[Kea-users] Kea src IP incorrect

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kea-users] Kea src IP incorrect

Jason Lixfeld
Hi,

I have a use case where requests are received on one interface, and responses are transmitted on another interface.  In ISC, this seems to have always worked as expected, but in Kea, it seems that responses are transmitted with the srcIP of the receiving interface, instead of the srcIP of the interface that is expected to transmit the response.

i.e.:

13:06:46.816502 IP (tos 0x0, ttl 253, id 48919, offset 0, flags [none], proto UDP (17), length 349)
    10.219.45.114.67 > 10.219.66.10.67: [udp sum ok] BOOTP/DHCP, Request from 00:01:47:2d:7a:d0, length 321, hops 1, xid 0x1e875e1f, Flags [none] (0x0000)
          Gateway-IP 10.63.255.1
          Client-Ethernet-Address 00:01:47:2d:7a:d0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 8: "0298056"
            Requested-IP Option 50, length 4: 10.63.255.84
            Parameter-Request Option 55, length 14:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, Lease-Time, DHCP-Message
              Server-ID, TFTP, NTP, Time-Zone
              Option 120, Classless-Static-Route
            Vendor-Class Option 60, length 20: "ZNID-GE-2628A-00-0GN"
            Agent-Information Option 82, length 21:
              Circuit-ID SubOption 1, length 6: ^@^D^L7^B^B
              Remote-ID SubOption 2, length 11: ^A^Irgw01.lab
            END Option 255, length 0
13:06:46.824359 IP (tos 0x0, ttl 64, id 43882, offset 0, flags [DF], proto UDP (17), length 376)
    10.219.66.10.67 > 10.63.255.1.67: [bad udp cksum 0x579b -> 0x037e!] BOOTP/DHCP, Reply, length 348, hops 1, xid 0x1e875e1f, Flags [none] (0x0000)
          Your-IP 10.63.255.84
          Gateway-IP 10.63.255.1
          Client-Ethernet-Address 00:01:47:2d:7a:d0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            Subnet-Mask Option 1, length 4: 255.255.255.0
            Domain-Name-Server Option 6, length 8: 66.207.192.4,206.223.173.6
            Lease-Time Option 51, length 4: 60
            DHCP-Message Option 53, length 1: Offer
            Server-ID Option 54, length 4: 10.219.66.10
            RN Option 58, length 4: 900
            RB Option 59, length 4: 1800
            Client-ID Option 61, length 8: "0298056"
            TFTP Option 66, length 11: "10.63.255.1"
            Classless-Static-Route Option 121, length 16: (10.32.0.0/24:10.63.255.1),(10.32.11.0/24:10.63.255.1)
            Agent-Information Option 82, length 21:
              Circuit-ID SubOption 1, length 6: ^@^D^L7^B^B
              Remote-ID SubOption 2, length 11: ^A^Irgw01.lab
            END Option 255, length 0

root@kea1:/usr/local/etc/kea# ip route
default via 10.219.66.1 dev ens32 onlink
10.32.0.0/11 dev ens34 scope link
10.32.0.32/28 dev ens34 proto kernel scope link src 10.32.0.40
10.219.66.0/24 dev ens32 proto kernel scope link src 10.219.66.10
root@kea1:/usr/local/etc/kea#

OFFER is being sent to 10.63.255.1, but sourced from 10.219.66.10, when it should be sourced from 10.32.0.40.

I can’t seem to adjust option 54 to force the server ID (which may be the whole issue to begin with?):

2017-09-13 13:31:33.238 DEBUG [kea-dhcp4.bad-packets/522] DHCP4_PACKET_DROP_0007 [hwtype=1 00:01:47:2d:7a:d0], cid=[00:30:32:39:38:30:35:36], tid=0x52055156: failed to process packet: Option 54 already present in this message.

{
        "client-class" : "rgw01.lab",
        "subnet": "10.63.255.0/24",
        "valid-lifetime": 60,
        "option-data": [
                {
                        "name": "domain-name-servers",
                        "code": 6,
                        "space": "dhcp4",
                        "csv-format": true,
                        "data": "66.207.192.4, 206.223.173.6"
                },
                {
                        "name": "tftp-server-name",
                        "data": "10.63.255.1"
                },
                {
                        "name" : "dhcp-server-identifier",
                        "code" : 54,
                        "space" : "dhcp4",
                        "csv-format" : true,
                        "data" : "10.63.255.1"
                },
                {
                        "name": "classless-static-routes",
                        "data": "180A20000A3FFF01180A200B0A3FFF01"
                }
        ],
        "pools": [
                {
                        "pool": "10.63.255.2 - 10.63.255.254"
                }
        ],
        "reservations": [
                {
                        "flex-id": "010972677730312e6c616200040c370201",
                        "ip-address": "10.63.255.69",
                        "boot-file-name": "byor/26xx_current/S0300608"
                }
        ]
}


Any pointers?

Thanks!


_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] Kea src IP incorrect

Jason Lixfeld
Edit:

Disregard the part about option 54. Upon further consideration, it likely has nothing at all to due with the issue of responses having a srcIP of the incoming interface, instead of the outgoing interface.

Thanks in advance for any tips!

