I am having issues with Kea DHCP, so need some help from the inter-web's here.
This should be a simple Option 82 check and giaddr check then assign a network
range. I am starting with just the giaddr and what to add the Option 82 check
later but the first check doesn't seem to work, I have changed the IP Address's
to protect the innocent.
The network is a VxLAN setup with a anycast address as the gateway across
multiple routers. The DHCP relay is using "overrides relay-source loopback"
this way the DHCP request comes back to the same relay agent on the same router
that sent it.
Loopback range: 100.79.255.0/24 { this will be the router source address of the
gi-addr }; Site1 network: 100.64.0.0/24; Site 2 network: 100.64.1.0/24
Router 1 lo: 100.79.255.10/32, vlan 111 100.64.0.0/24
Router 2 lo: 100.79.255.11/32, vlan 111 100.64.0.0/24
Router 3 lo: 100.79.255.12/32, vlan 121 100.64.1.0/24
Router 4 lo: 100.79.255.13/32, vlan 121 100.64.1.0/24
Here is the Juniper Config for Router 1:
set interfaces et-0/0/1 ether-options 802.3ad ae1
set interfaces ae1 unit 111 encapsulation vlan-bridge
set interfaces ae1 unit 111 vlan-id 111
set interfaces lo0 unit 0 family inet address 100.79.255.10/32
set interfaces irb unit 111 family inet address 100.64.0.1/24
set interfaces irb unit 111 mac 00:00:00:00:00:01
set forwarding-options dhcp-relay relay-option-82 circuit-id
set forwarding-options dhcp-relay forward-only
set forwarding-options dhcp-relay server-group DHCP-RELAY 10.255.0.10
set forwarding-options dhcp-relay server-group DHCP-RELAY 10.255.0.11
set forwarding-options dhcp-relay group Relay_Group1 active-server-group
DHCP-RELAY
set forwarding-options dhcp-relay group Relay_Group1 overrides
trust-option-82
set forwarding-options dhcp-relay group Relay_Group1 overrides relay-source
lo0.0
set forwarding-options dhcp-relay group Relay_Group1 relay-option-82
server-id-override
set forwarding-options dhcp-relay group Relay_Group1 interface irb.111
In the config I have two different ways to handle the subnets, here is the Kea
Config:
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "ens4" ],
"dhcp-socket-type": "udp"
},
"authoritative": true,
"control-socket": {
"socket-type": "unix",
"socket-name": "/tmp/kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"hooks-libraries": [
{
"library": "/usr/lib64/kea/hooks/libdhcp_lease_cmds.so"
},
{
"library": "/usr/lib64/kea/hooks/libdhcp_stat_cmds.so"
}
],
"option-data": [
{ "name": "domain-name-servers", "data": "8.8.8.8, 8.8.4.4" },
{ "name": "domain-name", "data": "test.lab" }
],
"subnet4": [
{
"subnet": "100.64.0.0/24",
"pools": [ { "pool": "100.64.0.10 - 100.64.0.254" } ],
"relay": { "ip-addresses": [ "100.79.255.10", "100.79.255.11" ] },
"option-data": [ { "name": "routers", "data": "100.64.0.1" },
{ "name": "domain-name", "data": "vlan111.test.lab" }
]
},
],
"shared-networks": [
{
"name": "VLAN121",
"relay": { "ip-addresses": [ "100.79.255.12", "100.79.255.13" ] },
"subnet4": [
{ "subnet": "100.79.255.12/32" },
{ "subnet": "100.79.255.13/32" },
{
"subnet": "100.64.1.0/24",
"pools": [ { "pool": "100.64.1.10 - 100.64.1.254" } ],
"option-data": [ { "name": "routers", "data": "100.64.1.1" },
{ "name": "domain-name", "data": "vlan121.test.lab" }
]
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea-dhcp4.log"
}
],
"severity": "DEBUG",
"debuglevel": 0
}
]
}
}
Here are the logs from Kea DHCP, both subnets show the same error:
2024-12-16 13:51:18.204 ERROR [kea-dhcp4.bad-packets/5311.140177694668928]
DHCP4_PACKET_NAK_0001 [hwtype=1 50:01:05:1b:00:01], cid=[01:50:01:05:1b:00:01],
tid=0x96b8dc10: failed to select a subnet for incoming packet, src
100.79.255.10, type DHCPDISCOVER
2024-12-16 13:51:34.516 ERROR [kea-dhcp4.bad-packets/5311.140177694668928]
DHCP4_PACKET_NAK_0001 [hwtype=1 50:01:05:1b:00:01], cid=[01:50:01:05:1b:00:01],
tid=0x3e70df2d: failed to select a subnet for incoming packet, src
100.79.255.10, type DHCPDISCOVER
Here is a TCPDUMP from the DHCP Server to see the inbound packets, both subnets
show the same:
12:04:55.200602 50:01:05:02:00:09 > 50:01:05:18:00:01, ethertype IPv4 (0x0800),
length 364: (tos 0x0, ttl 63, id 38129, offset 0, flags [DF], proto UDP (17),
length 350)
100.79.255.10.bootps > 10.255.0.10.bootps: [udp sum ok] BOOTP/DHCP, Request
from 50:01:05:1b:00:01, length 322, hops 1, xid 0x39d0c398, secs 7, Flags
[none] (0x0000)
Gateway-IP 100.79.255.10
Client-Ethernet-Address 50:01:05:1b:00:01
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Discover
Client-ID (61), length 7: ether 50:01:05:1b:00:01
Parameter-Request (55), length 17:
Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname
(12)
Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
Default-Gateway (3), Static-Route (33), YD (40), YS (41)
NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249),
Unknown (252)
RP (17)
MSZ (57), length 2: 576
Hostname (12), length 10: "cpe-test01"
Agent-Information (82), length 32:
Circuit-ID SubOption 1, length 18: ae1.111:vlan-111
Unknown SubOption 5, length 4:
0x0000: ac1c c801
Unknown SubOption 11, length 4:
0x0000: ac1c c801
Thanks for the help here,
Chris Tuska
Imperium Data
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
