Multiple chrooted dhcp servers for vlans on Linux?
Simon Hobson
dhcp1 at thehobsons.co.uk
Fri Feb 26 21:54:43 UTC 2016
Chuck Anderson <cra at WPI.EDU> wrote:
> You could make it work on a single machine maybe, but you'd need to
> recompile the dhcpd with USE_SOCKETS. Then dhcpd will only work to
> serve remote clients via a relay agent, not local clients directly
> connected to the same VLAN as the server. This is because local
> clients must be served via a raw socket rather than a normal udp
> socket. The reason is that responses to local, on-link clients must
> contain specific IP headers and MAC address headers that cannot be set
> via a regular udp socket, such as the all-ones broadcast address. I
> may have the exact details wrong, but that is the gist of it.
I think it's a bit more subtle than that.
In principle, you should be able to bind different services to different VLANs. I don't really know much about it, but from comments on here it seems like the way dhcpd accesses the packets, any instance gets to see packets for all VLANs.
I do know that when sniffing packets, things don't work quite like VLAN interfaces should do in theory.
I've just checked, when using wireshark (actually tshark), if I use a VLAN interface I see traffic for just that VLAN. But if I look at the parent interface, I also see traffic for the VLANs it hosts - I don't know if it's tshark stripping the VLAN tags or what, but I see the packets from the VLAN interfaces shown untagged.
On 26 Feb 2016, at 20:39, Muhammad Faisal <faisalusuf at yahoo.com> wrote:
> In case of different subnets on single interface the relay agents is a mandatory requirement. You can then segregate subnets per agent IP in the dhcp scope.
>
> Relay agent IP is option routers in dhcpd
No it isn't, it's a different field in the packet - "Gateway Interface Address".
"option routers" is the list of routers to be given to the client - it is in no way linked to the relay agent.
The only reason they are usually the same is simply that a convenient place to put a relay agent is .. in the router serving the network. It does not have to be, and a relay agent can be put in any device with an interface on the physical network (technically "broadcast domain").
More information about the dhcp-users
mailing list