Pool independent GI Address

Simon Hobson dhcp1 at thehobsons.co.uk
Sun Dec 14 21:46:11 UTC 2014 

"Stephan Sanders" <stephan at sanders.koeln> wrote:

> This is a complicated backup situation with 2 separated sites.
> Server and VPN GW are located behind a firewall which allows only static
> routing.
> The backward side of the VPN GW (unsecure) propagate their Network
> (10.10.0.0/16 / 10.11.0.0/16) to the backbone.
> So only the local network from each server site could be used.

Now I am really confused !
Is 10.10.0.0/16 where the client devices live, or where Server A lives ? From what you wrote earlier it sounded like the former, this sounds like the latter.
Also, only doing static routing wouldn't impose the constraint you seem to be imposing.

It might be an ideas if you drew out the network, because at the moment it's very unclear what you have and are trying to do. AFAICS there is nothing even remotely complicated.

> I will test this situation to configure the GI addr space also as a
> pool. I hope the option 82 will then point the server to use the other
> address space.

No, go back and read - you are making this difficult for yourself. You don't need to use Option 82, just configure things properly. Eg, assuming 10.10.0.0/16 is where *clients* live, this this (skeleton) config would do on Server A :

shared-network "foo" {
  subnet 10.10.0.0 255.255.0.0 {
    range 10.10.a.b 10.10.x.y ;
    gateway 10.10.m.n ;
  }
  subnet 10.11.0.0 255.255.0.0 {
  }
  subnet 10.20.0.0 255.255.0.0 {
  }
}
The server will *NOT* try and allocate an address from anything other than 10.10.0.0 because it doesn't have any addresses in teh other subnets to give out. But it will know that regardless of whether the GI-Addr is in 10.10, 10.11, or 10.20 it can give out addresses in the 10.10.0.0 subnet.

Lastly, looking back at your original post, you could help yourself by better formatting - with no indentation it's almost impossible to see what's in what scope. Compare these two presentations :
shared-network GLOBALUSERS {
subnet 10.10.0.0 netmask 255.255.0.0 {
# One district
class "DIST001" {
match if option agent.remote-id = "DIST001";
#match if substring(option agent.remote-id,2,15)= "DIST001" ;
}
pool {
allow members of "DIST001";
range 10.10.0.2 10.10.0.6;
local-address 10.9.9.9;
server-identifier 10.9.9.9;
option routers 10.10.0.1;
option broadcast-address 10.10.0.7;
option subnet-mask 255.255.255.248;
# Vendor selection for option43 depending on option60
switch (option vendor-class-identifier) {
case "VENDOR1": option vendor-encapsulated-options
01:01:02:03;
break;
case "VENDOR2": option vendor-encapsulated-options
02:01:01:01;
break;
}
}

shared-network GLOBALUSERS {
  subnet 10.10.0.0 netmask 255.255.0.0 {
  # One district
  class "DIST001" {
    match if option agent.remote-id = "DIST001";
    #match if substring(option agent.remote-id,2,15)= "DIST001" ;
  }
  pool {
    allow members of "DIST001";
    range 10.10.0.2 10.10.0.6;
    local-address 10.9.9.9;
    server-identifier 10.9.9.9;
    option routers 10.10.0.1;
    option broadcast-address 10.10.0.7;
    option subnet-mask 255.255.255.248;
    # Vendor selection for option43 depending on option60
    switch (option vendor-class-identifier) {
      case "VENDOR1": option vendor-encapsulated-options
      01:01:02:03;
      break;
      case "VENDOR2": option vendor-encapsulated-options
      02:01:01:01;
      break;
    }
  }

Also, don't try nesting class statements within subnets or shared-subnets - it doesn't work like that. IIRC class definitions are global in the same way as host declarations - so you can get some "intereting" inheritance issues as well as it just not doing what you want.

More information about the dhcp-users mailing list