How to avoid multiple DHCP request forward to all Servers?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

How to avoid multiple DHCP request forward to all Servers?

priyankrathi
Hi,
Network_Topology_Multiple_Relay-Server.png

                                     _____________
                                    |                       |
Client 1 ----[S/W]------- |                       |----------- Server 1
                                    |   relay agent    |
                                    |                       |
Client 2 ---[S/W]-------- |                       |----------- Server 2
                                    |_____________|

As per the above attached Network Topology, the following are configuration done on every machine.

1. Server1:
IP address on eth1 is 10.1.1.1/24
DHCP server IP pool: 192.168.1.100 - 192.168.1.200
Static Route to 192.168.1.0/24 via 10.1.1.2

2. Server2:
IP address on eth1 is 10.1.2.1/24
DHCP server IP pool: 192.168.2.100 - 192.168.2.200
Static Route to 192.168.2.0/24 via 10.1.2.2

3. Relay Agent (R)
IP address on eth1: 192.168.1.1/24
IP address on eth2: 192.168.2.1/24
IP address on eth3: 10.1.1.2/24
IP address on eth4: 10.1.2.2/24
Enable IP forwarding for IPv4.
dhcrelay -i eth1 -i eth3 10.1.1.1 -i eth2 -i eth4 10.1.2.1 -4

4. Client1:
eth1 has a DHCP client which is connected to the same network of R:eth1.

5. Client2:
eth1 has a DHCP client which is connected to the same network of R:eth2.

After doing this configuration:
Client1 got the IP from Server1's Pool.
Client2 got the IP from Server2's Pool.

Problem Statement:
While observing the packet capture, I found that the relay agent is forwarding the request received from Client1 to both the servers. Similarly, the request from Client2 is also forwarded to both the servers.
How can we achieve the request coming from Client1 should ONLY be forwarded to 10.1.1.1 and request from Client2 should be forwarded ONLY to 10.1.2.1?
-- Thanks and Regards,
Priyank Rathi
Reply | Threaded
Open this post in threaded view
|

Re: How to avoid multiple DHCP request forward to all Servers?

Sten Carlsen

Hi

Does it matter that both servers see all messages? Only the one with the appropriate address pool should answer.

The other solution I can see is to have separate relays, it seems that the only link between the otherwise completely separate network systems is the relay.

If this is a larger setup with other connections between the segments, then you could consider doing failover between the dhcp servers.


On 06/04/2017 14:34, priyankrathi wrote:
Hi,
Network_Topology_Multiple_Relay-Server.png
<http://isc-dhcp-users.2343191.n4.nabble.com/file/n1905/Network_Topology_Multiple_Relay-Server.png>  

                                     _____________
                                    |                       |
Client 1 ----[S/W]------- |                       |----------- Server 1
                                    |   relay agent    |
                                    |                       |
Client 2 ---[S/W]-------- |                       |----------- Server 2
                                    |_____________|

As per the above attached Network Topology, the following are configuration
done on every machine.

1. Server1:
IP address on eth1 is 10.1.1.1/24
DHCP server IP pool: 192.168.1.100 - 192.168.1.200
Static Route to 192.168.1.0/24 via 10.1.1.2

2. Server2:
IP address on eth1 is 10.1.2.1/24
DHCP server IP pool: 192.168.2.100 - 192.168.2.200
Static Route to 192.168.2.0/24 via 10.1.2.2

3. Relay Agent (R)
IP address on eth1: 192.168.1.1/24
IP address on eth2: 192.168.2.1/24
IP address on eth3: 10.1.1.2/24
IP address on eth4: 10.1.2.2/24
Enable IP forwarding for IPv4.
dhcrelay -i eth1 -i eth3 10.1.1.1 -i eth2 -i eth4 10.1.2.1 -4

4. Client1:
eth1 has a DHCP client which is connected to the same network of R:eth1.

5. Client2:
eth1 has a DHCP client which is connected to the same network of R:eth2.

After doing this configuration:
Client1 got the IP from Server1's Pool.
Client2 got the IP from Server2's Pool.

