Re: [Dnsmasq-discuss] VLANs and multiple IP addresses for one mac address
Ok, pulling back a level or two in the discussion tree since I'd gonethe wrong path, I have now tried the following: dhcp-range=start1,stop1... dhcp-range=tag:vlan-if,start2,stop2... dhcp-host=eth-addr,ethwlan-addr,name1,ip-in-range1 dhcp-host=eth-addr,ethwlan-addr,name2,ip-in-range2 I deleted the dnsmasq lease file in /var, ran dnsmasq -d, and from the host with given eth (or wlan) addr, did a dhclient on the main interface and on the VLAN-ed one. Each interface got its own IP as specified in the dhcp-host for the IP range corresponding to the interface, and both names got registered in DNS with the right IP address. It appears no tag is needed, and the right dhcp-option is found based on the subnet where the static IP belongs. Does this fulfill your requirements? I did not try with IPv6 and especially with auto-addition of SLAAC IPv6 addresses to the DNS zone, though. Bonjour Albert. Well what do you know! It works! I had assumed that some sort of tag matching was needed to get the right address for the right VLAN/interface. But I followed what you suggested and included multiple dhcp-host lines, all with the same mac address, but with different IPs from the different subnets and the right addresses got allocated. It must be a bit of dhcp magic in Simon's code! Thanks for all your help. David Thanks for your help. David Amicalement, -- Albert. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] VLANs and multiple IP addresses for one mac address
On 25 June 2014 06:24, Albert ARIBAUD albert.arib...@free.fr wrote: Hi David, Le Tue, 24 Jun 2014 23:50:54 +0100, David Joslin dav...@nkcc.org.uk a écrit : Thanks for the reply, Simon. How would I do that? I already use the --dhcp-host option to allocate IP addresses by MAC address for certain clients but these are all machines with just one IP address on one VLAN. How would I allocate static IP addresses to these access points when they require a different IP address per VLAN but all with the same MAC address? Each VLAN is associated with a LAN bridge on the machine running dnsmasq and I allocate DHCP addresses to the different VLANs using the tag option in the --dhcp-range statements - for example: dhcp-range=tag:br3,10.10.70.101,10.10.70.200,255.255.255.0,1440m. This works fine. But I can't see how to allocate static IP addresses based on VLAN membership. Am I missing something obvious? I don't know about missing anything obvious, but i) can you also show the dhcp-host options you use for one host? Also, just in case, try with a tag that does not match the name of an interface (and make sure that you change it in the VLANs' dhcp-range options as well as in the hosts' dhcp-host options). Here's the configuration for the DHCP range used on one VLAN (on interface br1). interface=br1 dhcp-range=tag:br1,10.10.20.101,10.10.20.200,255.255.255.0,1440m dhcp-option=tag:br1,3,10.10.20.1 Here's the configuration for a couple of hosts on that VLAN. dhcp-host=60:03:08:9D:3D:08,10.10.20.99 dhcp-host=F0:CB:A1:86:D1:6E,10.10.20.100 What I thought Simon was suggesting was to allocate specific static addresses to the access points that are outside the ranges that are allocated to other clients. This would avoid the problem of dnsmasq allocating addresses to other clients that had already been allocated to the access points. What I'm missing here is how to reserve several addresses for a particular access point when all the requests use the same mac address. The requests will arrive on different interfaces (br0, br1, br2 etc) but I can't see how to use that in the dhcp-host configuration. That's why I think I'm missing something! Thanks for your help. David -- Albert. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] VLANs and multiple IP addresses for one mac address
On 26 June 2014 12:45, Albert ARIBAUD albert.arib...@free.fr wrote: Bonjour David, Here's the configuration for the DHCP range used on one VLAN (on interface br1). interface=br1 dhcp-range=tag:br1,10.10.20.101,10.10.20.200,255.255.255.0,1440m dhcp-option=tag:br1,3,10.10.20.1 Here's the configuration for a couple of hosts on that VLAN. dhcp-host=60:03:08:9D:3D:08,10.10.20.99 dhcp-host=F0:CB:A1:86:D1:6E,10.10.20.100 You're using 'tag:' in both dhcp-range and dhcp-host; I believe you should use 'set:' in dhcp-range with a different tag for each vlan, and 'tag:' in dhcp-host. Thanks Albert. According to the man page, dnsmasq only allows you to 'set' tags on dhcp-host lines. It doesn't allow you to match tags like you can on dhcp-range lines. This is what's confusing me. I know the tag matching option works when I use it