Jump to content
Welcome to our new Citrix community!

Using a NetScaler to chain DHCP relay packet.

Stephen Hoekstra

Recommended Posts



We are using NetScalers in multiple data centres and would like to make our DHCP service highly available by chaining DHCP relay requests.  The primary reason for this it to we to point remote sites to a centralised HA DHCP solution.


In our lab we have:


DHCP Client --> [] DHCP helper on firewall --> Netscaler --> [] DHCP Server


We have tested this and can't get it working but thought to post here before moving to an alternate solution.


To make sure the DHCPRA service and DHCP server work nicely together, we configured an interface on the NetScaler in the client and server subnets (bypassing the firewall) and configured the vServer as per the DHCPRA documentation; everything worked as expected.  We then made sure the firewall configuration was correct by configuring the helper address as the DHCP Server, skipping the NetScaler, and again working as expected.

Then to make the two work together, we configured the helper address as the NetScaler.  As we weren't sure what to configure it as due to the vServer IP being *, we first tried using the SNIP, then configured a second vServer with an IP with the same service behind it but also no joy.  

It looks like the NetScaler does not know what to do with the forwarded DHCP packet (this is using a second vServer with as the VIP/helper address, same result as when sending to the SNIP):


19:19:03.195229 IP > BOOTP/DHCP, Request from 00:50:56:b0:3b:8f (oui Unknown), length: 300
19:19:08.185068 IP > BOOTP/DHCP, Request from 00:50:56:b0:3b:8f (oui Unknown), length: 300
19:19:12.993842 IP > BOOTP/DHCP, Request from 00:50:56:b0:3b:8f (oui Unknown), length: 300
19:19:21.799618 IP > BOOTP/DHCP, Request from 00:50:56:b0:3b:8f (oui Unknown), length: 300


This should be possible according to the RFC, so I'm hoping this a configuration problem on my part and not a limitation of the NetScaler.


Any input or suggestions would be appreciated.  We would rather use NetScalers for this if possible rather than configuring two helper addresses on the local firewalls.






Link to comment
Share on other sites

  • 5 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...