Problem Statement: 
While observing the packet capture, I found that the relay agent is
forwarding the request received from Client1 to both the servers. Similarly,
the request from Client2 is also forwarded to both the servers.
How can we achieve the request coming from Client1 should ONLY be forwarded
to 10.1.1.1 and request from Client2 should be forwarded ONLY to 10.1.2.1?



--
View this message in context: http://isc-dhcp-users.2343191.n4.nabble.com/How-to-avoid-multiple-DHCP-request-forward-to-all-Servers-tp1905.html
Sent from the ISC DHCP Users mailing list archive at Nabble.com.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: How to avoid multiple DHCP request forward to all Servers?

Niall O'Reilly
In reply to this post by priyankrathi
Hello

On 6 Apr 2017, at 13:34, priyankrathi wrote:

> Problem Statement:
> While observing the packet capture, I found that the relay agent is
> forwarding the request received from Client1 to both the servers.
> Similarly,
> the request from Client2 is also forwarded to both the servers.

It's not clear to me why you see this as a problem.

> How can we achieve the request coming from Client1 should ONLY be
> forwarded
> to 10.1.1.1 and request from Client2 should be forwarded ONLY to
> 10.1.2.1?

I believe that this approach will simply maximize the burden of future
maintenance.

I would recommend instead that you simply accept that the relay is
operating
correctly and focus instead on configuring your servers so that they
offer
only the addresses you require to clients on the different networks.

Best regards,

Niall O'Reilly
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: How to avoid multiple DHCP request forward to all Servers?

Simon Hobson
Niall O'Reilly <[hidden email]> wrote:

> I believe that this approach will simply maximize the burden of future
> maintenance.
>
> I would recommend instead that you simply accept that the relay is operating
> correctly and focus instead on configuring your servers so that they offer
> only the addresses you require to clients on the different networks.

+1

If the OP really wants requests from client1 to go to server 1, and requests from client 2 to go to server 2, then he either needs to introduce some sort of filtering in the relay agent (probably not supported), or run two relay agents (probably not supported on the router).
So if instead of running a relay agent on the router (it doesn't have to be in a router), he could run a relay agent in each network, configured to only send requests to the one server. But as you say, this seems designed to create more work than is required.

A simple way of having each server only answer "it's clients" would be to simply have a config where the subnet for 'the other clients" is empty. Ie, on server 1 :

subnet 192.168.1.0 ... {
  range 192.168.1.xx 192.168.1.yy ;
  ...
}
subnet 192.168.2.0 ... {};

And vice-versa on server 2.

That way, server 1 will just "do nothing" with clients in network 2, and server 2 will ignore clients from network 1.


Perhaps the OP could expand on why he feels the need for this, there may be a simpler way of doing what he wants.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: How to avoid multiple DHCP request forward to all Servers?

priyankrathi
Hello,

> If the OP really wants requests from client1 to go to server 1, and requests from client 2 to go to server 2, then he either needs to introduce some sort of filtering in the relay agent (probably not supported), or run two relay agents (probably not supported on the router).

Thanks for your suggestion. I tried running multiple relay agent on the router.
By doing so the earlier mentioned scenario started working. The request from Client1 is forwarded ONLY to Server1 and similarly, request from Client2 is forwarded only to Server2.

But running multiple relay agent helped me finding new more serious problem statement.

I moved my scenario a little bit:

Multiple_relay_single_server.png
                                     _______________             __________
                                    |                          |           |                  |
Client 1 ----[S/W]--------|  Relay Agent 1    |           |  Server 1    |
                                    |                          |           |                  |
                                    |     Router (R)      |-------- |       (S)      |
                                    |                          |           |                  |
Client 2 ---[S/W]---------|   Relay Agent 2   |           |   Server 2   |
                                    |______________|            |__________|

1. Server Machine (S)
IP address on eth1 is 10.1.1.1/24
Server 1 - DHCP server IP pool: 192.168.1.100 - 192.168.1.200
Server 2 - DHCP server IP pool: 192.168.2.100 - 192.168.2.200
Static Route to 192.168.1.0/24 via 10.1.1.2
Static Route to 192.168.2.0/24 via 10.1.1.2

