request for advice / building dhcpd infraestructure

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

request for advice / building dhcpd infraestructure

Leandro
Hello dhcpd users:
Im planning to manage a /17 network using isc dhcpd. I would like to
briefly describe my plan so I can get any comments/advices  from the list.
My dhcp server will receive requests from approximately 20 relay agents
from 3 different access technology.
I dont know in advance behind wich relay will be most ip usage since I
can not predict witch service will grown over the others.
In order to be able to be flexible with ip pools management, Im thinking on:

     Create a class per each agent.circuit-id
     Subneting the  /17 in /24 subnets
     Create a pool declaration per each subnet.
     Add / Delete "allow members of" statements within the pool
declaration to bind a relay-agent with one or multiple pool

I also would like to create a default class just in case I can not get
the option 82 info from some relay-agent, I dont know how to do it yet.
It would be for example with 3 class and 3 pools:

#########################################
class "fth_clients" {
                 match if option agent.circuit-id = "fth_relay";
             }

class "adsl_clients" {
                 match if option agent.circuit-id = "adsl_relay";
             }

class "default_clients" {
                 match if option agent.circuit-id = "";     #need to confirm
             }


shared-network my_pool {
         subnet 1.1.1.0 netmask  255.255.128.0 {

         #1.1.1.0/24 for all clases
         pool {
             range 1.1.1.2 1.1.1.254;
             option broadcast-address 1.1.1.255;
             option subnet-mask 255.255.255.0;
             option routers 1.1.1.1;
             allow members of "fth_clients"
             allow members of "adsl_clients"
             allow members of "default_clients"
         }

         #1.1.2.0/24 only for adsl_clients
         pool {
             range 1.1.2.2 1.1.2.254;
             option broadcast-address 1.1.2.255;
             option subnet-mask 255.255.255.0;
             option routers 1.1.2.1;
             allow members of "adsl_clients"
         }

    }
}

###################################33
Any comment / Advice will be accepted,
Thanks!!!
Leadro.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Bob Harold


On Tue, Jun 23, 2015 at 11:54 AM, Leandro <[hidden email]> wrote:
Hello dhcpd users:
Im planning to manage a /17 network using isc dhcpd. I would like to briefly describe my plan so I can get any comments/advices  from the list.
My dhcp server will receive requests from approximately 20 relay agents from 3 different access technology.
I dont know in advance behind wich relay will be most ip usage since I can not predict witch service will grown over the others.
In order to be able to be flexible with ip pools management, Im thinking on:

    Create a class per each agent.circuit-id
    Subneting the  /17 in /24 subnets
    Create a pool declaration per each subnet.
    Add / Delete "allow members of" statements within the pool declaration to bind a relay-agent with one or multiple pool

I also would like to create a default class just in case I can not get the option 82 info from some relay-agent, I dont know how to do it yet.
It would be for example with 3 class and 3 pools:

#########################################
class "fth_clients" {
                match if option agent.circuit-id = "fth_relay";
            }

class "adsl_clients" {
                match if option agent.circuit-id = "adsl_relay";
            }

class "default_clients" {
                match if option agent.circuit-id = "";     #need to confirm
            }

If it does not work as written, then maybe you could try:  
    match if not(  option agent.circuit-id = "fth_relay" or option agent.circuit-id = "adsl_relay" );
(That does not scale well, but should work for a small number of classes.)

-- 
Bob Harold


shared-network my_pool {
        subnet 1.1.1.0 netmask  255.255.128.0 {

        #1.1.1.0/24 for all clases
        pool {
            range 1.1.1.2 1.1.1.254;
            option broadcast-address 1.1.1.255;
            option subnet-mask 255.255.255.0;
            option routers 1.1.1.1;
            allow members of "fth_clients"
            allow members of "adsl_clients"
            allow members of "default_clients"
        }

        #1.1.2.0/24 only for adsl_clients
        pool {
            range 1.1.2.2 1.1.2.254;
            option broadcast-address 1.1.2.255;
            option subnet-mask 255.255.255.0;
            option routers 1.1.2.1;
            allow members of "adsl_clients"
        }

   }
}

###################################33
Any comment / Advice will be accepted,
Thanks!!!
Leadro.

