Assigning a different gateway address based on gi-addr

Fri Oct 29 19:56:01 UTC 2010

Nicolas De Cristofaro wrote:

>We are attempting a configuration with our ISC DHCP server where we 
>would like to hand out a different gateway address based on the 
>gi-addr of the dhcp-relay set by our routers.
>
>Our solution includes two routers and one is acting as a standy-node 
>only, so subscribers would only connect via this node if the primary 
>node fail.

I was just thinking VRRP (or HSRP for Cisco kit).

>Our configuration does not allow us to use VRRP due to limitations 
>with the box

Pity !

>and we would like to use a different gateway address based on if the 
>subscribers connected via the primary dhcp-relay or the back 
>dhcp-relay.

The first problem I see is that both routers will be relays, and both 
will forward requests if they are working. Thus, when both routers 
are working, the client will get offers with both gateways and it 
will be (mostly ?) random which they take - typically whichever 
router gets the offer to the server first will get the traffic as 
it's reply should be the first back to the client and most clients 
seem to accept the first valid offer they get.

The second problem is that a router going down won't result in 
clients getting a new lease for anything up to (almost) 4 hours with 
the lease times you've specified. Thus a router going down will 
result in around half your clients losing connectivity for 
potentially several hours or until the user takes action to get a new 
lease.

But assuming that's something you're prepared to deal with ...

>We would like to share the same pool definition though, and this is 
>where we've ran into problems, we can't use the same 'range' in two 
>pools. So the idea would be to use one pool, but assign a different 
>'options router' based on the class matching, is this possible?
>
>Here is what we have so far based on what I found already reading 
>through the mailing lists:
>
>subnet 88.88.88.32 netmask 255.255.255.240 {
>
>     default-lease-time 14400;
>
>     max-lease-time 14400;   
>
>
>
>     class "NODE-1" {
>
>       match if binary-to-ascii(10, 8, ".", packet(24, 4)) = "88.88.88.33";
>
>     }

You don't ned the binary to ascii, this is functionally identical :
match if packet(24, 4) = 88.88.88.33 ;

The 88:88:88:33 bit there just specifies a set of four bytes.

How about just using a conditional like this :

subnet 88.88.88.32 netmask 255.255.255.240 {
    pool {
      if packet(24, 4) = 88.88.88.33 {
        option routers 88.88.88.33 ;
      }
      else
      {
        option routers 88.88.88.34 ;
      }
      range 88.88.88.35 88.88.88.45;
    }
}
-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.