Discussion:
Need advice on configuration of multi-homed DHCP server
(too old to reply)
Lew Pitcher
2018-02-26 01:25:07 UTC
Permalink
Raw Message
Hi, all

I'm reorganizing my home lan, and am having some trouble configuring ISC
DHCPD (isc-dhcpd-4.3.4) to serve up addresses on two different subnets. The
complication seems to come from having both subnets serviced by the same
physical interface; eth0 fronts one subnet, and eth0:1 fronts the other.

My LAN consists of a number of wired ethernet devices and some wireless
devices as well. The wifi devices all pass through a wifi router in
"bridged" (or "AP") mode.


A number of devices on this network (such as my desktop workstation, an IP-
PBX, and the wireless router) have fixed, pre-assigned IP addresses.
Several wired devices acquire pre-assigned addresses through DHCP. The
remaining devices (both wired and wireless) acquire ad-hoc addresses through
DHCP.

Over the years, I've become sloppy in managing my network, mostly because
there was no impact. But, now, I have to clean up. And so, I have begun to
reorganize my network to (attempt to) eliminate routing conflicts, and
rationalize IP address assignment.

There are several complications:
1) I have a number of ethernet switches installed (daisychained), each
providing wired connectivity to my existing ethernet network.

2) I have the wifi router set up as a bridge ("AP Mode") because I want to
document and manage IP addresses centrally. The Wifi router not only
services connections from WIFI clients, it also provides four wired
ethernet ports. This wifi router hangs off of one of the ethernet
switches mentioned above

3) I have a number of devices that have both wired ethernet /and/ wifi
networking. While it is unlikely that any of these devices will use both
of their interfaces simultaneously, I want to configure my LAN to
properly accomodate this possibility by assigning IP addresses to one of
two subnets, based on whether they are for the "wired" or "wireless" NIC.

So, the current situation looks like....


<internet> --- +-+--+-+ desktop IP PBX ad-hoc (0.?)
/ |p: :e|0.1 |0.2 |0.3 |
___|p: :t|_________+________+______+_________+
|p: :h| |0.5
|0: :0| [wifi]
+-+--+-+ |
+---- ))) wifi host (0.?)
|
+---- ))) wifi host (0.?)
|
+---- ))) wifi host (0.?)

My goal is to break the wifi part of my network off into a separate subnet:

<internet> --- +-+--+-+ desktop IP PBX ad-hoc (0.?)
/ |p: :0|0.1 |0.2 |0.3 |
___|p: :_|---------+--------+-----------+
|p: :1|
|0: : |-----------------------[wifi] 1.2
+-+--+-+1.1 |
+---- ))) wifi host (1.?)
|
+---- ))) wifi host (1.?)
|
+---- ))) wifi host (1.?)


So, besides the existing subnet on eth0, I've added a new, distinct, subnet
on eth0:0.

Now, I need to configure DHCPD to service these two subnets.

At first, I simply defined a second subnet to dhcpd in /etc/dhcpd.conf,
expecting that queries coming to eth0:1 (from wifi clients via the wifi
bridge) would receive addresses in the range specified by the second subnet,
but that was not the case. I noticed that the dhcpd startup only listed eth0
and it's subnet in the "Listening on" line.

Some googling got me to a recommendation that I should put both DHCP subnet
statements into a "shared-network" declaration, so I tried that. Nothing
changed.

Since I explicitly specified eth0 in my dhcpd startup, I modified the
startup to not name any interface. Nothing changed; queries from clients
attached to the wifi bridge still received addresses from the other subnet.

So, I went the other way, and specified both eth0 /and/ eth0:1 in my dhcpd
startup. More nothing changed, but with error messages this time.
dhcpd: No subnet declaration for eth0:1 (no IPv4 addresses).
dhcpd: ** Ignoring requests on eth0:1. If this is not what
dhcpd: you want, please write a subnet declaration
dhcpd: in your dhcpd.conf file for the network segment
dhcpd: to which interface eth0:1 is attached. **

I reverted the dhcpd startup changes and the "shared-network" configuration
change, and tried another tack.

On the "host" declarations (each host identified by it's MAC address), I
gave each known host a patterned name (wired hosts were ET_<name>, wifi
hosts were WI_<name>).