 


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Simon Hobson
In reply to this post by Leandro
Leandro <[hidden email]> wrote:

> Hello dhcpd users:
> Im planning to manage a /17 network using isc dhcpd. I would like to briefly describe my plan so I can get any comments/advices  from the list.
> My dhcp server will receive requests from approximately 20 relay agents from 3 different access technology.
> I dont know in advance behind wich relay will be most ip usage since I can not predict witch service will grown over the others.
> In order to be able to be flexible with ip pools management, Im thinking on:
>
>    Create a class per each agent.circuit-id
>    Subneting the  /17 in /24 subnets
>    Create a pool declaration per each subnet.
>    Add / Delete "allow members of" statements within the pool declaration to bind a relay-agent with one or multiple pool

That's a horribly complicated way of screwing it all up ! I'm fairly certain it won't actually work.

To start with, go back to basics. Ignore DHCP and consider the IP routing.
Your routing must work, that means all networks must have unique and non-overlapping IP ranges/subnets. So each remote network will need it's own unique IP subnets.

Once you have that in place, your DHCP "just works". You define each subnet, you don't need any classes, the server just works out which network each relay agent is connected to (and hence where the client is) by the GI-Addr field the relay agent inserts into the DHCP packets.

To start out with the addressing, you have to guesstimate what the requirement will be for each network - and assign a subnet to suit. I would space them out so as to have the best opportunity to enlarge them later. You say you have 20 relay agents - so I'll assume for now that means 20 networks. A /17 gives you a.b.0.0 to a.b.127.255 (or a.b.128.0 to a.b.255.255), the third octet has 128 values. To get 20 networks out of that, you can afford to give each one a block of 4 in the third octet - ie a /22 - and that'll leave you about 1/3 of your space unused. If you have a feeling that some of them might grow, then you could leave the next block unused to grow into later (eg instead of allocating 0.0, and 4.0, and 8.0, and ..., you might skip 4.0 and leave that for the 0.0 block to grow into later).
If you do run out of space in one network, then you can add another subnet - and define a shared-network in DHCP.

If the extra subnet is larger (eg a /21), you can migrate existing users to the new subnet over time until the original /22 is empty - and then remove that smaller subnet which is then free to use elsewhere.



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Leandro
In reply to this post by Bob Harold
Thank you Bob , I will try !!
Leandro.

On 23/06/15 13:14, Bob Harold wrote:


On Tue, Jun 23, 2015 at 11:54 AM, Leandro <[hidden email]> wrote:
Hello dhcpd users:
Im planning to manage a /17 network using isc dhcpd. I would like to briefly describe my plan so I can get any comments/advices  from the list.
My dhcp server will receive requests from approximately 20 relay agents from 3 different access technology.
I dont know in advance behind wich relay will be most ip usage since I can not predict witch service will grown over the others.
In order to be able to be flexible with ip pools management, Im thinking on:

    Create a class per each agent.circuit-id
    Subneting the  /17 in /24 subnets
    Create a pool declaration per each subnet.
    Add / Delete "allow members of" statements within the pool declaration to bind a relay-agent with one or multiple pool

I also would like to create a default class just in case I can not get the option 82 info from some relay-agent, I dont know how to do it yet.
It would be for example with 3 class and 3 pools:

#########################################
class "fth_clients" {
                match if option agent.circuit-id = "fth_relay";
            }

class "adsl_clients" {
                match if option agent.circuit-id = "adsl_relay";
            }

class "default_clients" {
                match if option agent.circuit-id = "";     #need to confirm
            }

If it does not work as written, then maybe you could try:  
    match if not(  option agent.circuit-id = "fth_relay" or option agent.circuit-id = "adsl_relay" );
(That does not scale well, but should work for a small number of classes.)

-- 
Bob Harold


shared-network my_pool {
        subnet 1.1.1.0 netmask  255.255.128.0 {

        #1.1.1.0/24 for all clases
        pool {
            range 1.1.1.2 1.1.1.254;
            option broadcast-address 1.1.1.255;
            option subnet-mask 255.255.255.0;
            option routers 1.1.1.1;
            allow members of "fth_clients"
            allow members of "adsl_clients"
            allow members of "default_clients"
        }

        #1.1.2.0/24 only for adsl_clients
        pool {
            range 1.1.2.2 1.1.2.254;
            option broadcast-address 1.1.2.255;
            option subnet-mask 255.255.255.0;
            option routers 1.1.2.1;
            allow members of "adsl_clients"
        }

   }
}

###################################33
Any comment / Advice will be accepted,
Thanks!!!
Leadro.

