I have an issue with DHCP relay that no DHCP requests are forwared via DHCP relay agent. I have figured out that the reason for this behaviour is that one interface is configured as uplink and downlink. When i remove this interface from the e.g. uplink configuration, DHCP requests are forwarded to the remote DHCP server.
Unfortunately, I need this setup as the local DHCP server is on the same subnet as some of the clients. Since VyOS only has a global DHCP relay configuration, I am not able to setup different configuration per interface/VLAN.
Any idea if this behaviour of the DHCP relay agent is a bug? If this is normal for ISC DHCP relay agent, I would submit a feature request for per interface DHCP relay configurations (e.g. with dnsmasq dhcp-relay) otherwise a bug report.
Hi @I-n-d-y ,
The main purpose of the DHCP relay is to forward DHCP requests to an external DHCP server which connected to another network, VLAN, etc. If the DHCP server and client and client are in the same VLAN why do you need to relay? The switch can forward DHCP requests to the server.
What I can understand from the configuration outputs you are mentioning about eth1.1200
One usecase would be to use Option82 (DHCP-snooping on a L2-switch) and with DHCP-relay force the request to a designated DHCP-server using unicast.
For example in combination with protected VLAN which means that hosts connected to a L2-switch cannot speak directly to each other - they can (normally, depends on configuration) speak to the uplink (where VyOS would be located).
Of course as you mentioned normally the DHCP-server would be located elsewhere layer3 wise but this example would be a corner case which would be nice to have support for.
Summary:
WAN ↔ VyOS ↔ L2-switch ↔ hosts (+ 1 DHCP-server).
L2-switch is configured with protected VLAN meaning int1-48 can only speak to int 49-50 (as an example int5 cannot speak to int9 even if they are in the same L2 VLAN).
VyOS is connected to the L2-switch using int 49-50 (let say LACP or so).
Broadcast (DHCP-request) reaches the VyOS box who uses its DHCP-relay to transform that into a unicast and send it to a designated DHCP-server who happens to sit on the same L2-switch as the other hosts.
Workaround for above would be to place the DHCP-server on its own L2 VLAN so clients are on say VLAN101 while the DHCP-server is on VLAN201. But if VyOS can be made to support DHCP-server to be ingress and egress the same interface in this particular usecase a different VLAN for the DHCP-server wouldnt be needed.
I know that I don’t need DHCP relay when clients and servers are on the same subnet/VLAN. I think I should have described my situation in more detail.
As you can see from my interface configuration I have VLANs 1200 - 1205. In these VLANs clients obtain IP address from DHCP server 10.12.1.161 in VLAN 1200 (my site) and as backup from DHCP server 10.15.1.161 (remote site).
As I can only specify a global DHCP relay configuration in VyOS, I am not able to setup only DHCP server 10.15.1.161 of the remote site as relay for VLAN1200 on my site.
As workaround I have two options:
a) Move my DHCP server to a new dedicated VLAN and use DHCP relay in VLAN1200 the same way as for the other VLANs.
b) Use DHCP relay of my switches to forward requests to the DHCP servers. For VLAN1200 I only have to add the remote server 10.15.1.161 as relay and all other VLANs will have the local server 10.12.1.161 as well.
I don’t think my VLAN and DHCP setup is so unique, so being able to have different DHCP relay configurations/instances in VyOS would be a benefit.
If this is a limitation of the ISC DHCP dhcrelay daemon, dnsmasq dhcp-relay would be a potential replacement.