Pool selection based on Giaddr of different subnet

Simon Hobson dhcp1 at thehobsons.co.uk
Tue Mar 17 13:54:26 UTC 2009


Dario Aguilar wrote:

>  >>1) Fix the relay agent !
>
>Why you assume that the relay agent is broken, wrong or something?. Relay
>agent should be a DSLAM, WAC or simply a router that has an address on
>different subnet than the clients. I think that if the subnets are correctly
>routed this should not me a problem for the relay agent or the clients.
>(Private IP´s are just examples, we are using public´s IP addresses in
>fact).

OK, I'll rephrase that - fix the relay agent OR fix your network definition.

By definition, the GI-Addr MUST be in a subnet on 
the same wire as the client. It has to be that 
way as that is how the DHCP server determines 
where the client is located. Normally, the GIAddr 
would be an interface address of the relay agent 
that is in the same subnet as the clients subnet 
- if it isn't then it must be part of a shared 
network and you must configure the DHCP server 
with the same shared network config.


>  >>2) Assuming the GIAddr of the relay agent is
>>>unique to the clients subnet, then simply put an
>>>extra subnet in a shared-network delcaration like
>>>this :
>
>>>shared-network broken_relay_agent {
>>>    subnet 192.168.0.0 netmask 255.255.255.0 { }
>>>
>>>    subnet 172.17.2.0 netmask 255.255.255.0 {
>>>     range ...
>>>      ...
>>>    }
>>>}
>
>>>What this does is tell the DHCP server that the
>>>two subnets are on the same wire, and so
>>>addresses in each subnet are interchangeable as
>>>far as allocating leases to clients in concerned.
>>>The server will match the GIAddr to one subnet,
>>>find no available leases, but see that leases are
>>>available in the other subnet and allocate from
>>>there.
>
>>>This will NOT work if the same relay agent serves
>>>other subnets using the same (wrong) GIAddr.
>
>>>Without the shared-network, you will NOT get the
>>>server to allocate a lease to any client in the
>>>subnet as the server believes that the client is
>>>on a different network.
>
>>class "WAC" {
>>            match if (binary-to-ascii(10,8, ".", packet(24,4)) =
>"192.168.0.1");
>>}
>
>>>You don't need the binary to ascii stuff, you can
>>>just use hex something like this :
>>>match if (packet(24,4)) = c0:a8:00:01);
>
>As you recommended, I could resolve this by putting just the relay agent
>host into the same shared-network as the client pool, but I don´t know if
>this is the only or best solution for this because now I need to add a new
>shared-network for each new relay agent. Is there any possibility to
>allocate leases using classes as I was trying to do it with "match if
>(packet(24,4)) = GiAddr);" and then "allow members of" on the subnet ?.

As I've already written - the server uses the 
GI-Addr to determine the clients subnet. You 
CANNOT override this. If the GI-Addr is not in 
the same subnet as the client, or in a shared 
network with the client, then the config is 
broken.

If you have multiple shared networks, then your 
DHCP config should have multiple shared-networks 
to match. Your DHCP server config MUST match your 
network if you want it to work. Doing this is a 
lot less work that trying to do it with classes.

Sort this out and the rest happens automagically.


-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.



More information about the dhcp-users mailing list