DHCP Problem

r.cabello.chacon · November 22, 2021, 7:14pm

Hi all, I´m becoming crazy with a dhcp problem, I´m not able to know what´s going on. The scenario is the next:

R1-Core(dhcp_server)->vEdge->Overlay->vEdge-R2->R3(acting as SDA handoff via bgp)->Server(vlan guest)

The scenario is the same for several sites, all omp routes are redistributed and from vlan users I´m able to ping other sites same vpn etc… also able to perform internet access.

In R1 I create a dhcp server for the guest users under it´s own vrf and create a loopback and distribute it under bgp, all sites see it.

Then in R3 under it´s vlan ip configured the ip-helper pointing to the R1 loopback interface, I configure a server´s interface under dhcp but no ip is binded. I get the next debugs:

R1(Core):

*Nov 22 19:07:53.137: DHCPD: client's VPN is .
*Nov 22 19:07:53.137: DHCPD: No option 125
*Nov 22 19:07:53.137: DHCPD: Option 125 not present in the msg.
*Nov 22 19:07:53.137: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d61.6162.622e.6363.3030.2e31.3030.302d.4574.302f.30 through relay 10.5.199.1.
*Nov 22 19:07:53.137: DHCPD: Option 125 not present in the msg.

Server(router acting as it):

GUES-2#....
*Nov 22 19:09:01.081:    Next timer fires after: 00:00:04
*Nov 22 19:09:01.081:    Retry count: 1   Client-ID: cisco-aabb.cc00.1000-Et0/0
*Nov 22 19:09:01.081:    Client-ID hex dump: 636973636F2D616162622E636330302E
*Nov 22 19:09:01.081:                        313030302D4574302F30
*Nov 22 19:09:01.081:    Hostname: GUES-2
*Nov 22 19:09:01.081: DHCP: SDiscover placed lease len option: 86400
*Nov 22 19:09:01.081: DHCP: SDiscover placed class-id option: 636973636F706E70
*Nov 22 19:09:01.081: DHCP: SDiscover: sending 311 byte length DHCP packet
*Nov 22 19:09:01.081: DHCP: SDiscover 311 bytes 
*Nov 22 19:09:01.081:             B'cast on Ethernet0/0 interface from 0.0.0.0
GUES-2#....
*Nov 22 19:09:04.192: DHCP: SDiscover attempt # 2 for entry:
*Nov 22 19:09:04.192: Temp IP addr: 0.0.0.0  for peer on Interface: Ethernet0/0
*Nov 22 19:09:04.192: Temp  sub net mask: 0.0.0.0
*Nov 22 19:09:04.192:    DHCP Lease server: 0.0.0.0, state: 3 Selecting
*Nov 22 19:09:04.192:    DHCP transaction id: 1125
*Nov 22 19:09:04.192:    Lease: 86400 secs,  Renewal: 0 secs,  Rebind: 0 secs
*Nov 22 19:09:04.192:    Next timer fires after: 00:00:04
*Nov 22 19:09:04.192:    Retry count: 2   Client-ID: cisco-aabb.cc00.1000-Et0/0
*Nov 22 19:09:04.192:    Client-ID hex dump: 636973636F2D616162622E636330302E
*Nov 22 19:09:04.192:                        313030302D4574302F30
GUES-2#....
*Nov 22 19:09:04.192:    Hostname: GUES-2
*Nov 22 19:09:04.192: DHCP: SDiscover placed lease len option: 86400
*Nov 22 19:09:04.192: DHCP: SDiscover placed class-id option: 636973636F706E70
*Nov 22 19:09:04.192: DHCP: SDiscover: sending 311 byte length DHCP packet
*Nov 22 19:09:04.192: DHCP: SDiscover 311 bytes 
*Nov 22 19:09:04.192:             B'cast on Ethernet0/0 interface from 0.0.0.0

The config is the next:

----------------------------------------------------R1----------------------------------------------------------------------------------

ip dhcp excluded-address vrf GUEST 10.5.199.1 10.5.199.100
ip dhcp pool br20_guest
 vrf GUEST
 network 10.5.199.0 255.255.255.0
 default-router 10.5.199.1 
 option 125 ip 10.5.199.1 
!
interface Loopback0
 vrf forwarding GUEST
 ip address 10.2.255.211 255.255.255.255
!

----------------------------------------------------------R3-----------------------------------------------------------------------------

interface Vlan199
 description GUEST
 vrf forwarding vpn55 -> in another vrf due the "simulation of SDA handoff"
 ip address 10.5.199.1 255.255.255.0
 ip helper-address 10.2.255.211 

show ip route vrf vpn55
B        10.2.123.0/24 [20/1000] via 55.55.51.1, 00:37:04
**B        10.2.255.211/32 [20/1000] via 55.55.51.1, 00:37:04**
B        10.4.199.0/24 [20/1000] via 55.55.51.1, 00:37:04
C        10.5.199.0/24 is directly connected, Vlan199
L        10.5.199.1/32 is directly connected, Vlan199
B        10.6.199.0/24 [20/1000] via 55.55.51.1, 00:37:04

We can see the R1 loopback in vrf RIB, I´m able to ping it:

ping vrf vpn55 10.2.255.211
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.255.211, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 41/66/86 ms

So that´s the problem I have, I don´t know really what is going on.

