Upgrading from ISC DHCP 3.0.5 to 4.1 or 4.2 appears to break dhcp-overload function
Patrick Trapp
ptrapp at nex-tech.com
Tue Mar 11 16:29:22 UTC 2014
Yeah, that obfuscation task is a bit daunting. But we use a lot of includes, but as I said yesterday, they are very similar from one to the next to keep me sane, so I would not need to really share everything. Apologies for the incoming wall of text.
Patrick
dhcpd.conf (abbreviated)
--------------
authoritative;
log-facility local7;
option domain-name "";
option domain-name-servers 192.168.0.1, 192.168.0.253;
option classless-routes code 121 = array of unsigned integer 8;
option option-125 code 125 = string;
option dhcp-max-message-size 1024;
stash-agent-options true;
default-lease-time 86400;
min-lease-time 86400;
max-lease-time 172800;
one-lease-per-client true;
option time-offset -21600;
option ip-forwarding off;
ping-check on;
ddns-update-style none;
ddns-updates off;
# Include server dependant options
include "/usr/local/nextech/dhcp/config-global/server.dhcp";
# Include these files for remote subnet declarations
include "/usr/local/nextech/dhcp/config/small_town.dhcp";
# General set-top configuration files
include "/usr/local/nextech/dhcp/config/adb.dhcp";
include "/usr/local/nextech/dhcp/config/amino.dhcp";
# Network inclusions
include "/usr/local/nextech/dhcp/config/dhcp-pools/small-town-devices.dhcp";
# Local Subnet declaration to prevent breakage
subnet 192.168.1.0 netmask 255.255.255.192 {}
# Log Option 82 information
if exists agent.circuit-id
{
log ( error, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to ", option agent.circuit-id));
}
config-global/server.dhcp
-------------------------------
local-address 192.168.1.101;
server-name "192.168.1.101";
next-server 192.168.1.101;
option time-servers 192.168.1.101;
failover peer "failover" # Name is used for Pools Failover
{
primary;
address 192.168.1.101; # listen on Interface Address
port 519; # listen on Port
peer address 192.168.1.102; # communicate to Address
peer port 520; # communicate to Port
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 5;
}
config/small_town.dhcp (this is an example of a town where the modem management is not handled via option-82 because L3 relay has not been enabled here yet - it's a work in progress)
-----------------------------
# Small-town DSL Modem Management
subnet 172.16.1.0 netmask 255.255.255.0 {
option routers 0.0.0.0;
pool {
range 172.16.1.2 172.16.1.254;
failover peer "failover";
deny dynamic bootp clients;
option classless-routes 30, 192.168.1.100, 172.16.1.1;
}
}
config/adb.dhcp (we support seven models and each has two possible configurations depending on their network; I'll include one model with both configurations; note that the second configuration required no modification to work after the upgrade. The first configuration was failing and the original configuration is visible as a comment.)
-------------------
allow bootp;
##############################################################################
# Verimatrix specific option defines #
##############################################################################
option option-verimatrix_boot code 241 = string;
option option-rootcert_boot code 243 = string;
option option-242 code 242 = string;
option option-244 code 244 = string;
##############################################################################
# ------------------------------------------------------------
# -- Option defines For ADB STB
# -----------------------------------------------------------
## --- Define option 131 for multicast address ---
option accp_conf code 131 = array of integer 8;
## --- Define option 240 for the Minerva start string ----
option option-minerva_bootstring code 240 = text;
## --- Define option 245 for Calix BRP string ---
option option-minerva_common code 245 = text;
# -----------------------------------------------------------
# -- 2500W LOADER -------------------------------------------
# -----------------------------------------------------------
class "adb2500W-bootloader" {
match if (substring (option vendor-class-identifier, 0, 12) = "minerva2500w");
# Software upgrade though multicast configuration (Preferred method)
# Multicast setup below is: 239.225.10.3 port 4545 with 10 seconds timeout
# NOTE: port number 4545 calculation is 17*256 + 193 = 4545
option accp_conf 239,255,10,3,17,193,10;