with 'dhcp-range' but it doesn't appear it can be used with 'dhcp-host'. If it could I think my problem would be solved. Maybe I'm still missing something! David What I thought Simon was suggesting was to allocate specific static addresses to the access points that are outside the ranges that are allocated to other clients. This would avoid the problem of dnsmasq allocating addresses to other clients that had already been allocated to the access points. What I'm missing here is how to reserve several addresses for a particular access point when all the requests use the same mac address. The requests will arrive on different interfaces (br0, br1, br2 etc) but I can't see how to use that in the dhcp-host configuration. That's why I think I'm missing something! Thanks for your help. David Amicalement, -- Albert. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] VLANs and multiple IP addresses for one mac address
I have a wireless network split into several vlans, each with its own subnet, with dnsmasq serving all vlans. The wireless network is a Ubiquti Unifi system and the access points all have static IP addresses on the management vlan. Additionally, the access points each request IP addresses via DHCP for the other vlans and dnsmasq correctly allocates the IP addresses for the relevant vlans. I noticed in dnsmasq's logs recently a bunch of 'lease not found' messages whenever the access points attempted to renew the leases for these addresses. The cause seems to be this: an access point's IP addresses are all used on the same interface on the access point so when it renews these addresses, the requests all come from the same mac address. Dnsmasq services these requests but only the last address allocated is stored in the lease file (I'm assuming the other addresses allocated are briefly stored but then overwritten by subsequent allocations). So the access points are happy enough - they have the addresses they need correctly allocated by dnsmasq - but dnsmasq's lease file only records the last address allocated. When the access points renew the leases, dnsmasq generates the 'lease not found' error because there's no record of the allocation in the lease file. The error messages themselves are no big deal and the access points do get the correct addresses. The problem I can foresee is that dnsmasq might allocate addresses to other clients that it has already allocated to the access points because it has no record of those allocations in its lease file. Is there any way dnsmasq can record more than 1 IP address against a mac address? Or is there any other way round this problem? The access points don't give any options for IP configuration apart from the address on the management vlan; there aren't any configuration options for these DHCP requested addresses. Any help would be greatly appreciated. David ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq using 100% cpu on router
Thanks Simon. In your earlier message you said you thought this is probably dhcp related. I did manage to retrieve some logs from the time of the problem and there was a great deal of dhcp happening on the network at the time. I haven't had time to go over them yet but I can see repeated dhcp requests from the same clients over and over again and often only a few minutes (or less) apart. Our network is only lightly loaded at the moment and I can't reproduce the problem on any client. Does this sound like the same bug? Would the logs be useful to you? Cheers David On 28 April 2014 18:36, Simon Kelley si...@thekelleys.org.uk wrote: Note that this bug appears to be a hard lockup. https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1313393 investigations are continuing. Simon. On 28/04/14 12:18, Kevin Darbyshire-Bryant wrote: On 25/04/2014 09:37, David Joslin wrote: Hi Kevin and thanks for the help. Apologies for delay in reply. Is it possible to upgrade the dnsmasq version on the router without waiting for the author of the tomato firmware to include a later version in a release of his firmware (and you mentioned that dnsmasq in tomato isn't a clean pull of Simon's release)? Probably, but as you'd have to cross compile it to MIPS and 'Tomato' environment you might as well try to rebuild the entire firmware. I loosely 'maintain' a shadow of Simon's git repo of dnsmasq with the Tomato/Asuswrt tweaks here https://github.com/kdarbyshirebryant/dnsmasq - No guarantees etc etc, but I personally try to keep up to date with both 'Merlin's Asuswrt/rmerlin and put current dnsmasq in there too. Why would changing the location of the leasefile to a usb stick make a difference? If the issue, as Simon suggests, is