about concept "group", "shared-network", and "subnet", thanks.

Stemen, Andrew Michael andrew at andrewmstemen.net
Wed Apr 20 16:16:28 UTC 2011 

Your shared-network "ignore me" statement is fine -- it'll ignore
any requests for DHCP service on any subnets that are present
within that shared-network. This sounds as though it matches what
you desire.

The shared-network "vlan 2" isn't quite what you want. The
configuration needs to have a single shared-network statement for
each distinct network that it will be responding to.

For example:

You have two separate physical networks in building A; each one
has its own /24 network only:

shared-network "buildingA-net1" {
     subnet 10.1.0.0 netmask 255.255.255.0 {
          blah;
     }
}

shared-network "buildingA-net2" {
     subnet 10.2.0.0 netmask 255.255.255.0 {
          blah;
     }
}

Then the finance department, for example, buys 200 new PCs, and
the existing network that they use (net2) doesn't have enough IP
addresses available. There are obviously numerous solutions to
that problem, but one of the solutions is to operate multiple
subnets on the same network:

shared-network "buildingA-net2" {
     subnet 10.2.0.0 netmask 255.255.255.0 {
          blah;
     }
     subnet 10.3.0.0 netmask 255.255.255.0 {
          blah;
     }
}

The result is that any device requesting an IP address on that
physical network may be issued an IP address from any
range/pool/subnet within that shared-network -- you're
effectively telling dhcpd that both of those subnets are valid to
be issued on only that network. In this example, you would not
want subnet 10.1.0.0/24 to be in the same shared-network, because
it is a separate physical network. If you were to put all three
of these example subnets in the same shared-network, then any
device on either of the two physical networks could be issued any
IP address from any of the three different subnets.

It is not required that a shared-network statement be used for
each network; if a subnet is declared outside of the scope of a
shared-network, the effective configuration considers it to be in
a shared pool with no other subnets (note that I haven't reviewed
the code to validate that it's how it technically considers it,
but they are configuration equivalents). It is my practice (and I
recommend it to others) that every network have a shared-network
statement, simply for greater clarity, even if there is only one
subnet on that network.

Any clearer, yet?

---
Andrew Michael Stemen
[1]andrew at andrewmstemen.net

On Wed, 20 Apr 2011 09:45 -0500, "Marc Perea" <marccp at srttel.com>
wrote:

I'm going to pipe in here because I'm still a bit confused about
the proper use of shared-network. What's the use case for it's
proper use?

I'm currently configured with 2 shared-network statements, and
I'm guessing it's wrong. My DHCP server resides on a single vlan,
single interface. The interface is on our server VLAN, where it
is not authoritative and I want to ignore booting. I made that
one shared-network (ignore-me). Our BRAS is a L3 relay and
directs all DHCP broadcast to unicast by IP to the server. I made
this a 2nd shared-network. I originally had it all as one S-N,
but dhcpd was still responding to requests on the server VLAN, so
I moved it out to actually ignore booting. My configuration snip:

shared-network "ignore me" {
        subnet 1.2.3.4 netmask 255.255.255.128 { #SERVER VLAN
                ignore booting;
        }
}
shared-network "vlan 2" {
        subnet 10.1.0.0 netmask 255.255.255.224 { #TEST ISG-10K
                authoritative;
                ...
        }
        subnet 10.170.0.0 netmask 255.255.0.0 { #LOAD TEST
                authoritative;
                ...
        }
        subnet 10.2.0.0 netmask 255.255.192.0 { #PRODUCTION
ISG-10K
                authoritative;
                ...
        }
        subnet 10.3.0.0 netmask 255.255.255.128 { #ASR1
                authoritative;
                ...
        }
}
Does this appear right or wrong? If it's wrong, any explanation
of why moving the server subnet into the vlan-2 S-N would cause
it to hand out IPs from one of the other subnets, instead of
ignoring booting?

Thanks!

--Marc
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users

References

1. mailto:andrew at andrewmstemen.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20110420/e49cc886/attachment.html>

More information about the dhcp-users mailing list