Limiting addresses per user for users with more than one circuit-id
niall.oreilly at ucd.ie
Mon Dec 15 17:36:36 UTC 2014
At Mon, 15 Dec 2014 13:48:28 +0200,
Ilkka Virta wrote:
> We have users (student apartments) who get addresses from DHCP, and we
> need to limit the number of addresses given to each user, so that
> nobody can hoard all the addresses in the network. We have a somewhat
> convoluted system in place for doing this, but I was thinking if it
> could be made simpler with the built-in limiting in dhcpd.
After a quick look at www.iki.fi, the following thoughts come to me.
They may not make sense; I'm just brainstorming.
Perhaps DHCP is "not the [droid] you're looking for".
Have you considered whether RADIUS fits your use-case?
Otherwise (and if I recall correctly), there are LDAP and/or SQL
extensions to ISC DHCP which might be what you need to build on.
Latency would need attention case of either of these, or indeed of
any external program.
A different approach could work if the number of customers and the
number of likely active circuit-id tags are roughly the same
multiple (or perhaps fraction) of the number of addresses you have
to share out. Then using the circuit-id would be strictly unfair,
but practically close enough.
Another option would be to build a tunnel service after the manner
of SixXS, where each client gets just one tunnel with the associated
If DHCP is still the closest fit, perhaps running a custom DHCP
relay (maybe upstream of the embedded relay instances in your
routers), which could mangle the circuit-ids as you suggest, would
be the way to build a solution.
More information about the dhcp-users