Saturday, September 18, 2021

Firewalls and DHCP Transaction ID

We are currently troubleshooting an issue where in our site has asymmetrical routing towards the data center where the DHCP servers are. The discover message goes out one side and the offer message is being received on the other WAN circuit. Based from the packet capture the transaction ID is being altered. If we try to force the DHCP communication over one circuit via static route or shutting down one circuit then DHCP works well and transaction ID is intact. We do not have access at the DC side but we suspect that there are two firewalls out there facing different mpls circuits that's causing the transaction ID to be altered. I can't think of any network device that would alter the payload other than a firewall.

So assumption is, discover message goes out mpls1, passes through fw1, offer message goes back through fw2, then mpls2. Thinking like since fw2 doesn't have session on its table, it messes up the offer message but it allowed to pass through. Maybe they allowed to pass udp any/any.

I just can't seem to find a firewall product that could cause this. Any idea? Thanks!



No comments:

Post a Comment