Thanks in advance.

lagapidis · November 25, 2021, 9:37am

Hello Ruben

After doing some research, I believe that the issue may have to do with the way Cisco creates a client ID. I’ve seen some examples where this very behavior takes place:

The DHCP DISCOVER packet is sent from the client and received by the server
The server outputs a syslog message about option 125
The client never gets an IP address

I have seen this issue resolved by simply changing the way the client ID is displayed. Since you are using a Cisco router to act as the server, it is using the Cisco client ID format. Try changing this format by using the following command on the DHCP enabled interface (assuming it is Ethernet0/0 from the output above):

R1(config)#interface Ethernet 0/0
R1(config-if)#ip address dhcp client-id Ethernet 0/0

The command above tells the router to use the MAC address on the Ethernet 0/0 interface as the client ID. More info about this particular feature of DHCP on IOS devices can be found here:

This change has resolved the issue in other cases, especially those using a DHCP server that is not Cisco. I know your case is slightly different, but you may want to try it out.

Let us know how you get along! If it doesn’t work, let us know so that we can further help in your troubleshooting procedures…

I hope this has been helpful!

Laz

r.cabello.chacon · November 25, 2021, 11:51am

Hello Lazaros, thanks so much for your response, I tried it in the lab right now It hasn´t worked, now the message is different in router acting as server debug:

*Nov 25 11:45:50.411: DHCPD: client's VPN is .
*Nov 25 11:45:50.411: DHCPD: No option 125
*Nov 25 11:45:50.411: DHCPD: Option 125 not present in the msg.
*Nov 25 11:45:50.411: DHCPD: DHCPDISCOVER received from client 01aa.bbcc.0010.00 through relay 10.5.199.1.
*Nov 25 11:45:50.411: DHCPD: Option 125 not present in the msg.

Now we can see the subinterface IP where the helper is configured and aabb.cc00.1000 which is the mac address of the client where I configured what you told me.

In the client the debug message is:

Nov 25 11:48:50.626: DHCP: SDiscover attempt # 3 for entry:
*Nov 25 11:48:50.626: Temp IP addr: 0.0.0.0  for peer on Interface: Ethernet0/0
*Nov 25 11:48:50.626: Temp  sub net mask: 0.0.0.0
*Nov 25 11:48:50.626:    DHCP Lease server: 0.0.0.0, state: 3 Selecting
*Nov 25 11:48:50.626:    DHCP transaction id: 14CA
*Nov 25 11:48:50.626:    Lease: 0 secs,  Renewal: 0 secs,  Rebind: 0 secs
*Nov 25 11:48:50.626:    Next timer fires after: 00:00:04
*Nov 25 11:48:50.626:    Retry count: 3   Client-ID: aabb.cc00.1000
*Nov 25 11:48:50.626:    Client-ID hex dump: AABBCC001000
*Nov 25 11:48:50.626:    Hostname: GUES-2
*Nov 25 11:48:50.626: DHCP: SDiscover placed class-id option: 636973
GUES-2#636F706E70
*Nov 25 11:48:50.626: DHCP: SDiscover: sending 285 byte length DHCP packet
*Nov 25 11:48:50.626: DHCP: SDiscover 285 bytes 
*Nov 25 11:48:50.626:             B'cast on Ethernet0/0 interface from 0.0.0.0
GUES-2#
*Nov 25 11:48:54.632: DHCP: QScan: Timed out Selecting state
GUES-2#%Unknown DHCP problem.. No allocation possible
*Nov 25 11:49:03.575: DHCP: Waiting for 50 seconds on interface Ethernet0/0

Thanks in advance.

lagapidis · November 27, 2021, 6:54am

Hello Ruben

In both cases, the DHCP server is receiving the DISCOVER packet, but now, with this change, we see clearly that the client is timing out. Specifically, it says:

*Nov 25 11:48:54.632: DHCP: QScan: Timed out Selecting state
GUES-2#%Unknown DHCP problem.. No allocation possible

Because your scenario is so specialized, it’s difficult for me to reproduce in a lab to examine and verify your results. However, I have found the following that may be helpful in your troubleshooting:

First of all notice the following two debugs:

*Nov 25 11:48:50.626:    DHCP Lease server: 0.0.0.0, state: 3 Selecting
...
*Nov 25 11:48:54.632: DHCP: QScan: Timed out Selecting state
GUES-2#%Unknown DHCP problem.. No allocation possible

This indicates that a UDP discovery packet has been sent. The other message states that the response to that discovery packet has timed out. We also see that the DHCP server has received the packet.

Now, the next step is to find out why the client is not receiving a response. You should debug DHCP events and packets on the server, as well as on the relay agent to see if a DHCP OFFER is being sent by the server, and if so, to also see if it has been relayed by the relay agent. In other words, find out where the DHCP process stops.

One additional thing to keep in mind is the message that states “Option 125 not present in the msg”. This seems to indicate that there is an issue with the option being relayed by the DHCP relay agent. Why is this option being requested by the DHCP server? Option 125 is used for vendor-specific information. This is typically used to ensure that the proper scopes are being applied to the appropriate network segments, especially when you are using different vendors. Is your network fully Cisco or are you using other vendors as well? See if you can eliminate the need for this option. Also keep in mind that the relay agent may be removing this option before it gets to the server, possibly causing the issue.

Take a look at these links that may heklp you out in the troubleshooting process:

I hope this has been helpful!

Laz