2. Router (R)
IP address on eth1: 192.168.1.1/24
IP address on eth2: 192.168.2.1/24
IP address on eth3: 10.1.1.2/24
Enable IP forwarding for IPv4.
dhcrelay -i eth1 -i eth3 10.1.1.1 -4
dhcrelay -i eth2 -i eth3 10.1.1.1 -4

3. Client1:
eth1 has a DHCP client which is connected to the same network of R:eth1.

4. Client2:
eth1 has a DHCP client which is connected to the same network of R:eth2.

After doing this configuration:
Client1 got the IP from Server1's Pool.
Client2 got the IP from Server2's Pool.

Observation:
While observing the packet capture, I found that both the relay agent is forwarding the request received from Client1 the server multiple times. Similarly, the request from Client2 is also forwarded to the server multiple times.
My assumption is when a request comes on from Client1 from R:eth1 it forwards the packet from R:eth3. As the same time, the second relay which is running on R:eth2 and R:eth3 also listens to the packets and try again forward it to the server. Request from any for the client gets looped between both the relay agents and forwarded multiple times to server. Basically, both relay agent starts flooding the network unless the max hop count of the packet becomes zero.
-- Thanks and Regards,
Priyank Rathi
Reply | Threaded
Open this post in threaded view
|

Re: How to avoid multiple DHCP request forward to all Servers?

Simon Hobson
priyankrathi <[hidden email]> wrote:

> While observing the packet capture, I found that both the relay agent is
> forwarding the request received from Client1 the server multiple times.
> Similarly, the request from Client2 is also forwarded to the server multiple
> times.
> My assumption is when a request comes on from Client1 from R:eth1 it
> forwards the packet from R:eth3. As the same time, the second relay which is
> running on R:eth2 and R:eth3 also listens to the packets and try again
> forward it to the server. Request from any for the client gets looped
> between both the relay agents and forwarded multiple times to server.
> Basically, both relay agent starts flooding the network unless the max hop
> count of the packet becomes zero.

Yes, that would probably be the case. Bear in mind that you do NOT need to run multiple relay agents for this, it gains you nothing in terms of functionality, but creates more work and problems like the one you've found.

So I'll repeat the question : what is it that you are trying to achieve that makes you think you need this setup ?

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: How to avoid multiple DHCP request forward to all Servers?

Thomas Markwalder
On 4/7/17 5:13 AM, Simon Hobson wrote:

> priyankrathi <[hidden email]> wrote:
>
>> While observing the packet capture, I found that both the relay agent is
>> forwarding the request received from Client1 the server multiple times.
>> Similarly, the request from Client2 is also forwarded to the server multiple
>> times.
>> My assumption is when a request comes on from Client1 from R:eth1 it
>> forwards the packet from R:eth3. As the same time, the second relay which is
>> running on R:eth2 and R:eth3 also listens to the packets and try again
>> forward it to the server. Request from any for the client gets looped
>> between both the relay agents and forwarded multiple times to server.
>> Basically, both relay agent starts flooding the network unless the max hop
>> count of the packet becomes zero.
> Yes, that would probably be the case. Bear in mind that you do NOT need to run multiple relay agents for this, it gains you nothing in terms of functionality, but creates more work and problems like the one you've found.
>
> So I'll repeat the question : what is it that you are trying to achieve that makes you think you need this setup ?
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

As of 4.3.5, dhcrelay supports two new command line options which allow
you to specify interfaces as upstream or downstream only.  This can be
effective in eliminating reflections:

       -iu ifname
              Specifies an upstream network interface: an interface from
which
              replies  from  servers  and other relay agents will be
accepted.
              Multiple interfaces may be specified by using more than
one  -iu
              option.  This argument is intended  to  be used in conjunction
              with one or more -i or -id arguments.

       -id ifname
              Specifies a downstream  network  interface:  an
interface  from
              which  requests  from  clients  and  other  relay agents
will be
              accepted.  Multiple interfaces may be specified  by
using  more
              than  one  -id  option.  This argument is intended to be
used in
              conjunction with one or more -i or -iu arguments.








_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users