Why leases are not renewed always via dhcp-relay ?
Simon Hobson
dhcp1 at thehobsons.co.uk
Fri Jul 6 18:40:20 UTC 2007
Sébastien CRAMATTE wrote:
> >> It's very strange ?
>>>
>>
>> No, this is RFC2131 documented behaviour. The easiest and best
>> thing to do is to make sure the server and client can unicast to
>> each other.
>>
>>
>Might be an Iptables rules ? to block direct communication from client
>to server ?
No.
It is RFC compliant behaviour that a client with
an existing lease will send a unicast packet
directly to the server that gave it it's lease -
there is no reason* to involve a relay agent for
renewals because the client now has an address
and so doesn't need this help. In any properly
designed IP network this will be possible - but
there are situations when it is not (for example
a client which is behind a NAT gateway which
would prevent the server from responding).
David's comment was to make sure that the client
and server can directly communicate - ie either
can send packets directly to the other.
* Except for issues like this of course !
> >> I want to force to use dhcp relay in every case ... I need option 82
>>> datas so when a lease is renewed directly I loose these datas
>>> Any ideas or configuration tips ?
>>>
>>
>> If the option 82 contents do not change from packet to packet, then
>> you can use the values that are 'cached' upon the lease state when
>> the client last operated through a relay.
>>
>> This draft:
>>
>> http://www.ietf.org/internet-drafts/draft-ietf-dhc-server-override-04.txt
>>
>> which I think is working on becoming an RFC, was written for the case
>> where the server and client can under no circumstances directly speak
>> with one another (such as when the client is on a VPN the server can
>> not access).
>>
>> The simple way to "do the same thing" is to configure a
>> dhcp-server-identifier equal to the relay agent's address. Clients
>> will unicast their renews to this address.
>>
>>
>Do you mean to set "server-identifier" in dhcpd.conf to the my
>dhcp-relay IP ?
Yes
> > However, this makes every client RENEW look, to the server(s), like a
>> REBIND. So multiple servers may well answer, and they may well answer
>> with DHCPNAKs if they sense that the client is on the wrong subnet
>> (which may be incorrect depending on how the packet reaches the relay
> > and how the relay senses the interface the packet is received upon).
>In these subnet I've got only 2 DNS redundant DHCP servers to assign my
>public Ip's and servers are connected to switch using Vlan's
>so no chance to join another DHCP server
It's a bit more complicated than that ! It's not
just which servers the packets get to, but also
how those servers perceive the packet got there.
I was under the impression that equipment that
inserts option 82 also tends to have a dhcp
sniffer function, so that even though the packet
is unicast rather than using the relay agent, the
equipment can intercept it and still insert
option 82. It might be owrth checking if this is
the case with your equipment as that would solve
the problem for you.
More information about the dhcp-users
mailing list