one host with multiple concurrent leases from different pools

Curt Rask Curt_Rask at alliedtelesis.com
Thu Oct 30 21:23:57 UTC 2008



Hello,

I have a similar issue to the one quoted below.  I have all of my network (DHCP relay points) and DHCP statements configured to hand out IP's to a single device.  The problem I am finding is that during the initiation phase (DHCP Discover, Offer, Request, ACK), each of the leases negates the previous one.  The IP's being handed out are the correct IP's for the VLAN in question, it's just the server seems to think that the new "discover" supplants the existing lease info.

For my configuration, the "host" is a network device that is VLAN aware and uses the same MAC address for each of VLAN interface that request an IP.   The relay agent is not a router.  It is another switch that has some L3 ability.  When it relays, it sets the GIADDR to the one and only 1 IP address it uses for management.  It also sets option 82 information for Remote-ID, and Circuit-ID.  The circuit ID contains physical interface information, as well as VLAN information which is unique to the host.  Additionally, the UID of the client is the same, regardless of which VLAN it makes a request on.

Based on the fact that subsequent leases cause the previous one's to be "freed", I presume that in the case of a discover packet or a request packet with a "client IP" of 0.0.0.0, that the server tries to differentiate between the requests by looking at the client's HW address, possibly the UID, and then by the GIADDR.  In my case, those are all the same.  However, the option 82 circuit ID information is different.

So, my question is, is there a way to either have the server include Circuit-ID information in considering whether a request is unique?  Or, is there a way to set the UID, if it is in fact considered when determining whether a request is unique, based on the circuit ID, or a subset of the circuit ID?  Something to the effect:

if exists agent.circuit-id {
uid = concat (hardware,"-",substring(option agent.circuit-id,2,2)); };

The interesting part to the story is that, since the other interfaces don't know that they've lost their lease, they do come back later to renew their IP, only this time the "client IP" option is set to the IP they were given.  When this happens, all of the leases can co-exist in the database.  The problem there, is that for a shallow pool of IP's, it's possible that the IP will no longer be available, as the lease may have been handed out to someone else.  The other problem is that, when the lease is freed, any DDNS information is removed, which could negatively impact services.

I have included a config snippet, log snippet, and lease view when things don't work.
Thanks in advance,

Curt Rask






LOG:
Oct 30 16:29:26 cow dhcpd: ---- Lease for IP=192.168.2.11 iMAP=NE2 INT=15.8 VLAN=2501
Oct 30 16:29:26 cow dhcpd: ---- RAW opt-82 IP=192.168.2.11 CID=15.8.9.197 AID=4e.45.32
Oct 30 16:29:26 cow dhcpd: DHCPDISCOVER from 00:0d:da:06:b0:a7 via 10.52.203.12
Oct 30 16:29:26 cow dhcpd: ---- Lease for IP=192.168.1.10 iMAP=NE2 INT=15.8 VLAN=2500
Oct 30 16:29:26 cow dhcpd: ---- RAW opt-82 IP=192.168.1.10 CID=15.8.9.196 AID=4e.45.32
Oct 30 16:29:26 cow dhcpd: DHCPDISCOVER from 00:0d:da:06:b0:a7 via 10.52.203.12
Oct 30 16:29:27 cow dhcpd: DHCPOFFER on 192.168.2.11 to 00:0d:da:06:b0:a7 via 10.52.203.12
Oct 30 16:29:27 cow dhcpd: DHCPOFFER on 192.168.1.10 to 00:0d:da:06:b0:a7 via 10.52.203.12
Oct 30 16:29:30 cow dhcpd: ---- Lease for IP=192.168.1.10 iMAP=NE2 INT=15.8 VLAN=2500
Oct 30 16:29:30 cow dhcpd: ---- RAW opt-82 IP=192.168.1.10 CID=15.8.9.196 AID=4e.45.32
Oct 30 16:29:30 cow dhcpd: ---- Lease granted for IP=192.168.1.10 iMAP=NE2 INT=15.8 VLAN=2500
Oct 30 16:29:30 cow dhcpd: Unable to add forward map from stb-0-d-da-6-b0-a7.neteng.lab.telesyn.corp to 192.168.1.10: timed out
Oct 30 16:29:30 cow dhcpd: DHCPREQUEST for 192.168.1.10 (10.52.201.65) from 00:0d:da:06:b0:a7 via 10.52.203.12
Oct 30 16:29:30 cow dhcpd: DHCPACK on 192.168.1.10 to 00:0d:da:06:b0:a7 via 10.52.203.12
Oct 30 16:29:55 cow dhcpd: ---- Release for IP=192.168.1.10 MAC=1:0:d:da:6:b0:a7
Oct 30 16:29:55 cow dhcpd: ---- Lease for IP=192.168.2.11 iMAP=NE2 INT=15.8 VLAN=2501
Oct 30 16:29:55 cow dhcpd: ---- RAW opt-82 IP=192.168.2.11 CID=15.8.9.197 AID=4e.45.32
Oct 30 16:29:55 cow dhcpd: DHCPDISCOVER from 00:0d:da:06:b0:a7 via 10.52.203.12
Oct 30 16:29:55 cow dhcpd: DHCPOFFER on 192.168.2.11 to 00:0d:da:06:b0:a7 via 10.52.203.12
Oct 30 16:29:57 cow dhcpd: ---- Lease for IP=192.168.2.11 iMAP=NE2 INT=15.8 VLAN=2501
Oct 30 16:29:57 cow dhcpd: ---- RAW opt-82 IP=192.168.2.11 CID=15.8.9.197 AID=4e.45.32
Oct 30 16:29:57 cow dhcpd: ---- Lease granted for IP=192.168.2.11 iMAP=NE2 INT=15.8 VLAN=2501
Oct 30 16:29:57 cow dhcpd: Unable to add forward map from rgvoip-0-d-da-6-b0-a7.neteng.lab.telesyn.corp to 192.168.2.11: timed out
Oct 30 16:29:57 cow dhcpd: DHCPREQUEST for 192.168.2.11 (10.52.201.65) from 00:0d:da:06:b0:a7 via 10.52.203.12
Oct 30 16:29:57 cow dhcpd: DHCPACK on 192.168.2.11 to 00:0d:da:06:b0:a7 via 10.52.203.12



