Wrong Server-IP with multihomed server

Thomas Markwalder tmark at isc.org
Thu Dec 20 14:16:12 UTC 2018 

Hello:

I believe your issue stems from defining classes within subnets. Classes 
are globally defined.  When packets arrive, they are classified before 
anything else.  While our configuration parser does not (currently) emit 
an error when you define classes within subnets, it does appear to cause 
oddities in behavior.  More over, you are defining the same class 
twice.  The server is only going to retain the last one of that name.

Try extracting your class definition out of the subnets and define it 
once at the global level:


# cat /etc/dhcp/dhcpd.conf

ddns-update-style none;
allow booting;
allow bootp;
ignore client-updates;

class "pxeclients" {
   match if substring (option vendor-class-identifier, 0,9) = "PXEClient";
   if option pxe-system-type = 00:06 or option pxe-system-type = 00:07 or option pxe-system-type = 00:09 {
     filename "ipxe.efi";
   } else {
	filename "esxi65u2/pxelinux.0";
   }
}


set vendorclass = option vendor-class-identifier;

option pxe-system-type code 93 = unsigned integer 16;

subnet 10.38.5.0 netmask 255.255.255.0 {
	option routers             10.38.5.1;
	option domain-name-servers 10.38.5.200, 10.38.5.205;
	option subnet-mask         255.255.255.0;
	range dynamic-bootp        10.38.5.111 10.38.5.125;
	default-lease-time         3600;
	max-lease-time             7200;
	next-server                10.38.5.110;
}

subnet 10.0.103.0 netmask 255.255.255.0 {
	option routers             10.0.103.1;
	option domain-name-servers 10.0.103.200, 10.0.103.205;
	option subnet-mask         255.255.255.0;
	range dynamic-bootp        10.0.103.111 10.0.103.125;
	default-lease-time         3600;
	max-lease-time             7200;
	next-server                10.0.103.110;
}


