05-06-2024 11:28 PM - edited 05-13-2024 01:42 AM
Hi All,
[Edited and updated]
Trying to build a VRF-AWARE Relay agent.
That means that a centralized DHCP (Global VRF) server is allocating IPv4 address to devices in different customer VRFs an IPv4 address.
I am following what was described by
IP Addresses and Services Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 7.3.x- Configuring Multiple Classes with a Pool
The following topology was created - now updated with two VRFs (VRF 1 and VRF 2 ) with DHCP clients (PC1 and PC2)
The server is in the default VRF (S1)
figure 1: Topology
DHCP requests flow to the server but the server does not respond !
In debug I see that message
TP3148: wildcard list is not initialized, mode 3
but it seems that the received DHCP requested is parsed correctly at least per my understanding.
DHCP requests from VRF 1 (and VRF2) are sent to the global VRF and towards the server.
The server (IOS-XR) receives the DHCP request and is stuck in `INIT_DAPS_WAIT` state.
capture of the binding details shown at the end as well as option-82 capture of the received packet (as seen by the server)
it's not clear to me why it is stuck
So looking at the user-guide I found the following, which seems to be in the right direction. I did implement that but it seems to fall short.
Router(config)# dhcp ipv4 /* Configures DHCP for IPv4 and enters the DHCPv4 configuration submode. */ Router(config-dhcpv4)# profile r1 relay /* Enables DHCP relay profile */ Router(config-dhcpv4-relay-profile)# helper-address vrf A 10.10.10.1 giaddr 40.1.1.2 Router(config-dhcpv4-relay-profile)# broadcast-flag policy check /* Configures VRF addresses for forwarding UDP broadcasts, including DHCP. */ Router(config-dhcpv4-relay-profile)# relay information option vpn Router(config-dhcpv4-relay-profile)# relay information option vpn-mode rfc /* Inserts the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages to a DHCP server. */ Router(config-dhcpv4-relay-profile)# relay information option allow-untrusted /* (Optional) Configures the DHCP IPv4 Relay not to discard BOOTREQUEST packets that have an existing relay information option and the giaddr set to zero. */ Router(config-dhcpv4-relay-profile)# exit Router(config-dhcpv4)# interface BVI 1 relay profile r1 Router(config-dhcpv4)# commit /* Configures DHCP relay on a BVI interface and commits the configuration */
From that definition, I understand that
helper-address vrf A 10.10.10.1 giaddr 40.1.1.2
VRF A is the target VRF (where the server resides)
10.10.10.1 is the server address
40.1.1.2 is an address in the target VRF (VRF A) that the relay should use when initiating the transaction.
The lack of the original GIADDR is offset by implying the introduction of sub-option 5 and suboption 11 (or the Cisco proprietary alternatives (I did see that on IOS-XE)
I did implement this and it didn't work
Assuming that IOS-XR does support that use-case and assuming that my CLI understanding is correct, this still falls short.
a. can the VRF be defined as default (Replacing A in the user guide example VRF A)
b. How can this profile be bound to a VRF instance?
Switch config
ip dhcp snooping vlan 1
ip dhcp snooping
interface GigabitEthernet0/1
negotiation auto
ip dhcp snooping trust
!
Relay 1
interface GigabitEthernet8
ip dhcp relay information option vpn-id
ip address 176.11.11.1 255.255.255.0
!next-hop server
ip helper-address 10.1.2.2
...
!
ip dhcp relay information policy keep
! to avoid drop of option 82 introduced by snooping
ip dhcp relay information trust-all
R2 - VRF AWARE Relay
dhcp ipv4
profile CORP_DHCP relay
! server in default VRF with address 1004.11.11 and use giaddr 2.2.2.2 (implies option 82 link-selection and server-id-override)
helper-address vrf default 100.4.11.11 giaddr 2.2.2.2
! add vpn-id to help maybe the return path from server to VRF 1 and to client.
relay information option VPN
relay information option vpn-mode rfc
!
interface GigabitEthernet0/0/0/1 relay profile CORP_DHCP
!
interface GigabitEthernet0/0/0/1
vrf 1
ipv4 address 10.1.2.2 255.255.255.0
!
Server Configuration
pool vrf default ipv4 TEST-POOL
network 176.11.11.0/24
exclude 176.11.11.1 0.0.0.0
!
dhcp ipv4
profile TEST-PROFILE server
lease 0 0 30
pool TEST-POOL
class CLASS_SIMP
match vrf 1
!
requested-ip-address-check disable
!
interface GigabitEthernet0/0/0/0 server profile TEST-PROFILE
!
Now that configuration was updated to support VRF 2 too, but I don't want to clutter the configuration
---------------------------------------------------------
The server is not responding.
