netreg Revisited

Frank Sweetser fs at WPI.EDU
Tue Mar 22 16:48:51 UTC 2011 

On 03/22/2011 12:27 PM, Martin McCormick wrote:
> 	Some years ago, Carnegie Mellon University built a
> clever use of dhcp and DNS called netreg to authenticate clients
> who wanted to connect to their networks. It looks like nobody
> has done much to it since about 2005 and there is no mention of
> failover or omapi. All updates are done the old fashioned-way.
> Modify dhcpd.conf. Stop the server. Say a prayer and restart
> dhcpd.
> 
> 	We've been asked to investigate netreg so I am asking
> whether there is a modernized version that exists and makes use
> of omapi for dynamic updates.

I'd be *very* surprised if there were - we've been CMU netreg users for quite
a while now, and I saw the CMU development pretty much sputter and die when a
few key people left for different jobs.  That said, we've been using the
modify/restart method here, and it's been humming along quite nicely.

One other thing to consider, though, is handling IPv6.  Since CMU netreg
managed both DNS and DHCP in sync, this is something you'll want to consider
even if you're doing all of your IPv6 address management via some other
method.  Sadly, MySQL doesn't have any support for storing an IPv6 address in
any kind of useful format (even if you store it as a 39 digit decimal, any
bitwise operators will silently truncate the results to 64 bits).  I'm going
through the effort of porting netreg/netmon over to postgresql here, but only
because we're sufficiently entrenched that it's less pain and suffering than
moving over to a different package.

> 	The original idea was that each network had a small pool
> of dynamic leases with very short lifetimes. A client is sent to
> the authentication server and, if approved, he gets put in to
> the known pool. By using omapi, he could also be given a bootP
> entry if the magic between authentication and approval can do
> that.
> 	We are basically looking to make sure we don't re-envent
> any good wheels that have already been proven to roll.
> 
> 	Thanks for all constructive ideas.
> 
> Martin McCormick WB5AGZ  Stillwater, OK 
> Systems Engineer
> OSU Information Technology Department Telecommunications Services Group
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users


-- 
Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL Mencken
    GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC

More information about the dhcp-users mailing list