one-lease-per-client... seriously

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

one-lease-per-client... seriously

Brian Rak
I'm running into an issue where DHCPD (v4.3.4 and older versions) is
issuing multiple leases to the same mac address.  It appears to be
looking at the DHCP Client-ID field to determine what a unique client
is.  I'd much rather it ignore everything except for the client's mac
address, but I can't seem to find an option to do this.

I already have:

one-lease-per-client                                    true;
deny duplicates;

in my config, which doesn't seem to be helping.

This is a problem, because I'm using DHCP for PXE booting, which means
each machine ends up getting three concurrent leases:

one via the firmware built into the nic
iPXE then gets chainloaded, and gets another lease
the actual OS gets loaded, and gets a different lease

It's very difficult to get these all to share leases, and I'd really
much rather handle this on the DHCP server side.  DNSMasq can do this,
but it doesn't scale well enough.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: one-lease-per-client... seriously

Jeff Wieland
Brian Rak wrote:

> I'm running into an issue where DHCPD (v4.3.4 and older versions) is
> issuing multiple leases to the same mac address.  It appears to be
> looking at the DHCP Client-ID field to determine what a unique client
> is.  I'd much rather it ignore everything except for the client's mac
> address, but I can't seem to find an option to do this.
>
> I already have:
>
> one-lease-per-client                                    true;
> deny duplicates;
>
> in my config, which doesn't seem to be helping.
>
> This is a problem, because I'm using DHCP for PXE booting, which means
> each machine ends up getting three concurrent leases:
>
> one via the firmware built into the nic
> iPXE then gets chainloaded, and gets another lease
> the actual OS gets loaded, and gets a different lease
>
> It's very difficult to get these all to share leases, and I'd really
> much rather handle this on the DHCP server side.  DNSMasq can do this,
> but it doesn't scale well enough.
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
I've not used it, but it looks like the ignore-client-uids statement
might work.

--
Jeff Wieland, UNIX/Network Systems Administrator
Purdue University IT Infrastructure Services UNIX Platforms

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: one-lease-per-client... seriously

Simon Hobson
In reply to this post by Brian Rak

On 15 Sep 2016, at 21:00, Brian Rak <[hidden email]> wrote:

> I'm running into an issue where DHCPD (v4.3.4 and older versions) is issuing multiple leases to the same mac address.  It appears to be looking at the DHCP Client-ID field to determine what a unique client is.

That is by design as is **REQUIRED** by the RFCs.
It's a long standing problem that some real-world situations clash with this - most notably when there is multi-boot with Windoze and anything else since Windows defaults to using the MAC address as client-id and everything else defaults to not sending one. But that's what the standards require and the ISC implementation has always been intended to be a "reference" implementation that completely meets the standards as laid down (unlike several other servers which really do break the rules a lot).

>  I'd much rather it ignore everything except for the client's mac address, but I can't seem to find an option to do this.

It used to require patches, but I see Jeff has suggested an option to deal with this.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: one-lease-per-client... seriously

Brian Rak
In reply to this post by Jeff Wieland


On 9/15/2016 4:33 PM, Jeff Wieland wrote:

> Brian Rak wrote:
>> I'm running into an issue where DHCPD (v4.3.4 and older versions) is
>> issuing multiple leases to the same mac address.  It appears to be
>> looking at the DHCP Client-ID field to determine what a unique client
>> is.  I'd much rather it ignore everything except for the client's mac
>> address, but I can't seem to find an option to do this.
>>
>> I already have:
>>
>> one-lease-per-client                                    true;
>> deny duplicates;
>>
>> in my config, which doesn't seem to be helping.
>>
>> This is a problem, because I'm using DHCP for PXE booting, which
>> means each machine ends up getting three concurrent leases:
>>
>> one via the firmware built into the nic
>> iPXE then gets chainloaded, and gets another lease
>> the actual OS gets loaded, and gets a different lease
>>
>> It's very difficult to get these all to share leases, and I'd really
>> much rather handle this on the DHCP server side.  DNSMasq can do
>> this, but it doesn't scale well enough.
>>
>> _______________________________________________
>> dhcp-users mailing list
>> [hidden email]
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
> I've not used it, but it looks like the ignore-client-uids statement
> might work.
That looks like exactly what I wanted, thanks.  I guess I was looking at
an old man page.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: one-lease-per-client... seriously

Jeff Wieland

Jeff Wieland, UNIX/Network Systems Administrator
Purdue University IT Infrastructure Services UNIX Platforms