Regards,

Thomas Markwalder
ISC Software Engineering

On 12/20/18 8:33 AM, Onno van der Leun wrote:
> Hi all,
>
> Since my colleague and I are getting frustrated in getting the solution
> for this weird issue, I'm checking in with the community. The goal is
> to service two different interfaces/subnets with their own
> configuration. I really hope someone can shed some light on this and
> help us figure this out. I hope I provided enough information below.
>
> == Situation:
> - 1 CentOS7 VM (one VMWare)
> -- dhcpd installed
> # rpm -qa |grep -i dhcp
> dhcp-4.2.5-68.el7.centos.1.x86_64
> dhcp-common-4.2.5-68.el7.centos.1.x86_64
> dhcp-libs-4.2.5-68.el7.centos.1.x86_64
>
> -- Two nics:
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
>      link/ether 00:50:56:b1:36:1f brd ff:ff:ff:ff:ff:ff
>      inet 10.38.5.110/24 brd 10.38.5.255 scope global noprefixroute eth0
>         valid_lft forever preferred_lft forever
>      inet6 fe80::250:56ff:feb1:361f/64 scope link
>         valid_lft forever preferred_lft forever
>
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
>      link/ether 00:50:56:b1:76:24 brd ff:ff:ff:ff:ff:ff
>      inet 10.0.103.110/24 brd 10.0.103.255 scope global noprefixroute
> eth1
>         valid_lft forever preferred_lft forever
>      inet6 fe80::250:56ff:feb1:7624/64 scope link
>         valid_lft forever preferred_lft forever
>
> -- DHCPd config:
> # cat /etc/dhcp/dhcpd.conf
>
> ddns-update-style none;
>
> allow booting;
> allow bootp;
>
> ignore client-updates;
>
>
> set vendorclass = option vendor-class-identifier;
>
> option pxe-system-type code 93 = unsigned integer 16;
>
> subnet 10.38.5.0 netmask 255.255.255.0 {
> 	option routers             10.38.5.1;
> 	option domain-name-servers 10.38.5.200, 10.38.5.205;
> 	option subnet-mask         255.255.255.0;
> 	range dynamic-bootp        10.38.5.111 10.38.5.125;
> 	default-lease-time         3600;
> 	max-lease-time             7200;
> 	next-server                10.38.5.110;
> 	class "pxeclients" {
> 		match if substring (option vendor-class-identifier, 0,
> 9) = "PXEClient";
> 		if option pxe-system-type = 00:06 or option pxe-system-
> type = 00:07 or option pxe-system-type = 00:09 {
> 			filename "ipxe.efi";
> 		} else {
> 			filename "esxi65u2/pxelinux.0";
> 		}
> 	}
> }
>
> subnet 10.0.103.0 netmask 255.255.255.0 {
> 	option routers             10.0.103.1;
> 	option domain-name-servers 10.0.103.200, 10.0.103.205;
> 	option subnet-mask         255.255.255.0;
> 	range dynamic-bootp        10.0.103.111 10.0.103.125;
> 	default-lease-time         3600;
> 	max-lease-time             7200;
> 	next-server                10.0.103.110;
> 	class "pxeclients" {
> 		match if substring (option vendor-class-identifier, 0,
> 9) = "PXEClient";
> 		if option pxe-system-type = 00:06 or option pxe-system-
> type = 00:07 or option pxe-system-type = 00:09 {
> 			filename "ipxe.efi";
> 		} else {
> 			filename "esxi65u2/pxelinux.0";
> 		}
> 	}
> }
>
>
> == Expected result:
> Hosts running PXE/requesting IP in subnet on eth0 get an IP from
> the 10.38.5.x subnet, and hosts running PXE/requesting IP in subnet on
> eth1 get IP from the 10.0.103.x subnet
>
> == Actual result:
> Hosts requesting IP on eth0 do get IP successfully from the 10.38.5.x
> pool. However, hosts requesting IP on eth1 don't get (correctly) IP.
>
>
> == Debug info
> When running dhcpd with one of the other pool active, it works for that
> specific subnet. However, when both pools active, it turns out the
> wrong "Server-IP" is given on reply's on eth1:
>
> ********* OK (@eth0):
> 13:40:54.919721 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
> proto UDP (17), length 328)
>      10.38.5.110.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300,
> xid 0x9b459539, Flags [Broadcast]
> 	  Your-IP 10.38.5.111
> 	  Server-IP 10.38.5.110
> 	  Client-Ethernet-Address 48:df:37:64:cd:a0
> 	  file "ipxe.efi"[|bootp]
>
> ********* FAIL (@eth1):
> 13:45:46.296813 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
> proto UDP (17), length 328)
>      10.0.103.110.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length
> 300, xid 0xc7e7af3c, Flags [Broadcast]
> 	  Your-IP 10.0.103.113
> 	  Server-IP 10.38.5.110
> 	  Client-Ethernet-Address 48:df:37:64:cd:a0
> 	  file "ipxe.efi"[|bootp]
>
> ^--- Server-IP should be 10.0.103.110 instead of 10.38.5.110 on eth1
>
> ********* OK (@eth1, when subnet 10.38.5.0/24 has been removed from the
> config):
> 13:56:18.250993 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
> proto UDP (17), length 328)
>      10.0.103.110.67 > 10.0.103.111.68: BOOTP/DHCP, Reply, length 300,
> xid 0xf5d07466, secs 18, Flags [none]
> 	  Your-IP 10.0.103.111
> 	  Server-IP 10.0.103.110
> 	  Client-Ethernet-Address 48:df:37:64:cd:a0
> 	  file "ipxe.efi"[|bootp]
>
>
> Meanwhile we tried almost every option dhcp-server-identifier / server-
> identifier combination, but non work. Server starts without errors and
> is responding to requests on the right interfaces:
>
> Dec 20 14:09:27 mydhcpserver systemd: Starting DHCPv4 Server Daemon...
> Dec 20 14:09:27 mydhcpserver dhcpd: Internet Systems Consortium DHCP
> Server 4.2.5
> Dec 20 14:09:27 mydhcpserver dhcpd: Copyright 2004-2013 Internet
> Systems Consortium.
> Dec 20 14:09:27 mydhcpserver dhcpd: All rights reserved.
> Dec 20 14:09:27 mydhcpserver dhcpd: For info, please visit https://www.
> isc.org/software/dhcp/
> Dec 20 14:09:27 mydhcpserver dhcpd: Not searching LDAP since ldap-
> server, ldap-port and ldap-base-dn were not specified in the config
> file
> Dec 20 14:09:27 mydhcpserver dhcpd: Wrote 0 class decls to leases file.
> Dec 20 14:09:27 mydhcpserver dhcpd: Wrote 3 leases to leases file.
> Dec 20 14:09:27 mydhcpserver dhcpd: Listening on
> LPF/eth1/00:50:56:b1:76:24/eth1
> Dec 20 14:09:27 mydhcpserver dhcpd: Sending
> on   LPF/eth1/00:50:56:b1:76:24/eth1
> Dec 20 14:09:27 mydhcpserver dhcpd: Listening on
> LPF/eth0/00:50:56:b1:36:1f/eth0
> Dec 20 14:09:27 mydhcpserver dhcpd: Sending
> on   LPF/eth0/00:50:56:b1:36:1f/eth0
> Dec 20 14:09:27 mydhcpserver dhcpd: Sending
> on   Socket/fallback/fallback-net
> Dec 20 14:09:27 mydhcpserver systemd: Started DHCPv4 Server Daemon.
> Dec 20 14:09:49 mydhcpserver dhcpd: DHCPDISCOVER from 48:df:37:64:cd:a0
> via eth1
> Dec 20 14:09:50 mydhcpserver dhcpd: DHCPOFFER on 10.0.103.113 to
> 48:df:37:64:cd:a0 via eth1
> Dec 20 14:09:52 mydhcpserver dhcpd: DHCPREQUEST for 10.0.103.113
> (10.0.103.110) from 48:df:37:64:cd:a0 via eth1
> Dec 20 14:09:52 mydhcpserver dhcpd: DHCPACK on 10.0.103.113 to
> 48:df:37:64:cd:a0 via eth1
> Dec 20 14:09:52 mydhcpserver dhcpd: DHCPREQUEST for 10.0.103.113
> (10.0.103.110) from 48:df:37:64:cd:a0 via eth1
> Dec 20 14:09:52 mydhcpserver dhcpd: DHCPACK on 10.0.103.113 to
> 48:df:37:64:cd:a0 via eth1
> (SNIP)
>
> Thanks for anyones time.
>
> Kind regards,
> Onno.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list