Forum Discussion

F5Drive_266268's avatar
F5Drive_266268
Icon for Nimbostratus rankNimbostratus
Aug 06, 2016

DHCP Relay

Hi, I have setup one lab for F5, i am using 11.6.1 code. I am trying to setup DHCP relay as it was available in 11.3.x. I cannot see DHCP realy option now. I have setup DHCP with both dhcp4 and dhcp4_forward. My clients are not directly connected with F5 subnet, but multi hope. I have put helper-address on my cisco switches, i am able to see traffic hitting on F5 for dhcp discover, but no traffic on internal interface, where dhcp server is connected. DHCP server is using F5 as default gateway. I am able to fetch webpages from same subnet on my dhcp client.

 

ltm pool DC-Servers-DHCP {
    members {
        DC-11:any {
            address 10.2.0.11
            session monitor-enabled
            state up
        }
        DC-33:any {
            address 10.2.0.33
            session monitor-enabled
            state down
        }
        DHCP-22:any {
            address 10.2.0.22
            session monitor-enabled
            state down
        }
    }
    monitor gateway_icmp
}

ltm virtual DHCP-VS-151 {
    destination 172.31.0.151:bootps
    dhcp-relay
    ip-protocol udp
    mask 255.255.255.255
    pool DC-Servers-DHCP
    profiles {
        dhcpv4 { }
    }
    source 0.0.0.0/0
    vlans {
        external
    }
    vlans-enabled
    vs-index 3

 

my topology

 

Wireshark traffic

 

 

Stats

 

 

Best Regards,

 

  • The statistics show that it received 5 packets in (client), and sent 5 packets out (server). You say you can't see that traffic ? Was that by capturing on the dhcp server, or on the bigip ?

    What do you see if you run this on the bigip, whilst making dhcp requests ?

     

    tcpdump -n -i0.0:nnn host 10.2.0.11
    

     

    There should be some echo requests and replies from the monitor, but also udp traffic heading towards it from the virtual server.

  • I have captured traffic on two different path locations, shared screen shot is on interface of F5 connected with router (outside network). Which shows traffic is hitting interface (DHCP Discover). While on exit interface I can see normal traffic like ping from F5 to nodes, but no traffic for DHCP (screen shot not shared).

     

    From stats screen (traffic detail) it is showing that packets in are 4 but out are none.

     

    I really stuck on this, want to finish it. It is lab environment.

     

    Best Regards,

     

  • Hi i have one important discovery on outside interface, where dhcp clinet exist. Please see attached.

     

     

    here self ip 172.31.0.145 is doing arp for 172.31.0.151 (dhcp Virtual server IP). But i am not able to see reply back that who owns DHCP VS VIP.

     

    Best Regards,

     

  • keep bumping is nice but are you doing anything else?

     

    does it work for http traffic for example?

     

    never build a DHCP virtual server, but i kinda don't expect it on an IP address, are you sure that should work?

     

  • Hi, I have build on same lab dns/ftp/ssh/http/https solution. Even i have build DHCP with directly attached client to outside interface. This problem is only occurring if clients are multi hops away from F5. All above stated services are build with success for multi hop away clients. for directly attached client in outside interface vlan i have used 0.0.0.0/0 source and destination 255.255.255.255 and it worked fine.

     

    Best Regards,

     

  • Hi F5Drive,

    it doesn't make much sense to point the ip helper-address on your switches to a Virtual Server which is configured as DHCP relay. In the best case your setup would confuse your DHCP servers making them unable to identify the remote subnet and to provide a valid IP address from the the right IP scope. And in the worst case it would simply not work and making you angry...

    Point the ip-helpers on your switches either directly to each of the individual DHCP servers (you can configure multiple ip-helper on a single VLAN interface) or use a single ip-helper and point them to a Virtual Server that is performing a regular UDP:67 load balancing for your DHCP servers (without SNAT applied). In this case the ip-helper will collect the 255.255.255.255:67 DHCP broadcast and transform it to DHCP unicast (src=IP-Helper:68 and DST=Virtual_Serer:67) so that it can be routed across your network environment and reach your Virtual Servers and finally the load balanced DHCP servers. Also keep in mind, that the clients must be able to directly access the individual DHCP servers for DHCP updates and DHCP Option 81 request, since they would unicast the DHCP server which had assigned their current IP address.

    Note: A Virtual Server based DHCP relay configuration should use 255.255.255.255:67 as IP:Port combination. See https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/23.html for further information.

    Cheers, Kai

  • Here's the code we use in 12.1, however i don't believe we changed it from 11.6 to 12.1

     

    ltm virtual dhcp-relay {
        destination 255.255.255.255:bootps
        dhcp-relay
        ip-protocol udp
        mask 255.255.255.255
        pool dhcp-pool
        profiles {
            dhcpv4 { }
        }
        source 0.0.0.0/0
        translate-address enabled
        translate-port disabled
    }

    HTH

     

    Andrew

     

  • Have a try with this config:

     

    ltm virtual dhcp-tcp_vs {
        destination 172.31.0.151:any
        ip-protocol tcp
        mask 255.255.255.255
        pool dhcp-all
        profiles {
            tcp { }
        }
        source 0.0.0.0/0
        source-address-translation {
            type automap
        }
        translate-address enabled
        translate-port disabled
    }
    ltm virtual dhcp-udp_vs {
        destination 172.31.0.151:any
        ip-protocol udp
        mask 255.255.255.255
        pool dhcp-all
        profiles {
            udp { }
        }
        source 0.0.0.0/0
        source-address-translation {
            type automap
        }
        translate-address enabled
        translate-port disabled
    }
    ltm virtual dhcp-relay {
        destination 255.255.255.255:bootps
        dhcp-relay
        ip-protocol udp
        mask 255.255.255.255
        pool dhcp-any
        profiles {
            dhcpv4 { }
        }
        source 0.0.0.0/0
        translate-address enabled
        translate-port disabled
    }
    ltm pool dhcp-any {
        load-balancing-mode least-connections-member
        members {
            DC-11:any {
                address 10.2.0.11
                session monitor-enabled
                state up
            }
            DC-33:any {
                address 10.2.0.33
                session monitor-enabled
                state up
            }
            DC-22:any {
                address 10.2.0.22
                session monitor-enabled
                state up
            }
        }
        monitor gateway_icmp
    }
    

     

    Remember if using tmsh you can use the following command to import the config:

    load sys config merge from-terminal

    Then just paste the above config in and see how you go.

    Cheers,