remote subnets (Was: a single subnet that is failing)
dhcp1 at thehobsons.co.uk
Tue Nov 27 09:46:28 UTC 2007
Remzi AKYUZ wrote:
>>>if your you dont have any interface on 10.4.51.0/24,
>>>dhcpd could not serv for 10.4.51.0/24.
>>That is WRONG
>>DHCP works fine over a WAN, all it requires is helper agents (aka
>>BOOTP relay agent, aka DHCP relay agent) somewhere on each network
>>that is not directly attached to the server. The OP did state that
>>there were agents in place, and the log shows that the request was
>>received via an agent.
>How can dhcpd configure it?
>can you explanation it.
First, I would suggest you track down a copy of "The DHCP Handbook"
by Ralph Droms and Ted Lemon - it is generally considered THE
reference book on DHCP. It covers all this (and a lot more) in as
much detail as you could want - the second edition has a more in
depth description of failover.
However, here is the 2 minute version !
As far as the server config is concerned, you do NOTHING other than
configure the subnets as required. There is no difference between a
definition of a subnet that is local to the server and one that is
remote (ie not directly connected).
On each remote subnet you need a helper agent. This is NOT a simple
packet forwarding service as it does not directly forward the packets
as received from the client. When a client boots and send out it's
DHCP-Discover packet (or DHCP-Request if it already has a lease to
renew), this is sent as a broadcast. The relay agent picks this up,
inserts it's interface address into a field in the packet called
GIAddr (Gateway Interface Address) and forwards it by unicast* to the
server(s) configured. The relay agent may also add further
information such as option 82 (circuit ID) which may be used by the
server - an example of this might be in an ISP environment where the
customer identity is determined by the physical port of a
switch/cable equipment/ADSL access unit/whatever.
When the server receives the packet, it can see that the GIAddr field
is filled in, therefore it knows what subnet the client is connected
to and can process the request accordingly. It will then send the
reply packet back by unicast to the GIaddr, where the helper agent
will take care of broadcasting it on the clients local network.
When the client is simply extending a lease it already has, then it
will send a unicast packet directly to the server it got it's lease
from (the relay agent is not involved), and the server will unicast
the response back.
While relay agents are usually part of a router, there is no
requirement for this - it can be run on any device connected to the
same network as the clients. Also, the mechanism was borrowed from
BOOTP since at the time DHCP was being developed BOOTP helper agents
were appearing in routing equipment. By using the same mechanism, the
DHCP developers avoided the hassle of persuading all the major
vendors to develop and rollout new support programs.
* If the network supports it, you could also use a directed subnet
broadcast - eg if the server was in 192.168.1.0/24 then you could
send the forwarded packet to 192.168.1.255 where it could be received
by multiple servers.
More information about the dhcp-users