ISC DHCP 4.4.1_CentOS7_DHCPv6_Relay_server: issue related with Class matching option along with condition.

Thu Nov 8 11:04:53 UTC 2018

Hello Team,

Looking for the solution, Please provide a dhcpd6.conf file to make our
requirement work.

   1. Getting Relay forward message from relay agent with “interface-id =
   TESTING;”
   2. Server has to allocate IP pool based on “interface-id” from Relay
   forward message.
   3. Below conf used, but server indicates that matching was not found.
   4. Team suggested to add option         **host-identifier v6relopt 1
   dhcp6.interface-id "TESTING;"; **
   5. But I’m not able place above  format in config file. Is possible to
   provide config file. I have tried it, but no susses.

Same issue was reported.

https://lists.isc.org/pipermail/dhcp-users/2017-June/020645.html

Config file:

## *where we need to add host-identifier v6relopt 1 dhcp6.interface-id
"TESTING;";*

class "team" {

#         match if substring (option dhcp6.remote-id, 0, 8) = "TESTING;";

         match if substring (option dhcp6.interface-id, 0, 8) = "TESTING|";

}

subnet6 3001:db8:100:f101::0/64 {

  pool6 {

    allow members of "team";

    range6 3001:db8:100:f101::0:100 3001:db8:100:f101::0:1FF;

  }

}

Thanks

Guru

On Wed, Nov 7, 2018 at 4:12 PM PaviGuru Pavithragurumurthy <
gurumurthyka at gmail.com> wrote:

