DHCP Relay over transit-network

[Simon Hobson]

"Muenz, Michael" <m.muenz at spam-fetish.org> wrote:

> Forget it, I found the error. The customer has multiple subnets on the IF, the IP in the relay agent is from vlan20, but theres a vlan20:2 interface which dhcrelay can't bind to:
> Bind socket to interface: No such device

Ah, it would help if the network description was accurate !

> Thats why the server doesn't replay, because the scope configured doesn't match the relay ip :(
> 
> Any idea how to change the GIaddr on the fly or to bind to a subinterface?

You cannot bind to a subinterface<period> It's a fundamental limitation that you have to bind to the physical, not logical, interface. The reason for that is because the client needs to communicate with the server or relay agent when it has no IP address, therefore broadcast packets are used with no source address. If you receive a packet from 0.0.0.0 to 255.255.255.255, how do you decide if it's for VLAN20 or VLAN20:2 ? Simple answer is that you cannot - but you don't need to.

What you (or rather, your client) must do is correctly describe the network to the DHCP server. What you have is known as a "shared network" - two (or more) IP subnets on the same physical network (technically, broadcast domain).

With the ISC server, you specify it thus :
shared-subnet "some-label-whatever-you-want" {
  submet a.b.c.0 ...
  subnet w.x.y.0 ...
}

The Windows server *should* have a similar construct - if not then it just won't work !

With the correct shared network defined, it doesn't mater which subnet the GI-Addr is in - the server can work out that 10.0.0.1 is on the same network as (say) 172.16.0.0/24 and will give out IP addresses accordingly. If, say, there should be no addresses leased from 10.0.0.0 then the subnet is still defined, but no range (IIRC "scope" in Windows terminology) is included.