[DHCP issue] The clients in the non-vpn-default private network can't get IP address.
- 0 Followed
- 0Collected ,1414Browsed
Network Topology
General ADcampus Fabric
Problem Description
After a customer creates a custom private network, users in the custom private network cannot get the address of the corresponding security group properly.
Process Analysis
Step 1. Debuging dhcp relay all on the leaf.
*Oct 1 00:45:07:277 2021 BR-LEAF DHCPR/7/PACKET: -MDC=1; From 0.0.0.0 port 68, interface Vsi-interface27
Message type: REQUEST (1)
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 1955856403
Seconds: 0, Broadcast flag: 1
Client IP address: 0.0.0.0 Your IP address: 0.0.0.0
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 083a-xxxx-63dd
Server host name: not configured
Boot file name: not configured
DHCP message type: DHCPDISCOVER (1)
*Oct 1 00:45:07:277 2021 BR-LEAF DHCPR/7/EVENT: -MDC=1; Is req pkt from tunnel, if 7024, if-type 111, port-if 7040, port-type 56
*Oct 1 00:45:07:277 2021 BR-LEAF DHCPR/7/EVENT: -MDC=1; Is req pkt from IPL, index 7040, bIsFromIPP 0
*Oct 1 00:45:07:278 2021 BR-LEAF DHCPR/7/EVENT: -MDC=1; Add relay agent option (32 bytes) to the packet.
*Oct 1 00:45:07:278 2021 BR-LEAF DHCP/7/ERROR: -MDC=1; Failed to send packet, ret -1, vrf 2 addr 10.8.94.12 if 0 cvlan 65535 svlan 65535 UnicastDstMac 0
*Oct 1 00:45:07:279 2021 BR-LEAF DHCP/7/ERROR: -MDC=1; Failed to send packet, ret -1, vrf 2 addr 10.8.94.11 if 0 cvlan 65535 svlan 65535 UnicastDstMac 0
Step 2. Checking the setting on the gateway of overlay service.
[BR-LEAF]int Vsi-interface 27
[BR-LEAF-Vsi-interface27]dis this
#
interface Vsi-interface27
description SDN_VSI_Interface_27
ip binding vpn-instance BR_VPN
ip address 10.x.x.254 255.255.254.0
mac-address 0000-0000-0001
local-proxy-arp enable
dhcp select relay proxy
dhcp relay information circuit-id vxlan-port
dhcp relay information enable
dhcp relay server-address 10.x.x.12
dhcp relay server-address 10.x.x.11
dhcp relay source-address interface Vsi-interface4094
dhcp relay request-from-tunnel discard
distributed-gateway local
#
return
[BR-Vsi-interface27]int vsi 4094
[BR-LEAF-Vsi-interface4094]dis this
#
interface Vsi-interface4094
ip binding vpn-instance vpn-default
ip address 10.x.x.129 255.255.255.128
local-proxy-arp enable
arp proxy-send enable
#
return
Step 3. Notice the leaf is sending the DHCP relay packets with the source ip of interface vsi 4094, while the devcie is searching the routes in the vrf 2 which is the vpn-instance BR_VPN. However there is no routes to the DHCP server in the routing table of vpn-instance BR_VPN.
Solution
Adding a route in the vpn-instance.
BR_VPN. ip route-static vpn-instance BR_VPN 10.x.x.0 24 vpn-instance vpn-default 6.6.6.5 // 6.6.6.5 is the next hop to the DHCP server.