Community discussions

MikroTik App
 
RoyalDunlin
just joined
Topic Author
Posts: 16
Joined: Wed Mar 16, 2016 4:19 pm

DHCP Relay over IPIP

Wed Apr 18, 2018 9:52 pm

I’ve been successfully using the DHCP relay on RouterOS for years over an IPIP tunnel between sites. During this time the DHCP server was a Windows server and it has worked without issue.

I am decommissioning that server and want to move that functionality to the core Mikrotik router. To do this I set up a DHCP server on the router and assigned it to an internal interface since I couldn’t assign it to the IPIP interface. However, it’s not working.

Packet capture on the router with the DHCP server show that the requests are coming in, but the DHCP server is not responding. I assume this has to do with the listener not being on the ingress interface for the requests. The packets also show that the source of the relay requests are the IPIP interface of the relay router.

I know relay requests work through the tunnel since it worked with the windows server.

What is going on here?

Thanks.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1637
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: DHCP Relay over IPIP

Wed Apr 18, 2018 10:48 pm

MTCNA, MTCTCE, MTCRE & MTCINE
 
RoyalDunlin
just joined
Topic Author
Posts: 16
Joined: Wed Mar 16, 2016 4:19 pm

Re: DHCP Relay over IPIP

Wed Apr 18, 2018 10:54 pm

That was my starting point, and my only deviation from the plan was that I can’t put the DHCP server on the IPIP interface.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1637
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: DHCP Relay over IPIP

Wed Apr 18, 2018 11:05 pm

Can you provide a IP diagram of the routers, indicating the DHCP server and DHCP Relay

Also maybe provide export hide-sensitive of both router
MTCNA, MTCTCE, MTCRE & MTCINE
 
sindy
Forum Guru
Forum Guru
Posts: 4239
Joined: Mon Dec 04, 2017 9:19 pm

Re: DHCP Relay over IPIP

Wed Apr 18, 2018 11:30 pm

@CZFan, can you be more specific regarding which line in the manual is the solution? The issue is that neither a dhcp-relay nor a dhcp-server currently seem to be able to listen on an IPIP tunnel interface in particular.

My use case was wilder than this - initially I wanted a DHCP server to listen on an L2TP server interface in order to be able to push a routing table using DHCP option 121 or 249 (the Microsoft way of doing the same) and found out that it is impossble to link a DHCP server or relay directly to an L2TP server static binding or to make it a member port of a bridge on which the DHCP server or relay would be listening. So I tried to redirect the DHCP packets from the client to an IPIP tunnel as a workaround of that, only to find out that it suffers from the same issue.

However, I've stopped digging further as soon as I've found that Android devices do not send a DHCPINFORM request after establishing an L2TP connection, so even if the solution above would start working, it would only be useful for Windows devices.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6324
Joined: Mon Jun 08, 2015 12:09 pm

Re: DHCP Relay over IPIP

Thu Apr 19, 2018 12:21 am

DHCP only works on a "broadcast" type interface, like ethernet. You cannot run DHCP on an IPIP interface.
However, you can run a DHCP server on one router, a DHCP relay on another (connected to ethernet), and forward the DHCP request from relay to server over an IPIP tunnel.
In this case you don't attach the DHCP server to the IPIP tunnel, it is only referenced by the IP of the DHCP server in the DHCP relay, where you can set the remote end address
of the IPIP tunnel.
 
RoyalDunlin
just joined
Topic Author
Posts: 16
Joined: Wed Mar 16, 2016 4:19 pm

Re: DHCP Relay over IPIP

Thu Apr 19, 2018 5:40 am

Can you provide a IP diagram of the routers, indicating the DHCP server and DHCP Relay

Also maybe provide export hide-sensitive of both router
Here is my current setup:
diagram.jpg

Router 1
/ip dhcp-server
add address-pool=pool-router2 disabled=no interface=ether2 name=server-router2 relay=10.200.5.1
/ip dhcp-server network
add address=10.200.5.0/24 dns-server=8.8.8.8 gateway=10.200.5.1 netmask=24

Router 2
/ip dhcp-relay
add dhcp-server=10.200.1.1 disabled=no interface=Bridge-VLAN-20 local-address=10.200.5.1 name=relay
You do not have the required permissions to view the files attached to this post.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1637
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: DHCP Relay over IPIP

Thu Apr 19, 2018 3:35 pm

I have not done DHCP relay in a very, very long time, last time was back in year 2000 and then used Cisco / Microsoft DHCP, I rather config a DHCP server locally then people not affected when tunnel, etc goes down, but assume it could work with something like this. @petchi and @sindy, if I am wrong, please be so kind and chip in

On router 1:
Create another DHCP server, ip pool and network details for subnet 10.200.5.0/x, specify relay option to 10.200.5.1 and attach to ether2.

