12-20-2023 12:50 AM
In a NX-OS VPC environment with SVI on the Distribution Switches it's not possible to get a DHCP Client DISCOVER (L2 Broadcast / L3 Broadcast) through the SVI nodes. According to Differences between DHCP relay on the Nexus7000/NXOS and IP Helper on the 6500/IoS - Cisco Community the SVI intercept the IP Broadcast and packet is not L2 forwarded to the access switch where the DHCP server resides. All variants without relay at all or relay to DHCP server address, directed broadcast address, ip broadcast fails. DHCP server is masked to act only to Destination IP's 255.255.255.255 and SVI will send DISCOVER as unicast to 10.99.99.225.
Any ideas how to get it work, ie. die Client broadcast is forwarded in the broadcastdomain even SVI is present?
Solved! Go to Solution.
12-26-2023 11:42 PM
Hi MHM
Yes, of course both VPC peers SVI is configured in symmetrical fashion. But i think we can stop in investigating here. Having a closer look at the sniffer ttrace it seems a misbehavior of the DHCP Server. Two packets in green 3ms after the ICMP unreachable shows a proper DHCPOFFER relay to the local IP Broadcast Address
03-14-2024 05:30 AM
As we are within a subnet, each edge switch uses it's own Hash to select an uplink. That means, as long we do not have orphan ports L2 packets are switches on left or right VPC peer, never using VPC Peer link. So your drawing should also show green lines passing through left VPC Peer.
Anyway, my conclusion is as stated above, not the network infrastructure is a problem even dGW with helper is intercepting the broadcast traffic by default.
The problem is on this go-via appliance which is not accepting unicast traffic but broadcast only.
12-20-2023 01:25 AM
Can you try put server in different subnet and use ip helper.
MHM
12-20-2023 01:47 AM
Nice try. The DHCP server is something special. GitHub - maxiepax/go-via: go-via is a deployment tool for imaging and customising VMware ESXi Hypervisors.
And a trace we made on the server shows that if Source is an unicast IP it's replyed with ICMP Port unreachable. If DISCOVER arrives as 255.255.255.255 it is answered with OFFER.
12-20-2023 02:20 AM
Are the PO of SW that client and Server connect to UP pending?
Did you add
Feature dhcp
Ip dhcp relay
ip dhcp relay sub-option type cisco
No ip dhcp relay information option vpn
Do above and check again
MHM
12-20-2023 02:49 AM
These are the options i have running NX-OS 8.2(4)
ip dhcp relay ?
address Configure DHCP server to refer to
information Relay agent information option
source-address Configure source address for DHCPv4 relay
source-interface Configure source interface for DHCP relay
subnet-broadcast Configure DHCP relay subnet-broadcast on interface
12-25-2023 11:13 PM
Sorry to continue or not' did you solve this issue?
Thanks
MHM
12-26-2023 12:25 AM
12-26-2023 12:34 AM
Ok' let start
Did you config SVI for client and for DHCP server in both NSK?
Can you share the config
Thanks
MHM
12-26-2023 11:42 PM
Hi MHM
Yes, of course both VPC peers SVI is configured in symmetrical fashion. But i think we can stop in investigating here. Having a closer look at the sniffer ttrace it seems a misbehavior of the DHCP Server. Two packets in green 3ms after the ICMP unreachable shows a proper DHCPOFFER relay to the local IP Broadcast Address
12-27-2023 06:15 AM
for me it not clear to me the solution, if you want to
I need to know the GW of DHCP server point to HSRP or VLAN IP ?
MHM
12-27-2023 06:42 AM
All statically configured endpoints are using HSRP as their dGW
interface Vlan99
no shutdown
vrf member TEST
no ip redirects
ip address 10.99.99.253/24
no ipv6 redirects
no ip arp gratuitous hsrp duplicate
hsrp version 2
hsrp 1
ip 10.99.99.254
12-27-2023 10:10 PM
03-14-2024 05:30 AM
As we are within a subnet, each edge switch uses it's own Hash to select an uplink. That means, as long we do not have orphan ports L2 packets are switches on left or right VPC peer, never using VPC Peer link. So your drawing should also show green lines passing through left VPC Peer.
Anyway, my conclusion is as stated above, not the network infrastructure is a problem even dGW with helper is intercepting the broadcast traffic by default.
The problem is on this go-via appliance which is not accepting unicast traffic but broadcast only.
03-14-2024 07:32 AM
I have now 9K in lab I will do more test and update you
MHM
03-18-2024 02:08 PM
the lab is work the relay is work as I config, test many times
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide