DHCP 中继代理中继直接单播到“服务器标识符”服务器的 RENEWAL 请求是否合法?

DHCP 中继代理中继直接单播到“服务器标识符”服务器的 RENEWAL 请求是否合法?

我在数据包捕获中观察到以下内容。

Client -> Broadcast : DHCP Request
Relay  -> Client    : DHCP Ack (Option 54 == Server)

... After T1 expires ...

Client -> Server Identifier : DHCP Request
Relay  -> Client            : DHCP Ack
Client -> Relay             : ICMP Port unreachable

由中继代替服务器响应并向服务器单播 RENEWAL 请求是否合法?

RFC 2131“在 RENEWING 状态下生成的 DHCPREQUEST”表示

但无论如何都应该返回 DHCPACK 消息

但没有说明该消息是否可以通过中继传递。

似乎客户端拒绝了 DHCP Ack,因为它期望它来自服务器而不是中继。

答案1

我看到 RedHat 8 系列客户端拒绝,他们与 DHCP 服务器建立了 UDP 连接(每 60 秒发送一次 DHCPREQUEST):

DHCP Server: 172.16.1.14
DHCP Client IP (to be renewed): 172.16.255.39/24

# ss -tun
Netid    State     Recv-Q    Send-Q    Local Address:Port          Peer Address:Port
udp      ESTAB     0         0         172.16.255.39%ens224:68     172.16.1.14:67

在其他操作系统(例如 ubuntu)中,来自中继地址的 DHCPACK 被接受。

# ss -ltun
Netid    State     Recv-Q    Send-Q    Local Address:Port          Peer Address:Port
udp      UNCONN    0         0         172.16.255.35%ens192:68     0.0.0.0:*

您知道您使用的是哪种类型的 Real Agent 吗?

根据 RFC2131 [第 31 页],单播 DHCPREQUEST 数据包不应由中继代理修改,我猜 DHCPACK 也应该直接发送回客户端

   o DHCPREQUEST generated during RENEWING state:

      'server identifier' MUST NOT be filled in, 'requested IP address'
      option MUST NOT be filled in, 'ciaddr' MUST be filled in with
      client's IP address. In this situation, the client is completely
      configured, and is trying to extend its lease. This message will
      be unicast, so no relay agents will be involved in its
      transmission.  Because 'giaddr' is therefore not filled in, the
      DHCP server will trust the value in 'ciaddr', and use it when
      replying to the client.

相关内容