DHCP client takes too much time to get IP address

Thu Nov 15 14:31:29 UTC 2007

Alessandro FAGLIA wrote:

>The DHCP server acts also as firewall (Shorewall) with 5 NICs.
>eth0 is connected to the ISP router and has a public IP
>eth1 and eth2 are enslaved as bond0, and serves network 192.160.1.0/24
>eth3 and eth4 are enslaved as bond1, and serves network 192.160.2.0/24
>
>bond0 is bind to 192.168.1.1/24
>bond1 is bind to 192.168.2.1/24
>
>Unfortunately, I inherited a weird network layout where devices 
>belongs to two networks that share the same medium. This medium is 
>made by one switch (the center of the star) and four smaller ones 
>connected by means of optical links.
>
>bond0 and bond1 are connected to the same first switch (I know this 
>sounds weird, but this is a issue I cannt fix in short time).

This is your problem then. You have a shared network (two subnets on 
one physical media) and must define it as such. What is happening now 
is that the server responds to a client request received on bond0 as 
though it is in subnet 192.168.1.0 - but when it sees the client 
request it's address via a packet received on bond1 then it knows 
that the address is invalid for that network and sends a DHCP NAK.

>This is an excerpt of my dhcpd.conf.
>In my mind, known hosts are assigned to subnet 1 or 2 depending on 
>their MAC addr. Guests with known MAC addr are put into range 
>192.168.1.180-192.168.1.19 while those with unknown MAC are put into 
>192.168.1.170-192.168.1.179 (for which the firewall close all doors).
>
>subnet 192.168.1.0 netmask 255.255.255.0 {
>   option routers 192.168.1.1;
>   option subnet-mask 255.255.255.0;
>   option broadcast-address 192.168.1.255;
>   option domain-name-servers 192.168.1.1;
>
>   # guests with unknown MAC addr
>   pool {
>     range 192.168.1.170 192.168.1.179;
>     allow unknown clients;
>   }
>
>   # guests with known MAC addr
>   pool {
>     range 192.168.1.180 192.168.1.199;
>   }
>}
>
>group {
>   default-lease-time 43200;
>   max-lease-time 86400;
>   option netbios-name-servers 192.168.1.1;
>   use-host-decl-names on;
>
>   host <...> {
>     hardware ethernet <...>;
>     fixed-address 192.168.1.20;
>   }
>[...]
>}
>
># Guests with known MAC addr
>group {
>   default-lease-time 43200;
>   max-lease-time 86400;
>   use-host-decl-names on;
>
>   host <...> {
>     hardware ethernet <..>;
>     fixed-address 192.168.1.180;
>   }
>[...]
>}
>
>group {
>   default-lease-time 43200;
>   max-lease-time 86400;
>   option netbios-name-servers 192.168.2.1;
>   use-host-decl-names on;
>
>   host <...> {
>     hardware ethernet <...>;
>     fixed-address 192.168.2.50;
>   }
>}
>
>include "/etc/dhcp-dns.key";
>
>update-static-leases on;
>
>zone farmol.it. {
>         primary 127.0.0.1;
>         key DHCP_UPDATER;
>}
>
>zone 168.192.in-addr.arpa. {
>         primary 127.0.0.1;
>         key DHCP_UPDATER;
>}

Firstly you are missing a subnet declaration. You MUST define the 
192.168.2.0/24 subnet even if you do not issue any leases to it. As 
you have a shared network, you must declare it as such :

shared-network somenetworkname {
   subnet 192.168.1.0 ....
     ....
   }
   subnet 192.168.2.0 ....
     ....
   }
}

Also, you has a fixed address (192.168.1.180) which is also part of a 
dynamic range. Any fixed address MUST NOT be in any dynamically 
assignable range. It is possible that a dynamic client could acquire 
the address, then the host with the fixed address come onto the 
network. The server will comply with your instruction to give the 
host it's fixed address and you then have two stations with an 
address comflict.