Preview Tool

Cisco Bug: CSCvu58269 - Inter-VRF DHCP relay fails when server response is sent to border leaf not owning DST IP

Last Modified

Jun 15, 2021

Products (25)

  • Cisco Application Policy Infrastructure Controller (APIC)
  • Cisco Nexus 9516 Switch
  • Cisco Nexus 9396TX Switch
  • Cisco Nexus 9396PX Switch
  • Cisco Nexus 93108TC-FX Switch
  • Cisco Nexus 93120TX Switch
  • Cisco Nexus 93240YC-FX2 Switch
  • Cisco Nexus 9332C Switch
  • Cisco Nexus 93108TC-EX Switch
  • Cisco Nexus 9372TX-E Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

14.2(4i) 15.0(1k)

Description (partial)

DHCP clients in the Cisco ACI fabric fail to obtain addresses from a DHCP server if inter-VRF DHCP is being used and the DHCP provider is an L3Out in a different VRF table than the client.

The DHCP client must be using inter-VRF DHCP using a provider that is reachable through an L3Out.

Additionally, the DHCP packets must hash or be routed similar to the scenario below for it to fail (this assumes we have 2 border leaf switches):

Border leaf switch 1 sends a relay packet from its SVI and from its loopback.
Border leaf switch 2 sends a relay packet from its SVI and from its loopback.

If, for example, the DHCP server responds to the request from border leaf switch 1's loopback IP address, and that packet hashes or is sent to border leaf switch 2 from the L3Out external router, border leaf switch 2 routes it using the overlay to border leaf switch 1, and then border leaf switch 1 drops this packet due to the wrong TCAM rule being hit. This DHCP offer is never seen by the DHCP process on border leaf 1switch .
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.