Hi Tomas,

I've attached the drawing. Hope it's clear how things are tied together.

The wireshark trace and the show ip dhcp internal event history traces that you provided in the Cisco Tac Case was mismatched.  What I mean is that the samples were not the same client request for each sample set.

Please provide the following output to the Cisco Tac Case:

# acidiag fnvread
(please denote which leaf node is the location of the Endpoint and the location of the shared L30ut)

From the Service Leaf on where the CLIENT Endpoint resides:
# show vrf
# show ip interface brief vrf NAME <NAME = VRF NAME where the client EPG resides>
# show ip interface vlan## <## = VLAN number of the client EPG>
# show ip dhcp relay
# show dhcp internal event-history traces
# vsh_lc
module-1# show system internal epmc endpoint vlan ##
module-1# show system internal epmc endpoint vlan ## | egrep "IP|MAC|Vlan|VRF|phy"
(where ## is the VLAN number of the DHCP Client EPG)

From the Border Leaf on where the L3Out for DHCP Server resides:
# show dhcp internal event-history traces
# show vrf
# show ip interface brief vrf NAME <NAME = VRF NAME where the L3Out resides>
# show ip interface vlan## <## = VLAN number of VRF interface for L3Out>

Thanks

T.

Added the logs to the TAC case. I would like to share relevant info with the people reading this forum in case anybody else runs into this issue, so I omitted the fnvread output as this contains hw chassis serials.

best,

P

Ok,  I may have an idea of what the issue may be. On aci-edge-gw-7 & aci-edge-gw-8 in "IMP-IMBA_Private:HPC-mgmt", How do you have the EPG configured for the DHCP Clients?

What I mean by this is do you have a static path or static binding configured?  If so, what mode is it configured as?

From the trace, it appears that eth 1/21 is configured as "802.1P access mode"? Is that correct?

127) 2016 Aug 11 16:43:58.388322 _snoop_handle_istack_packet: 1359 : L2 type = 1; Private VLAN = 0

My understanding is that some PXEBOOT nics do not like seeing and do not work with vlan0.  In some cases, the configuration needs to be configured as "untagged"

Please let us know how your connections are to the device of eth 1/21.

Thanks!

T.

Hi Tomas!

I do not have static paths configured within that EPG - I have just the domain associated with the EPG. 

I do have 802.1P access mode configured. I booted the server and tried a manual DHCP client call with the same results as for PXE. 

Adding paths to the EPG with 802.1P access OR untagged config for the path doesnt change things. The IP and tagging for the box is correctly set as I have fully working IP connectivity to the DHCP server (but no DHCP protocol working as the agent is still dropping?) as soon as I manually configure the server's interface.

Jessica was amazing! 

We didn't truly solve the problem yet, but have a workaround:

The border leaf switches didn't have the DHCP relay address showing in the output of show ip dhcp relay. What we did now is we deployed two static paths where nothing is connected to within the EPG that contains the server with immediate deployment policy. Running show ip dhcp relay after that did show the relay IP on the border leafs. We do have regular DHCP working now while the OS is booted but are still troubleshooting VIC1387 PXE DHCP. We confirmed that broadcast bootp option is not triggering the dropping on our hw platform.

One thing I noticed is that the border leaf that doesn't have the sever attached, but has the L3extOut EPG (shared L3 out) doesnt have the relay set, the leaf switches were the servers are attached do have it configured and it shows in the output show ip dhcp relay.

Is that supposed to be like this? 

Looking at the routes within overlay-1 VRF I don't see the relay's IP address being present