DHCP Relay Issue w/Unicast DHCP Requests



  • Hello all. I performed a quick search in the forum but I did not find something related to my problem so I post it here.

    We have multiple pfSense-Firewalls in a failover configuration on VMWare. We use CARP so we have configured VMWare accordingly ("Promiscuous Mode", "MAC Address changes", "Forged transmits").
    We have a single DHCP server in a network that all the pfSense-Firewalls share. In order to provide DHCP for the other connected networks we use the DHCP relay functionality.

    pfSense 2.2.3-RELEASE (i386)
    FreeBSD 10.1-RELEASE-p13

    What we now observe:
    1. DHCP requests are relayed to the shared network in which the DHCP server resides
    2. The relayed DHCP requests coming from the DHCP relay are Unicasts source DHCP relay and destination DHCP server (which is correct)
    3. The other pfSense-Firewalls which are not the responsible DHCP relay do see the relayed DHCP requests (which is correct due to promiscuous mode enabled)
    4. The other pfSense-Firewalls process these relayed DHCP requests and relay them again (which is not correct from my view)

    This behaviour causes duplicated relayed DHCP requests. Has anybody seen the same problem? Is this a behaviour which is intended?

    Kind regards,
    Michael