[AusNOG] DHCP going astray on NBN tails

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Fri Dec 4 21:33:26 EST 2015


What is wrong with what Cisco is doing? The DHCP RFC specifies destination ports, it doesn't say anything about source ports, so source ports could be anything, including zero (See the text in RFC768 for the source port definition, which says it is optional). DHCP requests and responses are matched up using the 'xid' field, meaning source ports aren't used for that and therefore are redundant.

So I think it is the NTD that is broken, not the Cisco router.

________________________________
From: Matt Carter <matt.carter at iseek.com.au>
To: "ausnog at ausnog.net" <ausnog at ausnog.net> 
Sent: Friday, 4 December 2015, 15:25
Subject: [AusNOG] DHCP going astray on NBN tails




Hi All,
 
A while back I touched on an issue where by Cisco CPE on NBN tail is configured for IP helper against a centralised DHCP server, the DHCP request hits the DHCP server, the DHCP server responds with an offer which can be observed in a capture egressing to the NBN NNI however the offer does not pop out at the UNI-D. The issue presents on some NBN tails and no others, Eg a customer with 6 sites has 4 working and 2 not, even though the config is pretty much identical except for addressing. This issue has been isolated by NBN and I thought I would share our findings.
 
The DHCP standard RFC 2131 states that “DHCP messages from a client to a server are sent to the 'DHCP server' port (67), and DHCP messages from a server to a client are sent to the 'DHCP client' port (68)". It would appear that in Cisco IOS both the DHCP discovery and offer packets having a source and destination port of UDP 67.
 
The AVCs under fault are connected via the newer model NTD which nbn began deploying as standard issue across the network from around July 2015.  This hardware correctly handles DHCP packets with regards to RFC 2131, whereas the older model hardware had a “minor defect” which resulted in the DHCP packets being passed even when addressed to the incorrect port.  In essence, “the services working in this configuration on the older model hardware were only doing so by accident, not by design, and thus the situation is not something that nbn is able to correct”
 
The NTD hardware can be identified by the model ID silkscreened on the front panel; the older hardware is the I-240G-R, the newer variant is the G-240G-P. We are working with Cisco on a resolution, if you are also affected by this issue and would like to be notified of the progress please just let me know.
 
Kind regards,
 
Matt Carter
Senior Network Engineer
Phone:1300 661 668   |   Fax:1300 661 540
Email:matt.carter at iseek.com.au   |    Web:http://www.iseek.com.au
Address: Level 4, 60 Edward Street, Brisbane QLD 4000   |   PO Box 15087, City East QLD 4002
 
NB: iseek HQ has moved to Brisbane CBD. Effective 2 February 2015
 
 
This e-mail and any files transmitted with it may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorised to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message.
 
 
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog


More information about the AusNOG mailing list