|
|
12
|
|
Hello everyone,
I have been told that static IP assignation can help in IP management. Of course, I can know which IPs are assigned by looking in dhcpd.conf. But after a while an IP might not be used anymore and nothing in dhcpd or bind will tell me if it still in use or not. I have setup a lab to experiment where I have configured dhcpd and bind and I cannot find out how static IP can really help in IP management. Did I miss something somewhere? Thanks, B _______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
I believe a helpful answer will require some context. You haven't told us what issues you are having with IP management, so it's going to be difficult to identify how static IP's
might be beneficial.
Are you having a specific issue you wish to address?
Hello everyone,
I have been told that static IP assignation can help in IP management. Of course, I can know which IPs are assigned by looking in dhcpd.conf. But after a while an IP might not be used anymore and nothing in dhcpd or bind will tell me if it still in use or
not. I have setup a lab to experiment where I have configured dhcpd and bind and I cannot find out how static IP can really help in IP management.
Did I miss something somewhere?
Thanks,
B
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
I manage a lab where there is about 300-400 IPs assigned to different network equipments, physical and virtual servers. So IPs might be assigned for a while then equipments removed because not needed anymore, remember this is a lab. I would like to know which IPs are in used or not. Equipments removed means IPs not used anymore so we could reuse those IPs.
I hope I am clear enough Thanks, _______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Much clearer, thanks. Disclaimer: I'm far from the most experienced DHCP person haunting this list, so I'm sure there are options I'm not aware of. Some thoughts, in no particular
order:
Since you say you can look in dhcpd.conf to see what addresses are assigned, I have to ask: Are you using "static" addresses in dhcpd.conf to assign an address to a given MAC address?
Is this a single flat network where everything can reach everything or do you have it segmented for various tests?
Is the issue knowing which addresses are available or just knowing how many addresses are available?
If you are using host entries to dictate what address a device gets (and not allowing devices to grab random addresses - effectively making them static without having to configure it on the device), then when you delete that host entry from the dhcpd.conf,
you would know that address is free.
I'm not sure if that's what you are doing or if that's what your advisor had in mind. Depending on how often equipment comes in and goes out, that could become pretty tedious, but you would have that control/knowledge in return.
I have include files on my server that are assigned to a particular type of device that I manage. Within each include file, the host entries are sorted as I enter them so the data is organized. If I was doing this for a lab, I might (this is off the cuff and
untested) allocate an include file for a particular subset of addresses (not knowing what you are testing, I don't know what would be a reasonable scope). Then I would use that include file for all devices on a particular test. When the test is complete, I
clear the file and I know those addresses are available for the next test. Obviously not foolproof, but it might be an idea you could build on.
Patrick
I manage a lab where there is about 300-400 IPs assigned to different network equipments, physical and virtual servers. So IPs might be assigned for a while then equipments removed because not needed anymore, remember this is a lab. I would like to know
which IPs are in used or not. Equipments removed means IPs not used anymore so we could reuse those IPs.
I hope I am clear enough
Thanks,
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Hi,
This works for us, ymmv. We use home grown scripts that pull
information from a database to build our dhcpd.conf and dns files
for all static assignments. We also have different scripts that
pull the arp tables from the routers each hour and from layer two
switches ports to keep track of who is where.
Put these together to keep some control for IPAM, sure the
commercial products do a better job.
As part of the hour run script, we do a compare on what is found in
arp tables to what we have in the assigned database. If a match, the
MAC and IP address match what is in the database, update a count
field and the date it was found. If a MAC is found in arp table does
not match the assigned IP address, send and email for a discrepancy
(someone hard coded when they should not or other issue that needs
addressed)
Once in awhile (when I need more static IP addresses for a subnet)
review the count and last updated fields, if older than a year +/-
then safe to re-assign this IP address.
best!
jim
On 2/24/2016 9:16 AM, Bernard Fay
wrote:
I manage a lab where there is about 300-400 IPs assigned
to different network equipments, physical and virtual
servers. So IPs might be assigned for a while then
equipments removed because not needed anymore, remember this
is a lab. I would like to know which IPs are in used or
not. Equipments removed means IPs not used anymore so we
could reuse those IPs.
I hope I am clear enough
Thanks,
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Patrick Trapp < [hidden email]> wrote:
> If you are using host entries to dictate what address a device gets (and not allowing devices to grab random addresses - effectively making them static without having to configure it on the device), then when you delete that host entry from the dhcpd.conf, you would know that address is free.
