Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: dont-use-fsync real world impact (Jure Sah)
2. Re: Configuring option 82 (Bill Shirley)
3. Re: Configuring option 82 (Surya Teja)
----------------------------------------------------------------------
Message: 1
Date: Fri, 27 Sep 2019 12:10:21 +0200
From: Jure Sah <e...@juresah.si>
To: dhcp-users@lists.isc.org
Subject: Re: dont-use-fsync real world impact
Message-ID: <8a1e4285-58a4-64f3-6a9e-977a762fe...@juresah.si>
Content-Type: text/plain; charset=iso-8859-2
Apologies for a late response. I've read the other answers and
replication does seem like an interesting solution.
On 8. 09. 19 00:19, Simon Hobson wrote:
> Jure Sah <e...@juresah.si> wrote:
>
>> The documentation clearly states that using the dont-use-fsync option is
>> not recommended.
>>
>> I am wondering what is the realistic impact of this? As I understand the
>> kernel commits dirty pages to disk every 30 seconds by default, and this
>> is configurable. Wouldn't this mean that at worst 30 seconds worth of
>> leases are lost?
> Yes, but that could be a rather serious loss of data for some operators. As
> always, there's no "one size fits all" answer, different operators will have
> different ideas on this.
> Indeed, AIUI (from several years ago at least) the DHCP service in Windows
> Server massively outperformed the ISC DHCp server in benchmarks using out of
> the box settings. The reason for this was that the MS server did NOT fsync
> it's leases database and thus is vulnerable to exactly the issue you mention
> - also making non-compliant with the relevant RFC.
> However, in their defence, they have "sort of" moved that security aspect to
> clients by making the clients very sticky about their leases - more so than
> other clients in my observations. That doesn't fully prevent the problem of
> the server missing knowledge of leases it's granted.
>
>> The leases file is in most cases relatively tiny (under 1 MB)
> That's probably a generalisation too far. Mine (at home) is only 20k, but as
> Andrew Bell has already pointed out, some people do have large lease files.
Well, a typical modern server, especially if it's a dedicated machine
has at least 64 GB of RAM, of which the OS takes up at most 4 GB,
leaving a good 60 GB of cache space for that lease file.
Suffice it to say, the leases file is in all events tiny and could
easily fit in RAM several hundred times over.
>
>> From the past correspondence from the mailing list archive I surmise
>> that people usually work around this by using hardware cache that does
>> not obey fsync, which simply offloads the problem from the kernel to the
>> cache controller and only superficially solves the problem.
> Yes, but no.
> Yes it offloads the problem, no it's not just a superficial fix. A "proper"
> hardware cache will be battery backed and can survive a crash or power
> failure of the host. So if we assume we're talking about the hardware cache
> in a disk controller (eg a RAID controller) then if the power goes off
> without the chance of an orderly shutdown, then the battery backed cache will
> hold the updates until the power comes back on again - at which point it will
> push the updates out to the disk(s).
> There are other sorts of cache hardware. In the distant past I recall seeing
> (and drooling over !) a "magic box" that comprised a stack of RAM, some
> disks, a battery, and a controller. To the host it presented as a standard
> wide SCSI device (that dates it), while internally it was a big RAM disk. In
> the event of power failure, the battery would run the system long enough to
> write everything to disk.
> In both cases (and others), under normal conditions it's safe to assume that
> if the "disk" comes back and says "yes that's written", then it's either been
> written or has been saved into battery backed cache that will survive
> problems such as host crashes or power failures. If the cache/disk subsystem
> fails in that promise, then that's really little different to having a normal
> disk fail and lose all your data.
See and this is where I see the problem. I understand that this is a
software mailing list and that this might not exactly be obvious to
people who deal with things several abstraction layers above the
hardware... and I also understand that at the end of the day this might
not matter in the real world. However, if the question is the value of
fsync and battery-backed disk cache, consider the following:
When a write is executed, it is first built in the write buffer of the
application, from where it is transfered to the kernel file page memory
structure in system RAM. When an fsync or dirty page write is executed,
the kernel pushes the data over to the disk controller which stores it
in the hardware disk write buffer, and then transfers it to the physical
media.
If there is a power failiure, and it unluckily occurs before a dirty
page write or fsync, then the data is still in the system RAM and it
goes poof and is never committed to the battery backed hardware disk
write buffer, to be put into the disks on reboot. So exactly what impact
does the battery have on systems that do not carry out timely fsyncs?
And what impact do timely fsyncs have on systems that do not have
battery-backed storage cache?
It could be argued that systems not battery backed should not have
hardware disk cache. And it could be argued that systems without UPS
could loose data since the last write. But to argue that battery-backed
disk cache somehow helps in systems with fsync turned off is nonsense.
