I'm using the dnsmasq service as a DHCP server. I have a bridged interface per node named br0 that has two ip addresses assigned to it. One is the public IP address and the other one is considered the internal network.
I have two nodes and their public IP addresses are in separate subnets. However, their private ip addresses are in the same network. server is considered as the node that the dnsmasq is serving on it, and relay is considered as the node that a VM is running on it. The VM has a TAP device that has been attached to the bridge br0.
The internal network is in the 192.168.10.0/24 subnet, server node private ip is 192.168.10.1, and relay node private ip is 192.168.10.2.
I must say that the defined ip pool in the dnsmasq service that should be assigned to VMs is in a different subnet rather than other existing subnets.
Here is the configurations of the dnsmasq service on the server node:
interface=br0
listen-address=127.0.0.1,192.168.10.2
shared-network=192.168.10.1,X.Y.Z.12
dhcp-range=X.Y.Z.12,X.Y.Z.127,255.255.255.0,1d
dhcp-option=option:router,X.Y.Z.1
dhcp-option=option:dns-server,8.8.8.8,1.1.1.1
dhcp-broadcast
I have tested several dhcp-relay services on the relay node such as isc-dhcp-relay, dhcp-helper, and dnsmasq itself which provides the dhcp-relay option. But the VM on the relay node can't get any IP address from the DHCP server placed on the server node.
Below is the configuration file of the dnsmasq placed on the relay node as dhcp-relay service.
dhcp-relay=192.168.10.1,192.168.10.2
Here are logs showed by dhcp-server:
Aug 15 12:32:50 server dnsmasq-dhcp[595455]: DHCPDISCOVER(br0) 52:54:a0:02:02:a1
Aug 15 12:32:50 server dnsmasq-dhcp[595455]: DHCPOFFER(br0) X.Y.Z.23 52:54:a0:02:02:a1
Aug 15 12:32:50 server dnsmasq-dhcp[595455]: DHCPDISCOVER(br0) 52:54:a0:02:02:a1
Aug 15 12:32:50 server dnsmasq-dhcp[595455]: DHCPOFFER(br0) X.Y.Z.23 52:54:a0:02:02:a1
Aug 15 12:32:55 server dnsmasq-dhcp[595455]: DHCPDISCOVER(br0) 52:54:a0:02:02:a1
Aug 15 12:32:55 server dnsmasq-dhcp[595455]: DHCPOFFER(br0) X.Y.Z.23 52:54:a0:02:02:a1
Below is the output of tcpdump captured on ports 67 and 68 of the bridge br0 interface on the server node:
12:32:55.461965 52:54:a0:02:02:a1 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 52:54:a0:02:02:a1, length 300, xid 0x956c917e, secs 7, Flags [none] (0x0000)
Client-Ethernet-Address 52:54:a0:02:02:a1
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Discover
Hostname (12), length 10: "test-relay"
Parameter-Request (55), length 13:
Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)
Domain-Name (15), Domain-Name-Server (6), Unknown (119), Hostname (12)
Netbios-Name-Server (44), Netbios-Scope (47), MTU (26), Classless-Static-Route (121)
NTP (42)
END (255), length 0
PAD (0), length 0, occurs 29
12:32:55.462108 2e:b0:bf:e2:73:9e > 2e:18:10:8c:25:4f, ethertype IPv4 (0x0800), length 342: (tos 0xc0, ttl 64, id 39650, offset 0, flags [none], proto UDP (17), length 328)
192.168.10.1.67 > 192.168.10.2.67: [udp sum ok] BOOTP/DHCP, Request from 52:54:a0:02:02:a1, length 300, hops 1, xid 0x956c917e, secs 7, Flags [none] (0x0000)
Gateway-IP 192.168.10.1
Client-Ethernet-Address 52:54:a0:02:02:a1
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Discover
Hostname (12), length 10: "test-relay"
Parameter-Request (55), length 13:
Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)
Domain-Name (15), Domain-Name-Server (6), Unknown (119), Hostname (12)
Netbios-Name-Server (44), Netbios-Scope (47), MTU (26), Classless-Static-Route (121)
NTP (42)
END (255), length 0
PAD (0), length 0, occurs 29
12:32:55.462318 2e:18:10:8c:25:4f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0xc0, ttl 64, id 58284, offset 0, flags [none], proto UDP (17), length 328)
