 1207246387 (1.2 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0x51200000-51220000
eno2.11: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.11.3 netmask 255.255.255.0 broadcast 192.168.11.255
inet6 fd19:e769:2155:aa4a:2ca5:722f:5815:fd88 prefixlen 64
scopeid 0x0<global>
inet6 fd19:e769:2155:aa4a:8123:1ebe:15d1:88a1 prefixlen 64
scopeid 0x0<global>
inet6 fe80::1b5:af43:403b:d5d7 prefixlen 64 scopeid 0x20<link>
inet6 fd19:e769:2155:aa4a:8997:46a6:a4fc:ddbc prefixlen 64
scopeid 0x0<global>
inet6 fd19:e769:2155:aa4a:83de:c6c8:c181:5dbe prefixlen 64
scopeid 0x0<global>
inet6 fd19:e769:2155:aa4a:596c:3610:d7b4:1d18 prefixlen 64
scopeid 0x0<global>
inet6 fd19:e769:2155:aa4a:a2ed:50cf:5609:5e0e prefixlen 64
scopeid 0x0<global>
inet6 fd19:e769:2155:aa4a:bcfe:867f:4dc:c8f8 prefixlen 64 scopeid
0x0<global>
inet6 fd19:e769:2155:aa4a:14a6:e870:b2ad:d2d9 prefixlen 64
scopeid 0x0<global>
ether 50:eb:f6:4f:6c:2e txqueuelen 1000 (Ethernet)
RX packets 5820439 bytes 1191558319 (1.1 GB)
RX errors 0 dropped 11 overruns 0 frame 0
TX packets 2733488 bytes 637055127 (637.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno2.12: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.12.3 netmask 255.255.255.0 broadcast 192.168.12.255
inet6 fe80::fda3:7df7:98b0:d9e6 prefixlen 64 scopeid 0x20<link>
ether 50:eb:f6:4f:6c:2e txqueuelen 1000 (Ethernet)
RX packets 7737728 bytes 1816607005 (1.8 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 529891 bytes 125658614 (125.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
My interfaces in kea-dhcp4.conf are configured like:
"interfaces": [ "eno2/192.168.10.3","eno2.11/192.168.11.3","eno2.12/
192.168.12.3" ]
This is why I'm a little baffled why I need the dhcp relay since all of the
interfaces should be listening on each vlan but aren't picking up the
traffic.
Routing has been an issue on my network, which is related to another post
I'm going to make later with bridged interfaces and dhcp requests from VMs
to those bridged interfaces not getting IP addresses even though the server
is receiving the request but the client isn't acknowledging them for some
reason.
-Ubence
On Tue, Jul 16, 2024 at 11:52 PM DDFR | Ronald Blaas <ronald.blaas at ddfr.nl>
wrote:
> Hi
>
> Not really sure what you mean here: "has one interface that I've setup
> with vlan interfaces"
>
> Like what has been said before, either the DHCP server has an IP address
> in every IP subnet or you will have to make use of DHCP relay.
>
> The DHCP server must know from which network the DHCP request is coming
> from.
>
> As for logging, if there is nothing in the log you must have a routing
> problem (it is always routing 😋)
>
>
>
> Ronald
>
> ------------------------------
> *From:* Kea-users <kea-users-bounces at lists.isc.org> on behalf of Ubence
> Quevedo <thatrat at gmail.com>
> *Sent:* Tuesday, July 16, 2024 13:04
> *To:* Kea user's list <kea-users at lists.isc.org>
> *Subject:* Re: [Kea-users] [EXTERNAL] Re: Need to have DHCP Relay in
> order for Kea to work...?
>
> U ontvangt niet vaak e-mail van thatrat at gmail.com. Meer informatie over
> waarom dit belangrijk is <https://aka.ms/LearnAboutSenderIdentification>
> Thanks for all of the responses on this.
>
> The system that is the Kea DHCP server [an Ubuntu system] has one
> interface that I've setup with vlan interfaces.
>
> I can access these other interfaces and verified through nmap that port 67
> is open on all interfaces.
>
> I can't seem to find any kind of ip helper option in the Unifi Controller
> [v8.2.93 running on a virtual Ubuntu system].
>
> I've reconfigured the DHCP Relay on the pfSense to point to all of the
> interfaces, and I'm now seeing the traffic I'm expecting to see, which is
> fine since. understand a little better of what might be going on.
>
> Just a little confused as to why the broadcast traffic for DHCP requests
> doesn't seem to be picked up on the vlan interfaces on the server.
>
> I do have another question, but I'll put that in a separate post since it
> doesn't seem to be related to this question at hand.
