Forum Discussion

freeto2013_2627's avatar
freeto2013_2627
Icon for Nimbostratus rankNimbostratus
Jan 06, 2017

DHCP Relay not forwarding traffic

I'm Testing DHCP relay on our F5. I have followed the following guide. https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/23.html

 

Host Network range is 10.10.0.0/24 VLAN55 DCHP servers are on 10.11.0.0/24 LAN56 10.11.0.3 and 10.11.0.7

 

When setting up the Virtual Server I had to change the source from 255.255.255.255 too 0.0.0.0. Type DHCP relay was not available, just DHCP (same thing?)

 

tcpdump on VLAN55 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:50:56:96:01:7a, length 300 in slot1/tmm0 lis=/Common/dHCPRELAY

 

No traffic destined for the DCHP servers on VLAN56 IP 10.11.0.3 > 10.11.0.5: ICMP echo reply, id 8976, seq 6684, length 20 in slot1/tmm2 lis=

 

Statistics show, IN OUT IN OUT dHCPRELAY Common View... 341.1K 0 130 0 1 1 1 0 0% 0% 0% No Data No Data No Data

 

I have tried using both profiles, dhcpv4, and dhcpv4_fwd same results. any ideas? thank you

 

  • UPDATE, I have the traffic forwarding past relay, however DHCP server is receiving the request from IP addresss 10.10.0.4 ( SELF IP in VLAN 55)

     

    since there is no route back too 10.10.0.4 from VLAN56 the traffic is lost. How do I get the F5 to translate the SELF IP address to an IP address on vlan 56?

     

    This is the TRAFFIC outbound from the F5 too the DHCP server,

     

    IP 10.10.0.4.bootps > 10.11.0.3.bootps: BOOTP/DHCP, Request from 00:50:56:96:01:7a, length 300 out slot1/tmm0 lis=/Common/DHCP-RELAY

     

  • TLDR; answer from me since nobody else has given it a shot. I am not sure if source nat:ing would play nice with the DHCP server as it might look as the self IP of the F5 is asking for large amounts of IPs.

     

    If you still want to give it a go:

     

    Try to enable address translation - automap on the virtual server handling the DHCP traffic. That would take care of the routing.

     

    /Patrik

     

  • My understanding, based on my reading of the RFC, is that you must install a route back to the unrouted network. The problem is that giaddr is used for two things. First, it is used by the DHCP server to determine the source subnet, and thus which IPs are valid to be assigned to that DHCP client. Thus, in your example, giaddr must be 10.10.0.4.

     

    Second, at least the way I read the RFC, giaddr is used as the return address for the DHCP OFFER/ACK, rather than the source IP from the relayed DISCOVER/REQUEST. Thus, your private space must be routed for the returning packets to reach your relay agent. The RFC leaves a tiny bit of wiggle room on this point, but that's how I read it.