> On Sep 13, 2017, at 1:34 PM, Jason Lixfeld <[hidden email]> wrote:
>
> Hi,
>
> I have a use case where requests are received on one interface, and responses are transmitted on another interface.  In ISC, this seems to have always worked as expected, but in Kea, it seems that responses are transmitted with the srcIP of the receiving interface, instead of the srcIP of the interface that is expected to transmit the response.
>
> i.e.:
>
> 13:06:46.816502 IP (tos 0x0, ttl 253, id 48919, offset 0, flags [none], proto UDP (17), length 349)
>    10.219.45.114.67 > 10.219.66.10.67: [udp sum ok] BOOTP/DHCP, Request from 00:01:47:2d:7a:d0, length 321, hops 1, xid 0x1e875e1f, Flags [none] (0x0000)
>  Gateway-IP 10.63.255.1
>  Client-Ethernet-Address 00:01:47:2d:7a:d0
>  Vendor-rfc1048 Extensions
>    Magic Cookie 0x63825363
>    DHCP-Message Option 53, length 1: Discover
>    Client-ID Option 61, length 8: "0298056"
>    Requested-IP Option 50, length 4: 10.63.255.84
>    Parameter-Request Option 55, length 14:
>      Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
>      Domain-Name, BR, Lease-Time, DHCP-Message
>      Server-ID, TFTP, NTP, Time-Zone
>      Option 120, Classless-Static-Route
>    Vendor-Class Option 60, length 20: "ZNID-GE-2628A-00-0GN"
>    Agent-Information Option 82, length 21:
>      Circuit-ID SubOption 1, length 6: ^@^D^L7^B^B
>      Remote-ID SubOption 2, length 11: ^A^Irgw01.lab
>    END Option 255, length 0
> 13:06:46.824359 IP (tos 0x0, ttl 64, id 43882, offset 0, flags [DF], proto UDP (17), length 376)
>    10.219.66.10.67 > 10.63.255.1.67: [bad udp cksum 0x579b -> 0x037e!] BOOTP/DHCP, Reply, length 348, hops 1, xid 0x1e875e1f, Flags [none] (0x0000)
>  Your-IP 10.63.255.84
>  Gateway-IP 10.63.255.1
>  Client-Ethernet-Address 00:01:47:2d:7a:d0
>  Vendor-rfc1048 Extensions
>    Magic Cookie 0x63825363
>    Subnet-Mask Option 1, length 4: 255.255.255.0
>    Domain-Name-Server Option 6, length 8: 66.207.192.4,206.223.173.6
>    Lease-Time Option 51, length 4: 60
>    DHCP-Message Option 53, length 1: Offer
>    Server-ID Option 54, length 4: 10.219.66.10
>    RN Option 58, length 4: 900
>    RB Option 59, length 4: 1800
>    Client-ID Option 61, length 8: "0298056"
>    TFTP Option 66, length 11: "10.63.255.1"
>    Classless-Static-Route Option 121, length 16: (10.32.0.0/24:10.63.255.1),(10.32.11.0/24:10.63.255.1)
>    Agent-Information Option 82, length 21:
>      Circuit-ID SubOption 1, length 6: ^@^D^L7^B^B
>      Remote-ID SubOption 2, length 11: ^A^Irgw01.lab
>    END Option 255, length 0
>
> root@kea1:/usr/local/etc/kea# ip route
> default via 10.219.66.1 dev ens32 onlink
> 10.32.0.0/11 dev ens34 scope link
> 10.32.0.32/28 dev ens34 proto kernel scope link src 10.32.0.40
> 10.219.66.0/24 dev ens32 proto kernel scope link src 10.219.66.10
> root@kea1:/usr/local/etc/kea#
>
> OFFER is being sent to 10.63.255.1, but sourced from 10.219.66.10, when it should be sourced from 10.32.0.40.
>
> I can’t seem to adjust option 54 to force the server ID (which may be the whole issue to begin with?):
>
> 2017-09-13 13:31:33.238 DEBUG [kea-dhcp4.bad-packets/522] DHCP4_PACKET_DROP_0007 [hwtype=1 00:01:47:2d:7a:d0], cid=[00:30:32:39:38:30:35:36], tid=0x52055156: failed to process packet: Option 54 already present in this message.
>
> {
>        "client-class" : "rgw01.lab",
>        "subnet": "10.63.255.0/24",
>        "valid-lifetime": 60,
>        "option-data": [
>                {
>                        "name": "domain-name-servers",
>                        "code": 6,
>                        "space": "dhcp4",
>                        "csv-format": true,
>                        "data": "66.207.192.4, 206.223.173.6"
>                },
>                {
>                        "name": "tftp-server-name",
>                        "data": "10.63.255.1"
>                },
>                {
>                        "name" : "dhcp-server-identifier",
>                        "code" : 54,
>                        "space" : "dhcp4",
>                        "csv-format" : true,
>                        "data" : "10.63.255.1"
>                },
>                {
>                        "name": "classless-static-routes",
>                        "data": "180A20000A3FFF01180A200B0A3FFF01"
>                }
>        ],
>        "pools": [
>                {
>                        "pool": "10.63.255.2 - 10.63.255.254"
>                }
>        ],
>        "reservations": [
>                {
>                        "flex-id": "010972677730312e6c616200040c370201",
>                        "ip-address": "10.63.255.69",
>                        "boot-file-name": "byor/26xx_current/S0300608"
>                }
>        ]
> }
>
>
> Any pointers?
>
> Thanks!
>
>
> _______________________________________________
> Kea-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/kea-users

_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users