[Kea-users] kea answers to relay using giaddr instead of source address. any way to fix?
Jason Lixfeld
jason-kea at lixfeld.ca
Thu Sep 28 11:54:39 UTC 2017
Hi,
> On Sep 28, 2017, at 5:49 AM, Sergey Klusov <_lion_2000 at mail.ru> wrote:
>
> On Чт 28.09.2017 14:37, Francis Dupont wrote:
>> IMHO the simplest is to write a little hook which resets the giaddr,
>> or to understand why the client or relay sets it and fix this.
>>
>> Regards
>>
>> Francis Dupont <fdupont at isc.org>
>>
> Client is a mikrotik router with some specific setup: lan segment which it runs relay for is in VRF instance, but there is a limitation in RouterOS that dhcp-relay destination will be contacted using main routing table.
If your relay supports RFC3527, it will reset giaddr to the IP of the relay’s outbound server facing interface instead of the IP of the relay’s inbound, client facing interface. It will also then encode the subnet of the interface that the packet arrived on at the relay into option 82 sub option 5.
In Cisco, this is usually enabled using the ‘vpn’ keyword with the 'ip dhcp relay information option’ command.
I believe that Kea will then be able to use sub option 5 to select the correct subnet, but in my particular use case, I use RFC3527 only in my lab (I cannot use that feature in production) and I match remote-id in a client-class and include that class in the appropriate subnet declaration, so I don’t honestly know if Kea will use sub option 5 as intended. I could try if you’d like?
Standard:
14:58:26.420087 IP (tos 0x0, ttl 253, id 36242, offset 0, flags [none], proto UDP (17), length 343)
10.219.45.114.67 > 10.219.66.10.67: [udp sum ok] BOOTP/DHCP, Request from 00:01:47:dc:fa:5a, length 315, hops 1, xid 0xe53cd04, Flags [none] (0x0000)
Gateway-IP 10.63.255.1
Client-Ethernet-Address 00:01:47:dc:fa:5a
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 8: "1448201"
Parameter-Request Option 55, length 14:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, Lease-Time, DHCP-Message
Server-ID, TFTP, NTP, Time-Zone
Option 120, Classless-Static-Route
Vendor-Class Option 60, length 20: "ZNID-GE-2628A-NA-0GN"
Agent-Information Option 82, length 21:
Circuit-ID SubOption 1, length 6: ^@^D^L7^BP
Remote-ID SubOption 2, length 11: ^A^Irgw01.lab
END Option 255, length 0
14:58:26.429253 IP (tos 0x0, ttl 64, id 12783, offset 0, flags [DF], proto UDP (17), length 368)
10.219.66.10.67 > 10.63.255.1.67: [bad udp cksum 0x5793 -> 0x77ad!] BOOTP/DHCP, Reply, length 340, hops 1, xid 0xe53cd04, Flags [none] (0x0000)
Your-IP 10.63.255.115
Gateway-IP 10.63.255.1
Client-Ethernet-Address 00:01:47:dc:fa:5a
file "26xx_current/S0300608"[|bootp]
RFC3527:
15:10:33.158538 IP (tos 0x0, ttl 253, id 36799, offset 0, flags [none], proto UDP (17), length 380)
10.219.45.114.67 > 10.219.66.10.67: [udp sum ok] BOOTP/DHCP, Request from 00:01:47:e3:2f:60, length 352, hops 1, xid 0x507b2ecb, Flags [none] (0x0000)
Gateway-IP 10.219.45.114
Client-Ethernet-Address 00:01:47:e3:2f:60
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 8: "1488880"
Parameter-Request Option 55, length 14:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, Lease-Time, DHCP-Message
Server-ID, TFTP, NTP, Time-Zone
Option 120, Classless-Static-Route
Vendor-Class Option 60, length 20: "ZNID-GE-2628A-00-0GN"
Agent-Information Option 82, length 58:
Circuit-ID SubOption 1, length 6: ^@^D^L7^B^A
Remote-ID SubOption 2, length 11: ^A^Irgw01.lab
Unknown SubOption 151, length 23:
0x0000: 0072 6573 6964 656e 7469 616c 2d6d 616e
0x0010: 6167 656d 656e 74
Unknown SubOption 5, length 4:
0x0000: 0a3f ff00
Unknown SubOption 152, length 4:
0x0000: 0a3f ff01
END Option 255, length 0
15:10:33.169563 IP (tos 0x0, ttl 64, id 61753, offset 0, flags [DF], proto UDP (17), length 405)
10.219.66.10.67 > 10.219.45.114.67: [bad udp cksum 0x86c4 -> 0x8fae!] BOOTP/DHCP, Reply, length 377, hops 1, xid 0x507b2ecb, Flags [none] (0x0000)
Your-IP 10.63.255.16
Gateway-IP 10.219.45.114
Client-Ethernet-Address 00:01:47:e3:2f:60
file "26xx_current/S0300608"[|bootp]
> Because of that, relay messages are sent out-of-band, using different interface.
>
> Right now i'm working on supplying additional option 82 information to kea, by wich it should select appropriate subnet.
>
> 14:30:40.033857 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 360)
> x.x.x.156.67 > x.x.x.90.67: [udp sum ok] BOOTP/DHCP, Request from f4:8b:32:a3:79:3f, length 332, hops 1, xid 0xa111bece, secs 17, Flags [none] (0x0000)
> Gateway-IP x.x.x.156
> Client-Ethernet-Address f4:8b:32:a3:79:3f
> Vendor-rfc1048 Extensions
> Magic Cookie 0x63825363
> DHCP-Message Option 53, length 1: Discover
> Client-ID Option 61, length 7: ether f4:8b:32:a3:79:3f
> MSZ Option 57, length 2: 1500
> Vendor-Class Option 60, length 18: "android-dhcp-6.0.1"
> Hostname Option 12, length 17: "MINOTELTE-MiPhone"
> Parameter-Request Option 55, length 9:
> Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
> MTU, BR, Lease-Time, RN
> RB
> Agent-Information Option 82, length 23:
> Circuit-ID SubOption 1, length 6: M-~^K.M-AM-tz
> Remote-ID SubOption 2, length 13: 100.101.101.0
>
> Can someone tell me how to make kea select subnet 100.101.101.0/24 by Remote-ID "100.101.101.0" suboption and giaddr?
>
> Should i define some class and apply it to subnet?
>
> _______________________________________________
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
More information about the Kea-users
mailing list