caused by the constant rewriting of the lease database, then wouldn't its current location (which on a router would be RAM) be a faster/better option than a usb stick? Or is there another possible issue here that I've missed? Agree, RAM should be faster but there is a finite amount of it and it's volatile...I quite like to store the database on something that survives reboots. Also, as tomato is compiled with 'no rtc', the code tries to minimise the number of writes to the leasefile on the basis it thinks it likely that flash memory is involved, so better to reduce the wear. The only recent change I've made to the router was the addition of a usb stick as the location for the writing of system logs and bandwidth and IP traffic usage logs (so that they weren't lost on a reboot). I had wondered if the cause of the problem was related to the speed of writing this stuff (which obviously includes dnsmasq logging) to the usb stick rather than RAM. That's why I turned off dnsmasq logging at one point but it didn't seem to make any difference. Thanks again for your help and I'll wait for your comments on the above. I'm not sure I've helped really. Kevin ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq using 100% cpu on router
Hi Kevin and thanks for the help. Is it possible to upgrade the dnsmasq version on the router without waiting for the author of the tomato firmware to include a later version in a release of his firmware (and you mentioned that dnsmasq in tomato isn't a clean pull of Simon's release)? Why would changing the location of the leasefile to a usb stick make a difference? If the issue, as Simon suggests, is caused by the constant rewriting of the lease database, then wouldn't its current location (which on a router would be RAM) be a faster/better option than a usb stick? Or is there another possible issue here that I've missed? The only recent change I've made to the router was the addition of a usb stick as the location for the writing of system logs and bandwidth and IP traffic usage logs (so that they weren't lost on a reboot). I had wondered if the cause of the problem was related to the speed of writing this stuff (which obviously includes dnsmasq logging) to the usb stick rather than RAM. That's why I turned off dnsmasq logging at one point but it didn't seem to make any difference. Thanks again for your help and I'll wait for your comments on the above. Cheers David On 24 April 2014 21:13, Kevin Darbyshire-Bryant ke...@darbyshire-bryant.me.uk wrote: On 24/04/2014 20:49, Simon Kelley wrote: On 24/04/14 20:41, David Joslin wrote: Thanks for the reply, Simon. DNSSEC isn't enabled. I wonder if the pattern of the problem gives any clues... As I said, on a normal day with around 40-50 clients on the network there is no problem at all with dnsmasq managing to use barely 0 - 2% of the CPU. When the problem occurred there were a little over 100 clients. Running top showed dnsmasq using 100% cpu so I restarted dnsmasq and kept an eye on top. For maybe 5 or 10 minutes there was no problem, with dnsmasq using very little cpu. Then dnsmasq would start to peak at maybe 20-30% for a couple of seconds before dropping back. Then it would start peaking at higher and higher levels before dropping back. Eventually, after running for maybe half an hour it would start peaking at over 90% and staying there for longer before dropping back. At this point dns requests would become very slow (and maybe time out). And then dnsmasq would hit 100% cpu and would stay there. Dns requests would time out and only restarting dnsmasq would fix the problem. The pattern would then start over again. I may be wrong but it doesn't seem that dnsmasq is hitting a bug that suddenly causes it to loop and hog the cpu until it's killed. It seems to gradually show more and more of the problem before it eventually hogs 100% cpu and has to be killed. If the problem was caused by dnsmasq being overloaded with requests, is it likely or possible that 50 clients could put very little load on it but 100 clients could swamp it? Also, would the problem not show itself as soon as dnsmasq was restarted rather than showing the gradual increase in peak usage until it hits 100%? Logs would help. The pattern doesn't look familiar, but if I had to guess, I'd say that the problem is DHCP, not DNS. Every change to the DHCP lease database causes the file storing it to be re-written, and I suspect that's what's eating CPU, in disk wait. Version of dnsmasq in use would be useful, and a copy of your config (to me privately, if you prefer.) When dnsmasq is running at 100%, try running strace -p pid of dnsmasq process that will run