Vyos 1.5 DHCP Server listen on all subnets.1.4 works fine

hook.ua · January 5, 2024, 8:12am

Hi there.

After migration from 1.4 to 1.5 have found issue with DHCP server.

Have two routers with failover for 2 subnets on differrent interfices

And another 2 routers for 2 another seprarate subnets.

After migration to 1.5 found that all subnets gets addresses from failover server.

Configuration 1.4

set service dhcp-server dynamic-dns-update
set service dhcp-server failover name 'VLAN001.LOCAL'
set service dhcp-server failover remote '10.1.0.12'
set service dhcp-server failover source-address '10.1.0.11'
set service dhcp-server failover status 'primary'
set service dhcp-server shared-network-name VLAN001_RANGE authoritative
set service dhcp-server shared-network-name VLAN001_RANGE description 'Main VLAN001_RANGE DHCP server'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 default-router '10.1.0.7'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 domain-name 'VLAN001_RANGE'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 enable-failover
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 name-server '10.1.0.50'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 name-server '10.1.0.4'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 ntp-server '10.1.0.50'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 range main start '10.1.0.135'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 range main stop '10.1.0.250'
set service dhcp-server shared-network-name VLAN151_RANGE authoritative
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 default-router '10.0.0.101'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 enable-failover
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 lease '86400'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 name-server '208.67.222.222'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 name-server '208.67.220.220'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 ntp-server '10.0.0.101'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 range 1 start '10.0.0.128'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 range 1 stop '10.0.0.254'

Configuration 1.5 (after migration)

set service dhcp-server dynamic-dns-update
set service dhcp-server failover name 'VLAN001.LOCAL'
set service dhcp-server failover remote '10.1.0.12'
set service dhcp-server failover source-address '10.1.0.11'
set service dhcp-server failover status 'primary'
set service dhcp-server listen-address '10.0.0.101'
set service dhcp-server listen-address '10.1.0.11'
set service dhcp-server shared-network-name VLAN001_RANGE authoritative
set service dhcp-server shared-network-name VLAN001_RANGE description 'Main VLAN001_RANGE DHCP server'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 default-router '10.1.0.7'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 domain-name 'VLAN001_RANGE'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 name-server '10.1.0.50'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 name-server '10.1.0.4'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 ntp-server '10.1.0.50'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 range main start '10.1.0.135'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 range main stop '10.1.0.250'
set service dhcp-server shared-network-name VLAN001_RANGE subnet 10.1.0.0/24 tftp-server-name '10.1.0.42'
set service dhcp-server shared-network-name VLAN151_RANGE authoritative
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 default-router '10.0.0.101'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 lease '86400'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 name-server '208.67.222.222'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 name-server '208.67.220.220'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 ntp-server '10.0.0.101'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 range 1 start '10.0.0.128'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 range 1 stop '10.0.0.254'
set service dhcp-server shared-network-name VLAN151_RANGE subnet 10.0.0.0/24 tftp-server-name '10.0.0.130'

And additional question about DHCP server log.

How to tune logging? By default log flooded by INFO/NOTICE messages.

Some updates during investigation.
Even with listen addresses specified the /run/kea/kea-dhcp4.conf contains

        "interfaces-config": {
            "interfaces": [ "*" ],
            "dhcp-socket-type": "raw",
            "service-sockets-max-retries": 5,
            "service-sockets-retry-wait-time": 5000
        },

AFAIU “interfaces” should be set to correspondings interfaces, isn’t it?

Thanks

sarthurdev · January 7, 2024, 9:08pm

Have you updated both routers to latest 1.5? Failover will not work between 1.5 and Kea and 1.4 running dhcpd.

Also thanks - listen-address will be fixed, though note that it is designed to specify addresses to accept relayed clients.

hook.ua · January 8, 2024, 11:36am

Hi,

Thanks, for now everything looks fine.
Failover seems to work.
Both routers have even vyos version 1.5.

listen-address helps resolve issue.