Assigning a different gateway address based on gi-addr

Nicolas De Cristofaro at
Sat Oct 30 01:52:41 UTC 2010

Hi Simon,

Many thanks for the suggestions. I realized there may have been some questions based on our solution so I should have outlined we were prepared to deal with that with those. Both routers are technically on separate path, and they would not both forward at the same time in any case.

As for your configuration example: It did work!! However I still had to use the binary-to-ascii function, else it would not match...I used the log function to look at how the packet was being evaluated and it returned a weird string, so I guess it needed a conversion to ascii first to evaluate it?

Thanks again



-----Original Message-----
From: at [ at] On Behalf Of Simon Hobson
Sent: October-29-10 3:56 PM
To: Users of ISC DHCP
Subject: Re: Assigning a different gateway address based on gi-addr

Nicolas De Cristofaro wrote:

>We are attempting a configuration with our ISC DHCP server where we 
>would like to hand out a different gateway address based on the gi-addr 
>of the dhcp-relay set by our routers.
>Our solution includes two routers and one is acting as a standy-node 
>only, so subscribers would only connect via this node if the primary 
>node fail.

I was just thinking VRRP (or HSRP for Cisco kit).

>Our configuration does not allow us to use VRRP due to limitations with 
>the box

Pity !

>and we would like to use a different gateway address based on if the 
>subscribers connected via the primary dhcp-relay or the back 

The first problem I see is that both routers will be relays, and both will forward requests if they are working. Thus, when both routers are working, the client will get offers with both gateways and it will be (mostly ?) random which they take - typically whichever router gets the offer to the server first will get the traffic as it's reply should be the first back to the client and most clients seem to accept the first valid offer they get.

The second problem is that a router going down won't result in clients getting a new lease for anything up to (almost) 4 hours with the lease times you've specified. Thus a router going down will result in around half your clients losing connectivity for potentially several hours or until the user takes action to get a new lease.

But assuming that's something you're prepared to deal with ...

>We would like to share the same pool definition though, and this is 
>where we've ran into problems, we can't use the same 'range' in two 
>pools. So the idea would be to use one pool, but assign a different 
>'options router' based on the class matching, is this possible?
>Here is what we have so far based on what I found already reading 
>through the mailing lists:
>subnet netmask {
>     default-lease-time 14400;
>     max-lease-time 14400;   
>     class "NODE-1" {
>       match if binary-to-ascii(10, 8, ".", packet(24, 4)) = 
> "";
>     }

You don't ned the binary to ascii, this is functionally identical :
match if packet(24, 4) = ;

The 88:88:88:33 bit there just specifies a set of four bytes.

How about just using a conditional like this :

subnet netmask {
    pool {
      if packet(24, 4) = {
        option routers ;
        option routers ;
Simon Hobson

Visit for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books.
dhcp-users mailing list
dhcp-users at

More information about the dhcp-users mailing list