Re: Nexus 9k. DHCP relay agent on IP unnumbered interface

mpechnikov · ‎02-25-2025

Hello community,

I have troubles with DHCP relay agent on IP unnumbered interface on Nexus 9k, NXOS: version 9.3(7).

My simplified config:

ip dhcp relay
ip dhcp relay information option
ip dhcp relay sub-option circuit-id customized
ip dhcp relay information option vpn

vrf context red
 ip route 192.168.10.100/32 Vlan10

interface Vlan50
  no shutdown
  no autostate
  vrf member red
  no ip redirects
  ip address 192.168.10.1/24

interface Vlan10
  no shutdown
  vrf member red
  no ip redirects
  ip unnumbered Vlan50
  ip proxy-arp
  ip local-proxy-arp
  ip dhcp relay address 10.52.0.191 use-vrf default
  ip dhcp relay source-interface loopback1

interface Ethernet1/43
  switchport
  switchport mode trunk
  switchport trunk native vlan 10
  switchport trunk allowed vlan 10,20
  no shutdown

The switch receives the DHCPDISCOVER from the client in vlan10 and re-sends it to the remote DHCP server. The switch successfully receives DHCPOFFER from the server. But after that the switch tries to send DHCPOFFER in vlan 50. Here is some debug output:

dhcp_snoop: (T) Enter Fn dhcp_relay_send_reply2client
dhcp_snoop: (PKT) Removed relay option82
dhcp_snoop: (T) 1: dhcp_relay_build_reply_pkt: vrf_name:red, vrf_id:4, logical_ifh:0x9010032(166), phy_ifh:0x0(0)
dhcp_snoop: (PKT) IfIndex 9010032, mac 14 23 f2 f0 00 30 , action 2 vlan 50 vdc 1
dhcp_snoop: (PKT) Adding query ref
dhcp_snoop: (T) Received Msg with opcode 21514 and id 1670668316
dhcp_snoop: (T) PPF process message status -1
dhcp_snoop: (T) Calling sysmgr_dispatch for opcode 540a
dhcp_snoop: (EV) Executing [mcecm_process_msg]
dhcp_snoop: (PKT) In dhcp_l2_mac_lkup_rsp_handler
dhcp_snoop: (EV) Executing [mcecm_api_is_pc_mct]
dhcp_snoop: (ERR) NET_L2_SEND_INFO_FLAGS_FLOOD 
dhcp_snoop: (PKT) phy_intf: 0x0 
dhcp_snoop: (PKT)  DHCPOFFER on Intf Vlan50(166), phy (0), vlan 50, vni 0, pvlan 0, vdc 1, vrf red 
dhcp_snoop: (PKT) UDP: sport 67, dport 68, len 276 
dhcp_snoop: (PKT) Dst mac: 14 23 f2 f0 00 30 
dhcp_snoop: (T) Session is not open hence return FALSE
dhcp_snoop: (T) Received Msg with opcode 6483 and id 3093556749

Obviously DHCPOFFER can't reach the client because the client lives in vlan10.

When I configure IP address manually on the client routing works without any problems with such config. I tried to enable DHCP snooping and A LOT of other commands. But without success. It seems to me that DHCP relay agent doesn't support this scenario, but maybe someone has an advice for me.

Thank you.

AshSe · ‎02-25-2025

Hi @mpechnikov

May I suggest you to draw and share this issue w.r.t. DHCP traffic flow for better clarity. Meanwhile pfb my one cent finding of issue narrated by you:

The issue you're encountering is related to the behavior of the DHCP relay agent on the Nexus 9K when using an IP unnumbered interface. The DHCP relay agent is attempting to send the DHCPOFFER to the client on the wrong VLAN (VLAN 50 instead of VLAN 10). This is likely due to the fact that the IP unnumbered interface (Vlan10) is borrowing its IP address from Vlan50, and the relay agent is associating the response with the wrong VLAN.

Unfortunately, DHCP relay on IP unnumbered interfaces is not fully supported in all scenarios on Nexus switches, especially when it comes to relaying DHCP responses back to the client. This is a known limitation in some NX-OS versions, including the one you're using (9.3(7)).

Hope This Helps!!!

AshSe

Community Etiquette:

Insert photos/images inline - don't attach.
Always mark helpful and correct answers, it helps others find what they need.
For a prompt reply, kindly tag @name. An email will be automatically sent to the member.