我在数据包捕获中观察到以下内容。
Client -> Broadcast : DHCP Request
Relay -> Client : DHCP Ack (Option 54 == Server)
... After T1 expires ...
Client -> Server Identifier : DHCP Request
Relay -> Client : DHCP Ack
Client -> Relay : ICMP Port unreachable
由中继代替服务器响应并向服务器单播 RENEWAL 请求是否合法?
RFC 2131“在 RENEWING 状态下生成的 DHCPREQUEST”表示
但无论如何都应该返回 DHCPACK 消息
但没有说明该消息是否可以通过中继传递。
似乎客户端拒绝了 DHCP Ack,因为它期望它来自服务器而不是中继。
答案1
我看到 RedHat 8 系列客户端拒绝,他们与 DHCP 服务器建立了 UDP 连接(每 60 秒发送一次 DHCPREQUEST):
DHCP Server: 172.16.1.14
DHCP Client IP (to be renewed): 172.16.255.39/24
# ss -tun
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp ESTAB 0 0 172.16.255.39%ens224:68 172.16.1.14:67
在其他操作系统(例如 ubuntu)中,来自中继地址的 DHCPACK 被接受。
# ss -ltun
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 172.16.255.35%ens192:68 0.0.0.0:*
您知道您使用的是哪种类型的 Real Agent 吗?
根据 RFC2131 [第 31 页],单播 DHCPREQUEST 数据包不应由中继代理修改,我猜 DHCPACK 也应该直接发送回客户端
o DHCPREQUEST generated during RENEWING state:
'server identifier' MUST NOT be filled in, 'requested IP address'
option MUST NOT be filled in, 'ciaddr' MUST be filled in with
client's IP address. In this situation, the client is completely
configured, and is trying to extend its lease. This message will
be unicast, so no relay agents will be involved in its
transmission. Because 'giaddr' is therefore not filled in, the
DHCP server will trust the value in 'ciaddr', and use it when
replying to the client.