Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. dpchd over vti interface (BASSAGET C?dric)
2. RE: multi interfaces(vlans) configuration (Ahiya Zadok)
3. DHCP server configuration does not work for all clients (Jim Yang)
----------------------------------------------------------------------
Message: 1
Date: Thu, 8 Oct 2020 14:59:01 +0200
From: BASSAGET C?dric <cedric.bassaget...@gmail.com>
To: dhcp-users@lists.isc.org
Subject: dpchd over vti interface
Message-ID:
<can+ozjrnmeyehubnx22xfaf2qk1q9fj4za+z2j6qastpxnf...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hello,
I'm trying to set-up a VPN on a vti (ipsec tunnel) interface.
following https://gitlab.isc.org/isc-projects/dhcp/-/issues/135, I've
patched / compiled latest veresion of isc-dhcp-server.
Now, isc-dhcp-servers starts without complaining about an "unsupported
interface type".
But it still ignores all requests received on vti0 interface.
My server has 2 interfaces :
ens18 : 192.168.155.17/24
ens18:1 : public ip address used to bring up ipsec vpn
vpn is up on vti0 (10.10.0.1/30)
DHCP clients requests are relayed from the client network (192.168.2.0/24)
via a DHCP relay (192.168.2.1) to 192.168.155.17 (ip address of dhcp server
on ens18 interface)
using tcpdump on vti0 interface, I see DHCP requests incoming :
ip10:25:17.192146 ip: (tos 0x0, ttl 63, id 6882, offset 0, flags [none],
proto UDP (17), length 576)
192.168.2.1.67 > 192.168.155.17.67: BOOTP/DHCP, Request from
00:08:5d:47:06:12, length 548, hops 1, xid 0xdba36871, Flags [none]
Gateway-IP 192.168.2.1
Client-Ethernet-Address 00:08:5d:47:06:12
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether 00:08:5d:47:06:12
Hostname Option 12, length 17: "6737i00085D470612"
Vendor-Class Option 60, length 18: "AastraIPPhone6737i"
Requested-IP Option 50, length 4: 192.168.2.179
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 13:
Subnet-Mask, Time-Zone, Default-Gateway, Domain-Name-Server
Hostname, Domain-Name, BR, NTP
Vendor-Option, TFTP, Option 132, Option 159
Option 160
server runs like this : /usr/sbin/dhcpd -4 -d -f -cf /etc/dhcp/dhcpd.conf
vti0
Here-s the startup output :
# /usr/sbin/dhcpd -4 -f -d -cf /etc/dhcp/dhcpd.conf vti0
Internet Systems Consortium DHCP Server 4.4.2
Copyright 2004-2020 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
Wrote 0 class decls to leases file.
Wrote 0 leases to leases file.
Listening on LPF/vti0//10.10.0.0/30
Sending on LPF/vti0//10.10.0.0/30
Sending on Socket/fallback/fallback-net
Server starting service.
no more logs when an incoming DHCP request arrives on vti0
AM I doing something wrong ?
Regards
C?dric
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20201008/465e0c71/attachment-0001.htm>
------------------------------
Message: 2
Date: Thu, 8 Oct 2020 17:25:25 +0300
From: Ahiya Zadok <ah...@younity.io>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: RE: multi interfaces(vlans) configuration
Message-ID: <d7b6e5017c93ea1b43b841aa7f612...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Thanks
The network gear in my sites is the bottleneck
It supports up to 256 DHCP servers/relay agents.
Do you think that raspberry pi could handle 500 VLAN interfaces?
-----Original Message-----
From: dhcp-users <dhcp-users-boun...@lists.isc.org> On Behalf Of Steve van
der Burg
Sent: Thursday, October 8, 2020 3:20 PM
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: RE: multi interfaces(vlans) configuration
In my case (and in nearly all cases?) the DHCP traffic from the clients on
those VLANs is being forwarded to the DHCP servers by the network gear. I
don't run ours, but I know that our network people have added "DHCP helper
address" settings to all (checking...) 2530 subnets. It all arrives on
one interface on each of my DHCP servers. I can't imagine having 2500
virtual interfaces on either of those.
...Steve
-----Original Message-----
From: dhcp-users <dhcp-users-boun...@lists.isc.org> On Behalf Of Ahiya
Zadok
Sent: Thursday,October 08,2020 8:08 AM
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: RE: multi interfaces(vlans) configuration
CAUTION: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the
content is safe.
Thanks, Steve
Do you think that the numbers of subnets and the number of interfaces
(vlans) that DHCP is listening to have much effect on resource
utilization?
-----Original Message-----
From: dhcp-users <dhcp-users-boun...@lists.isc.org> On Behalf Of Steve van
der Burg
Sent: Thursday, October 8, 2020 3:01 PM
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: RE: multi interfaces(vlans) configuration
I'm serving leases from a total lease pool that has about a quarter of a
million leasable addresses, with about 30k active leases at any one time.
Most lease lengths are 60 hours (2.5 days) and those are all being served
from a pair of single-CPU virtual machines (running Debian 10) with 2GB
RAM each. And each one isn't really breaking a sweat. I rarely see more
than 20% CPU usage and more than 75% of RAM used by dhcpd.
