DHCP Offer dropped by DLR set as DHCP relay
search cancel

DHCP Offer dropped by DLR set as DHCP relay

book

Article ID: 330299

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • DLR is configured as DHCP Relay.
  • Client VM does not get an IP address.
  • Packet capture on vdrPort egress shows the DHCP Request sent to the DHCP Server.

    [root@HQ-ESXi-Edge-02a:~] pktcap-uw --switchport 83886087 --dir 0 -o - | tcpdump-uw -enr - udp port 67
reading from file -, link-type EN10MB (Ethernet)
10:24:21.059499 02:50:56:##:##:## > 00:50:56:82:78:8c, ethertype IPv4 (0x0800), length 342: 10.151.231.2.67 > 172.16.3.4.67: BOOTP/DHCP, Request from 00:50:56:##:##:##, length 300
  • Packet capture on vdrPort ingress shows the DHCP Request received from the client VM and the DHCP Offer received from the DHCP Server.

    [root@HQ-ESXi-Edge-02a:~] pktcap-uw --switchport 83886087 --dir 1 -o - | tcpdump-uw -enr - udp port 67
reading from file -, link-type EN10MB (Ethernet)
10:27:07.602833 00:50:56:##:##:## > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:50:56:87:97:21, length 300
10:27:07.609975 00:50:56:##:##:## > 02:50:56:##:##:##, ethertype IPv4 (0x0800), length 342: 172.16.3.4.67 > 10.151.231.2.67: BOOTP/DHCP, Reply, length 300
  • The DHCP Offer is not seen in egress as relayed by the DLR to the VM.

Cause

The DLR instance will validate the DHCP Offer being relaying it to the client VM. If the DHCP Offer is considered as invalid, the packet will be dropped.
For instance, Option 3 in DHCP Offer (default gateway for the DHCP client) must be set as the IP address of a LIF. If not, the packet will be dropped by the DLR.

For troubleshooting, increasing the logging on the DLR may be useful:

net-vdr --instance -o setTunables -n dpLogLevel -v 3 vdr-instance-name


Example:​

[root@HQ-ESXi-Edge-02a:~] net-vdr --instance -o setTunables -n dpLogLevel -v 3 default+edge-6


In normal situation:

2018-01-15T10:01:21.983Z cpu4:37970)vdrb: VdrProcessDhcpClientReq:357: [0x1388:13880000000c:2] Relaying: 10.151.231.2 -> 172.16.3.4 chaddr = 00:50:56:87:97:21
2018-01-15T10:01:21.987Z cpu5:39279)vdrb: VdrProcessDhcpServerRsp:501: [0x1388:13880000000c:2] Sending reply: 10.151.231.2 / 02:50:56:56:44:52 -> 10.151.231.125 / 00:50:56:87:97:21


If the DHCP Offer is dropped:

2018-01-15T10:03:05.026Z cpu5:33299)vdrb: VdrProcessDhcpClientReq:357: [0x1388:13880000000c:2] Relaying: 10.151.231.2 -> 172.16.3.4 chaddr = 00:50:56:87:97:21
2018-01-15T10:03:05.030Z cpu0:33169)vdrb: VdrValidateDhcpRspOptions:239: [0x1388:13880000000c:2] Invalid routers option(len = 4): Expected 10.151.231.2
2018-01-15T10:03:05.030Z cpu0:33169)vdrb: VdrProcessDhcpServerRsp:444: [0x1388:13880000000c:2] Invalid options in DHCP response: Dropping



To revert the logging level:

net-vdr --instance -o setTunables -n dpLogLevel -v 0 vdr-instance-name

Resolution


This is a known issue affecting VMware NSX Data Center for vSphere. Contact Broadcom support for assistance with resolving this issue.

Powered by Wolken Software