LEASE:

lease 192.168.1.10 {
  starts 4 2008/10/30 21:22:00;
  ends 4 2008/10/30 21:26:51;
  tstp 4 2008/10/30 21:26:51;
  cltt 4 2008/10/30 21:22:00;
  binding state free;
  hardware ethernet 00:0d:da:06:b0:a7;
}
lease 192.168.2.11 {
  starts 4 2008/10/30 21:26:51;
  ends 4 2008/10/30 21:36:51;
  cltt 4 2008/10/30 21:26:51;
  binding state active;
  next binding state free;
  hardware ethernet 00:0d:da:06:b0:a7;
  option agent.circuit-id f:8:9:c5;
  option agent.remote-id "NE2";
  on expiry {
    log (info,
        concat (concat (concat ("---- Lease expired for IP=",
                                   binary-to-ascii (10, 8, ".", leased-address
                                   )), " MAC="),
                 binary-to-ascii (16, 8, ":", hardware)));
  }
  on release {
    log (info,
        concat (concat (concat ("---- Release for IP=",
                                   binary-to-ascii (10, 8, ".", leased-address
                                   )), " MAC="),
                 binary-to-ascii (16, 8, ":", hardware)));
  }
}
lease 192.168.2.11 {
  starts 4 2008/10/30 21:26:51;
  ends 4 2008/10/30 21:26:51;
  tstp 4 2008/10/30 21:26:51;
  cltt 4 2008/10/30 21:26:51;
  binding state free;
  hardware ethernet 00:0d:da:06:b0:a7;
}
lease 192.168.1.10 {
  starts 4 2008/10/30 21:26:51;
  ends 4 2008/10/30 21:36:51;
  cltt 4 2008/10/30 21:26:51;
  binding state active;
  next binding state free;
  hardware ethernet 00:0d:da:06:b0:a7;
  option agent.circuit-id f:8:9:c4;
  option agent.remote-id "NE2";
  on expiry {
    log (info,
        concat (concat (concat ("---- Lease expired for IP=",
                                   binary-to-ascii (10, 8, ".", leased-address
                                   )), " MAC="),
                 binary-to-ascii (16, 8, ":", hardware)));
  }
  on release {
    log (info,
        concat (concat (concat ("---- Release for IP=",
                                   binary-to-ascii (10, 8, ".", leased-address
                                   )), " MAC="),
                 binary-to-ascii (16, 8, ":", hardware)));
  }
}


CONFIG SAMPLE:
### Neteng Voip VID 2500

class "neteng-voip" {
        match if (substring (option agent.remote-id,0,2)="NE")
        and (substring (option agent.circuit-id,2,2)="\x09\xc4");
        spawn with option agent.circuit-id; default-lease-time 600; max-lease-time 600; }

