Flat provider network - how to prevent DHCP requests from being answered by external DHCP server?

asked 2019-07-18 06:19:10 -0500

alex123 gravatar image

I have flat provider network configured on my OpenStack Rocky RDO installation and DHCP-enabled subnet. When I launch new instances into this network I'm expecting them to get IP address from Neutron's DHCP agent - however sometimes they get IP addresses from the external DHCP server in my network. The behavior seems to be quite random (maybe because it's a race condition) - some instances get correct IP addresses (from Neutron's DHCP agent) and others get incorrect IP addresses (from external DHCP server).

How can prevent this weird behavior and make sure that all instances always get correct IP addresses (from Neutron's DHCP agent)?

Here's my config:


[admin@se-openstack-2 ~(keystone_admin)]$ openstack network show flat_network
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2018-07-11T14:11:37Z                 |
| description               |                                      |
| dns_domain                | None                                 |
| id                        | 5ea48edc-674b-40db-8ce7-1ed7ee3de972 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | None                                 |
| is_vlan_transparent       | None                                 |
| mtu                       | 1500                                 |
| name                      | flat_network                         |
| port_security_enabled     | True                                 |
| project_id                | e41bef831627442281a4b89c5771575e     |
| provider:network_type     | flat                                 |
| provider:physical_network | extnet                               |
| provider:segmentation_id  | None                                 |
| qos_policy_id             | None                                 |
| revision_number           | 6                                    |
| router:external           | Internal                             |
| segments                  | None                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | c81161f8-82e0-4ebb-a294-6959a6057651 |
| tags                      |                                      |
| updated_at                | 2018-07-11T14:14:06Z                 |
+---------------------------+--------------------------------------+

[admin@se-openstack-2 ~(keystone_admin)]$ openstack subnet show flat_subnet
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 10.4.220.60-10.4.220.99              |
| cidr              | 10.4.0.0/16                          |
| created_at        | 2018-07-11T14:12:01Z                 |
| description       |                                      |
| dns_nameservers   | 10.1.1.11                            |
| enable_dhcp       | True                                 |
| gateway_ip        | 10.4.0.1                             |
| host_routes       |                                      |
| id                | c81161f8-82e0-4ebb-a294-6959a6057651 |
| ip_version        | 4                                    |
| ipv6_address_mode | None                                 |
| ipv6_ra_mode      | None                                 |
| name              | flat_subnet                          |
| network_id        | 5ea48edc-674b-40db-8ce7-1ed7ee3de972 |
| project_id        | e41bef831627442281a4b89c5771575e     |
| revision_number   | 1                                    |
| segment_id        | None                                 |
| service_types     |                                      |
| subnetpool_id     | None                                 |
| tags              |                                      |
| updated_at        | 2018-07-11T14:14:06Z                 |
+-------------------+--------------------------------------+
edit retag flag offensive close merge delete

Comments

From my experience this is kind of messy because the external dhcp server will interfer with neutron. Even if your instances receive a valid ip address by neutron, sometimes it's not configured properly within that instance. I would separate the neutron allocation_pool from the external pool.

eblock gravatar imageeblock ( 2019-07-18 07:03:16 -0500 )edit

The real solution is to fix the DHCP servers e.g. by configuring the MAC addresses that they serve, or by separating them to different VLANs.

Or try to configure the instances' DHCP clients, for example using the reject directive in dhclient.conf.

Bernd Bausch gravatar imageBernd Bausch ( 2019-07-19 01:58:57 -0500 )edit