Page MenuHomeVyOS Platform
Create Task
Maniphest T7822

DHCP-server starts 2 processes when only the VRF is configured
Not ApplicablePublicBUG
Actions

Description

DHCP-server starts 2 processes when only the VRF is configured

set interfaces ethernet eth1 address 192.0.2.1/30
set interfaces ethernet eth1 address 100.64.0.1/24
set interfaces ethernet eth1 description LAN
set interfaces ethernet eth1 vrf red
set vrf bind-to-all
set vrf name red service dhcp-server listen-interface eth1
set vrf name red service dhcp-server shared-network-name LANv4 authoritative
set vrf name red service dhcp-server shared-network-name LANv4 subnet 100.64.0.0/24 range R1 start 100.64.0.10
set vrf name red service dhcp-server shared-network-name LANv4 subnet 100.64.0.0/24 range R1 stop 100.64.0.254
set vrf name red service dhcp-server shared-network-name LANv4 subnet 100.64.0.0/24 subnet-id 1
set vrf name red table 1010

One process with under VRF context and another without VRF, but the file is the same. Looks like a bug.
Check:

vyos@r14# ps ax | grep dhcp | egrep -v grep
  14923 ?        Ss     0:00 sudo /bin/ip vrf exec red /usr/sbin/kea-dhcp4 -c /run/kea/kea-red-dhcp4.conf
  14926 ?        Sl     0:00 /usr/sbin/kea-dhcp4 -c /run/kea/kea-red-dhcp4.conf
[edit]
vyos@r14#

And client cannot assign an IP address by DHCP

Dump from the client site

vyos@r15# sudo tcpdump -ni eth1 port 67
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:12:11.358541 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:09:0b:01, length 300
10:12:18.349228 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:09:0b:01, length 300
10:12:33.908923 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:09:0b:01, length 300
10:12:54.396916 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:09:0b:01, length 300
10:13:07.245586 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:09:0b:01, length 300

Dump from the server

vyos@r14# sudo tcpdump -ni any port 67
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes


13:15:52.373796 eth1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:09:0b:01, length 300
13:16:00.294096 eth1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:09:0b:01, length 300
13:16:04.055862 eth1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:09:0b:01, length 300
13:16:09.446734 eth1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:09:0b:01, length 300

Details

Version
VyOS 2025.09.10-0018-rolling
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedFEATURE REQUESTdavi2367T6211 VRF support for Kea-based DHCP server
 Not ApplicableBUGNoneT7822 DHCP-server starts 2 processes when only the VRF is configured

Event Timeline

Viacheslav created this task.Sep 15 2025, 10:16 AM
Viacheslav added a parent task: T6211: VRF support for Kea-based DHCP server.
Viacheslav mentioned this in T6211: VRF support for Kea-based DHCP server.Sep 15 2025, 10:18 AM
Viacheslav triaged this task as Normal priority.Sep 15 2025, 10:51 AM
sarthurdev subscribed.EditedSep 20 2025, 6:42 PM

Removing the 192.0.2.0/30 address on eth1 resolved it for me.

We should rename or open new task to describe this issue. Seems instead multiple interface addresses causing Kea to not hand out addresses.

Debug output with two addresses on eth1:

2025-09-20 18:33:56.551 DEBUG [kea-dhcp4.packets/3444.140013113463872] DHCP4_BUFFER_RECEIVED received buffer from 0.0.0.0:68 to 255.255.255.255:67 over interface eth1
2025-09-20 18:33:56.551 DEBUG [kea-dhcp4.options/3444.140013062235840] DHCP4_BUFFER_UNPACK parsing buffer received from 0.0.0.0 to 255.255.255.255 over interface eth1
2025-09-20 18:33:56.551 INFO  [kea-dhcp4.dhcp4/3444.140013062235840] DHCP4_QUERY_LABEL received query: [hwtype=1 bc:24:11:7a:94:08], cid=[no info], tid=0x8d4ac112
2025-09-20 18:33:56.551 DEBUG [kea-dhcp4.dhcpsrv/3444.140013062235840] DHCPSRV_SUBNET4_SELECT_NO_RAI_OPTIONS No RAI options found to use for subnet selection.
2025-09-20 18:33:56.551 DEBUG [kea-dhcp4.dhcpsrv/3444.140013062235840] DHCPSRV_SUBNET4_SELECT_NO_RELAY_ADDRESS Relay address (giaddr) in client packet is empty.
2025-09-20 18:33:56.551 DEBUG [kea-dhcp4.dhcpsrv/3444.140013062235840] DHCPSRV_SUBNET4_SELECT_BY_INTERFACE_NO_MATCH No subnet matches interface: eth1
2025-09-20 18:33:56.551 DEBUG [kea-dhcp4.dhcpsrv/3444.140013062235840] DHCPSRV_SUBNET4_SELECT_BY_ADDRESS_NO_MATCH No subnet matches address: 192.0.2.1
2025-09-20 18:33:56.551 DEBUG [kea-dhcp4.packets/3444.140013062235840] DHCP4_SUBNET_SELECTION_FAILED [hwtype=1 bc:24:11:7a:94:08], cid=[no info], tid=0x8d4ac112: failed to select subnet for the client
2025-09-20 18:33:56.551 DEBUG [kea-dhcp4.bad-packets/3444.140013062235840] DHCP4_PACKET_DROP_0002 [hwtype=1 bc:24:11:7a:94:08], cid=[no info], tid=0x8d4ac112, from interface eth1: no suitable subnet configured for a direct client

Workaround:

vyos@vyos# tcpdump -i any -n port 67
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:01:36.877708 eth1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:7a:94:08, length 300
19:01:36.877728 red   Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:7a:94:08, length 300
19:01:38.394342 eth1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:7a:94:08, length 300
19:01:38.394364 red   Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:7a:94:08, length 300
...
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel
[edit]
vyos@vyos# del interfaces ethernet eth1 address 192.0.2.1/30
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# sudo service kea-dhcp4-server@red restart
[edit]
vyos@vyos# tcpdump -i any -n port 67
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:02:53.219676 eth1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:7a:94:08, length 300
19:02:53.219697 red   Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:7a:94:08, length 300
19:02:53.220313 eth1  Out IP 100.64.0.1.67 > 100.64.0.10.68: BOOTP/DHCP, Reply, length 268
19:02:53.220704 eth1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:7a:94:08, length 300
19:02:53.220715 red   Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:7a:94:08, length 300
19:02:53.221018 eth1  Out IP 100.64.0.1.67 > 100.64.0.10.68: BOOTP/DHCP, Reply, length 268
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
sarthurdev added a comment.Sep 20 2025, 7:47 PM

Upstream issue: https://gitlab.isc.org/isc-projects/kea/-/issues/3162

sarthurdev mentioned this in T7853: Kea will not offer address from subnet of secondary interface address.Sep 20 2025, 8:37 PM
sarthurdev closed this task as Not Applicable.Sep 20 2025, 8:40 PM
sarthurdev moved this task from Need Triage to Completed on the VyOS Rolling board.

Will track in https://vyos.dev/T7853

pasik subscribed.Sep 21 2025, 6:32 PM