}
# -----------------------------------------------------------
# -- 2500W HLCODE -- #
# -----------------------------------------------------------
class "adb2500W-hlcode-xvu" {
match if ((substring (option vendor-class-identifier, 0, 24) = "udhcp_MRV3X_1_2500W(ADB)") or
(substring (option vendor-class-identifier, 0, 24) = "udhcp_MRV2X_1_2500W(ADB)")) and
(
(option agent.circuit-id = "SETTOPBOX:AAAA") or (substring (option agent.circuit-id, 0, 4) = "AAAA") or
(option agent.circuit-id = "SETTOPBOX:ZZZZ") or (substring (option agent.circuit-id, 0, 4) = "ZZZZ")
);
# ------- Minerva boot string -------
# Removing heartbeat functionality due to DHCP overload failure issue 20140226
# option option-minerva_bootstring "-bm=0 -ip=10.10.35.2:7780 -asr=/dataservices -stbm=adb -verid=Verimatrix -tbv=5.1 -hbip=10.10.35.2:4440 -hbp=500 -cso=thinkstuff_adb";
option option-minerva_bootstring "-bm=0 -ip=10.10.35.2:7780 -asr=/dataservices -stbm=adb -verid=Verimatrix -tbv=5.1 -cso=thinkstuff_adb";
option option-verimatrix_boot "http://10.10.35.2/vcas/VERIMATRIX.INI";
option option-242 "1";
option option-rootcert_boot "http://10.10.35.2/vcas/rootcert.pem";
option option-244 "1";
option option-minerva_common "tr069=http://10.10.35.23:8080/xvucwmp/cwmp";
}
class "adb2500W-hlcode-general" {
match if ((substring (option vendor-class-identifier, 0, 24) = "udhcp_MRV3X_1_2500W(ADB)") or
(substring (option vendor-class-identifier, 0, 24) = "udhcp_MRV2X_1_2500W(ADB)"))
and not
(
(option agent.circuit-id = "SETTOPBOX:AAAA") or (substring (option agent.circuit-id, 0, 4) = "AAAA") or
(option agent.circuit-id = "SETTOPBOX:ZZZZ") or (substring (option agent.circuit-id, 0, 4) = "ZZZZ")
);
# ------- Minerva boot string --------
option option-minerva_bootstring "-bm=0 -ip=10.10.35.2:7780 -asr=/dataservices -stbm=adb -verid=Verimatrix -tbv=5.1 -hbip=10.10.35.2:4440 -hbp=500 -cso=thinkstuff_adb";
option option-verimatrix_boot "http://10.10.35.2/vcas/VERIMATRIX.INI";
option option-242 "1";
option option-rootcert_boot "http://10.10.35.2/vcas/rootcert.pem";
option option-244 "1";
}
dhcp-pools/small-town-devices.dhcp
----------------------------------------------
class "SMTW-Minerva-L3Relay"
{ match if
(
(substring (option agent.circuit-id, 0, 4) = "SMTW")
and not
(
(suffix (option agent.circuit-id, 5) = "vlan7")
)
);
}
class "SMTW-ModemMgmt-L3Relay"
{ match if
(
(substring (option agent.circuit-id, 0, 4) = "SMTW")
and
(
(suffix (option agent.circuit-id, 5) = "vlan7")
)
);
}
shared-network SMTW-Set-Top_Minerva {
# 192.168.2.0/24 Occam Management
subnet 192.168.2.0 netmask 255.255.255.0 {}
# 172.17.2.0/24 Small-Town Minerva Network
subnet 172.17.2.0 netmask 255.255.255.0 {
option routers 172.17.2.1;
option broadcast-address 172.17.2.255;
pool {
failover peer "failover";
deny dynamic bootp clients;
allow members of "SMTW-Minerva-L3Relay";
range 172.17.2.20 172.17.2.254;
}
pool {
failover peer "failover";
deny dynamic bootp clients;
deny members of "SMTW-ModemMgmt-L3Relay";
deny members of "SMTW-Minerva-L3Relay";
range 172.17.2.10 172.17.2.19;
}
}
# 172.16.2.0/24 System-A-Resid_GW
subnet 172.16.2.0 netmask 255.255.255.0 {
option broadcast-address 172.16.2.255;
pool {
range 172.16.2.10 172.16.2.254;
failover peer "failover";
deny dynamic bootp clients;
allow members of "SMTW-ModemMgmt-L3Relay";
option classless-routes 30, 24,225,1,200, 172,16,2,1;
}
}
}
________________________________________
From: dhcp-users-bounces+ptrapp=nex-tech.com at lists.isc.org [dhcp-users-bounces+ptrapp=nex-tech.com at lists.isc.org] on behalf of Simon Hobson [dhcp1 at thehobsons.co.uk]
Sent: Tuesday, March 11, 2014 10:14 AM
To: Users of ISC DHCP
Subject: Re: Upgrading from ISC DHCP 3.0.5 to 4.1 or 4.2 appears to break dhcp-overload function
Patrick Trapp <ptrapp at nex-tech.com> wrote:
> Too much information? Not enough? Not the right information?
OK, that helps - it tells me it's well outside my experience ! There are others on here running similarly large networks.
But you could add the DHCP server config file - or at least enough of it to see what's configured. Ie, you don't need the whole file, but should include enough that it's representative of (includes examples of) everything.
Be careful obfuscating addresses - it's easy to overdo it and lose differentiation between (for example) subnets.
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list