Multiple chrooted dhcp servers for vlans on Linux?

Fri Feb 26 21:54:43 UTC 2016

Chuck Anderson <cra at WPI.EDU> wrote:

> You could make it work on a single machine maybe, but you'd need to
> recompile the dhcpd with USE_SOCKETS.  Then dhcpd will only work to
> serve remote clients via a relay agent, not local clients directly
> connected to the same VLAN as the server.  This is because local
> clients must be served via a raw socket rather than a normal udp
> socket.  The reason is that responses to local, on-link clients must
> contain specific IP headers and MAC address headers that cannot be set
> via a regular udp socket, such as the all-ones broadcast address.  I
> may have the exact details wrong, but that is the gist of it.

I think it's a bit more subtle than that.
In principle, you should be able to bind different services to different VLANs. I don't really know much about it, but from comments on here it seems like the way dhcpd accesses the packets, any instance gets to see packets for all VLANs.

I do know that when sniffing packets, things don't work quite like VLAN interfaces should do in theory.
I've just checked, when using wireshark (actually tshark), if I use a VLAN interface I see traffic for just that VLAN. But if I look at the parent interface, I also see traffic for the VLANs it hosts - I don't know if it's tshark stripping the VLAN tags or what, but I see the packets from the VLAN interfaces shown untagged.

On 26 Feb 2016, at 20:39, Muhammad Faisal <faisalusuf at yahoo.com> wrote:

> In case of different subnets on single interface the relay agents is a mandatory requirement. You can then segregate subnets per agent IP in the dhcp scope.
> 
> Relay agent IP is option routers in dhcpd

No it isn't, it's a different field in the packet - "Gateway Interface Address".
"option routers" is the list of routers to be given to the client - it is in no way linked to the relay agent.
The only reason they are usually the same is simply that a convenient place to put a relay agent is .. in the router serving the network. It does not have to be, and a relay agent can be put in any device with an interface on the physical network (technically "broadcast domain").