0

I have a Debian based DHCP server, with network interfaces configured for each VLAN in our network (vlan10_), as well as an interface on the network without VLAN (eth0).

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1496 qdisc mq state UP group default qlen 1000
  link/ether 00:1e:0b:8e:1e:5a brd ff:ff:ff:ff:ff:ff
  inet 10.91.1.4/16 brd 10.91.255.255 scope global eth0
     valid_lft forever preferred_lft forever
  inet6 fe80::21e:bff:fe8e:1e5a/64 scope link 
     valid_lft forever preferred_lft forever

5: vlan101@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1496 qdisc noqueue state UP group default 
  link/ether 00:1e:0b:8e:1e:5a brd ff:ff:ff:ff:ff:ff
  inet 10.91.101.4/24 brd 10.91.101.255 scope global vlan101
     valid_lft forever preferred_lft forever
  inet6 fe80::21e:bff:fe8e:1e5a/64 scope link 
     valid_lft forever preferred_lft forever

6: vlan102@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1496 qdisc noqueue state UP group default 
  link/ether 00:1e:0b:8e:1e:5a brd ff:ff:ff:ff:ff:ff
  inet 10.91.102.4/24 brd 10.91.102.255 scope global vlan102
     valid_lft forever preferred_lft forever
  inet6 fe80::21e:bff:fe8e:1e5a/64 scope link 
     valid_lft forever preferred_lft forever

  etc.

The DHCP server is connected to a central switch, and our VLANS are served from switches that also connect up to the central switch.

We noticed that we are seeing every DHCPREQUEST twice: on the relevant vlan10_ interface and eth0.

09:18:25 DHCPREQUEST for 10.91.117.95 (10.91.117.4) from c8:1e:e7:38:9a:3a (iPhone) via vlan117
09:18:25 DHCPACK on 10.91.117.95 to c8:1e:e7:38:9a:3a (iPhone) via vlan117

09:18:25 DHCPREQUEST for 10.91.117.95 (10.91.117.4) from c8:1e:e7:38:9a:3a (iPhone) via eth0: wrong network.
09:18:25 DHCPNAK on 10.91.117.95 to c8:1e:e7:38:9a:3a via eth0

I've also verified that if I broadcast traffic from a computer on a VLAN, the packets are picked up twice by a tcpdump on our DHCP server. On a computer on a VLAN:

netcat -ub 255.255.255.255 6767
    foopacket

And on DHCP:

tcpdump -vv -i any port 6767
    09:25:08.303594 ethertype IPv4, IP (tos 0x0, ttl 64, id 13069, offset 0, flags [DF], proto UDP (17), length 38)
        10.91.122.190.38610 > 255.255.255.255.6767: [udp sum ok] UDP, length 10
    09:25:08.303594 IP (tos 0x0, ttl 64, id 13069, offset 0, flags [DF], proto UDP (17), length 38)
        10.91.122.190.38610 > 255.255.255.255.6767: [udp sum ok] UDP, length 10

Route table on the DHCP server for clarity on network layout:

0.0.0.0         10.90.4.1       0.0.0.0         UG    0      0        0 vlan100
10.90.0.0       0.0.0.0         255.255.0.0     U     0      0        0 vlan100
10.91.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.91.101.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan101
10.91.102.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan102
10.91.103.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan103
etc.

Network interface configuration on the DHCP server:

iface eth0 inet static
    address 10.91.1.4
    netmask 255.255.0.0
    mtu 1496

auto vlan100
    iface vlan100 inet static
    address 10.90.0.4
    netmask 255.255.0.0
    gateway 10.90.4.1
    mtu 1496
    vlan_raw_device eth0

auto vlan101
    iface vlan101 inet static
    address 10.91.101.4
    netmask 255.255.255.0
    mtu 1496
    vlan_raw_device eth0

auto vlan102
    iface vlan102 inet static
    address 10.91.102.4
    netmask 255.255.255.0
    mtu 1496
    vlan_raw_device eth0

Is the eth0 interface capturing VLAN tagged packets as well as the specific vlan10_ interface because of the server configuration or could there be a problem with the network itself causing traffic to escape out from the VLAN and be untagged on the management network?

Can anyone help me to understand why the DHCP server would be seeing duplicate traffic?

Thanks

user284692
  • 1

0 Answers0