I've had some discussions on the topic on the other applications mailing
lists, and it appears that the developers of the software understand
that the primary purpose of regular fsyncs is to ensure atomic writes,
rather than to preserve seconds worth of leases. If there is an
unmitigated power failiure it is understood that there will be some data
loss, but the fsyncing is there to ensure that the leases database
remains in a recoverable state (in the case of the leases file, atomic
writes ensure that the leases file is syntactically correct). They
understood the performance bottleneck of their application due to fsync,
but conceded that without an atomic write mechanism by the underlying
filesystems, there was no real alternative.
Are there any ISC-DHCP devs or maintainers reading this list or should I
post over on the other mailing list? Basically I wish to know if anyone
has thought about an alternative to the atomic write problem, that has
fewer bottlenecks. Are there any plans, canceled ideas, etc?
LP,
Jure
------------------------------
Message: 2
Date: Fri, 27 Sep 2019 06:35:37 -0400
From: Bill Shirley <b...@c3po.polymerindustries.biz>
To: dhcp-users@lists.isc.org
Subject: Re: Configuring option 82
Message-ID:
<e417c456-6fbf-0080-8b97-5a5198907...@c3po.polymerindustries.biz>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Options in a pool are options to be *sent* not matched.
Why are you avoiding the class statement? What does the agent.circuit-id and
agent.remote-id contain?
I can't figure out why you're using substring on these values (in your original
post).
Bill
On 9/27/2019 3:44 AM, Surya Teja wrote:
> Hi
> It might be too many questions but I wan to configure my dhcpd configuration
> file by avoiding the classes as much as possible
> If the subnet is configured?as like below snippet
> subnet 192.168.10.0 netmask 255.255.255.0 {
> ? pool {
> ? ? ? ? ?range? ?192.168.10.10 192.168.10.199;
> ? ? ? ? option subnet-mask 255.255.255.0;
> ? ? ? ? option routers 10.1.10.1;
> ? ? ? ? option domain-name "test.com <http://test.com>";
> ? ? ? ? option agent.circuit-id "22";
> ? ? ? ? option agent.remote-id "192.168.10.242";
> ? }
> }
> can we achieve?the option 82 configuration setup with above snippet
> ?Thanks in advance and or if any reference links to setup the option 82
> functionality without class can also be appreciated
>
> On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <suryateja...@gmail.com
> <mailto:suryateja...@gmail.com>> wrote:
>
> Hi is the option 82 supported by using class concept only ?
> or can it be defined as other general options like domain-name server,
> router in scope section ?
>
> On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <suryateja...@gmail.com
> <mailto:suryateja...@gmail.com>> wrote:
>
> Hi,
> I am trying to configure the dhcp option 82, went through the google
> forums and one of it suggest the syntax like
> # vim /etc/dhcp/dhcpd.conf
> ########################################################
> log-facility local7;
> *class "VLAN10" {
> ? ? ? ? match if binary-to-ascii(10,16,"",substring(option
> agent.circuit-id,2,2)) = "10";
> } # VLAN10
> class "VLAN20" {
> ? ? ? ? ?match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
> and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4,
> 2)) = "2" );
> }*
> subnet 192.168.10.0 netmask 255.255.255.0 {
> ? ? ? ? pool {
> *allow members of ?"VLAN10";*
> ? ? ? ? ? ? ? ? default-lease-time ? ? ? ? ? ? ? 600;
> ? ? ? ? ? ? ? ? max-lease-time ? ? ? ? ? ? ? ? ? ?7200;
> ? ? ? ? ? ? ? ? range 192.168.10.1 192.168.10.199;
> ? ? ? ? ? ? ? ? option routers ?192.168.10.254;
> ? ? ? ? ? ? ? ? option broadcast-address ?192.168.10.255;
> ? ? ? ? ? ? ? ? option subnet-mask ?255.255.255.0;
> ? ? ? ? ? ? ? ? option domain-name-servers ? ? ?4.2.2.2;
> }
> }
> subnet 192.168.20.0 netmask 255.255.255.0 {
> ? ? ? ? pool {
> *allow members of ? ? ? ? ? ? ? ?"VLAN20";*
> ? ? ? ? default-lease-time ? ? ? ? ? ? ?600;
> ? ? ? ? max-lease-time ? ? ? ? ? ? ? ? ?7200;
> ? ? ? ? range ? ? ? ? ? ? ? ? ? ? ? ? ? 192.168.20.20 192.168.20.199;
> ? ? ? ? option routers ? ? ? ? ? ? ? ? ?192.168.20.254;
> ? ? ? ? option broadcast-address ? ? ? ?192.168.20.255;
> ? ? ? ? option subnet-mask ? ? ? ? ? ? ?255.255.255.0;
> ? ? ? ? option domain-name-servers ? ? ?4.2.2.2;
>
> }
> (Just ignore ip values)
> can we configure this concept only by using classes and make it allow
> or deny like that?