Yes, but I think the primary issue is knowing that the assignment is no longer needed - as in, that device hasn't been here for a while. Jim has given an example of how I suspect most systems manage it - literally keep track of what IPs and MACs are in use, and see if any of them go stale.
An alternative approach could be to use reserved leases. That way, each usage of the assignment goes through the normal DHCP lifecycle - including DNS updates. By tracking lease usage etc you can then see if a lease is no longer being used.
Basically it's the old problem - when something is needed for something else to work then it gets noticed, when that something is no longer needed then it just gets forgotten about.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
On Wed, Feb 24, 2016 at 05:04:10PM +0000, Simon Hobson wrote:
> Patrick Trapp < [hidden email]> wrote:
>
> > If you are using host entries to dictate what address a device gets (and not allowing devices to grab random addresses - effectively making them static without having to configure it on the device), then when you delete that host entry from the dhcpd.conf, you would know that address is free.
>
> Yes, but I think the primary issue is knowing that the assignment is no longer needed - as in, that device hasn't been here for a while. Jim has given an example of how I suspect most systems manage it - literally keep track of what IPs and MACs are in use, and see if any of them go stale.
>
> An alternative approach could be to use reserved leases. That way, each usage of the assignment goes through the normal DHCP lifecycle - including DNS updates. By tracking lease usage etc you can then see if a lease is no longer being used.
>
> Basically it's the old problem - when something is needed for something else to work then it gets noticed, when that something is no longer needed then it just gets forgotten about.
One other possibility if you can force everyone to use DHCP is just
keep the DHCP logs and look at them from the last time a device
DHCP'd. That way you can keep using fixed-address assignments, but
managed via DHCP. It helps if you have switches that support DHCP
Snooping, ARP Inspection, IP Source Guard so you can really enforce
the use of DHCP.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
I like this idea.
But thinking about it.... When the dhcpd server assign a static IP to a device, it also instruct bind to add an entry in the DNS zone file. One thing I realized is that if a device didn't renew his lease, the entry in the DNS zone file is not removed. I would have thought to use the zone files to know if a device is in use or not. I had in mind that the lease time would have help to know if a device therefore an IP is use or not. In other words, a device requires an IP and the dhcpd server assigned it a statically defined IP address. The dhcpd server also instruct bind to add an entry in the appropriate zone file. Eventually the device is turned off, the lease time reach its limit then I would have expected the dhcpd server to instruct bind to remove the entry regarding this device but it is not the case. Then I could have take a look at the zone files to know what is in used and I would know what is not in use. Either I made something in my configuration or I was expecting too much from dhcpd and bind.
Thanks,
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
On Wed, Feb 24, 2016 at 01:17:13PM -0500, Bernard Fay wrote:
> When the dhcpd server assign a static IP to a device, it also instruct bind
> to add an entry in the DNS zone file. One thing I realized is that if a
> device didn't renew his lease, the entry in the DNS zone file is not
> removed. I would have thought to use the zone files to know if a device is
> in use or not. I had in mind that the lease time would have help to know
> if a device therefore an IP is use or not. In other words, a device
> requires an IP and the dhcpd server assigned it a statically defined IP
> address. The dhcpd server also instruct bind to add an entry in the
> appropriate zone file. Eventually the device is turned off, the lease time
> reach its limit then I would have expected the dhcpd server to instruct
> bind to remove the entry regarding this device but it is not the case.
> Then I could have take a look at the zone files to know what is in used and
> I would know what is not in use.
>
> Either I made something in my configuration or I was expecting too much
> from dhcpd and bind.
You can do that, but you have to use "reserved" leases rather than
fixed-address statements. ISC dhcpd doesn't track the expiry of
fixed-address leases.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Hi Bernard,
:-)
I'm the campus cable dog, I am no programmer so limited help.
Another wrote the original network scripts almost 20 years ago in
Perl for our 10Mb shared Digital Equipment DECRepeaters and 3COM
SuperStacks. (when the good old days really were not that good)
Been hacking at the Perl since as generations of stuff has been
upgraded over the years. Working to move off it and go with
something more supported using Open Source.
I like Netdisco, does everything we are doing for pulling in the
information. No IPAM though so need to tie that in but the MAC and
IP addresses found on the layer two switches and routers are added
to the PostgresSQL db. Just need to compare what was found to what
was expected.
https://metacpan.org/pod/App::Netdisco
best!
jim
On 2/24/2016 1:20 PM, Bernard Fay
wrote:
This is interesting! I'll have to find out how to write
such scripts. Would you have some pointers related to this
subject?
