Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
0
Helpful
0
Replies

DHCP Shared service - defying laws of routing but is working

Justin Thompson
Level 1
Level 1

‎11-13-2020 05:54 AM

My Scenario: I have TN-Common vrf-common(enforced) BD-A (only holds EPG-A) EPG-A (only provides DHCP services, and does not provide DNS or any other shared service).  User Tenant-Test vrf-1(unenforeced) vrf-2(enforced).  NO CONTRACT IS Used, as I believe DHCP is a 'special case in ACI'.

 

Hosts in the user tenant CAN get a DHCP.  However, when I look at the routing tables, I see the route leaks from vrf-common tenant to the user vrfs (vrf-1 & vrf-2).  In the common tenant, I do not see the routes for the hosts in the user tenant.  If I follow the routing table, the traffic would route asymmetrically and the DHCP offer would return to the client through a firewall.  However, after capturing packets on the firewall, the routing path is NOT USED as we do not see any packets making it to the firewall.  

 

Also, on the user leafs, If I search for endpoint of the DHCP server (show ip endpoint 1.1.1.1, as example) it returns nothing.  DHCP must be a special case in ACI but I'm just wanting to understand this behavior and how it is programmed on the leafs.  Zoning filters don't provide anything allowing for DHCP.  I know auditors will ask me this question and I need to provide them something.

 

Thanks to whomever can help me!

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License