[SOLVED] DHCP option 82 usage problem , shared switchport Blade+BMC
LARPENT Jacques
jacques.larpent at altran.com
Fri Oct 17 14:03:56 UTC 2014
Hello,
I am returning to make a positive feedback on my DHCP problem.
The recommandations around using 'built in' mechanisms of VLANs are definitely the way to go.
The other issue around PXE/IPXE booting was solved thanks to several other threads of the mailing list talking about PXE booting in a one IP range pool.
Simon, thank you very much for your reply indicating an interest in my problem.
Have a nice week-end.
Thread status : [solved]
Regards,
Jacques.
Le 15/10/2014 15:20, Simon Hobson a écrit :
LARPENT Jacques <jacques.larpent at altran.com><mailto:jacques.larpent at altran.com> wrote:
> The blade enclosures are uplinked to switch acting as layer 3 router between the different VLANs/subnet deployed inside the enclosures (typically a VLAN for blade NICs and another for the BMCs).
...
> The classes are designed to match : remote_id AND circuit_id AND vendor-class-identifier to identify a client.
>
> I precise that considering constraint #1 I have to check the vendor-class-identifier to make the difference between a blade or its BMC.
You have VLANs, you can use the inbuilt mechanisms !
> examples for blade n°11 and its BMC plugged on switchport n°11:
>
> class "BMC11" {
> match if ( substring (option agent.remote-id, 0 , 7) = "switch1" and
> ( binary-to-ascii (10, 16, ".", substring(option agent.circuit-id, 1, 4)) ="11") and
> ( substring (option vendor-class-identifier, 0, 6) = "iamBMC"));
> }
>
> pool {
> allow members of "BMC11";
> range 10.0.0.11;
> }
>
> class "blade11" {
> match if ( substring (option agent.remote-id, 0 , 7) = "switch1" and
> ( binary-to-ascii (10, 16, ".", substring(option agent.circuit-id, 1, 4)) ="11") and not
> ( substring (option vendor-class-identifier, 0, 6) = "iamBMC"));
> }
>
> pool {
> allow members of "blade11";
> range 12.0.0.11;
> filename "ipxelinux.0";
>
> }
OK, how about this :
class "Unit11" {
match if ( substring (option agent.remote-id, 0 , 7) = "switch1" and
( substring(option agent.circuit-id, 1, 4)) = 00:00:00:0b );
}
This will get both the BMC and blade for the unit.
pool {
allow members of "Unit11";
range 10.0.0.11;
}
pool {
allow members of "Unit11";
range 12.0.0.11;
filename "ipxelinux.0";
}
Note several key things :
1) The pool declarations **MUST** be within the correct subnet. You haven't shown the subnet declarations and your layout of declarations shown above would not be valid for more than one unit !
So something like this
subnet 10.0.0.0 ... {
pool {
allow members of "Unit11";
range 10.0.0.11;
}
pool {
allow members of "Unit12";
range 10.0.0.12;
}
}
subnet 12.0.0.0 ... {
pool {
allow members of "Unit11";
range 12.0.0.11;
filename "ipxelinux.0";
}
pool {
allow members of "Unit12";
range 12.0.0.12;
filename "ipxelinux.0";
}
}
2) *IF* you have everything all setup correctly, then the above will work automagically. Requests from the BMCs will arrive on a VLAN where the gateway address is within the same subnet as the 10.0.0.nn addresses, while requests from the blades will arrive on a VLAN where the gateway address is within the 12.0.0.nn subnet. If this doesn't work then your network setup is broken.
3) Dunno whether it's an attempt at obfuscation or if you are genuinely using 12.0.0.0 addresses, but they are allocated to AT&T. DO yourself a favour and stick to RFC1918 addresses which are specifically reserved for private use.
4) You can save server load by not converting a string to ascii before comparing it with something you can specify directly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20141017/7ea1ebd0/attachment.html>
More information about the dhcp-users
mailing list