Thanks Jim
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Chuck Anderson < [hidden email]> wrote:
> You can do that, but you have to use "reserved" leases rather than
> fixed-address statements. ISC dhcpd doesn't track the expiry of
> fixed-address leases.
To expand on that ...
When you use a fixed-address statement to assign an address, no actual lease is created. Since it's a fixed address, there's no real need for it - so the server takes a shortcut, replies to the client, but doesn't actually store anything. So the only DNS update possible is when the "lease" is given out.
A relatively new feature is a "reserved" lease. It acts the same as an ordinary lease - including normal expiry and DNS updates/removals - with the one difference of being tied to a single client.
To use this feature, you need to either modify an existing lease (add the "reserved" statement), or you should be able to create a skeleton lease (including reserved statement) in advance of the client connecting.
In either case, you probably need to be learning OMAPI to interact with the server !
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
Administrator
|
Bernard,
I don’t have any experience with it, but there is an open source tool that aims to do exactly what you are looking for, document what is on the network, what addresses are in use, and which are available. It also has some integration with both ISC DHCP and BIND.
Does anyone on the list have feedback about NetDot? Any users here?
Vicky
This is interesting! I'll have to find out how to write such scripts. Would you have some pointers related to this subject?
Thanks Jim
_______________________________________________ dhcp-users mailing list [hidden email]https://lists.isc.org/mailman/listinfo/dhcp-users
Victoria Risk Internet Systems Consortium
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Bernard Fay wrote:
> This is interesting! I'll have to find out how to write such scripts.
> Would you have some pointers related to this subject?
Note that anything reyling on MAC addresses will fail with devices which are
frequently changing their MAC address (e.g. modern Android phones).
Ciao, Michael.
> On Wed, Feb 24, 2016 at 10:00 AM, Jim Glassford < [hidden email]> wrote:
>
>> Hi,
>>
>> This works for us, ymmv. We use home grown scripts that pull information
>> from a database to build our dhcpd.conf and dns files for all static
>> assignments. We also have different scripts that pull the arp tables from
>> the routers each hour and from layer two switches ports to keep track of
>> who is where.
>>
>> Put these together to keep some control for IPAM, sure the commercial
>> products do a better job.
>>
>> As part of the hour run script, we do a compare on what is found in arp
>> tables to what we have in the assigned database. If a match, the MAC and IP
>> address match what is in the database, update a count field and the date it
>> was found. If a MAC is found in arp table does not match the assigned IP
>> address, send and email for a discrepancy (someone hard coded when they
>> should not or other issue that needs addressed)
>> Once in awhile (when I need more static IP addresses for a subnet) review
>> the count and last updated fields, if older than a year +/- then safe to
>> re-assign this IP address.
>>
>> best!
>> jim
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
On Thu, February 25, 2016 6:15 am, Simon Hobson wrote:
> Chuck Anderson < [hidden email]> wrote:
>
>> You can do that, but you have to use "reserved" leases rather than
>> fixed-address statements. ISC dhcpd doesn't track the expiry of
>> fixed-address leases.
>
> To expand on that ...
>
> When you use a fixed-address statement to assign an address, no actual
> lease is created. Since it's a fixed address, there's no real need for it
> - so the server takes a shortcut, replies to the client, but doesn't
> actually store anything. So the only DNS update possible is when the
> "lease" is given out.
>
> A relatively new feature is a "reserved" lease. It acts the same as an
> ordinary lease - including normal expiry and DNS updates/removals - with
> the one difference of being tied to a single client.
> To use this feature, you need to either modify an existing lease (add the
> "reserved" statement), or you should be able to create a skeleton lease
> (including reserved statement) in advance of the client connecting.
>
> In either case, you probably need to be learning OMAPI to interact with
> the server !
What about not even using reserved leases, but just setting a long enough
lease time? If the lease expires then the DNS entry is removed. Next
system comes along and if that old IP is the only one available it gets
used.
A "long enough" lease time might be a week, month or longer.
This uses DHCP for what it was designed for, and if an old device comes
back, then it will get its old address if that is still available, but it
might also just get a new one. As long as you have a good naming
convention and everything uses dns names rather than IP address it could
"just work".
regards,
-glenn
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
12
|
Locked
smime.p7s (5K)