Introduction

This document describes the troubleshooting steps and solution for DHCP packet drops in EVPN on Cisco Catalyst 9500X/9600X Series switches.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

• Basic understanding of DHCP and its operation in a network.
• Familiarity with Cisco IOS commands and troubleshooting techniques.
• Knowledge of LAN Switching and routing protocols.
• Knowledge of EVPN common configuration scenarios.

Components Used

The information in this document is based on these software and hardware versions:

• Hardware: Cisco Catalyst 9500X-28C8D, 9500X-60L4D or 9600X-SUP-2
• Software Version: 17.12.x

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Problem

The issue observed is that DHCP packets coming back from the DHCP server (DHCP OFFER) are dropped by the switch acting as a relay agent, when the DHCP Client and Server are connected to the same VTEP / Leaf Node, but are in two different VRFs.

In this example, the cilent is in VLAN 10 in VRF GREEN, and the server is in VLAN 20 in VRF RED.

• This problem can be identified by these command outputs:

device#show run interface vlan 10
interface Vlan10
 description CLIENT
 mac-address cafe.cafe.cafe
 vrf forwarding GREEN
 ip dhcp relay source-interface Loopback10
 ip address 172.30.208.1 255.255.255.128
 ip helper-address vrf RED 192.168.1.10 <-- Leaking from GREEN to RED


device#show run interface vlan 20
interface Vlan20
 description SERVER
 mac-address abcd.abcd.abcd
 vrf forwarding RED                  <--- Server is in VRF RED (Same VTEP)
 ip address 192.168.1.1 255.255.255.0


device# show plat soft fed switch active punt asic-cause br
ASIC Cause Statistics Brief

+-----------------------------------------------------------------------------------+
| Source |         Cause        |           Rx            |           Drop          |
|        |                      |     cur    |    delta   |     cur    |    delta   |
+-----------------------------------------------------------------------------------+
 
    LPTS   DHCPv4 S to S           577087870         9219        30905            7  <-- Drops in this counter
    LPTS   DHCPv4 C to S               56467            0        56467            0

Solution

The solution involves upgrading the software version to address the issue. These steps outline the process:

Option 1: Apply a Workaround

• Move the DHCP Server to a different VTEP with no DHCP clients that rely on that server
• Deploy more than one DHCP Server
• Move server outside of the Fabric.

Option 2: Upgrade the Software

Upgrade the switch to a version of code which has the fix for Cisco bug ID CSCwm44805

• Version 17.15.1 and later.

Upgrade process is outside the scope of this document.  For more information on how to upgrade the switch refer to:

• 9500 Install and Upgrade Guides
• 9600 Install and Upgrade Guides
• Upgrade Guide for Catalyst 9000 Switches
• Recommended Releases for Catalyst 9200/9300/9400/9500/9600 Platforms

Note: There are no plans to fix this in any release trains prior to 17.15.1

Related Information

• Cisco Technical Support & Downloads
• Cisco bug ID CSCwm44805