Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. dhcp relay responses (Alan Batie)
2. Re: dhcp relay responses (glenn.satch...@uniq.com.au)
3. Re: dhcp relay responses (Simon Hobson)
----------------------------------------------------------------------
Message: 1
Date: Thu, 30 Jan 2020 15:33:12 -0800
From: Alan Batie <a...@peak.org>
To: dhcp-users@lists.isc.org
Subject: dhcp relay responses
Message-ID: <4fd3fdef-4130-0c08-29b1-c463be28e...@peak.org>
Content-Type: text/plain; charset="utf-8"
We are setting up a private network with dhcp. The router for the
private network is setup to relay dhcp to an external isc dhcpd server.
The requests to the dhcpd server come from the public address of the
router, however dhcpd is replying to the private address. I don't see
anything in the docs for managing the replies. We are trying to avoid
routing the private network even internally. Are we out of luck?
dhcp01 router
1.1.1.1 - 2.2.2.2 10.1.1.1
request 2.2.2.2 -> 1.1.1.1
reply 1.1.1.1 -> 10.1.1.1
I do see in the request:
Relay agent IP address: 10.47.87.1 (10.47.87.1)
However this is the only information that can be used to determine which
pool of addresses the dhcp server should assign leases from, so I don't
see that changing that would be workable.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4036 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20200130/190e1e83/attachment-0001.bin>
------------------------------
Message: 2
Date: Fri, 31 Jan 2020 17:50:50 +1100
From: glenn.satch...@uniq.com.au
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: dhcp relay responses
Message-ID: <930127fbcca76d342349f9baff372...@uniq.com.au>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Hi Alan,
Yeah, you're out of luck. The initial broadcast can be relayed through a
NAT, but for ACKs and REQUESTs the dhcp server communicates directly
with the client dhcp client device.
regards,
-glenn
On 2020-01-31 10:33, Alan Batie wrote:
> We are setting up a private network with dhcp. The router for the
> private network is setup to relay dhcp to an external isc dhcpd server.
> The requests to the dhcpd server come from the public address of the
> router, however dhcpd is replying to the private address. I don't see
> anything in the docs for managing the replies. We are trying to avoid
> routing the private network even internally. Are we out of luck?
>
>
> dhcp01 router
> 1.1.1.1 - 2.2.2.2 10.1.1.1
>
> request 2.2.2.2 -> 1.1.1.1
> reply 1.1.1.1 -> 10.1.1.1
>
> I do see in the request:
>
> Relay agent IP address: 10.47.87.1 (10.47.87.1)
>
> However this is the only information that can be used to determine
> which
> pool of addresses the dhcp server should assign leases from, so I don't
> see that changing that would be workable.
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 3
Date: Fri, 31 Jan 2020 07:26:34 +0000
From: Simon Hobson <dh...@thehobsons.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: dhcp relay responses
Message-ID: <c52e77a6-bdc2-41b3-aee5-ee90dc960...@thehobsons.co.uk>
Content-Type: text/plain; charset=utf-8
Alan Batie <a...@peak.org> wrote:
>We are setting up a private network with dhcp. The router for the
>private network is setup to relay dhcp to an external isc dhcpd server.
>The requests to the dhcpd server come from the public address of the
>router, however dhcpd is replying to the private address. I don't see
>anything in the docs for managing the replies. We are trying to avoid
>routing the private network even internally. Are we out of luck?
Short answer: yes
Longer answer:
There must be end to end IP connectivity between clients and server - without
"broken" things like NAT in the way. Even if you worked around the problem with
the relay, you'd find clients having problems later when they unicast a renewal
request to the server and it unicasts a response directly to the client.
As to why the responses are sent to to private address of the relay ... That's
because the server uses the GI Addr field in the relayed packet - firstly to
select an appropriate address pool, and secondly to determine whete the
response needs to be returned to. Thecrelay agent would then use the
destination address of the packet to determine which locally connected
interface to send the response out on.
So if the server can't receive & send packets from/to both the relay agent and
clients directly - DHCP won't work.
Up to you whether you relicate the server, tunnel packets to/from it, or
something else ...
Simon
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 135, Issue 16
*******************************************