I wrote "class" declarations to (I thought) match based on the first 3
characters of the host identifier. For example:
class "wired" {
match if substring (host-decl-name, 0, 3) = "ET_";
}

And, instead of default ranges, I specified "pool"s in each subnet, with
access to the pool controlled by allow and deny statements.

That didn't work either; queries from clients attached to the wifi bridge
still received addresses from the other subnet.


So, now I've reverted again, and am rethinking my redesign. In the mean
time, I thought that I'd solicit advice from the group. Can I get dhcpd to
service two subnets when the subnets are on network device aliases?

I'm running stock Slackware 14.0 with all updates applied.


Any advice would be helpful. Thanks in advance.
--
Lew Pitcher
"In Skills, We Trust"
PGP public key available upon request
Grant Taylor
2018-02-26 02:49:44 UTC
Permalink
Raw Message
Post by Lew Pitcher
So, now I've reverted again, and am rethinking my redesign. In the mean
time, I thought that I'd solicit advice from the group. Can I get dhcpd
to service two subnets when the subnets are on network device aliases?
I highly doubt that you can get DHCP to do what you are wanting to do on
a single network interface.

Remember that aliases, eth0:1, are effectively multiple IPs on the same
device.

So, how can you have two different DHCP client scopes on the same
device? After all, the DHCP broadcasts should come from 0.0.0.0 and go
to 255.255.255.255 with no indication of which network they are from or
for, wired or wireless.

You /might/ be able to define a single bigger scope, say /23 that covers
0.x and 1.x. (I'm assuming /24 on both.) And then use different
matching directives to assign clients in the upper and lower half (/24)
of the bigger (/23) scope.
--
Grant. . . .
unix || die
Richard Kettlewell
2018-02-26 08:41:34 UTC
Permalink
Raw Message
Post by Lew Pitcher
2) I have the wifi router set up as a bridge ("AP Mode") because I want to
document and manage IP addresses centrally. The Wifi router not only
services connections from WIFI clients, it also provides four wired
ethernet ports. This wifi router hangs off of one of the ethernet
switches mentioned above
Since it’s a bridge, wifi endpoints will be indistinguishable from wired
endpoints.
Post by Lew Pitcher
3) I have a number of devices that have both wired ethernet /and/ wifi
networking. While it is unlikely that any of these devices will use both
of their interfaces simultaneously, I want to configure my LAN to
properly accomodate this possibility by assigning IP addresses to one of
two subnets, based on whether they are for the "wired" or "wireless" NIC.
Why do you want to distinguish wired and wireless endpoint by IP address
in the first place? Having the same host be given a different IP address
depending on how it’s physically connected seems rather inconvenient...
Post by Lew Pitcher
At first, I simply defined a second subnet to dhcpd in /etc/dhcpd.conf,
expecting that queries coming to eth0:1 (from wifi clients via the wifi
bridge) would receive addresses in the range specified by the second subnet,
but that was not the case. I noticed that the dhcpd startup only listed eth0
and it's subnet in the "Listening on" line.
DHCP discover messages normally go to the IP broadcast address (and
indeed the ethernet broadcast address), not to any of the unicast
addresses on your interface. Your DHCP server has no way to distinguish
wired endpoints from wifi endpoints.
--
https://www.greenend.org.uk/rjk/
Rich
2018-02-26 11:13:32 UTC
Permalink
Raw Message
Post by Lew Pitcher
Hi, all
I'm reorganizing my home lan, and am having some trouble configuring ISC
DHCPD (isc-dhcpd-4.3.4) to serve up addresses on two different subnets. The
complication seems to come from having both subnets serviced by the same
physical interface; eth0 fronts one subnet, and eth0:1 fronts the other.
That is one ethernet card, two IP addresses.
Post by Lew Pitcher
Any advice would be helpful. Thanks in advance.
What you want is most easily accomplished with two ethernet cards and
independent ethernet interconnect. DHCP operates at a layer below the
IP layer (because it must communicate /before/ an IP address is
assigned).

As far as the DHCP server is concernet there is only one network, the
one physical ethernet card it sees, with one single physical MAC
address.

The only way to achieve something like what you want, but with only a
single ethernet card, is to preconfigure every single possible end
point with a MAC->IP mapping in the dhcp config files. For all of your
static elements this is not hard, just a pain.