SERVER.PUBLIC.IP.ADDRESS.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x956c917e, secs 7, Flags [Broadcast] (0x8000)
Your-IP X.Y.Z.23
Server-IP 192.168.10.2
Client-Ethernet-Address 52:54:a0:02:02:a1
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Offer
Server-ID (54), length 4: 192.168.30.2
Lease-Time (51), length 4: 86400
RN (58), length 4: 43200
RB (59), length 4: 75600
Subnet-Mask (1), length 4: 255.255.255.0
BR (28), length 4: X.Y.Z.255
Domain-Name-Server (6), length 8: 8.8.8.8,1.1.1.1
Default-Gateway (3), length 4: X.Y.Z.1
END (255), length 0
PAD (0), length 0, occurs 4
12:32:55.462557 2e:18:10:8c:25:4f > 2e:b0:bf:e2:73:9e, ethertype IPv4 (0x0800), length 342: (tos 0xc0, ttl 64, id 37343, offset 0, flags [none], proto UDP (17), length 328)
192.168.10.2.67 > 192.168.10.1.67: [udp sum ok] BOOTP/DHCP, Reply, length 300, hops 1, xid 0x956c917e, secs 7, Flags [Broadcast] (0x8000)
Your-IP X.Y.Z.23
Server-IP 192.168.10.2
Gateway-IP 192.168.10.1
Client-Ethernet-Address 52:54:a0:02:02:a1
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Offer
Server-ID (54), length 4: 192.168.10.2
Lease-Time (51), length 4: 86400
RN (58), length 4: 43200
RB (59), length 4: 75600
Subnet-Mask (1), length 4: 255.255.255.0
BR (28), length 4: 195.206.171.255
Domain-Name-Server (6), length 8: 8.8.8.8,1.1.1.1
Default-Gateway (3), length 4: X.Y.Z.1
END (255), length 0
PAD (0), length 0, occurs 4
12 packets captured
12 packets received by filter
0 packets dropped by kernel
And Below is the output of tcpdump captured on ports 67 and 68 of the bridge br0 interface on the relay node:
tcpdump: listening on br0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
12:32:47.818621 52:54:a0:02:02:a1 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, fl)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 52:54:a0:02:02:a1, length 300, xid 0x956c917e, Flags [n)
Client-Ethernet-Address 52:54:a0:02:02:a1
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Discover
Hostname (12), length 10: "test-relay"
Parameter-Request (55), length 13:
Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)
Domain-Name (15), Domain-Name-Server (6), Unknown (119), Hostname (12)
Netbios-Name-Server (44), Netbios-Scope (47), MTU (26), Classless-Static-Route (121)
NTP (42)
END (255), length 0
PAD (0), length 0, occurs 29
12:32:47.818830 2e:b0:bf:e2:73:9e > 2e:18:10:8c:25:4f, ethertype IPv4 (0x0800), length 342: (tos 0xc0, ttl 64, id 37786, offset 0,)
192.168.10.1.67 > 192.168.10.2.67: [bad udp cksum 0xbe99 -> 0x2f1c!] BOOTP/DHCP, Request from 52:54:a0:02:02:a1, length 300, h)
Gateway-IP 192.168.10.1
Client-Ethernet-Address 52:54:a0:02:02:a1
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Discover
Hostname (12), length 10: "test-relay"
Parameter-Request (55), length 13:
Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)
Domain-Name (15), Domain-Name-Server (6), Unknown (119), Hostname (12)
Netbios-Name-Server (44), Netbios-Scope (47), MTU (26), Classless-Static-Route (121)
NTP (42)
END (255), length 0
PAD (0), length 0, occurs 29
6 packets captured
6 packets received by filter
0 packets dropped by kernel
From the tcpdump output I understand the below points:
1- server node can receive DHCP discover packets from the relay node and can send back DHCP offer to the relay service. But the relay node can't receive the DHCP offer packet from the server.
2- Whenever the relay service sends DHCP discovery packets to server, its packets have a bad udp checksum. However, the same packet received by the server has the checksum equal to OK.
My question:
Why the relay service cannot receive the DHCP offer packet and how to fix it?
Any help is appreciated.
