Hi Chris,
From what is provided here, it looks like, at least in the case of the
packet dump data provided, that the "subnet": "100.64.0.0/24", should
have been selected. That is assuming that "Gateway-IP 100.79.255.10"
from the packet dump is the giaddr. One thing I noticed is that you
have a shared network setup for the other VLAN with these subnets:
{ "subnet": "100.79.255.12/32" },
{ "subnet": "100.79.255.13/32" },
This should not be necessary since you have specified the relay ip
addresses. I encourage you to remove those. A couple of pointers:
- set DEBUG level to 99. You will get all of the logs that Kea has to
offer. There may be some message that explains why it couldn't select
a subnet.
- use tcpdump -w <filename>.pcap to perform packet captures. These
can be opened in Wireshark and will show more detail which makes
diagnosis of problems much easier.
Thank you,
Darren Ankney
On Tue, Dec 17, 2024 at 9:51 AM Chris Tuska via Kea-users
<kea-users@lists.isc.org> wrote:
>
> I am having issues with Kea DHCP, so need some help from the inter-web's
> here. This should be a simple Option 82 check and giaddr check then assign a
> network range. I am starting with just the giaddr and what to add the Option
> 82 check later but the first check doesn't seem to work, I have changed the
> IP Address's to protect the innocent.
>
>
> The network is a VxLAN setup with a anycast address as the gateway across
> multiple routers. The DHCP relay is using "overrides relay-source loopback"
> this way the DHCP request comes back to the same relay agent on the same
> router that sent it.
>
> Loopback range: 100.79.255.0/24 { this will be the router source address of
> the gi-addr }; Site1 network: 100.64.0.0/24; Site 2 network: 100.64.1.0/24
>
> Router 1 lo: 100.79.255.10/32, vlan 111 100.64.0.0/24
> Router 2 lo: 100.79.255.11/32, vlan 111 100.64.0.0/24
> Router 3 lo: 100.79.255.12/32, vlan 121 100.64.1.0/24
> Router 4 lo: 100.79.255.13/32, vlan 121 100.64.1.0/24
>
> Here is the Juniper Config for Router 1:
>
> set interfaces et-0/0/1 ether-options 802.3ad ae1
> set interfaces ae1 unit 111 encapsulation vlan-bridge
> set interfaces ae1 unit 111 vlan-id 111
> set interfaces lo0 unit 0 family inet address 100.79.255.10/32
> set interfaces irb unit 111 family inet address 100.64.0.1/24
> set interfaces irb unit 111 mac 00:00:00:00:00:01
> set forwarding-options dhcp-relay relay-option-82 circuit-id
> set forwarding-options dhcp-relay forward-only
> set forwarding-options dhcp-relay server-group DHCP-RELAY 10.255.0.10
> set forwarding-options dhcp-relay server-group DHCP-RELAY 10.255.0.11
> set forwarding-options dhcp-relay group Relay_Group1 active-server-group
> DHCP-RELAY
> set forwarding-options dhcp-relay group Relay_Group1 overrides
> trust-option-82
> set forwarding-options dhcp-relay group Relay_Group1 overrides
> relay-source lo0.0
> set forwarding-options dhcp-relay group Relay_Group1 relay-option-82
> server-id-override
> set forwarding-options dhcp-relay group Relay_Group1 interface irb.111
>
> In the config I have two different ways to handle the subnets, here is the
> Kea Config:
>
> {
> "Dhcp4": {
> "interfaces-config": {
> "interfaces": [ "ens4" ],
> "dhcp-socket-type": "udp"
> },
> "authoritative": true,
> "control-socket": {
> "socket-type": "unix",
> "socket-name": "/tmp/kea4-ctrl-socket"