But for elements that use dhcp to obtain a temporary address, you'll
have to consign yourself to having all dynamically allocated addresses
in a single subnet, whether they be wifi or hard endpoints.

But if you want to segregate by hard vs. wifi, you'll need two ethernet
cards, with all wifi connected to one, and all hard items connected to
the other (and separate IP subnets on both).
Richard Kettlewell
2018-02-26 11:38:18 UTC
Permalink
Raw Message
Post by Rich
Post by Lew Pitcher
Hi, all
I'm reorganizing my home lan, and am having some trouble configuring ISC
DHCPD (isc-dhcpd-4.3.4) to serve up addresses on two different subnets. The
complication seems to come from having both subnets serviced by the same
physical interface; eth0 fronts one subnet, and eth0:1 fronts the other.
That is one ethernet card, two IP addresses.
Post by Lew Pitcher
Any advice would be helpful. Thanks in advance.
What you want is most easily accomplished with two ethernet cards and
independent ethernet interconnect. DHCP operates at a layer below the
IP layer (because it must communicate /before/ an IP address is
assigned).
Above, not below. It uses UDP ports 67 and 68.
Post by Rich
As far as the DHCP server is concernet there is only one network, the
one physical ethernet card it sees, with one single physical MAC
address.
The only way to achieve something like what you want, but with only a
single ethernet card, is to preconfigure every single possible end
point with a MAC->IP mapping in the dhcp config files. For all of your
static elements this is not hard, just a pain.
VLANs would also work, depending what the OP actually wants.
--
https://www.greenend.org.uk/rjk/
Grant Taylor
2018-02-28 03:06:05 UTC
Permalink
Raw Message
Post by Richard Kettlewell
Above, not below. It uses UDP ports 67 and 68.
VLANs would also work, depending what the OP actually wants.
Agreed on both accounts.

Further, just because DHCP happens before * a machine has an IP address
does not mean that it operates below IP. (It happens routinely after a
machine has an IP to renew leases too.)
--
Grant. . . .
unix || die
Lew Pitcher
2018-02-26 15:21:31 UTC
Permalink
Raw Message
Thanks, Richard, Rich, and Grant; you all confirmed what I suspected to be
true. You all have confirmed, in one way or another, that I can't meet my
goal of 2 subnets with the hardware I have on hand, and that I should re-
examine the assumptions I had when I started this change.

I've backed out all my changes; my lan now exists entirely as one subnet
routed through one device. I will still pursue DHCP as a means of grouping
IP address assignments, but as separate pools within this single subnet.
Post by Lew Pitcher
Hi, all
I'm reorganizing my home lan, and am having some trouble configuring ISC
DHCPD (isc-dhcpd-4.3.4) to serve up addresses on two different subnets.
The complication seems to come from having both subnets serviced by the
same physical interface; eth0 fronts one subnet, and eth0:1 fronts the
other.
[snip]
Post by Lew Pitcher
Any advice would be helpful. Thanks in advance.
Thanks for answering so promptly. You guys are good.
--
Lew Pitcher
"In Skills, We Trust"
PGP public key available upon request
Grant Taylor
2018-02-28 03:08:43 UTC
Permalink
Raw Message
Post by Lew Pitcher
Thanks, Richard, Rich, and Grant; you all confirmed what I suspected
to be true. You all have confirmed, in one way or another, that I can't
meet my goal of 2 subnets with the hardware I have on hand, and that I
should re- examine the assumptions I had when I started this change.
You can absolutely have multiple subnets on the same LAN (broadcast
domain). I've done it multiple times.

The problem that you're running into is that DHCP can't differentiate
between which LAN dynamic clients should be on. At least not without help.

Help can be in the form of reserved MAC addresses. Or you could
statically configure all the hosts on one of the subnets.

DHCP on the single interface is your limiting factor. Not multiple
subnets on a single interface.
Post by Lew Pitcher
I've backed out all my changes; my lan now exists entirely as one subnet
routed through one device. I will still pursue DHCP as a means of grouping
IP address assignments, but as separate pools within this single subnet.
*nod* That works too.
--
Grant. . . .
unix || die
Loading...