>
> -Ubence
>
> On Mon, Jul 15, 2024 at 6:59 AM Joe Craig <JCraig at applieddigital.com>
> wrote:
>
> Question about the setup. On the network switches that the DHCP requests
> would hit first, do you have IP Helpers configured? In my experience that’s
> what I’ve had to do to ensure that the packets make it to the DHCP server
> without a DHCP Relay. I’m in an environment where I cannot deploy a DHCP
> Relay service, so I am leveraging the IP Helpers on an L3 switch to forward
> those requests. This is passing through an Cisco firewall and all that.
> Hope that helps.
>
>
>
> Thanks,
>
>
>
> *Joseph Craig*
> Systems Engineer
>
>
>
>
> *From:* Kea-users <kea-users-bounces at lists.isc.org> *On Behalf Of *DDFR |
> Ronald Blaas
> *Sent:* Monday, July 15, 2024 2:15 AM
> *To:* kea-users at lists.isc.org
> *Subject:* [EXTERNAL] Re: [Kea-users] Need to have DHCP Relay in order
> for Kea to work...?
>
>
>
> You don't often get email from ronald.blaas at ddfr.nl. Learn why this is
> important <https://aka.ms/LearnAboutSenderIdentification>
>
> Not really sure how you have your network setup.
>
>
>
> But in my belief, if you want dhcp to work without RELAY you have to make
> sure your DHCP server is directly connected to all the LANs. So your DHCP
> server will need to have multiple Nics.
>
>
>
> Is there a particular reason you do not want to have a dhcp relay?
>
>
>
> I have a kinda similar setup and am using DHCP relay. It is operating as
> expected and without problems.
>
>
>
> It is also wise to share the output of your log file with the error you
> are receiving.
>
> Tis helps in pinpointing the problem.
>
>
>
> Regards
>
>
>
>
>
> Ronald
>
>
>
>
> ------------------------------
>
> *From:* Kea-users <kea-users-bounces at lists.isc.org> on behalf of Ubence
> Quevedo <thatrat at gmail.com>
> *Sent:* Monday, July 15, 2024 00:26
> *To:* kea-users at lists.isc.org <kea-users at lists.isc.org>
> *Subject:* [Kea-users] Need to have DHCP Relay in order for Kea to
> work...?
>
>
>
> U ontvangt niet vaak e-mail van thatrat at gmail.com. Meer informatie over
> waarom dit belangrijk is <https://aka.ms/LearnAboutSenderIdentification>
>
> Hi Everyone,
>
>
>
> I’ve been using Kea for just under a year for a home setup on a Linux
> Ubuntu server. I switched from isc dhcp since it was end of life. My
> setup has a lot of MAC address reservations with some general pools for
> systems that don’t have IP reservations.
>
>
>
> I also have a few vlans set up with the reservations for devices on each
> of the vlans. I’m using pfSense as my gateway with some Unifi equipment
> that is vlan aware.
>
>
>
> I’m running into an issue and I’m not sure why and would love some advice
> on how to look into this.
>
>
>
> I have the interfaces on the system setup that is running Kea, to
> advertise on the untagged network [mostly some servers], vlan 11 [user
> systems], and vlan12 [IoT devices].
>
>
>
> I don’t have the firewall in pfSense to block traffic between these
> networks yet, so they can all freely talk to each other.
>
>
>
> Even though I have my Kea configured to advertise on all of the interfaces
> [untagged, 11, 12], I can’t seem to get anything to work unless I have the
> DHCP Relay service setup on the pfSense device to redirect all DHCP traffic
> to the Kea system’s untagged IP address [192.168.10.3].
>
>
>
> I can verify through nmap that udp port 67 is running on all three
> interfaces.
>
>
>
> If I turn off the DHCP Relay service, I was expecting the interfaces to
> pick up on the DHCP requests from devices on all of these networks.
>
>
>
> This doesn’t happen and devices don’t get addresses. I’ve even watched
> the logs I’ve split out and nothing is written for the duration that the
> relay service is turned off. As soon as I turn it back on, I start seeing
> traffic again.
>
>
>
> I’m running Kea 2.6.0.
>
>
>
> I’d love to turn the DHCP Relay off to then try to troubleshoot another
> issue I’m having with bridging interfaces to VMs and then having the VM
> interface assigned to a vlan other than the bridged interface. It seems to
> work for something else I’m doing, but just trying to rule some things
> out. Probably another post if I can figure out why the DHCP Relay seems to
> need to be on.
>
>
>
> Any ideas why I need the DHCP Relay service on another device even though
> all of the interfaces on each respective vlan are configured to listen for
> dhcp requests?
>
>
>
> -Ubence
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240717/01c2cdd0/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5498 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240717/01c2cdd0/attachment-0001.png>
More information about the Kea-users
mailing list