DHCP relay with two interfaces

Simon Hobson dhcp1 at thehobsons.co.uk
Tue Apr 24 13:51:38 UTC 2007

Bjorn Andersson wrote:

>I am trying to do a setup where I have a DHCP relay server with two
>interfaces, eth0 and eth1. The DHCP clients connects to eth1 and I
>relay the messages to the DHCP server that  is somewhere behind eth0.
>On eth1 I use a private, non-routable address, eth0 has a
>routable address. I have several of these networks that use a relay,
>all relays have the same private address on eth1, on eth0 the address
>is naturally unique. The DHCP relay also functions as a NAT router.
>Now, I want the ISC DHCP server to give the same address (from the
> network) to the clients regardless in which physical network
>they are. The problem is that the subnet declaration must match
>address of giaddr. If I set giaddr to the address of eth0, then it
>will not match the subnet declaration. If I set giaddr to the
>address of eth1 the reply will be sent to that address (
>instead of the routable address of eth0, i.e. the source address of
>the DHCP request.
>Is there a way to configure the server to function as I want? I've got
>a feeling my setup is fairly common, but I can't figure out the
>configuration. The simple relay is written by my self and I can easily
>modify its behaviour if needed.

ABSOLUTELY NOT, the network is BROKEN and no DHCP implementation will 
work properly with it - and neither will routing.

Rule one of IP networks : "all addresses must be globally unique", 
though for the purposes of this you can modify that to "all addresses 
must be globally unique within the domain of networks/subnets served 
by the DHCP server".

Rule two of IP networks " "all addresses must be globally routable", 
but again you can constrain that to "within the domain of 
networks/subnets served by the DHCP server".

Your network breaks BOTH of these rules.

The problem you have is that you have multiple networks sharing the 
same network address, so the routing is ambiguous. Is this packet for to be sent to network A with the subnet, or 
network B with the subnet, or network C with ...

You have to discount any NAT that the gateways may be doing because 
DHCP won't work unless it can route packets directly to a client at 
it's actual (not NATed) address.

You have two options :

1) Change the network addresses so that the different networks have 
different addresses, then you can use the 10.n.n.n address of the 
relay agent as the GIAddr.

2) Bridge all the 10.n.n.n networks together so that they are one 
broadcast domain. You could try and be clever by blocking loads of 
broadcast traffic by filtering in the bridge(s), but the DHCP packets 
MUST be passed (at least some of them must be, it's going to be a 
non-trivial configuration).

Either way, if your routing isn't unambiguous then the network isn't 
going to work !

More information about the dhcp-users mailing list