 



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

dave c
In reply to this post by Simon Hobson
I mostly agree with what Bob says about the plan making things way more complicated than it
needs to be.

I manage several DHCP servers. I've got over 48k public IP addresses and about 10 times as many
private addresses configured in my subnets. I too have multiple access methods coming into my
networks.

First, I don't understand how you could have a need for a /17 without knowing how many people
you have connected to each location or technology. You should be able to find that out. Not all
locations will be spread evenly around your relay agents.

I've got easily 100 to 200 different vlans defined and I don't care which of the dozens of relay
agents might be handling each vlan. What I do care about is that the relay agent refers the dhcp
requests to the server I've defined the vlan on. I often will use a private subnet as the
primary subnet for a vlan as it won't change very often and allows me to anchor the shared
network on it without worrying about the primary changing on me.

The public subnets are sized based upon what is needed in each location. I will add or remove or
change network sizes as customers come and go on that vlan. Some locations I might need a /22
plus a /24 or /23 or other subnets to handle the needs, where others are more rural locations
where a /26 or /27 or some combination is sufficient. It's a balancing act to have enough IPs
allocated to a vlan without wasting them with huge unused pools.

But Bob was absolutely right that you need to start with the routing and work back to the dhcp
from there. First thing I would do is have the IP folks setup a vlan from a nearby router to the
access equipment and from there you can define the shared network on a dhcp server and configure
the IP Helper to point at that dhcp server (or servers if you go for a shared master
configuration). Once that's done, lather, rinse and repeat with each other access technology and
it's next in line router.

BTW, setup rules on the pools so that the private network and public network get used for
different purposes. For example, a cable modem will use both a private address for the cable
modem as well as a public address for the user's data. Each of these will originate from a
different MAC address with different option 60 or option 82 settings. Simply setup rules to
allow or deny the right pools.

Dave

On 6/23/15 11:26, Simon Hobson wrote:

> Leandro <[hidden email]> wrote:
>
>> Hello dhcpd users:
>> Im planning to manage a /17 network using isc dhcpd. I would like to briefly describe my plan so I can get any comments/advices  from the list.
>> My dhcp server will receive requests from approximately 20 relay agents from 3 different access technology.
>> I dont know in advance behind wich relay will be most ip usage since I can not predict witch service will grown over the others.
>> In order to be able to be flexible with ip pools management, Im thinking on:
>>
>>     Create a class per each agent.circuit-id
>>     Subneting the  /17 in /24 subnets
>>     Create a pool declaration per each subnet.
>>     Add / Delete "allow members of" statements within the pool declaration to bind a relay-agent with one or multiple pool
>
> That's a horribly complicated way of screwing it all up ! I'm fairly certain it won't actually work.
>
> To start with, go back to basics. Ignore DHCP and consider the IP routing.
> Your routing must work, that means all networks must have unique and non-overlapping IP ranges/subnets. So each remote network will need it's own unique IP subnets.
>
> Once you have that in place, your DHCP "just works". You define each subnet, you don't need any classes, the server just works out which network each relay agent is connected to (and hence where the client is) by the GI-Addr field the relay agent inserts into the DHCP packets.
>
> To start out with the addressing, you have to guesstimate what the requirement will be for each network - and assign a subnet to suit. I would space them out so as to have the best opportunity to enlarge them later. You say you have 20 relay agents - so I'll assume for now that means 20 networks. A /17 gives you a.b.0.0 to a.b.127.255 (or a.b.128.0 to a.b.255.255), the third octet has 128 values. To get 20 networks out of that, you can afford to give each one a block of 4 in the third octet - ie a /22 - and that'll leave you about 1/3 of your space unused. If you have a feeling that some of them might grow, then you could leave the next block unused to grow into later (eg instead of allocating 0.0, and 4.0, and 8.0, and ..., you might skip 4.0 and leave that for the 0.0 block to grow into later).
> If you do run out of space in one network, then you can add another subnet - and define a shared-network in DHCP.
>
> If the extra subnet is larger (eg a /21), you can migrate existing users to the new subnet over time until the original /22 is empty - and then remove that smaller subnet which is then free to use elsewhere.
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

--
Dave Calafrancesco
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Leandro
In reply to this post by Simon Hobson
Dear Simon and Dave , thank for your responses.
I agree with your concept of begin with routing but some questions came
to my mind:
Lets supose I declare the network 1.1.1.0/24 behind the relay agent
interface witch ip is 1.1.1.1.
Every dhcp requests from this relay will carry the  GI-Adrr = 1.1.1.1/
24 so dhcpd will know from witch range should provide ip.
After I run out of those ips, I can do two thinks:
a)change the network mask from /24 to /23.
b)Add a second /24 subnet behind the relay , for example 1.1.2.0/24 and
set a second gateway ip 1.1.2.1/24.

option a) is not good since the broadcast domain at /23 could bring many
collisions. (its just my opinion).
option b) Could work but, how does relay agent knows witch ip to use for
GI-Adrr ?
Can relay agent send both or more than one ips, on the GI-Addr field so
dhcpd can figure out from witch range can serve the ip ?

Thanks for your comments.
Leandro.


On 23/06/15 13:26, Simon Hobson wrote:

> Leandro <[hidden email]> wrote:
>
>> Hello dhcpd users:
>> Im planning to manage a /17 network using isc dhcpd. I would like to briefly describe my plan so I can get any comments/advices  from the list.
>> My dhcp server will receive requests from approximately 20 relay agents from 3 different access technology.
>> I dont know in advance behind wich relay will be most ip usage since I can not predict witch service will grown over the others.
>> In order to be able to be flexible with ip pools management, Im thinking on:
>>
>>     Create a class per each agent.circuit-id
>>     Subneting the  /17 in /24 subnets
>>     Create a pool declaration per each subnet.
>>     Add / Delete "allow members of" statements within the pool declaration to bind a relay-agent with one or multiple pool
> That's a horribly complicated way of screwing it all up ! I'm fairly certain it won't actually work.
>
> To start with, go back to basics. Ignore DHCP and consider the IP routing.
> Your routing must work, that means all networks must have unique and non-overlapping IP ranges/subnets. So each remote network will need it's own unique IP subnets.
>
> Once you have that in place, your DHCP "just works". You define each subnet, you don't need any classes, the server just works out which network each relay agent is connected to (and hence where the client is) by the GI-Addr field the relay agent inserts into the DHCP packets.
>
> To start out with the addressing, you have to guesstimate what the requirement will be for each network - and assign a subnet to suit. I would space them out so as to have the best opportunity to enlarge them later. You say you have 20 relay agents - so I'll assume for now that means 20 networks. A /17 gives you a.b.0.0 to a.b.127.255 (or a.b.128.0 to a.b.255.255), the third octet has 128 values. To get 20 networks out of that, you can afford to give each one a block of 4 in the third octet - ie a /22 - and that'll leave you about 1/3 of your space unused. If you have a feeling that some of them might grow, then you could leave the next block unused to grow into later (eg instead of allocating 0.0, and 4.0, and 8.0, and ..., you might skip 4.0 and leave that for the 0.0 block to grow into later).
> If you do run out of space in one network, then you can add another subnet - and define a shared-network in DHCP.
>
> If the extra subnet is larger (eg a /21), you can migrate existing users to the new subnet over time until the original /22 is empty - and then remove that smaller subnet which is then free to use elsewhere.
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Peter Rathlev
On Tue, 2015-06-23 at 15:08 -0300, Leandro wrote:
> After I run out of those ips, I can do two thinks:
> a)change the network mask from /24 to /23.
> b)Add a second /24 subnet behind the relay , for example 1.1.2.0/24 and
> set a second gateway ip 1.1.2.1/24.
>
> option a) is not good since the broadcast domain at /23 could bring many
> collisions. (its just my opinion).

For a regular Ethernet switched network, /23 doesn't sound like a lot.
At modern speeds and with modern operating systems the baseline
broadcast should be negligible.

> option b) Could work but, how does relay agent knows witch ip to use for
> GI-Adrr ?
> Can relay agent send both or more than one ips, on the GI-Addr field so
> dhcpd can figure out from witch range can serve the ip ?

You would use "shared-network" for this. The GI-Addr just has to fall
within one of the subnets inside the shared-network statement. The DHCP
server will then hand out an address from a random subnet. Take a look
at the dhcpd.conf man page for the syntax.

--
Peter


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Bob Harold

On Tue, Jun 23, 2015 at 2:26 PM, Peter Rathlev <[hidden email]> wrote:
On Tue, 2015-06-23 at 15:08 -0300, Leandro wrote:
> After I run out of those ips, I can do two thinks:
> a)change the network mask from /24 to /23.
> b)Add a second /24 subnet behind the relay , for example 1.1.2.0/24 and
> set a second gateway ip 1.1.2.1/24.
>
> option a) is not good since the broadcast domain at /23 could bring many
> collisions. (its just my opinion).

For a regular Ethernet switched network, /23 doesn't sound like a lot.
At modern speeds and with modern operating systems the baseline
broadcast should be negligible.

> option b) Could work but, how does relay agent knows witch ip to use for
> GI-Adrr ?
> Can relay agent send both or more than one ips, on the GI-Addr field so
> dhcpd can figure out from witch range can serve the ip ?

You would use "shared-network" for this. The GI-Addr just has to fall
within one of the subnets inside the shared-network statement. The DHCP
server will then hand out an address from a random subnet. Take a look
at the dhcpd.conf man page for the syntax.

--
Peter

 Simon, Dave, and Peter are right.  And when you use "shared-network", the DHCP server will work with any of the gateway addresses that the router chooses to send in the GiAddr field.  DHCP treats all the subnets in the shared-network as one group of IP's to hand out.

Bob Harold




_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Simon Hobson
In reply to this post by Leandro
Leandro <[hidden email]> wrote:

> After I run out of those ips, I can do two thinks:
> a)change the network mask from /24 to /23.
> b)Add a second /24 subnet behind the relay , for example 1.1.2.0/24 and set a second gateway ip 1.1.2.1/24.
>
> option a) is not good since the broadcast domain at /23 could bring many collisions. (its just my opinion).

I don't think it will make much difference. Don't forget that having two subnets in a shared network won't segregate the broadcast traffic. I think the only reduction would be from inter subnet traffic going via the router rather than using ARP to find the neighbour - but routing the traffic via the router rather than directly will more than outweigh any saving there.

> option b) Could work but, how does relay agent knows witch ip to use for GI-Adrr ?
> Can relay agent send both or more than one ips, on the GI-Addr field so dhcpd can figure out from witch range can serve the ip ?

As already mentioned, as long as the GI-Addr value is within any of the subnets, then the server will work it out from the shared-network.

BTW - I'd suggest a read of "The DHCP Handbook" by Ralph Droms and Ted Lemon, it explains all this and a lot more, and is quite readable.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Leandro
Simon , Bob , Peter:
Thank for sharing your wisdom on this, there is something I still can not understand.
Maybe a picture can help, please take a look bellow.
On scenario 1  following should happend:
Relay1 will set Gi-addr=1.1.0.1 so dhcpd will pick a lease from pool 1 and network 1.1.0.0/24 will use 1.1.1.1 as gateway.
Relay2 will set Gi-addr=1.1.2.1 so dhcpd will pick a lease from pool 3 and network 1.1.2.0/24 will use 1.1.2.0 as gateway.
This is ok;

On Scenario 2
After running out of /24 ips I will add remaining /24 networks behind each relay.
Add pool2 behind relay 1
Add pool4 behind relay 2.
How will it work ?
My concern is that, if relay1 still using 1.1.0.1 for gi-addr ; dhcpd can pick a lease from pool4 instead using pool2 since 1.1.0.1  falls into the 1.1.0.0/22 declared on shared network.
If this happens the request will receive the option router = 1.1.3.1 witch ip is not set at any interface on relay1.
And vice-versa, dhcp server can pick a lease from pool2 for a request coming  from relay2, so it will also receive an incorrect router value.

relay


bw: Thanks Simon for  reading material sugestion, i will begin now.
Thanks in advance.
Leo.




On 23/06/15 18:19, Simon Hobson wrote:
Leandro [hidden email] wrote:

After I run out of those ips, I can do two thinks:
a)change the network mask from /24 to /23.
b)Add a second /24 subnet behind the relay , for example 1.1.2.0/24 and set a second gateway ip 1.1.2.1/24.

option a) is not good since the broadcast domain at /23 could bring many collisions. (its just my opinion).
I don't think it will make much difference. Don't forget that having two subnets in a shared network won't segregate the broadcast traffic. I think the only reduction would be from inter subnet traffic going via the router rather than using ARP to find the neighbour - but routing the traffic via the router rather than directly will more than outweigh any saving there.

option b) Could work but, how does relay agent knows witch ip to use for GI-Adrr ?
Can relay agent send both or more than one ips, on the GI-Addr field so dhcpd can figure out from witch range can serve the ip ?
As already mentioned, as long as the GI-Addr value is within any of the subnets, then the server will work it out from the shared-network.

BTW - I'd suggest a read of "The DHCP Handbook" by Ralph Droms and Ted Lemon, it explains all this and a lot more, and is quite readable.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Bob Harold

On Wed, Jun 24, 2015 at 12:38 PM, Leandro <[hidden email]> wrote:
Simon , Bob , Peter:
Thank for sharing your wisdom on this, there is something I still can not understand.
Maybe a picture can help, please take a look bellow.
On scenario 1  following should happend:
Relay1 will set Gi-addr=1.1.0.1 so dhcpd will pick a lease from pool 1 and network 1.1.0.0/24 will use 1.1.1.1 as gateway.
Relay2 will set Gi-addr=1.1.2.1 so dhcpd will pick a lease from pool 3 and network 1.1.2.0/24 will use 1.1.2.0 as gateway.
This is ok;

On Scenario 2
After running out of /24 ips I will add remaining /24 networks behind each relay.
Add pool2 behind relay 1
Add pool4 behind relay 2.
How will it work ?
My concern is that, if relay1 still using 1.1.0.1 for gi-addr ; dhcpd can pick a lease from pool4 instead using pool2 since 1.1.0.1  falls into the 1.1.0.0/22 declared on shared network.
If this happens the request will receive the option router = 1.1.3.1 witch ip is not set at any interface on relay1.
And vice-versa, dhcp server can pick a lease from pool2 for a request coming  from relay2, so it will also receive an incorrect router value.


You need separate shared networks:
shared-network sitea {
subnet 1.1.0.0 ...
...
subnet 1.1.1.0 ...
...
}

shared-network siteb {
subnet 1.1.2.0 ...
...
subnet 1.1.3.0 ...
...
}

 

On 23/06/15 18:19, Simon Hobson wrote:
Leandro [hidden email] wrote:

After I run out of those ips, I can do two thinks:
a)change the network mask from /24 to /23.
b)Add a second /24 subnet behind the relay , for example 1.1.2.0/24 and set a second gateway ip 1.1.2.1/24.

option a) is not good since the broadcast domain at /23 could bring many collisions. (its just my opinion).
I don't think it will make much difference. Don't forget that having two subnets in a shared network won't segregate the broadcast traffic. I think the only reduction would be from inter subnet traffic going via the router rather than using ARP to find the neighbour - but routing the traffic via the router rather than directly will more than outweigh any saving there.

option b) Could work but, how does relay agent knows witch ip to use for GI-Adrr ?
Can relay agent send both or more than one ips, on the GI-Addr field so dhcpd can figure out from witch range can serve the ip ?
As already mentioned, as long as the GI-Addr value is within any of the subnets, then the server will work it out from the shared-network.

BTW - I'd suggest a read of "The DHCP Handbook" by Ralph Droms and Ted Lemon, it explains all this and a lot more, and is quite readable.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Simon Hobson
In reply to this post by Leandro
Leandro <[hidden email]> wrote:

> My concern is that, if relay1 still using 1.1.0.1 for gi-addr ; dhcpd can pick a lease from pool4 instead using pool2 since 1.1.0.1  falls into the 1.1.0.0/22 declared on shared network.

That is because the config you have given is BROKEN and will not work.

As Bob has said, you do not define a large shared network.

You start off with a subnet declaration for subnet 1.1.0.0/24 and a subnet declaration for subnet 1.1.2.0/24 - *NO* shared network.

When (say) the 1.1.0.0 subnet starts getting full and you add the 1.1.1.0/24 subnet, you then declare a shared network *for that network only*. Ie :
shared-network public0 {
  subnet 1.1.0.0 ...
  subnet 1.1.1.0 ...
}

When the 1.1.2.0 subnet gets full, you can add the extra subnet and a second shared network :

shared-network public2 {
  subnet 1.1.2.0 ...
  subnet 1.1.3.0 ...
}

With this correct setup, you do not need to do anything at all - the DHCP server will take care of things automagically.

Of course, if the relevant IP range is still unused (as in this example) you do not need to add a second subnet and shared network, you can just change 1.1.0.0/24 to 1.1.0.0/23 and expand your range(s) - there really will be no performance issues to worry about.



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Leandro
Simon / Bob , totally understood about shared-network concept, thank you
very much.
Last question,
About "relay-circuit-id parameter" ; when should be use ?
Im currently running some openwrt relay agents in bridge mode with a
management range ip (172.X.X.X).
This ip can not be use as default gateway for clients behind the relay
so It make not sense for gi-addr propose either? Is in this case when I
should use option 82 ?

Thanks in advance;
Leo.




On 24/06/15 17:55, Simon Hobson wrote:

> Leandro <[hidden email]> wrote:
>
>> My concern is that, if relay1 still using 1.1.0.1 for gi-addr ; dhcpd can pick a lease from pool4 instead using pool2 since 1.1.0.1  falls into the 1.1.0.0/22 declared on shared network.
> That is because the config you have given is BROKEN and will not work.
>
> As Bob has said, you do not define a large shared network.
>
> You start off with a subnet declaration for subnet 1.1.0.0/24 and a subnet declaration for subnet 1.1.2.0/24 - *NO* shared network.
>
> When (say) the 1.1.0.0 subnet starts getting full and you add the 1.1.1.0/24 subnet, you then declare a shared network *for that network only*. Ie :
> shared-network public0 {
>    subnet 1.1.0.0 ...
>    subnet 1.1.1.0 ...
> }
>
> When the 1.1.2.0 subnet gets full, you can add the extra subnet and a second shared network :
>
> shared-network public2 {
>    subnet 1.1.2.0 ...
>    subnet 1.1.3.0 ...
> }
>
> With this correct setup, you do not need to do anything at all - the DHCP server will take care of things automagically.
>
> Of course, if the relevant IP range is still unused (as in this example) you do not need to add a second subnet and shared network, you can just change 1.1.0.0/24 to 1.1.0.0/23 and expand your range(s) - there really will be no performance issues to worry about.
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Niall O'Reilly
On Thu, 25 Jun 2015 16:02:15 +0100,
Leandro wrote:
>
> Simon / Bob , totally understood about shared-network concept, thank
> you very much.
> Last question,
> About "relay-circuit-id parameter" ; when should be use ?

  Avoid this if you can.  Use it only if you really must.  I expect
  you don't need it.  It's useful when the circuit can be used to
  identify the customer, and probably not otherwise.

> Im currently running some openwrt relay agents in bridge mode with a
> management range ip (172.X.X.X).

  Does this help?

> This ip can not be use as default gateway for clients behind the relay
> so It make not sense for gi-addr propose either?

  If the management range shares a broadcast domain with a client
  range, they need to be configured in the same shared-network.  In
  this case, you must take care not to provide a dynamic pool for the
  management range, or else find a means to keep clients from using
  such a pool, so that clients can't acquire an address from this
  range.

> Is in this case when I should use option 82 ?

  Keep things simple.  First design a clean (layer 3) network
  topology, then overlay an IP addressing plan on top of that, then
  configure your DHCP server to match the addressing plan.  If you
  still need some result which this approach can't deliver, it's time
  to explore specialized options, but not before.

  Best regards,
  Niall O'Reilly
 
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: request for advice / building dhcpd infraestructure

Sean McMurray
In reply to this post by Leandro
On 06/25/2015 08:02 AM, Leandro wrote:
> Simon / Bob , totally understood about shared-network concept, thank
> you very much.
> Last question,
> About "relay-circuit-id parameter" ; when should be use ?
> Im currently running some openwrt relay agents in bridge mode with a
> management range ip (172.X.X.X).
> This ip can not be use as default gateway for clients behind the relay
> so It make not sense for gi-addr propose either? Is in this case when
> I should use option 82 ?
Option 82 data can sometimes be handy not necessarily for determining
from which pool to offer an address, but for forensic information later:
connecting an ip address to a DSLAM or FTTH position, for example. When
provided an ip address and a window of time, you may need to know which
of your customers was using that ip during that window. Depending on
your jurisdiction you may have a legal requirement to store such
information for possible future warrants.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users