Pool selection based on Giaddr of different subnet

Glenn Satchell Glenn.Satchell at uniq.com.au
Tue Mar 17 14:37:25 UTC 2009

Hi Dario

I'm not sure I understand how your network is set up. If you can
describe your network layout then we may be able to offer a solution.

Can you describe a valid network configuration where the relay's giaddr
(address of the interface where the request came in) is in a different
subnet to that of the client and not be a shared network?

This is the fundamental design of not only the ISC dhcpd, but of the RFC
that defines how dhcp whould work.

When a client sends out a broadcast to find a dhcp server or relay,
that packet can only stay within the defined subnet. There is no valid
way for it to be routed to a different subnet and for your relay on
that other subnet to receive it.


>From: "Dario Aguilar" <daguilar at arnet.net.ar>
>To: "'Users of ISC DHCP'" <dhcp-users at lists.isc.org>
>Subject: RE: Pool selection based on Giaddr of different subnet
>Date: Tue, 17 Mar 2009 10:36:37 -0300
>Dario Aguilar wrote:
>>Hi there, I´m trying to configure a pool 
>>selection based on Giaddr but the problem is 
>>that Relay Agent IP (Giaddr) doesn't belongs to 
>>same subnet as the client pool so I guess I need 
>>to define a class that matches this criteria 
>>(maybe of sure that I difined in a wrong way). 
>>This is not working because it´s saying that 
>>network segment is unknown.
>>>OK, two ways to deal with this :
>>>1) Fix the relay agent !
>Why you assume that the relay agent is broken, wrong or something?. Relay
>agent should be a DSLAM, WAC or simply a router that has an address on
>different subnet than the clients. I think that if the subnets are correctly
>routed this should not me a problem for the relay agent or the clients.
>(Private IP´s are just examples, we are using public´s IP addresses in
>>>2) Assuming the GIAddr of the relay agent is 
>>>unique to the clients subnet, then simply put an 
>>>extra subnet in a shared-network delcaration like 
>>>this :
>>>shared-network broken_relay_agent {
>>>   subnet netmask { }
>>>   subnet netmask {
>>>    range ...
>>>     ...
>>>   }
>>>What this does is tell the DHCP server that the 
>>>two subnets are on the same wire, and so 
>>>addresses in each subnet are interchangeable as 
>>>far as allocating leases to clients in concerned. 
>>>The server will match the GIAddr to one subnet, 
>>>find no available leases, but see that leases are 
>>>available in the other subnet and allocate from 
>>>This will NOT work if the same relay agent serves 
>>>other subnets using the same (wrong) GIAddr.
>>>Without the shared-network, you will NOT get the 
>>>server to allocate a lease to any client in the 
>>>subnet as the server believes that the client is 
>>>on a different network.
>>class "WAC" {
>>           match if (binary-to-ascii(10,8, ".", packet(24,4)) =
>>>You don't need the binary to ascii stuff, you can 
>>>just use hex something like this :
>>>match if (packet(24,4)) = c0:a8:00:01);
>As you recommended, I could resolve this by putting just the relay agent
>host into the same shared-network as the client pool, but I don´t know if
>this is the only or best solution for this because now I need to add a new
>shared-network for each new relay agent. Is there any possibility to
>allocate leases using classes as I was trying to do it with "match if
>(packet(24,4)) = GiAddr);" and then "allow members of" on the subnet ?.
>Actual configuration:
>shared-network broken_relay_agent {
>   subnet netmask { }
>   subnet netmask {
>    range ...
>     ...
>   }
>Dario Aguilar.
>Simon Hobson

More information about the dhcp-users mailing list