DHCP over Relay on Docker

DHCP (Dynamic Host Configuration Protocol) helps us to address dynamically our hosts on the network. In fact, when a Host is configured to get its IP address dynamically, it will broadcast a DHCP Request on the network searching for a DHCP server. DHCP server has to be on the same broadcast domain as the CLIENTS since routers do not forward broadcast packets.

For Docker container it means that we must connect our container to each subnet in the network of our company. But we want to use just one interface (in that post I'll use macvlan) on our container. But problem is:

As our DHCP Client wants to get an IP address, it will send a DHCP Discover message which is a broadcast message. As the Router/Gateway/Firewall do not forward broadcast packets, this message will never reach the DHCP Server (our Docker Container).

To solve this issue we'll use DHCP Relay Agent. This feature is activated on a network device having interfaces in all subnets of the network of the company:

1. this device (router/gateway/firewall) forwards DHCP messages to the DHCP Server, and when the DHCP Server responds, this device forwards the replies to the Client. 
2. DHCP Realy Agent adds giaddr (gateway interface address) field to the DHCP Packet. This field contains DHCP Relay Agent interface IP address which received DHCP Request and also this field helps to identify pool from which DHCP Server has to select IP addresses. 
3. After identifying pool DHCP Server replies with DHCP Offer broadcast message and this message forwarded by DHCP Relay Agent to the DHCP Client.
4. DHCP Client replies with DHCP Request message 
5. this message also forwarded to the DHCP Server by DHCP Relay Agent
6. DHCP Server replies with DHCP Ack
7. this message forwarded to the DHCP Client by DHCP Relay Agent 
8. finally DHCP Clietn is assigned an IP address

If you want to use Cisco ISR as Relay Agent:

1. Setup interface which will be used to interconnect DHCP Relay Agent and DHCP Server:
1. conf term
2. int fa0/1 # DHCP Server facing interface
3. ip address 172.16.3.4 255.255.255.0
2. Setup interface which will use DHCP Relay Agent and enable IP-helper (DHCP Server IP address) on that interface - all DHCP messages will be forwarded to that IP address:
1. int fa 0/0
2. ip address 10.10.6.1 255.255.225.0
3. ip helper-address 172.16.3.249
4. do wr
3. Check configuration:
1. show ip int fa0/0
4. Also we need to configure static route on the DHCP Server if DHCP Relay Agent is not default gateway for the DHCP Server:
1. ip route add 10.10.6.0/24 via 172.16.3.4 # this is not persistent setup to make it persistent create route file for needed interface

Because of using macvlan for Docker Container, you need to enable IP forwarding on Docker Host:

echo 1 /proc/sys/net/ipv4/ip_forward . Previous is not persistent  setup, to make it persistent:

1. sudo vi /etc/sysctl.conf and add net.ipv4.ip_forward = 1
2. sudo sysctl -p

If you want to use CentOS 7 as Relay Agent:

1. Setup interface which needs to use DHCP Relay Agent:
1. vi ifcfg-eth0
1. IPADDR=10.10.6.1 
2. PREFIX=24
2. vi ifcfg-eth1  # DHCP Server facing interface
1. IPADDR=172.16.3.4
2. PREFIX=24
3. yum install dhcp # dhcp-relay is part of dhcp package
4. cp /usr/lib/systemd/system/dhcrelay.service /etc/systemd/system
5. vi /etc/systemd/system
1. under [Service]
2. append IP address of the DHCP server to the ExecStart after --no-pid:
1. ExecStart=/usr/sbin/dhcrelay -d --no-pid 172.16.3.249
2. Also you can choose interfaces to activate DHCP Relay on them (by default all interfaces are used). You must use separate "-i" option for each additional interface:
1. ExecStart=/usr/sbin/dhcrelay -d --no-pid 172.16.3.249 -i eth1 -i eth2.20
6. systemctl --system daemon-reload
7. systemctl start dhcrelay
8. systemctl enable dhcrelay
9. systemctl status dhcrelay
2. Also we need to configure static route on the DHCP Server if DHCP Relay Agent is not default gateway for the DHCP Server:
1. ip route add 10.10.6.0/24 via 172.16.3.4 # this is not persistent setup to make it persistent create route file for needed interface

If you want to use CentOS 6 as Relay Agent:

1. Setup interface which needs to use DHCP Relay Agent:
1. vi ifcfg-eth0
1. IPADDR=10.10.6.1 
2. NETMASK=24
2. vi ifcfg-eth1  # DHCP Server facing interface
1. IPADDR=172.16.3.4
2. NETMASK=24
3. yum install dhcp # dhcp-relay is part of dhcp package
4. vi /etc/sysconfig/dhcrelay
1. INTERFACES= "eth1 eth2.20" #which interfaces must use DHCP Relay Agent
2. DHCPSERVERS="172.16.3.249" # DHCP server IP address
5. service dhcrelay start
6. chkconfig dhcrelay on
7. service dhcrelay status
2. Also we need to configure static route on the DHCP Server if DHCP Relay Agent is not default gateway for the DHCP Server:
1. ip route add 10.10.6.0/24 via 172.16.3.4 # this is not persistent setup to make it persistent create route file for needed interface

Interface with DHCP relay must use static IP address (no DHCP is allowed).

dhcp.conf

# this server is primary and authorative server on that network

authoritative;

# dhcpd listens *only* on interfaces for which it finds subnet declaration in dhcpd.conf

# empty declaration for local IP subnet to start listening on eth0 interface

subnet 172.16.3.0 netmask 255.255.255.0 { }

subnet 10.10.6.0 netmask 255.255.255.0 {

        range 10.10.6.2 10.10.6.3;

        option routers 10.10.6.1;

        #option domain-name-servers 8.8.8.8, 8.8.4.4;

    }

to kill process on container:

top > k > PID > Enter

dhcp -cf dhcp.conf