remote subnets (Was: a single subnet that is failing)

Simon Hobson dhcp1 at thehobsons.co.uk
Tue Nov 27 09:46:28 UTC 2007 

Remzi AKYUZ wrote:

>>>if your you dont have any interface on 10.4.51.0/24,
>>>dhcpd could not serv for 10.4.51.0/24.

>>That is WRONG
>>
>>DHCP works fine over a WAN, all it requires is helper agents (aka 
>>BOOTP relay agent, aka DHCP relay agent) somewhere on each network 
>>that is not directly attached to the server. The OP did state that 
>>there were agents in place, and the log shows that the request was 
>>received via an agent.


>How can dhcpd configure it?
>
>can you explanation it.

First, I would suggest you track down a copy of "The DHCP Handbook" 
by Ralph Droms and Ted Lemon - it is generally considered THE 
reference book on DHCP. It covers all this (and a lot more) in as 
much detail as you could want - the second edition has a more in 
depth description of failover.


However, here is the 2 minute version !

As far as the server config is concerned, you do NOTHING other than 
configure the subnets as required. There is no difference between a 
definition of a subnet that is local to the server and one that is 
remote (ie not directly connected).

On each remote subnet you need a helper agent. This is NOT a simple 
packet forwarding service as it does not directly forward the packets 
as received from the client. When a client boots and send out it's 
DHCP-Discover packet (or DHCP-Request if it already has a lease to 
renew), this is sent as a broadcast. The relay agent picks this up, 
inserts it's interface address into a field in the packet called 
GIAddr (Gateway Interface Address) and forwards it by unicast* to the 
server(s) configured. The relay agent may also add further 
information such as option 82 (circuit ID) which may be used by the 
server - an example of this might be in an ISP environment where the 
customer identity is determined by the physical port of a 
switch/cable equipment/ADSL access unit/whatever.


When the server receives the packet, it can see that the GIAddr field 
is filled in, therefore it knows what subnet the client is connected 
to and can process the request accordingly. It will then send the 
reply packet back by unicast to the GIaddr, where the helper agent 
will take care of broadcasting it on the clients local network.


When the client is simply extending a lease it already has, then it 
will send a unicast packet directly to the server it got it's lease 
from (the relay agent is not involved), and the server will unicast 
the response back.


While relay agents are usually part of a router, there is no 
requirement for this - it can be run on any device connected to the 
same network as the clients. Also, the mechanism was borrowed from 
BOOTP since at the time DHCP was being developed BOOTP helper agents 
were appearing in routing equipment. By using the same mechanism, the 
DHCP developers avoided the hassle of persuading all the major 
vendors to develop and rollout new support programs.



* If the network supports it, you could also use a directed subnet 
broadcast - eg if the server was in 192.168.1.0/24 then you could 
send the forwarded packet to 192.168.1.255 where it could be received 
by multiple servers.

More information about the dhcp-users mailing list