Linux Distributed Switch Architecture with Local Option82 ISC DHCP server/DHCP relay

remi rsd remi.salard at wabtec.com
Tue Nov 10 09:46:04 UTC 2020


I share the following problematic for an embedded system we need to update
for a customer.

Customer requirement is: all my IP cameras connected to your product SHALL
get, by DHCP, their IP address according to their physical port, not their
hostname.
All the IP addresses SHALL be in the same network.

About our product:
 - OS: Linux Yocto Zeus
 - CPU: imx6 based module
 - Switch: 88E6240 Marvell

Software versions:

 - ISC DHCP version: 4.4.1
 - Linux version: 4.14

Idea: using DHCP option 82 + Distributed Switch Architecture (DSA) in order
to isolate ports

What I did:

DSA enabled => 1 physical port = 1 linux network interface
1 bridge created linking all this ports with a dsa_br0 interface

Option 82 realized by launching a dhcrelay (DHCP relay agent) for each
interface (-i portX and set as up command in /etc/network/interfaces) with
"-a" option in order to append option82 with port name as circuit ID.

DHCP server config:
one subnet, the expected one (the subnet of dsa_br0 bridge interface) + 
hosts declared with "host-identifier option agent.circuit-id "portX";" 
option

Side effect (impact ?): I need to declare IP address for each port (in
/etc/network/interfaces), otherwise dhcrelay will not work (note: all are in
separate network)


    subnet 192.168.0.0 netmask 255.255.255.0 {
        option routers 192.168.0.20;
        option broadcast-address 192.168.0.255;
        option domain-name-servers 192.168.0.20;
    
        host port1 {
            host-identifier option agent.circuit-id "port1";
            fixed-address 192.168.0.11;
        }

       host port2 {
            host-identifier option agent.circuit-id "port2";
            fixed-address 192.168.0.12;
        }
    }

And network configuration:

    ifconfig
    dsa_br0   Link encap:Ethernet  HWaddr 00:e0:4b:6d:e2:70  
              inet addr:192.168.0.20  Bcast:192.168.0.255 
Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:4130 errors:0 dropped:19 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:1298917 (1.2 MiB)  TX bytes:0 (0.0 B)
    
    eth0      Link encap:Ethernet  HWaddr 00:e0:4b:6d:e2:70  
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:4524 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2758 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:1555293 (1.4 MiB)  TX bytes:473137 (462.0 KiB)
    
    port1     Link encap:Ethernet  HWaddr 00:e0:4b:6d:e2:70  
              inet addr:172.20.31.1  Bcast:172.20.31.255  Mask:255.255.255.0
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    port2     Link encap:Ethernet  HWaddr 00:e0:4b:6d:e2:70  
              inet addr:172.20.32.1  Bcast:172.20.32.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:808 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1950 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:190934 (186.4 KiB)  TX bytes:248827 (242.9 KiB)


My dhcrelay command:

    dhcrelay -a -i port2 192.168.0.20


Result:
It seems that DHCP server doesn't receive any DHCP frame at all from
dhcrelay. It receives raw frame (without option82) => so I added ebtables
rules in order to block them

Analyze with a tcpdump capture:
DHCP frame are forwarded by DHCP relay with option82 added
BUT they are sent to local loopback (since target IP address is the one of
dsa_br0) !
In source code, it uses the "fallback" interface.

First DHCP server source code analysis revealed that DHCP server doesn't
listen any local loopback interface (in LFP listening mode), so it could
explain why it cannot work at all for the moment.


My questions are:

 - Any error in my analysis ?
 - How can we implement something like that (DSA + local dhcrelay/DHCP
server) ?
 - Another idea for solving customer requirement ?


Regards,




--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/


More information about the dhcp-users mailing list