> Hi,
>
>
>
> Thanks for the response,
>
>
>
> Yes, we need to match incoming values vs configured parameter on relay
> server, if both are matches allow these IP’s [ as per dhcpd6 configuration
> file]
>
>
>
> We received message from relay agent : DHCPv6 Message type: Relay-forw
> (12) with Option: Interface-Id (18) [ with name “TESTING;”]
>
> So we have configured class condition to meet these incoming requirement.
> i.e. matching with TESTING; [ using class option ]
>
>
>
> *could you share config file with v6relopt to match our need, attached
> pcap collected at relay server. *
>
> where we need to place this match. It helps me a lot !!!. first time
> looking with IPv6.
>
>
>
> /etc/dhcp/dhcpd6.conf [ *old configuration*]
>
> class "team" {
>
> #         match if substring (option dhcp6.remote-id, 0, 8) = "TESTING;";
>
>          match if substring (option dhcp6.interface-id, 0, 8) =
> "TESTING|";
>
> }
>
>
>
> subnet6 3001:db8:100:f101::0/64 {
>
>   pool6 {
>
>     allow members of "team";
>
>     range6 3001:db8:100:f101::0:100 3001:db8:100:f101::0:1FF;
>
>   }
>
> }
>
> *NOTE:*
>
> Same Configuration type we used on DHCPv4 relay server and is working
> fine. So I used same format in DHCPv6 relay server.
>
> [root at localhost dhcp]# cat DHCPv4_Relay_server
>
> #
>
> # DHCP Server Configuration file.
>
> #   see /usr/share/doc/dhcp*/dhcpd.conf.example
>
> #   see dhcpd.conf(5) man page
>
> #
>
> authoritative;
>
> log-facility local7;
>
> option ipaddress code 43 = ip-address;
>
> default-lease-time 86400;
>
>
>
>
>
> class "VLAN242" {
>
>         match if(
>
>         (substring (option agent.circuit-id,0,7) = "AC220m;")
>
> );
>
> }
>
>
>
> shared-network "DHCPrelay" {
>
>
>
>          subnet 10.43.45.0 netmask 255.255.255.0{
>
>                 option routers 10.43.45.1;
>
>         }
>
>                subnet 192.242.0.0 netmask 255.255.252.0{
>
>                 option routers 192.242.0.1;
>
>         }
>
>
>
>        pool {
>
>                 allow members of "VLAN242";
>
>                 range 192.242.0.11 192.242.3.254;
>
>                 option subnet-mask 255.255.252.0;
>
>                 option routers 192.242.0.1;
>
>         }
>
> }
>
> [root at localhost dhcp]#
>
>
>
>
> Thanks
> Guru
>
> On Wed, Nov 7, 2018 at 2:33 PM yoshihiko fujita <fujita at ncad.co.jp> wrote:
>
>> Hello,
>> > match if substring (option dhcp6.interface-id, 0, 5) = "GURU;";
>>
>> interface id option is relay-forw message type option.
>> but dhcp6.interface-id represents the Relay Message options in options.
>>
>> if host-identifier can use v6relopt.
>>
>> sample:
>> host {
>>         host-identifier v6relopt 1 dhcp6.interface-id 01:00:00:00;
>>         ...
>>
>> but match if syntax does not seem to support.
>>
>> Good luck!
>>
>> 2018年11月7日(水) 12:18 gurumurthyka at gmail.com <gurumurthyka at gmail.com>:
>>
>>> Thanks for the response,
>>>
>>>
>>>
>>> Could you check on config file, the configured parameter are correct and
>>> responseding text shows matching was not found. I’m bit concern on here.
>>> None of other matching not working. i have tested multiple combination of
>>> characters, but every time fail with same indication.
>>>
>>>
>>> *NOTE:* We have tested DHCPv4 relay server with same relay agent with
>>> IPv4 working fine !!. with DHCPv6 has concern.
>>>
>>>
>>> In our relay always ending with semicolon like "TESTING;", TETSING can
>>> change to any character.
>>>
>>>
>>>
>>> Test#1: DHCPv6 relay sending with option 18 interface id with “TESTING;”
>>>
>>>
>>>
>>>                Config file changes: relay sending with 8 ASCII
>>> character [TESTING;] , as from wireshark.
>>>
>>>
>>>
>>> class "team" {
>>>
>>>          match if substring (option dhcp6.interface-id*, 0, 7) =
>>> "TESTING*";
>>>
>>> }
>>>
>>>
>>>
>>> subnet6 3001:db8:100:f101::0/64 {
>>>
>>>   pool6 {
>>>
>>>     log(info, option dhcp6.interface-id);
>>>
>>>     range6 3001:db8:100:f101::0:100 3001:db8:100:f101::0:1FF;
>>>
>>>     allow members of "team";
>>>
>>>   }
>>>
>>> }
>>>
>>> Result : same indication as earlier.
>>>
>>> *Unable to pick client address: no addresses available*  - shared
>>> network 3001:db8:100:f101::/64: 0 total, 0 active,  0 abandoned
>>>
>>>
>>>
>>> *Test#2*: DHCPv6 relay sending with option 18 interface id with “GURU;”
>>>
>>>
>>>
>>>                Config file changes: relay sending with 8 ASCII
>>> character [GURU;] , as from wireshark.
>>>
>>>
>>>
>>> class "team" {
>>>
>>>          match if substring (option dhcp6.interface-id*, 0, 5) = "GURU;*
>>> ";
>>>
>>> }
>>>
>>>
>>>
>>> subnet6 3001:db8:100:f101::0/64 {
>>>
>>>   pool6 {
>>>
>>>     log(info, option dhcp6.interface-id);
>>>
>>>     range6 3001:db8:100:f101::0:100 3001:db8:100:f101::0:1FF;
>>>
>>>     allow members of "team";
>>>
>>>   }
>>>
>>> }
>>>
>>> Result : same indication as earlier.
>>>
>>> *Unable to pick client address: no addresses available*  - shared
>>> network 3001:db8:100:f101::/64: 0 total, 0 active,  0 abandoned
>>>
>>>
>>>
>>> Thanks
>>>
>>> Guru
>>>
>>>
>>>
>>> On Wed, Nov 7, 2018 at 7:39 AM Christopher Barry <
>>> christopher.r.barry at gmail.com> wrote:
>>>
>>>> On Tue, 6 Nov 2018 21:32:32 +0530
>>>> PaviGuru Pavithragurumurthy <gurumurthyka at gmail.com> wrote:
>>>>
>>>> >"TESTING;";
>>>>
>>>> Responding only because I see no one else has.
>>>>
>>>> is that extra semicolon inside the quotes desired? I have never setup
>>>> an ipv6 dhcp server, so I'm likely no help to you, but sometimes it's
>>>> something that silly.
>>>>
>>>> maybe do a substring 7 chars and match to "TESTING" to see if that
>>>> semicolon is somehow biting you?
>>>>
>>>> Good Luck!
>>>>
>>>> --
>>>> Regards,
>>>> Christopher
>>>>
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>
>>
>> --
>> □■━━━━━━━━━━━━━━━━━
>> 藤田 善光 fujita at ncad.co.jp
>> 日本シー・エー・ディー株式会社
>> TEL：03-3565-3011
>> FAX：03-3565-3611
>> http://www.ncad.co.jp
>> ━━━━━━━━━━━━━━━━━■□
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20181108/9cd987d4/attachment-0001.html>