> },
> "lease-database": {
> "type": "memfile",
> "lfc-interval": 3600
> },
> "renew-timer": 900,
> "rebind-timer": 1800,
> "valid-lifetime": 3600,
> "hooks-libraries": [
> {
> "library": "/usr/lib64/kea/hooks/libdhcp_lease_cmds.so"
> },
> {
> "library": "/usr/lib64/kea/hooks/libdhcp_stat_cmds.so"
> }
> ],
> "option-data": [
> { "name": "domain-name-servers", "data": "8.8.8.8, 8.8.4.4" },
> { "name": "domain-name", "data": "test.lab" }
> ],
> "subnet4": [
> {
> "subnet": "100.64.0.0/24",
> "pools": [ { "pool": "100.64.0.10 - 100.64.0.254" } ],
> "relay": { "ip-addresses": [ "100.79.255.10", "100.79.255.11" ] },
> "option-data": [ { "name": "routers", "data": "100.64.0.1" },
> { "name": "domain-name", "data": "vlan111.test.lab" }
> ]
> },
> ],
> "shared-networks": [
> {
> "name": "VLAN121",
> "relay": { "ip-addresses": [ "100.79.255.12", "100.79.255.13" ] },
> "subnet4": [
> { "subnet": "100.79.255.12/32" },
> { "subnet": "100.79.255.13/32" },
> {
> "subnet": "100.64.1.0/24",
> "pools": [ { "pool": "100.64.1.10 - 100.64.1.254" } ],
> "option-data": [ { "name": "routers", "data": "100.64.1.1" },
> { "name": "domain-name", "data": "vlan121.test.lab" }
> ]
> }
> ]
> }
> ],
> "loggers": [
> {
> "name": "kea-dhcp4",
> "output_options": [
> {
> "output": "/var/log/kea-dhcp4.log"
> }
> ],
> "severity": "DEBUG",
> "debuglevel": 0
> }
> ]
> }
> }
>
> Here are the logs from Kea DHCP, both subnets show the same error:
>
> 2024-12-16 13:51:18.204 ERROR [kea-dhcp4.bad-packets/5311.140177694668928]
> DHCP4_PACKET_NAK_0001 [hwtype=1 50:01:05:1b:00:01],
> cid=[01:50:01:05:1b:00:01], tid=0x96b8dc10: failed to select a subnet for
> incoming packet, src 100.79.255.10, type DHCPDISCOVER
> 2024-12-16 13:51:34.516 ERROR [kea-dhcp4.bad-packets/5311.140177694668928]
> DHCP4_PACKET_NAK_0001 [hwtype=1 50:01:05:1b:00:01],
> cid=[01:50:01:05:1b:00:01], tid=0x3e70df2d: failed to select a subnet for
> incoming packet, src 100.79.255.10, type DHCPDISCOVER
>
> Here is a TCPDUMP from the DHCP Server to see the inbound packets, both
> subnets show the same:
>
> 12:04:55.200602 50:01:05:02:00:09 > 50:01:05:18:00:01, ethertype IPv4
> (0x0800), length 364: (tos 0x0, ttl 63, id 38129, offset 0, flags [DF], proto
> UDP (17), length 350)
> 100.79.255.10.bootps > 10.255.0.10.bootps: [udp sum ok] BOOTP/DHCP,
> Request from 50:01:05:1b:00:01, length 322, hops 1, xid 0x39d0c398, secs 7,
> Flags [none] (0x0000)
> Gateway-IP 100.79.255.10
> Client-Ethernet-Address 50:01:05:1b:00:01
> Vendor-rfc1048 Extensions
> Magic Cookie 0x63825363
> DHCP-Message (53), length 1: Discover
> Client-ID (61), length 7: ether 50:01:05:1b:00:01
> Parameter-Request (55), length 17:
> Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6),
> Hostname (12)
> Domain-Name (15), MTU (26), BR (28), Classless-Static-Route
> (121)
> Default-Gateway (3), Static-Route (33), YD (40), YS (41)
> NTP (42), Unknown (119), Classless-Static-Route-Microsoft
> (249), Unknown (252)
> RP (17)
> MSZ (57), length 2: 576
> Hostname (12), length 10: "cpe-test01"
> Agent-Information (82), length 32:
> Circuit-ID SubOption 1, length 18: ae1.111:vlan-111
> Unknown SubOption 5, length 4:
> 0x0000: ac1c c801
> Unknown SubOption 11, length 4:
> 0x0000: ac1c c801
>
>
>
> Thanks for the help here,
>
>
> Chris Tuska
>
> Imperium Data
>
>
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
