Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
5
Helpful
2
Replies

DHCP requests not being forwarded over Policy-based route

chasby
Level 1
Level 1

‎04-26-2021 07:09 AM

Have a 4500x running 03.04 firmware.

 

To test an SD-WAN deployment I've created 2 test vlans on the 4500 on which I've tried to implement PBR.  I want traffic from those vlans to be sent to a specific interface.

 

Details of what I've done:

 

Extended IP access list subnet1911
40 deny udp any any eq bootpc
50 deny udp any any eq bootps (14 matches)
60 permit udp any any

 

Extended IP access list subnet1921
40 deny udp any any eq bootpc
50 deny udp any any eq bootps (2 matches)
60 permit udp any any
70 permit tcp any any

 

route-map Redirect1911, permit, sequence 10
Match clauses:
ip address (access-lists): subnet1911
Set clauses:
ip precedence priority
ip next-hop 10.190.4.20
Nexthop tracking current: 10.190.4.20
10.190.4.20, fib_nh:5D39871C,oce:5D400130,status:1

Policy routing matches: 29574 packets, 14431354 bytes

 

Peach4500x#sh route-map Redirect1921
route-map Redirect1921, permit, sequence 10
Match clauses:
ip address (access-lists): subnet1921
Set clauses:
ip precedence priority
ip next-hop 10.190.4.20
Nexthop tracking current: 10.190.4.20
10.190.4.20, fib_nh:5D3986F4,oce:5D400130,status:1

Policy routing matches: 12984 packets, 4370666 bytes

 

interface Vlan1911
description DataWS
ip address 10.191.68.1 255.255.254.0
ip helper-address 10.175.12.15
ip helper-address 10.190.4.30
ip policy route-map Redirect1911
end

 

interface Vlan1921
description VoiceWS
ip address 10.191.70.1 255.255.255.0
ip helper-address 10.175.12.15
ip helper-address 10.190.4.30
ip policy route-map Redirect1921
end

 

The helper addresses point to Infoblox devices; the 12.15 points to a unit at our remote data center while the 4,30 is local to the 4500x.

 

The endpoint devices are connected to a Layer 2 switch trunked to the 4500x to ports assigned to the test vlans.

 

Routing seems to be working fine; the devices are talking successfully over the SD-WAN.  However if I remove the helper address of the local Infoblox device from the vlan configs the devices don't receive DHCP addresses from the remote Infoblox when rebooted.

 

I don't even see DHCP requests hitting the router (a Fortinet device.)

 

I'm a newbie with PVR and am sure I've misconfigured something.  Looking for some guidance.

 

 

 

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-26-2021 07:54 AM

Hello Chasby,

>> However if I remove the helper address of the local Infoblox device from the vlan configs the devices don't receive DHCP addresses from the remote Infoblox when rebooted.

 

This is expected and normal because DHCP requests are actually not routable as they have destination address 255.255.255.255. The ip helper-address activated the  DHCP relay agent function that allow the receiving L3 device to convert the DHCP request packets to routable unicast packets with IP Destination = address specified in the ip helper-address command and the internal gi-address is populated with IP of the receiving L3 interface so that the DHCP server can pick up a free IP address from the correct DHCP scope = correct IP subnet.

PBR by itself is not a substitute of  ip helper-address command it can policy route only routable traffic and packets with a broadcast destination are not routable.

Keep the ip helper-address commands in your configuration.

 

Hope to help

Giuseppe

 

chasby
Level 1
Level 1
In response to Giuseppe Larosa

‎04-26-2021 09:45 AM

The issue I face is what happens if the local Infoblox fails (as it
recently did). The site would be left with no DHCP resources.
0 Helpful
Customers Also Viewed These Support Documents