My DLR is working as dhcp relay pointing to the Edge upstream router as a DHCP server. I can see the Edge receiving the request correctly from the DLR and even responding DHCPDISCOVER/DHCPOFFER, I can see this in the log and doing debug but for some reason the DHCPOFFER is not reaching the VM that sent the DHCPDISCOVER.
The window on top (green letters) is from the Edge device that is working as DHCP server and the one underneath is the VM.
The configuration is as follows:
ELR-0> sh configuration dhcp
-----------------------------------------------------------------------
vShield Edge DHCP Config:
{
"dhcp" : {
"relay" : null,
"logging" : {
"enable" : true,
"logLevel" : "debug"
},
"enable" : true,
"bindings" : {
"Relay" : {
"staticBindings" : [],
"ipPools" : [
{
"subnetMask" : "255.255.255.224",
"maxLeaseTime" : "infinite",
"endIp" : "172.31.1.20",
"primaryNameServer" : null,
"defaultGateway" : "172.31.1.1",
"defaultLeaseTime" : "infinite",
"domainName" : "test.com",
"secondaryNameServer" : null,
"startIp" : "172.31.1.10"
}
]
}
},
"listeners" : [
"vNic_1"
],
"leaseRotateTime" : 900,
"leaseRotateThreshold" : 10000
}
}
vNic_1 is connected directly to the DLR and the DHCP service is running in the Edge.
ELR-0> sh service dhcp
-----------------------------------------------------------------------
vShield Edge DHCP Status:
Service dhcpd running (PID 5023).
Service dhcp relay not running.
Any idea?
I did the same but using a 3750 as the DHCP server, basically the DLR was kept as DHCP relay but pointing to a 3750 where the DHCP Pool was configured and I had the same behavior, the 3750 was trying to respond back to the request of the VM but the response was not reaching the VM.
In this scenario there are no firewalls, not in the DLR not in the Edge.
Thanks.
I see the same behavior with the ESG.
I see the request and the response, but it does not come back to the server.
When i relay to a windows dhcp server, there is no issue and i get an ip address.
Could it be related to some DFW rules?
Can you try with allowing any traffic on DFW?
Dimitri
Hopefully this helps. Re: Unable to start DHCP Service on any ESG
Edge DHCP only applies 1 level down, so if you want clients to get DHCP addresses from a edge, the Logical switch they use needs to be directly connected to the edge, as an internal port.
Supposedly fixed in 6.1.3 per this: Edge serving DHCP to multiple subnets behind DLR
DFW rules are allow ip any.
Also ESG rules are allow any.
The ESG also shows a leased address (show service dhcp leasinfo)
As soon as i change the relay to an external dhcp server (windows machine, reachable thru the ESG) it works.
running 6.1.4
I don't see it listed in the 6.1.3, or 6.1.4 release notes. Perhaps the next build will have it?
I have disabled all the rules, in the DLR or Edge.
Interesting, I'm going to try tonight again, but my experience was different, if I remove the DLR from the picture, everything works, I can configure the pool in the Edge or the relay in the Edge and it works.
Hopefully the attached helps. It's a quick visio drawing of my test environment which has both DHCP and static addresses.
Edit: To make it clearer, the unlabeled switches that connected the separate VXLANs are logical switches - nothing special at all.
Edit2: improved attached diagram by adding VXLAN ID's, and edge IP addresses on interfaces
That is definitely helpful, so basically the problem is the DHCP relay feature in the DLR?
Seems like that all the VMs that are directly connected to the Edge can use DHCP but the one that are directly connected to the DLR can not.
thanks.
That is definitely helpful, so basically the problem is the DHCP relay feature in the DLR? Pretty much, no idea why as it seems (at least to me) a basic way of utilizing both DHCP and a DLR.
Seems like that all the VMs that are directly connected to the Edge can use DHCP but the one that are directly connected to the DLR can not. 100% correct. The only problem is that an edge only has 10 interfaces, and each DHCP branch you create decreases that number by 1. So in my PDF, I only have 6 interfaces left. (1 uplink, 2 DHCP, 1 internal for the downstream DLR).
thanks. No problem - at this stage it's a learning experience for us all! :smileygrin:
This issue has been resolved in 6.2.
VMware NSX for vSphere 6.2.0 Release Notes