Stephen Hoekstra
-
Posts
2 -
Joined
-
Last visited
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Stephen Hoekstra
-
-
Hello,
We are using NetScalers in multiple data centres and would like to make our DHCP service highly available by chaining DHCP relay requests. The primary reason for this it to we to point remote sites to a centralised HA DHCP solution.
In our lab we have:
DHCP Client --> [172.16.10.0/25] DHCP helper on firewall --> Netscaler --> [172.16.10.150/25] DHCP Server
We have tested this and can't get it working but thought to post here before moving to an alternate solution.
To make sure the DHCPRA service and DHCP server work nicely together, we configured an interface on the NetScaler in the client and server subnets (bypassing the firewall) and configured the vServer as per the DHCPRA documentation; everything worked as expected. We then made sure the firewall configuration was correct by configuring the helper address as the DHCP Server, skipping the NetScaler, and again working as expected.
Then to make the two work together, we configured the helper address as the NetScaler. As we weren't sure what to configure it as due to the vServer IP being *, we first tried using the SNIP, then configured a second vServer with an IP with the same service behind it but also no joy.It looks like the NetScaler does not know what to do with the forwarded DHCP packet (this is using a second vServer with 172.16.10.252 as the VIP/helper address, same result as when sending to the SNIP):
19:19:03.195229 IP 172.16.10.1.bootps > 172.16.10.252.bootps: BOOTP/DHCP, Request from 00:50:56:b0:3b:8f (oui Unknown), length: 30019:19:08.185068 IP 172.16.10.1.bootps > 172.16.10.252.bootps: BOOTP/DHCP, Request from 00:50:56:b0:3b:8f (oui Unknown), length: 30019:19:12.993842 IP 172.16.10.1.bootps > 172.16.10.252.bootps: BOOTP/DHCP, Request from 00:50:56:b0:3b:8f (oui Unknown), length: 30019:19:21.799618 IP 172.16.10.1.bootps > 172.16.10.252.bootps: BOOTP/DHCP, Request from 00:50:56:b0:3b:8f (oui Unknown), length: 300This should be possible according to the RFC, so I'm hoping this a configuration problem on my part and not a limitation of the NetScaler.
Any input or suggestions would be appreciated. We would rather use NetScalers for this if possible rather than configuring two helper addresses on the local firewalls.
TIA
Stephen
Using a NetScaler to chain DHCP relay packet.
in Core ADC use cases
Posted
I forgot to add, we are using NS10.1 Build 123.9.