On router 2:
/ip dhcp-relay add name=Local1-Relay interface=bridgevlan20 dhcp-server=10.0.0.1(remote end address of IP Tunnel) local-address=10.200.5.1 disabled=no
MTCNA, MTCTCE, MTCRE & MTCINE
 
pe1chl
Forum Guru
Forum Guru
Posts: 6324
Joined: Mon Jun 08, 2015 12:09 pm

Re: DHCP Relay over IPIP

Thu Apr 19, 2018 3:51 pm

Yes that is correct. The catch is that you MUST have a local ethernet interface for the DHCP server to function, even when you do not desire to use it locally at all.
That is even so for ISC DHCP on Linux. You cannot have a DHCP server that is ONLY a server for relays.
But you can use some dummy interface probably even a bridge with no member ports, with an ADMIN MAC on it (dummy value).
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1637
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: DHCP Relay over IPIP

Thu Apr 19, 2018 7:58 pm

Thx petchi, BTW, the thinking behind my post was based on your post
MTCNA, MTCTCE, MTCRE & MTCINE
 
RoyalDunlin
just joined
Topic Author
Posts: 16
Joined: Wed Mar 16, 2016 4:19 pm

Re: DHCP Relay over IPIP

Thu Apr 19, 2018 11:37 pm

I have not done DHCP relay in a very, very long time, last time was back in year 2000 and then used Cisco / Microsoft DHCP, I rather config a DHCP server locally then people not affected when tunnel, etc goes down, but assume it could work with something like this. @petchi and @sindy, if I am wrong, please be so kind and chip in

On router 1:
Create another DHCP server, ip pool and network details for subnet 10.200.5.0/x, specify relay option to 10.200.5.1 and attach to ether2.

On router 2:
/ip dhcp-relay add name=Local1-Relay interface=bridgevlan20 dhcp-server=10.0.0.1(remote end address of IP Tunnel) local-address=10.200.5.1 disabled=no
So it looks like your proposed change from my configuration is to set the DHCP-Relay to target the remote end of the tunnel as the DHCP server. Did I miss some other change? In any case, that solution didn't work. Thanks for the suggestion though.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1637
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: DHCP Relay over IPIP

Thu Apr 19, 2018 11:44 pm

Try @petchi's suggestion:

"But you can use some dummy interface probably even a bridge with no member ports, with an ADMIN MAC on it (dummy value)."
MTCNA, MTCTCE, MTCRE & MTCINE
 
RoyalDunlin
just joined
Topic Author
Posts: 16
Joined: Wed Mar 16, 2016 4:19 pm

Re: DHCP Relay over IPIP

Fri Apr 20, 2018 4:28 am

Try @petchi's suggestion:

"But you can use some dummy interface probably even a bridge with no member ports, with an ADMIN MAC on it (dummy value)."
That was unsuccessful as well.

I've gone ahead and switched to an EOIP tunnel and placed the DHCP server directly on the interface and it's working now. Hopefully this won't impact the speed of the link significantly.
 
sindy
Forum Guru
Forum Guru
Posts: 4239
Joined: Mon Dec 04, 2017 9:19 pm

Re: DHCP Relay over IPIP

Fri Apr 20, 2018 10:14 am

I've gone ahead and switched to an EOIP tunnel and placed the DHCP server directly on the interface and it's working now. Hopefully this won't impact the speed of the link significantly.
It is not clear from your original post whether you use the tunnel also for other than DHCP relay traffic. I suppose you do, so of course there is a difference, the EoIP header has 42 bytes while the IPIP header has at least 20, which, as a minimum, means smaller usable MTU on the complete path when you use EoIP. So the question is what means "significantly".

If the performance impact is unacceptable, you can configure both tunnels in parallel and choose the IP addresses at the ends of the EoIP tunnel in such a way that only DHCP relay requests and DHCP server responses would use the EoIP tunnel, so you wouldn't even need policy routing to separate the traffic (i.e. you dedicate a small private subnet to the DHCP relay - DHCP server communication).

For the curious ones, the reason why I could not do the same in the scenario I've mentioned earlier is that unlike IPIP tunnels, EoIP tunnels use a tunnel identifier which must be unique per device and is common for both directions, so a local EoIP tunnel within a single device cannot be configured.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: grusu, nscheffer and 195 guests