Wrong Server-IP with multihomed server
Anderson, Charles R
cra at wpi.edu
Thu Dec 20 14:14:04 UTC 2018
Are eth0 and eth1 connected to the same (V)LAN? If so, you have a
shared network and need to enclose both subnets in a "shared-network {
}" block.
shared-network eth0-eth1 {
subnet 10.38.5.0 netmask 255.255.255.0 {
...
}
subnet 10.0.103.0 netmask 255.255.255.0 {
...
}
}
You will also need define to use some way to differentiate clients
between the two subnets if they are shared, such as class matching or
fixed-address statements, otherwise either subnet will satify requests
from all clients, and you may have most clients getting an IP from one
of the two subnets and none/few from the other.
Finally, I would move the class definitions to the global scope. It
is rarely correct to have class or host statements enclosed inside of
subnets and can cause unexpected behavior due to inheritance of
options (though I do not think it is the cause of your specific
issue).
On Thu, Dec 20, 2018 at 02:33:58PM +0100, Onno van der Leun wrote:
> Hi all,
>
> Since my colleague and I are getting frustrated in getting the solution
> for this weird issue, I'm checking in with the community. The goal is
> to service two different interfaces/subnets with their own
> configuration. I really hope someone can shed some light on this and
> help us figure this out. I hope I provided enough information below.
>
> == Situation:
> - 1 CentOS7 VM (one VMWare)
> -- dhcpd installed
> # rpm -qa |grep -i dhcp
> dhcp-4.2.5-68.el7.centos.1.x86_64
> dhcp-common-4.2.5-68.el7.centos.1.x86_64
> dhcp-libs-4.2.5-68.el7.centos.1.x86_64
>
> -- Two nics:
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
> link/ether 00:50:56:b1:36:1f brd ff:ff:ff:ff:ff:ff
> inet 10.38.5.110/24 brd 10.38.5.255 scope global noprefixroute eth0
> valid_lft forever preferred_lft forever
> inet6 fe80::250:56ff:feb1:361f/64 scope link
> valid_lft forever preferred_lft forever
>
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
> link/ether 00:50:56:b1:76:24 brd ff:ff:ff:ff:ff:ff
> inet 10.0.103.110/24 brd 10.0.103.255 scope global noprefixroute
> eth1
> valid_lft forever preferred_lft forever
> inet6 fe80::250:56ff:feb1:7624/64 scope link
> valid_lft forever preferred_lft forever
>
> -- DHCPd config:
> # cat /etc/dhcp/dhcpd.conf
>
> ddns-update-style none;
>
> allow booting;
> allow bootp;
>
> ignore client-updates;
>
>
> set vendorclass = option vendor-class-identifier;
>
> option pxe-system-type code 93 = unsigned integer 16;
>
> subnet 10.38.5.0 netmask 255.255.255.0 {
> option routers 10.38.5.1;
> option domain-name-servers 10.38.5.200, 10.38.5.205;
> option subnet-mask 255.255.255.0;
> range dynamic-bootp 10.38.5.111 10.38.5.125;
> default-lease-time 3600;
> max-lease-time 7200;
> next-server 10.38.5.110;
> class "pxeclients" {
> match if substring (option vendor-class-identifier, 0,
> 9) = "PXEClient";
> if option pxe-system-type = 00:06 or option pxe-system-
> type = 00:07 or option pxe-system-type = 00:09 {
> filename "ipxe.efi";
> } else {
> filename "esxi65u2/pxelinux.0";
> }
> }
> }
>
> subnet 10.0.103.0 netmask 255.255.255.0 {
> option routers 10.0.103.1;
> option domain-name-servers 10.0.103.200, 10.0.103.205;
> option subnet-mask 255.255.255.0;
> range dynamic-bootp 10.0.103.111 10.0.103.125;
> default-lease-time 3600;
> max-lease-time 7200;
> next-server 10.0.103.110;
> class "pxeclients" {
> match if substring (option vendor-class-identifier, 0,
> 9) = "PXEClient";
> if option pxe-system-type = 00:06 or option pxe-system-
> type = 00:07 or option pxe-system-type = 00:09 {
> filename "ipxe.efi";
> } else {
> filename "esxi65u2/pxelinux.0";
> }
> }
> }
>
>
> == Expected result:
> Hosts running PXE/requesting IP in subnet on eth0 get an IP from
> the 10.38.5.x subnet, and hosts running PXE/requesting IP in subnet on
> eth1 get IP from the 10.0.103.x subnet
>
> == Actual result:
> Hosts requesting IP on eth0 do get IP successfully from the 10.38.5.x
> pool. However, hosts requesting IP on eth1 don't get (correctly) IP.
>
>
> == Debug info
> When running dhcpd with one of the other pool active, it works for that
> specific subnet. However, when both pools active, it turns out the
> wrong "Server-IP" is given on reply's on eth1:
>
> ********* OK (@eth0):
> 13:40:54.919721 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
> proto UDP (17), length 328)
> 10.38.5.110.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300,
> xid 0x9b459539, Flags [Broadcast]
> Your-IP 10.38.5.111
> Server-IP 10.38.5.110
> Client-Ethernet-Address 48:df:37:64:cd:a0
> file "ipxe.efi"[|bootp]
>
> ********* FAIL (@eth1):
> 13:45:46.296813 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
> proto UDP (17), length 328)
> 10.0.103.110.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length
> 300, xid 0xc7e7af3c, Flags [Broadcast]
> Your-IP 10.0.103.113
> Server-IP 10.38.5.110
> Client-Ethernet-Address 48:df:37:64:cd:a0
> file "ipxe.efi"[|bootp]
>
> ^--- Server-IP should be 10.0.103.110 instead of 10.38.5.110 on eth1
>
> ********* OK (@eth1, when subnet 10.38.5.0/24 has been removed from the
> config):
> 13:56:18.250993 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
> proto UDP (17), length 328)
> 10.0.103.110.67 > 10.0.103.111.68: BOOTP/DHCP, Reply, length 300,
> xid 0xf5d07466, secs 18, Flags [none]
> Your-IP 10.0.103.111
> Server-IP 10.0.103.110
> Client-Ethernet-Address 48:df:37:64:cd:a0
> file "ipxe.efi"[|bootp]
>
>
> Meanwhile we tried almost every option dhcp-server-identifier / server-
> identifier combination, but non work. Server starts without errors and
> is responding to requests on the right interfaces:
>
> Dec 20 14:09:27 mydhcpserver systemd: Starting DHCPv4 Server Daemon...
> Dec 20 14:09:27 mydhcpserver dhcpd: Internet Systems Consortium DHCP
> Server 4.2.5
> Dec 20 14:09:27 mydhcpserver dhcpd: Copyright 2004-2013 Internet
> Systems Consortium.
> Dec 20 14:09:27 mydhcpserver dhcpd: All rights reserved.
> Dec 20 14:09:27 mydhcpserver dhcpd: For info, please visit https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list