As Glenn said, lease length can make a big difference with regards to
total traffic, CPU load, etc, but with lease lengths like mine you can see
that you don't need much in the way of hardware.
...Steve
-----Original Message-----
From: dhcp-users <dhcp-users-boun...@lists.isc.org> On Behalf Of Ahiya
Zadok
Sent: Thursday,October 08,2020 4:03 AM
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: RE: multi interfaces(vlans) configuration
CAUTION: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the
content is safe.
Thanks, Glenn
Regarding the number of sites- I plan to have a server per site.
Each site will have around 500 subnets with around 10-15 devices per
subnet.
Does the number of IPs per subnet affect memory even when they are not
assigned?
This is MDUs installation so 24H lease is good enough.
-----Original Message-----
From: dhcp-users <dhcp-users-boun...@lists.isc.org> On Behalf Of
glenn.satch...@uniq.com.au
Sent: Thursday, October 8, 2020 10:54 AM
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: multi interfaces(vlans) configuration
Hi,
The size of the server depends on two things - the number of clients and
how often they renew their lease.
Eg if they renew once every hour versus once every day then that takes
24 times as much cpu reources in the work done to renew the leases and
record the updates.
Secondly a large amount of the lease data is kept in memory, so the number
of lease affects the memory size.
So, how many sites? You say 500 vlans - which I guess equates to subnets
- that's what dhcpd configuration needs. And how many devices per subnet
typically? A subnet doesn't have to be a /24, it can be any size that is
suitable for that subnet, eg multiple /24 pools, /21 will give 2048
addresses, /20 will give 4096, or bigger if needed.
Others running large number of clients, say 10-20k can probably offer
better advice, but I don't think a PI4 with 8GB is not going to have
enough memory, cpu or storage I/O.
You'll probably want a server with 32 or 64GB memory and SSD or NVME disks
for high throughput. With that many clients then 10 or 25 Gigabit network
is probably needed too.
You'll also need to think about what bandwidth you have in your back-haul
networks back to the central network where the dhcp server is.
However, a PI4 is cheap so you could try one out to see how it goes.
regards,
-glenn
On 2020-10-08 15:57, ahiya wrote:
> I'm new to isc/kea.I have multi-sites with around 2000-5000 devices
> per site.the real issue is that they are spread across 500 different
> VLANs.I wanted to know is isc/kea is the right solution for that
> task.and what is the right way to implement it?if the only service I
> need is dhcp4 serving all these segments, what will be the HW
> requirements for this task?
> Raspberry PI4 with 8G mem will be enough?should I use .conf files or
> should I go for the backend server?ill appreciate any feedback.thanks
> a lot.
>
>
>
> --
> Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
This email is directed in confidence solely to the person named above and
may contain confidential, privileged or personal health information.
Please be aware that this email may also be released to members of the
public under Ontario's Freedom of Information and Protection of Privacy
Act if required. Review, distribution, or disclosure of this email by
anyone other than the person(s) for whom it was originally intended is
strictly prohibited. If you are not an intended recipient, please notify
the sender immediately via a return email and destroy all copies of the
original message. Thank you for your cooperation.
_______________________________________________
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
This email is directed in confidence solely to the person named above and
may contain confidential, privileged or personal health information.
Please be aware that this email may also be released to members of the
public under Ontario's Freedom of Information and Protection of Privacy
Act if required. Review, distribution, or disclosure of this email by
anyone other than the person(s) for whom it was originally intended is
strictly prohibited. If you are not an intended recipient, please notify
the sender immediately via a return email and destroy all copies of the
original message. Thank you for your cooperation.
_______________________________________________
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 3
Date: Thu, 8 Oct 2020 18:57:17 +0000
From: Jim Yang <z...@cornell.edu>
To: "dhcp-users@lists.isc.org" <dhcp-users@lists.isc.org>
Subject: DHCP server configuration does not work for all clients
Message-ID: <1bb742a9-48d8-446d-a973-0651bb679...@cornell.edu>
Content-Type: text/plain; charset="utf-8"
Hi,
My DHCP server software is dhcpd v4.4.2 and running on CentOS 7. The DHCP
Server IP address is 10.2.1.10.
In the example, the client MAC is 74:a7:11:22:33:44 and its IP is 10.1.14.94.
After I added the client MAC to the subclass "mytest" in the dhcpd.conf and
restarted the dhcpd,
I expected the client's next DHCP renew request would not succeed because of
the following statement:
deny members of "mytest" in the pool (range 10.1.1.1 10.1.16.255) definition.
But it did not happen. The client did renewing its address 10.1.14.94 after the
server restarts.
By comparison, I added a few other clients to the subclass "mytest" in the
dhcpd.conf file and restarted the dhcp servers. Those clients did not renew
their existing IP in the range 10.1.1.1 10.1.16.255, instead, got their new IP
addresses from the other pool range 10.50.252.1 10.50.255.254. These clients'
behavior is expected.
Is this a DHCP sever software bug or something else?
Thanks for your time.
