0

I have a Debian based DHCP server, with network interfaces configured for each VLAN in our network (vlan10_), as well as an interface on the network without VLAN (eth0).

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1496 qdisc mq state UP group default qlen 1000
  link/ether 00:1e:0b:8e:1e:5a brd ff:ff:ff:ff:ff:ff
  inet 10.91.1.4/16 brd 10.91.255.255 scope global eth0
     valid_lft forever preferred_lft forever
  inet6 fe80::21e:bff:fe8e:1e5a/64 scope link 
     valid_lft forever preferred_lft forever

5: vlan101@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1496 qdisc noqueue state UP group default 
  link/ether 00:1e:0b:8e:1e:5a brd ff:ff:ff:ff:ff:ff
  inet 10.91.101.4/24 brd 10.91.101.255 scope global vlan101
     valid_lft forever preferred_lft forever
  inet6 fe80::21e:bff:fe8e:1e5a/64 scope link 
     valid_lft forever preferred_lft forever

6: vlan102@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1496 qdisc noqueue state UP group default 
  link/ether 00:1e:0b:8e:1e:5a brd ff:ff:ff:ff:ff:ff
  inet 10.91.102.4/24 brd 10.91.102.255 scope global vlan102
     valid_lft forever preferred_lft forever
  inet6 fe80::21e:bff:fe8e:1e5a/64 scope link 
     valid_lft forever preferred_lft forever

  etc.

The DHCP server is connected to a central switch, and our VLANS are served from switches that also connect up to the central switch.

We noticed that we are seeing every DHCPREQUEST twice: on the relevant vlan10_ interface and eth0.

09:18:25 DHCPREQUEST for 10.91.117.95 (10.91.117.4) from c8:1e:e7:38:9a:3a (iPhone) via vlan117
09:18:25 DHCPACK on 10.91.117.95 to c8:1e:e7:38:9a:3a (iPhone) via vlan117

09:18:25 DHCPREQUEST for 10.91.117.95 (10.91.117.4) from c8:1e:e7:38:9a:3a (iPhone) via eth0: wrong network.
09:18:25 DHCPNAK on 10.91.117.95 to c8:1e:e7:38:9a:3a via eth0

I've also verified that if I broadcast traffic from a computer on a VLAN, the packets are picked up twice by a tcpdump on our DHCP server. On a computer on a VLAN:

netcat -ub 255.255.255.255 6767
    foopacket

And on DHCP:

tcpdump -vv -i any port 6767
    09:25:08.303594 ethertype IPv4, IP (tos 0x0, ttl 64, id 13069, offset 0, flags [DF], proto UDP (17), length 38)
        10.91.122.190.38610 > 255.255.255.255.6767: [udp sum ok] UDP, length 10
    09:25:08.303594 IP (tos 0x0, ttl 64, id 13069, offset 0, flags [DF], proto UDP (17), length 38)
        10.91.122.190.38610 > 255.255.255.255.6767: [udp sum ok] UDP, length 10

Route table on the DHCP server for clarity on network layout:

0.0.0.0         10.90.4.1       0.0.0.0         UG    0      0        0 vlan100
10.90.0.0       0.0.0.0         255.255.0.0     U     0      0        0 vlan100
10.91.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.91.101.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan101
10.91.102.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan102
10.91.103.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan103
etc.

Network interface configuration on the DHCP server:

iface eth0 inet static
    address 10.91.1.4
    netmask 255.255.0.0
    mtu 1496

auto vlan100
    iface vlan100 inet static
    address 10.90.0.4
    netmask 255.255.0.0
    gateway 10.90.4.1
    mtu 1496
    vlan_raw_device eth0

auto vlan101
    iface vlan101 inet static
    address 10.91.101.4
    netmask 255.255.255.0
    mtu 1496
    vlan_raw_device eth0

auto vlan102
    iface vlan102 inet static
    address 10.91.102.4
    netmask 255.255.255.0
    mtu 1496
    vlan_raw_device eth0

Is the eth0 interface capturing VLAN tagged packets as well as the specific vlan10_ interface because of the server configuration or could there be a problem with the network itself causing traffic to escape out from the VLAN and be untagged on the management network?

Can anyone help me to understand why the DHCP server would be seeing duplicate traffic?

Thanks

user284692
  • 1
  • 1
  • Yes you're capturing vlan tagged packets on (real) interface eth0 and possibly not tagged packets on (virtual) interfaces vlan01/vlan102, that's normal. YOu should use multiple separate tcpdump without `-i any`. triple verbose -v -v -v will show the vlan tag if any – A.B Apr 06 '18 at 11:54
  • Also see this question: https://serverfault.com/questions/412544/dhcp-server-for-multilple-vlans and the one it references: https://serverfault.com/questions/368512/can-i-have-multiple-dhcp-servers-on-one-network – A.B Apr 06 '18 at 11:59
  • Ok, thank you :). So to prevent the duplicate DHCP requests the server sees and responds to I could stop serving DHCP on eth0 and restrict it to the vlan10_ interfaces? – user284692 Apr 09 '18 at 10:30
  • Your question told _you_ saw them twice using tcpdump -i any on the DHCP server. You never said _DHCP_ saw it twice. That's why it's important to describe the actual problem too. So even if it makes sense to use the DHCP server on the untagged sub-interface if possible, possibly avoiding DHCP's interaction with tagged packets, I have no guarantee about a problem you didn't write about. – A.B Apr 09 '18 at 13:49
  • No I did mention it, I have a section in the question content stating we see every DHCPREQUEST twice with examples from the same MAC address with an ACK and a NAK, I didn't highlight this well enough though with the question summary. I went on to show the packets were coming up twice with tcpdump to show verification that the server was double receiving broadcast traffic. Thank you though for your help, I appreciate it. I'm going to try reconfiguring DHCP to avoid giving double responses based on what you've helped me understand about the network configuration. – user284692 Apr 09 '18 at 14:46
  • My bad sorry. Indeed you did write this in the logs. ok so if the dhcp server was listening on all interfaces by default (eg isc dhcpd without interface given), that would have caused that. – A.B Apr 09 '18 at 14:50

0 Answers0