Brian Rak wrote:

>
>
> On 9/15/2016 4:33 PM, Jeff Wieland wrote:
>> Brian Rak wrote:
>>> I'm running into an issue where DHCPD (v4.3.4 and older versions) is
>>> issuing multiple leases to the same mac address.  It appears to be
>>> looking at the DHCP Client-ID field to determine what a unique
>>> client is.  I'd much rather it ignore everything except for the
>>> client's mac address, but I can't seem to find an option to do this.
>>>
>>> I already have:
>>>
>>> one-lease-per-client                                    true;
>>> deny duplicates;
>>>
>>> in my config, which doesn't seem to be helping.
>>>
>>> This is a problem, because I'm using DHCP for PXE booting, which
>>> means each machine ends up getting three concurrent leases:
>>>
>>> one via the firmware built into the nic
>>> iPXE then gets chainloaded, and gets another lease
>>> the actual OS gets loaded, and gets a different lease
>>>
>>> It's very difficult to get these all to share leases, and I'd really
>>> much rather handle this on the DHCP server side.  DNSMasq can do
>>> this, but it doesn't scale well enough.
>>>
>>>
>> I've not used it, but it looks like the ignore-client-uids statement
>> might work.
> That looks like exactly what I wanted, thanks.  I guess I was looking
> at an old man page.
Not a problem.  I'm curious as to whether it works.

--
Jeff Wieland, UNIX/Network Systems Administrator
Purdue University IT Infrastructure Services UNIX Platforms

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: one-lease-per-client... seriously

Anderson, Charles R
In reply to this post by Simon Hobson
On Fri, Sep 16, 2016 at 08:00:15AM +0100, Simon Hobson wrote:

>
> On 15 Sep 2016, at 21:00, Brian Rak <[hidden email]> wrote:
>
> > I'm running into an issue where DHCPD (v4.3.4 and older versions) is issuing multiple leases to the same mac address.  It appears to be looking at the DHCP Client-ID field to determine what a unique client is.
>
> That is by design as is **REQUIRED** by the RFCs.
> It's a long standing problem that some real-world situations clash with this - most notably when there is multi-boot with Windoze and anything else since Windows defaults to using the MAC address as client-id and everything else defaults to not sending one. But that's what the standards require and the ISC implementation has always been intended to be a "reference" implementation that completely meets the standards as laid down (unlike several other servers which really do break the rules a lot).
>
> >  I'd much rather it ignore everything except for the client's mac address, but I can't seem to find an option to do this.
>
> It used to require patches, but I see Jeff has suggested an option to deal with this.

A better way might be to identify the various boot stages and hand out
very short leases for PXE, etc.  That way you don't violate the
standard, but the extra leases don't hang around for very long.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: one-lease-per-client... seriously

glenn.satchell
On Sun, September 18, 2016 5:21 pm, Chuck Anderson wrote:

> On Fri, Sep 16, 2016 at 08:00:15AM +0100, Simon Hobson wrote:
>>
>> On 15 Sep 2016, at 21:00, Brian Rak <[hidden email]> wrote:
>>
>> > I'm running into an issue where DHCPD (v4.3.4 and older versions) is
>> issuing multiple leases to the same mac address.  It appears to be
>> looking at the DHCP Client-ID field to determine what a unique client
>> is.
>>
>> That is by design as is **REQUIRED** by the RFCs.
>> It's a long standing problem that some real-world situations clash with
>> this - most notably when there is multi-boot with Windoze and anything
>> else since Windows defaults to using the MAC address as client-id and
>> everything else defaults to not sending one. But that's what the
>> standards require and the ISC implementation has always been intended to
>> be a "reference" implementation that completely meets the standards as
>> laid down (unlike several other servers which really do break the rules
>> a lot).
>>
>> >  I'd much rather it ignore everything except for the client's mac
>> address, but I can't seem to find an option to do this.
>>
>> It used to require patches, but I see Jeff has suggested an option to
>> deal with this.
>
> A better way might be to identify the various boot stages and hand out
> very short leases for PXE, etc.  That way you don't violate the
> standard, but the extra leases don't hang around for very long.

Here is how I do it:

# PXE boots for jumpstarting x86 boxes
class "PXE" {
  match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
  next-server foo.example.com.au;
  filename "pxegrub.I86PC.Solaris_10-1";
  # 10 minutes should be long enough for PXE
  max-lease-time 600;
}

regards,
-glenn


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users