DHCP relay with two interfaces
dhcp1 at thehobsons.co.uk
Tue Apr 24 13:51:38 UTC 2007
Bjorn Andersson wrote:
>I am trying to do a setup where I have a DHCP relay server with two
>interfaces, eth0 and eth1. The DHCP clients connects to eth1 and I
>relay the messages to the DHCP server that is somewhere behind eth0.
>On eth1 I use a private, non-routable address, 10.0.0.1. eth0 has a
>routable address. I have several of these networks that use a relay,
>all relays have the same private address on eth1, on eth0 the address
>is naturally unique. The DHCP relay also functions as a NAT router.
>Now, I want the ISC DHCP server to give the same address (from the
>10.0.0.0 network) to the clients regardless in which physical network
>they are. The problem is that the subnet declaration must match
>address of giaddr. If I set giaddr to the address of eth0, then it
>will not match the 10.0.0.0 subnet declaration. If I set giaddr to the
>address of eth1 the reply will be sent to that address (10.0.0.1)
>instead of the routable address of eth0, i.e. the source address of
>the DHCP request.
>Is there a way to configure the server to function as I want? I've got
>a feeling my setup is fairly common, but I can't figure out the
>configuration. The simple relay is written by my self and I can easily
>modify its behaviour if needed.
ABSOLUTELY NOT, the network is BROKEN and no DHCP implementation will
work properly with it - and neither will routing.
Rule one of IP networks : "all addresses must be globally unique",
though for the purposes of this you can modify that to "all addresses
must be globally unique within the domain of networks/subnets served
by the DHCP server".
Rule two of IP networks " "all addresses must be globally routable",
but again you can constrain that to "within the domain of
networks/subnets served by the DHCP server".
Your network breaks BOTH of these rules.
The problem you have is that you have multiple networks sharing the
same network address, so the routing is ambiguous. Is this packet for
10.1.1.1 to be sent to network A with the 10.1.1.0/24 subnet, or
network B with the 10.1.1.0/24 subnet, or network C with ...
You have to discount any NAT that the gateways may be doing because
DHCP won't work unless it can route packets directly to a client at
it's actual (not NATed) address.
You have two options :
1) Change the network addresses so that the different networks have
different addresses, then you can use the 10.n.n.n address of the
relay agent as the GIAddr.
2) Bridge all the 10.n.n.n networks together so that they are one
broadcast domain. You could try and be clever by blocking loads of
broadcast traffic by filtering in the bridge(s), but the DHCP packets
MUST be passed (at least some of them must be, it's going to be a
Either way, if your routing isn't unambiguous then the network isn't
going to work !
More information about the dhcp-users