Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP-relay not working as expected with asymmetric routing

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 133 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lodpp
      last edited by lodpp

      Hi,

      I'm hitting a weird behaviour with DHCP-relay with an assymetric routing case.

      design.drawio.png

      Hopefully the image will be explicit enough on the setup I'm using.

      Context:

      At the moment, SRV1 is single attached to pf2, pf2 is CARP MASTER.

      PF2 (and PF1) are setup to do DHCP relay on its LAN interfaces and pointing to the dhcp server 192.168.0.42.

      My LXC host is attached to a switch, dual attached to both PF1/2 with CARP.
      CARP is MASTER on PF1 in this case

      The LXC host has an internal bridge (without NAT) for the LXC guests. The LXC host act as default-gateway for the guests.

      DHCP server is linux based with Kea running.

      A static route exists on both PF1/PF2 to reach 192.168.0.0/24 via the LXC host.

      OSPF/BGP routing setup exists between both PF1/PF2, so PF1 knows how to reach PF2 LAN networks ( and vice versa)

      The problem:
      In this particular case, when the SRV1 does a DHCP Discover, it never receives the DHCP Offer from the server.

      • SRV1 sends DHCP Discover via PF2
      • PF2 relays the DHCP Discover to the DHCP server
      • DHCP server gets the Discover and send the DHCP Offer via LXC-host
      • LXC-host routes the Offer to PF1
      • PF1 routes the Offer to PF2
      • PF2 receives the offer ( at least on the TCPdump, the offer hits the PF2:lanB interface.
      • PF2 does not send the offer to SRV1

      Hotfix:
      get all the CARP MASTER on the same box.

      Tshoot:

      • enabled logging on all firewall rules
      • check on /var/log/filter.log for blocked traffic

      Does anyone has a clue on what could be the problem ?

      Thanks and best regards,
      Nico

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.