[GLLUG] A question about DHCP

John Winters john at sinodun.org.uk
Sat Sep 12 15:05:11 UTC 2020 

I've just spent a little while diagnosing a DHCP issue which really 
confused me.  I had just set up a new Linux box on which I am intending 
to run several VMs using KVM/Qemu.  The box runs Debian 10.

I configured a network bridge on it as normal, and ported over an 
existing VM image from a different machine.  All worked as expected.

Then I tried to provision a new VM and it didn't seem to be able to talk 
to the network properly.  It worked if I used the in-built NAT network 
interface, but not if I connected it to br0.  I therefore installed the 
OS using the NAT connection, and then switched it back to br0 (so I 
would have decent tools at my disposal to work out why).

It turned out the new VM was picking up exactly the IPv6 address which I 
expected, but a totally surprising IPv4 address.  At first I thought it 
was getting it from the KVM/Qemu installation (as it would for the NAT 
configuration) but then I realised that it was from a similar but 
different IPv4 address range.

It turned out that the router to which the physical box was connected 
had an unintended DHCP server running on it, and that was allocating the 
rogue IP address.  What puzzles me now is why this had not caused issues 
in the past.  It must have been there for years.

Both the physical box and the first VM had fixed IP addresses allocated 
via DHCP on the site's two intended DHCP servers, and both those worked 
correctly.  Only the new VM had not got a fixed one, and thus seemed to 
end up with one allocated by the router.

Is there something in a DHCPOFFER to make fixed addresses more 
attractive to the client?  All the DHCPDISCOVERs must have passed 
through the router with the rogue DHCP server, and the real DHCP servers 
were further away so the rogue response must have come back first and 
yet the first two ignored the rogue responses and went for the (correct) 
fixed addresses, whilst the new VM went for the one from the router.

I suppose it would be logical for there to be something like that in the 
DHCPOFFER, but I can't find a reference to it.

TIA,
John

-- 
Xronos Scheduler - https://xronos.uk/
All your school's schedule information in one place.
Timetable, activities, homework, public events - the lot
Live demo at https://schedulerdemo.xronos.uk/

More information about the GLLUG mailing list