RP/0/RP0/CPU0:S1#show dhcp ipv4 server binding deRP/0/RP0/CPU0:S1#show dhcp ipv4 server binding detail
Thu May 9 16:31:52.536 UTC
MAC Address: 5254.0004.33e7
VRF: default
IP Address: 0.0.0.0
Server IP Address: 10.1.2.2
ReceivedCircuit ID: 0x00-04-00-01-00-00
InsertedCircuit ID: 0x00-04-00-01-00-00
ReceivedRemote ID: 0x00-06-52-54-00-02-0e-e3
InsertedRemote ID: 0x00-06-52-54-00-02-0e-e3
ReceivedVSISO: -
Auth. on received relay info:TRUE
ParamRequestOption: -
SavedOptions: -
Profile: TEST-PROFILE
Selected Profile: TEST-PROFILE
State: INIT_DAPS_WAIT
Lease: 60 secs (00:01:00)
Lease remaining: 59 secs (00:00:59)
Client ID: 0x01-0x52-0x54-0x00-0x04-0x33-0xE7
Access Interface: GigabitEthernet0/0/0/0
Access VRF: default
Subscriber Label: 0x0
Srg State: NONE
Srg Group Id: 0
Event History:
Session Start: May 9 16:26:00.444
PACKET_DISCOVER : 0.001s
DPM_SUCCESS : 0.001stail
--------------------------------------------------
Updated debug capture
dhcpd[184]: DHCPD: TP563: L3 packet event received
dhcpd[184]: DHCPD: TP2514: L3 RX: vrfid 0x60000000 (1610612736), ifh 0x1000018 (16777240), ifhsec 0x0 (0)
dhcpd[184]: DHCPD: TP564: L3 Packet RX from addr = 22.22.22.22, port = 67, application len 329, vrf 0x60000000 (1610612736), tbl 0xe0000000 (3758096384)
dhcpd[184]: DHCPD: dhcpd_os_get_profile_mac_mismatch_action_pkt: profile TEST-PROFILE mac mismatch action dont drop
dhcpd[184]: DHCPD: pktRx id 770: ---------- IPv4 DHCPD --- dhcpd_iox_l3_conn_hlr -------
dhcpd[184]: DHCPD: pktRx id 770: VRF name (id): default (0x60000000)
dhcpd[184]: DHCPD: pktRx id 770: L3 src: 22.22.22.22:67
dhcpd[184]: DHCPD: pktRx id 770: L3 dst: 100.4.11.11:67
dhcpd[184]: DHCPD: pktRx id 770: metadata: L3 input Intf: GigabitEthernet0_0_0_0
dhcpd[184]: DHCPD: pktRx id 770: metadata: Output Intf: Null
dhcpd[184]: DHCPD: pktRx id 770: metadata: FROM: L3
dhcpd[184]: DHCPD: pktRx id 770: metadata: NETWORK_ORDER
dhcpd[184]: DHCPD: pktRx id 770: op: BOOTREQUEST
dhcpd[184]: DHCPD: pktRx id 770: chaddr: 5254.0000.8a34
dhcpd[184]: DHCPD: pktRx id 770: xid: 0x1b5e6f5b
dhcpd[184]: DHCPD: pktRx id 770: flags: 0x0000 (unicast)
dhcpd[184]: DHCPD: pktRx id 770: ciaddr: 0.0.0.0
dhcpd[184]: DHCPD: pktRx id 770: yiaddr: 0.0.0.0
dhcpd[184]: DHCPD: pktRx id 770: siaddr: 0.0.0.0
dhcpd[184]: DHCPD: pktRx id 770: giaddr: 22.22.22.22
dhcpd[184]: DHCPD: pktRx id 770: cookie: 0x63538263
dhcpd[184]: DHCPD: pktRx id 770: option: MESSAGE_TYPE: DISCOVER
dhcpd[184]: DHCPD: pktRx id 770: option: MAX_MESSAGE_SIZE data: "0x02-40"
dhcpd[184]: DHCPD: pktRx id 770: option: PARAMETER_REQUEST data: "0x01-03-06-0c-0f-1c-2a"
dhcpd[184]: DHCPD: pktRx id 770: option: HOST_NAME data: "localhost"
dhcpd[184]: DHCPD: pktRx id 770: option: VENDOR_CLASS_IDENT data: "udhcp 1.35.0"
dhcpd[184]: DHCPD: pktRx id 770: option: CLIENT_IDENTIFIER data: "0x01-52-54-00-00-8a-34"
dhcpd[184]: DHCPD: pktRx id 770: option: RELAY_INFORMATION
dhcpd[184]: DHCPD: pktRx id 770: option: RELAY_INFORMATION: CIRCUIT_ID: 0x00-04-00-01-00-00
dhcpd[184]: DHCPD: pktRx id 770: option: RELAY_INFORMATION: REMOTE_ID: 0x00-06-52-54-00-09-66-e2
dhcpd[184]: DHCPD: pktRx id 770: option: RELAY_INFORMATION: SUBNET_SELECTION_RFC: 0x0a-01-02-00
dhcpd[184]: DHCPD: pktRx id 770: option: RELAY_INFORMATION: VPN_ID: 0x00-32
dhcpd[184]: DHCPD: pktRx id 770: option: RELAY_INFORMATION: VPN_ID_CONTROL
dhcpd[184]: DHCPD: pktRx id 770: option: RELAY_INFORMATION: SERVER_ID_OVERRIDE_RFC: 0x0a-01-02-02
dhcpd[184]: DHCPD: dhcpd_is_match_option_filter_drop: profile name: TEST-PROFILE mode: 3
dhcpd[184]: DHCPD: TP3148: wildcard list is not initialized, mode 3
dhcpd[184]: DHCPD: DHCP_INFO: Len:7 Client-ids = Incoming: 0x01-52-54-00-00-8a-34 Existing: 0x01-52-54-00-00-8a-34
dhcpd[184]: DHCPD: dhcpd_iox_l3_conn_hlr: dhcpd_iox_eventQ_enqueue failed
dhcpd[184]: DHCPD: dhcpd_iox_l3_conn_hlr: l3sock read returned error -1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide