Pool selection based on Giaddr of different subnet
Glenn Satchell
Glenn.Satchell at uniq.com.au
Tue Mar 17 14:37:25 UTC 2009
Hi Dario
I'm not sure I understand how your network is set up. If you can
describe your network layout then we may be able to offer a solution.
Can you describe a valid network configuration where the relay's giaddr
(address of the interface where the request came in) is in a different
subnet to that of the client and not be a shared network?
This is the fundamental design of not only the ISC dhcpd, but of the RFC
that defines how dhcp whould work.
When a client sends out a broadcast to find a dhcp server or relay,
that packet can only stay within the defined subnet. There is no valid
way for it to be routed to a different subnet and for your relay on
that other subnet to receive it.
regards,
-glenn
>From: "Dario Aguilar" <daguilar at arnet.net.ar>
>To: "'Users of ISC DHCP'" <dhcp-users at lists.isc.org>
>Subject: RE: Pool selection based on Giaddr of different subnet
>Date: Tue, 17 Mar 2009 10:36:37 -0300
>
>Dario Aguilar wrote:
>
>>Hi there, I´m trying to configure a pool
>>selection based on Giaddr but the problem is
>>that Relay Agent IP (Giaddr) doesn't belongs to
>>same subnet as the client pool so I guess I need
>>to define a class that matches this criteria
>>(maybe of sure that I difined in a wrong way).
>>This is not working because it´s saying that
>>network segment is unknown.
>
>>>OK, two ways to deal with this :
>
>>>1) Fix the relay agent !
>
>Why you assume that the relay agent is broken, wrong or something?. Relay
>agent should be a DSLAM, WAC or simply a router that has an address on
>different subnet than the clients. I think that if the subnets are correctly
>routed this should not me a problem for the relay agent or the clients.
>(Private IP´s are just examples, we are using public´s IP addresses in
>fact).
>
>>>2) Assuming the GIAddr of the relay agent is
>>>unique to the clients subnet, then simply put an
>>>extra subnet in a shared-network delcaration like
>>>this :
>
>>>shared-network broken_relay_agent {
>>> subnet 192.168.0.0 netmask 255.255.255.0 { }
>>>
>>> subnet 172.17.2.0 netmask 255.255.255.0 {
>>> range ...
>>> ...
>>> }
>>>}
>
>>>What this does is tell the DHCP server that the
>>>two subnets are on the same wire, and so
>>>addresses in each subnet are interchangeable as
>>>far as allocating leases to clients in concerned.
>>>The server will match the GIAddr to one subnet,
>>>find no available leases, but see that leases are
>>>available in the other subnet and allocate from
>>>there.
>
>>>This will NOT work if the same relay agent serves
>>>other subnets using the same (wrong) GIAddr.
>
>>>Without the shared-network, you will NOT get the
>>>server to allocate a lease to any client in the
>>>subnet as the server believes that the client is
>>>on a different network.
>
>>class "WAC" {
>> match if (binary-to-ascii(10,8, ".", packet(24,4)) =
>"192.168.0.1");
>>}
>
>>>You don't need the binary to ascii stuff, you can
>>>just use hex something like this :
>>>match if (packet(24,4)) = c0:a8:00:01);
>
>As you recommended, I could resolve this by putting just the relay agent
>host into the same shared-network as the client pool, but I don´t know if
>this is the only or best solution for this because now I need to add a new
>shared-network for each new relay agent. Is there any possibility to
>allocate leases using classes as I was trying to do it with "match if
>(packet(24,4)) = GiAddr);" and then "allow members of" on the subnet ?.
>
>Actual configuration:
>
>shared-network broken_relay_agent {
> subnet 192.168.0.1 netmask 255.255.255.255 { }
> subnet 172.17.2.0 netmask 255.255.255.0 {
> range ...
> ...
> }
>}
>Thanks
>
>Dario Aguilar.
>
>
>--
>Simon Hobson
>
More information about the dhcp-users
mailing list