Related lines in the dhcpd.conf:
shared-network net580 {
option domain-name "test.domain.name";
option domain-name-servers 10.3.1.2,10.3.1.3,10.3.1.4;
subnet 10.1.0.0 netmask 255.255.0.0 {
option routers 10.1.0.1;
}
pool {
failover peer "dhcpnet";
deny dynamic bootp clients;
range 10.1.1.1 10.1.16.255;
deny members of "mytest";
default-lease-time 3600;
max-lease-time 3600;
}
pool {
failover peer "dhcpnet";
deny dynamic bootp clients;
range 10.50.252.1 10.50.255.254;
allow members of "mytest";
default-lease-time 300;
max-lease-time 300;
option domain-name-servers 10.2.1.10, 10.2.1.2;
}
}
subclass "mytest" 1:74:A7:11:22:33:44;
Tcpdump DHCP Packets:
13:25:11.943051 IP (tos 0x0, ttl 62, id 23969, offset 0, flags [none], proto
UDP (17), length 354)
10.1.0.3.bootps > 10.2.1.10.bootps: [udp sum ok] BOOTP/DHCP, Request from
74:a7:11:22:33:44, length 326, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)
Gateway-IP 10.1.0.3
Client-Ethernet-Address 74:a7:11:22:33:44
Vendor-rfc1048 Extensions
Magic Cookie 0x65835363
DHCP-Message Option 53, length 1: Request
Requested-IP Option 50, length 4: 10.1.14.94
Server-ID Option 54, length 4: 10.2.1.10
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"
Hostname Option 12, length 16: "amazon-72fdddaaa"
Parameter-Request Option 55, length 10:
Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server
Domain-Name, MTU, BR, Lease-Time
RN, RB
Agent-Information Option 82, length 20:
Circuit-ID SubOption 1, length 18: IRB-irb.2043:ae3.0
END Option 255, length 0
13:25:11.943058 IP (tos 0x0, ttl 62, id 39591, offset 0, flags [none], proto
UDP (17), length 355)
10.1.0.2.bootps > 10.2.1.10.bootps: [udp sum ok] BOOTP/DHCP, Request from
74:a7:11:22:33:44, length 327, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)
Gateway-IP 10.1.0.2
Client-Ethernet-Address 74:a7:11:22:33:44
Vendor-rfc1048 Extensions
Magic Cookie 0x65835363
DHCP-Message Option 53, length 1: Request
Requested-IP Option 50, length 4: 10.1.14.94
Server-ID Option 54, length 4: 10.2.1.10
MSZ Option 57, length 2: 1500
Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"
Hostname Option 12, length 16: "amazon-72fdddaaa"
Parameter-Request Option 55, length 10:
Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server
Domain-Name, MTU, BR, Lease-Time
RN, RB
Agent-Information Option 82, length 21:
Circuit-ID SubOption 1, length 19: IRB-irb.2000:ae00.0
END Option 255, length 0
13:25:11.943779 IP (tos 0x0, ttl 64, id 37878, offset 0, flags [DF], proto UDP
(17), length 365)
10.2.1.10.bootps > 10.1.0.3.bootps: [bad udp cksum 0xc984 -> 0xdcb7!]
BOOTP/DHCP, Reply, length 337, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)
Your-IP 10.1.14.94
Gateway-IP 10.1.0.3
Client-Ethernet-Address 74:a7:11:22:33:44
Vendor-rfc1048 Extensions
Magic Cookie 0x65835363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4: 10.2.1.10
Lease-Time Option 51, length 4: 3600
Subnet-Mask Option 1, length 4: 255.255.0.0
Default-Gateway Option 3, length 4: 10.1.0.1
Domain-Name-Server Option 6, length 12: 10.3.1.2,10.3.1.3,10.3.1.4
Domain-Name Option 15, length 31: "test.domain.name"
Agent-Information Option 82, length 20:
Circuit-ID SubOption 1, length 18: IRB-irb.2043:ae3.0
END Option 255, length 0
13:25:11.944080 IP (tos 0x0, ttl 64, id 44173, offset 0, flags [DF], proto UDP
(17), length 366)
10.2.1.10.bootps > 10.1.0.2.bootps: [bad udp cksum 0xc984 -> 0xa7b5!]
BOOTP/DHCP, Reply, length 338, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)
Your-IP 10.1.14.94
Gateway-IP 10.1.0.2
Client-Ethernet-Address 74:a7:11:22:33:44
Vendor-rfc1048 Extensions
Magic Cookie 0x65835363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4: 10.2.1.10
Lease-Time Option 51, length 4: 3600
Subnet-Mask Option 1, length 4: 255.255.0.0
Default-Gateway Option 3, length 4: 10.1.0.1
Domain-Name-Server Option 6, length 12: 10.3.1.2,10.3.1.3,10.3.1.4
Domain-Name Option 15, length 31: "test.domain.name"
Agent-Information Option 82, length 21:
Circuit-ID SubOption 1, length 19: IRB-irb.2000:ae00.0
END Option 255, length 0
Thanks,
Jim Yang
Cornell IT
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20201008/68cfefcf/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 144, Issue 3
******************************************