### Neteng Data VID 2501

class "neteng-data" {
        match if (substring (option agent.remote-id,0,2)="NE")
        and (substring (option agent.circuit-id,2,2)="\x09\xc5");
        spawn with option agent.circuit-id;  default-lease-time 600;  max-lease-time 600; }

ping-check true;

shared-network neteng {
        subnet 10.52.203.0 netmask 255.255.255.192 {
                option routers 10.52.203.1;
                option broadcast-address 10.52.203.63;
                option domain-name "lab.telesyn.corp";
                option domain-name-servers 10.52.201.64;
                option time-offset -5; # Eastern Standard Time
                ddns-domainname "neteng.lab.telesyn.corp";
                ddns-rev-domainname "in-addr.arpa";
        }

### VOIP

subnet 192.168.2.0 netmask 255.255.255.0 {

option routers 192.168.2.1;
option subnet-mask 255.255.255.0;
ddns-hostname = concat ("rgvoip-", binary-to-ascii (16,8,"-",substring(hardware,1,6)));
option host-name= concat ("rgvoip-", binary-to-ascii (16,8,"-",substring(hardware,1,6)));
#option classless-routes 24 10.52.192.0 192.168.2.1, 28 10.52.194.240 192.168.2.1; ignore client-updates;

pool {
        range 192.168.2.10 192.168.2.254;

        #
        allow members of "neteng-voip";
     }
}


### DATA

subnet 192.168.3.0 netmask 255.255.255.0 { option routers 192.168.3.1; option subnet-mask 255.255.255.0; ddns-hostname = concat ("data-", binary-to-ascii (16,8,"-",substring(hardware,1,6)));
option host-name= concat ("data-", binary-to-ascii (16,8,"-",substring(hardware,1,6)));

pool {
        range 192.168.3.10 192.168.3.254;

        #
        allow members of "neteng-data";
     }

}

}



-----Original Message-----
From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On Behalf Of Simon Hobson
Sent: Sunday, October 12, 2008 4:47 AM
To: dhcp-users at isc.org
Subject: Re: Same Host on two ip pool?

Juan C. Crespo R. wrote:

>>Do you mean - you want a client to be able to get an address on any of
>>several networks it can connect to ? Yes, it just works automagically
>>as long as your network is set up right.
>>
>Could you send me an example of this one? Thanks :)

Still not clear what you need help with !

Dynamic or static ? Glenn has shown you how to define multiple fixed addresses for static addressing.

For dynamic clients, there really isn't any special config. For example, this would allow the DHCP server to support two different networks (obviously you'll need a few more options etc) :

subnet 192.168.1.0 netmask 255.255.255.0 {
   range 192.168.1.100 192.168.1.199 ;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
   range 192.168.2.100 192.168.2.199 ;
}

The server will automatically take care of giving a client an address suitable for the network it is located on. How ? Well that depends on your network.

Simplest case is you have two network cards in your server, eg you type 'ifconfig' and see something like :

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3E:35:F4:7D
           inet addr:192.168.1.1  Bcast:192.168.0.255  Mask:255.255.255.0
           ...
eth1      Link encap:Ethernet  HWaddr 00:16:3E:35:2D:3F
           inet addr:192.168.2.1  Bcast:192.168.0.255  Mask:255.255.255.0
           ...

The serevr knows which interface the request came in on, and therefore knows where the client is.


What if one of the networks isn't local ? Well then you need a DHCP Helper (aka BOOTP Helper, aka DHCP Relay Agent). This is often incorporated in a router, but can in fact be in ANY device on the remote network. It sits there listening for DHCP broadcasts from clients, and when it hears one, it modifies it slightly and sends it to the DHCP server - when the server replies, it does so to the relay agent which broadcasts it to it's local net for the client to pick up.

The modification the relay agent makes is to add a value for GI-Addr (Gateway Interface Address) which is the IP address of it's interface on the clients network. If it's present, the DHCP server uses this value to work out where the client is.


Hopefully you now know enough to either a) solve your problem, or b) express it in terms that allow us to work out what it is.


______________________________________________________________________
This e-mail has been scanned by MCI Managed Email Content Service, using Skeptic(tm) technology powered by MessageLabs. For more information on MCI's Managed Email Content Service, visit http://www.mci.com.
______________________________________________________________________


More information about the dhcp-users mailing list