> or can we use the option space concept to get it worked(do we have
> any other syntax). Thanks in advance
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20190927/d281f53d/attachment-0001.html>
------------------------------
Message: 3
Date: Fri, 27 Sep 2019 17:02:24 +0530
From: Surya Teja <suryateja...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: Configuring option 82
Message-ID:
<CA+0Ac3xFKj3qLM9t+ufQ4-02T0ycJ3LE0cMU+=bjxdem5hv...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi Bill Thanks for reply
Why are you avoiding the class statement?
In one of the google forum I have read the statement saying like
The internal implementation in ISC DHCPD of classes is such that it scales
in a non-linar way - O(N^2) or something. So suddenly you'll end up with
dhcpd eating 100% CPU.
So I just want to avoid the classes
While surfing I found that for the host declaration statements we can use
the syntax like
EX: host client-name-1 {
*host-identifier option agent.circuit-id "dslam42.port22";*
hardware ethernet 00:e0:4c:a7:ca:de;
fixed-address 192.168.0.6;
}
So I just want to know any config statements similar like above applies
for scope sections
What does the agent.circuit-id and agent.remote-id contain? I can't figure
out why you're using substring on these values (in your original post).
It is just sample example I found in the forum, I don't have issue with
directly checking without using the substring function or binary-to-ascii to
cross check the values
Thanks
On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <
b...@c3po.polymerindustries.biz> wrote:
> Options in a pool are options to be *sent* not matched.
>
> Why are you avoiding the class statement? What does the agent.circuit-id
> and agent.remote-id contain?
> I can't figure out why you're using substring on these values (in your
> original post).
>
> Bill
> On 9/27/2019 3:44 AM, Surya Teja wrote:
>
> Hi
> It might be too many questions but I wan to configure my dhcpd
> configuration file by avoiding the classes as much as possible
> If the subnet is configured as like below snippet
> subnet 192.168.10.0 netmask 255.255.255.0 {
> pool {
> range 192.168.10.10 192.168.10.199;
> option subnet-mask 255.255.255.0;
> option routers 10.1.10.1;
> option domain-name "test.com";
> option agent.circuit-id "22";
> option agent.remote-id "192.168.10.242";
> }
> }
> can we achieve the option 82 configuration setup with above snippet
> Thanks in advance and or if any reference links to setup the option 82
> functionality without class can also be appreciated
>
> On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <suryateja...@gmail.com> wrote:
>
>> Hi is the option 82 supported by using class concept only ?
>> or can it be defined as other general options like domain-name server,
>> router in scope section ?
>>
>> On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <suryateja...@gmail.com>
>> wrote:
>>
>>> Hi,
>>> I am trying to configure the dhcp option 82, went through the google
>>> forums and one of it suggest the syntax like
>>> # vim /etc/dhcp/dhcpd.conf
>>> ########################################################
>>> log-facility local7;
>>>
>>>
>>>
>>>
>>>
>>>
>>> *class "VLAN10" { match if
>>> binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10"; }
>>> # VLAN10 class "VLAN20" { match if ( substring(option
>>> agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16,
>>> "",substring(option agent.circuit-id, 4, 2)) = "2" ); }*
>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>> pool {
>>> *allow members of "VLAN10";*
>>> default-lease-time 600;
>>> max-lease-time 7200;
>>> range 192.168.10.1
>>> 192.168.10.199;
>>> option routers 192.168.10.254;
>>> option broadcast-address 192.168.10.255;
>>> option subnet-mask 255.255.255.0;
>>> option domain-name-servers 4.2.2.2;
>>> }
>>> }
>>> subnet 192.168.20.0 netmask 255.255.255.0 {
>>> pool {
>>> * allow members of "VLAN20";*
>>> default-lease-time 600;
>>> max-lease-time 7200;
>>> range 192.168.20.20 192.168.20.199;
>>> option routers 192.168.20.254;
>>> option broadcast-address 192.168.20.255;
>>> option subnet-mask 255.255.255.0;
>>> option domain-name-servers 4.2.2.2;
>>>
>>> }
>>> (Just ignore ip values)
>>> can we configure this concept only by using classes and make it allow or
>>> deny like that?
>>> or can we use the option space concept to get it worked(do we have any
>>> other syntax). Thanks in advance
>>>
>>
> _______________________________________________
> dhcp-users mailing
> listdhcp-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20190927/9330e36c/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 131, Issue 20
*******************************************
