Page MenuHomeVyOS Platform

Add dhcp-helper package to replace ISC DHCP Relay
Open, Requires assessmentPublicFEATURE REQUEST

Description

The currently included ISC DHCP server that is used for dhcp-relay services in Vyos does not support relaying DHCP requests to remote DHCP servers that are connected via a GRE tunnel.

As an alternative dhcp-helper is a DHCP and BOOTP relay agent. It listens for DHCP and BOOTP broadcasts on directly connected subnets and relays them to DHCP or BOOTP servers elsewhere. It also relays replies from the remote servers back to partially configured hosts. Once hosts are fully configured they can communicate directly with their servers and no longer need the services of a relay. See dhcp-helper

I have tested dhcp-helper by copying the executable from an existing Debian Jessie host and executed it on VyOS 1.3-beta-202102180958 using

/config/user-data/dhcp-helper -s A.A.A.A -s B.B.B.B -e ethX -e ethY

and it does the job, relaying any DHCP request from any client connected directly to any Vyos (vif) interface (except ethX and ethY) to the DHCP servers at A.A.A.A & B.B.B.B

I know many Vyos users have been struggling getting DHCP Relay to work using ISC DHCP in combination with GRE tunnels. The only tunnel type that seems to work is GRE-Bridge, but that is not an option for us and many others. We use DMVPN, which requires NHRP, mGRE and IPSec.

dhcp-helper just works. No further configuration was needed on the DMVPN HUB router and/or remote DHCP servers.

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

Keep in mind you cannot run dhcp-helper and ISC DHCP server at the same time on a single router. The Vyos CLI should not allow this.

If this package supports all existing setups and the GRE usecase I see no reason to not replace it. @basalblas PR is happily accepted.

Viacheslav changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).Feb 22 2021, 9:00 AM
Viacheslav changed Is it a breaking change? from Perfectly compatible to Unspecified (possibly destroys the router).

The ISC DHCP relay in VyOS is completely broken for my (non-GRE) use case, I would really like to see it get tossed out for something that works. This might not be the best place to describe my relay problems, but I might as well (skip this paragraph it you're not interested). My setup basically consists of the (ISC) DHCP server host connected to the VyOS router (running on a Dell R320), directly connected to a Cisco ASR920 router. Both VyOS and the ASR are directly connected to user VLANs (VyOS for firewalled/NATed zones and ASR for high-traffic users) and have DHCP relays set up targeting the DHCP server, such that the relayed messages from the ASR passes through the VyOS router towards the DHCP server and should get routed normally (i.e. ignored by the VyOS relay). The VyOS DHCP relay doesn't like this and starts spamming the DHCP messages up to ten or more times, causing wired clients to have to wait maybe ten seconds before getting an IPv4 address and wireless clients to just time out and abort the connection. I can provide the relay logs (mainly screenshots unless i dig up the disk I used) and VyOS config if anyone wants them, but as they have sensitive addresses, I don't intend to post them publicly. EDIT: I should mention that I didn't notice any problems while testing it with only myself, it was when 200 people started connecting the problems started occurring. And the DHCP server VM was not showing any noticable load.

So to reiterate, someone please just replace the whole thing with something that works, like the dhcp-helper package. I'm willing to help implement or test this myself. This is not a GRE- og hypervisor-specific issue. There is a proposed fix to update the relay package and implement the config parameters for upstream and downstream interfaces in one of the links below, but there is still the issue of relaying unicast packets which upstream (ISC) doesn't seem to prioritize fixing.

Some related issues/FRs/external links regarding the DHCP relay:

basalblas renamed this task from Add dhcp-helper package to support DHCP Relay over GRE tunnel to Add dhcp-helper package to replace ISC DHCP Relay.Feb 23 2021, 11:23 PM