forever, printing what syscalls are being made, you can ctrl-c it after a show while, which will stop strace, but not dnsmasq. Cheers, Simon Chaps, Please be aware that the dnsmasq included in tomato is not a clean 'pull' out of Simon's release but includes some tweaks, mainly to the lease writing code (where it outputs 'remaining leasetime' rather than expiry time) There's also a 'helper' function that upon receipt of SIGUSR1 (or it may be 2 I can't remember) dumps the leasefile in a tomato specific format so that it may be read parsed into the 'dhcp status' page. Those changes were 'formalised' by me into IFDEF conditional compilation flags when I first investigated updating dnsmasq from v2.61 to something slightly newer which fixed the IPv6 RA flags. The original changes by Jon Zarate were identified and re-inserted after a few false starts. I am no 'C' coder! My suggestion for a start are to upgrade to dnsmasq 2.70 rather than a test release of 2.69. Also try changing the location of the leasefile to somewhere else e.g. a USB stick if your router supports it. I've not encountered anything like this but then I don't have 100 clients. Kevin ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq
Re: [Dnsmasq-discuss] dnsmasq using 100% cpu on router
The router isn't being used for wi-fi. We have a Ubiquiti Unifi wi-fi system throughout the building. The router is just routing (and providing dns, dhcp etc). David On 23 April 2014 02:43, Weedy weedy2...@gmail.com wrote: On 22 Apr 2014 15:10, David Joslin dav...@nkcc.org.uk wrote: Hi I have an Asus rt-n16 router running the Shibby version of the Tomato firmware which includes dnsmasq version 2.69test3. It's in use in a building that frequently has 50+ users on a wireless network and dnsmasq has performed extremely well with very little load on the router. However, we've recently run a couple of conferences in the building and the number of people using the wireless network has been just over 100. Even if you fix this you should look into better hardware. 480mhz and broadcom radios at your loads worries the hell out of me. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] dnsmasq using 100% cpu on router
Hi I have an Asus rt-n16 router running the Shibby version of the Tomato firmware which includes dnsmasq version 2.69test3. It's in use in a building that frequently has 50+ users on a wireless network and dnsmasq has performed extremely well with very little load on the router. However, we've recently run a couple of conferences in the building and the number of people using the wireless network has been just over 100. Several times there have been problems resolving addresses and when I've looked at the router dnsmasq has been using 100% cpu. Restarting dnsmasq temporarily fixes the problem but it occurs again maybe 20 minutes later. I've turned off logging, increased the cache-size and the maximum number of dhcp leases (anything I could see that might be a problem with more users) but this hasn't fixed the problem. I wondered if anyone has come across anything similar or has any suggestions? Thanks David ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DHCP errors with vlans and multiple subnets
Thanks, Simon. The access points are all on vlan 9 (the management vlan). They serve wireless clients on vlans 3, 4 and 5 but they don't have interfaces on these vlans. What's really baffling me is that nothing has changed with the network configuration. I've been through the configuration of the router (with it's dnsmasq dhcp server) and the switches on the network over and over again and I can't find anything that's changed. Each subnet is defined on the router (with dhcp enabled for each subnet) and each vlan is associated with a particular subnet. The way it used to work was this: I simply reserved the IP addresses for the access points on the router (and I can see that these reservations have gone into dnsmasq's dhcp-hosts file) and the access points were given these addresses (on vlan9) when they asked for them - simple! Now, when they request addresses, they are being offered addresses from every vlan apart from vlan 9! And when they request the offered address, dnsmasq pumps out the warning messages that the requested address conflicts with the address in the hosts file. I even disabled the dhcp server on all the subnets apart from that assigned to vlan9 to see if that would force the dhcp server to assign the correct 10.10.99... address but when I did this dnsmasq logged the following messages over and over again: no address range available for DHCP request via br0 no address range available for DHCP request via br1 no address range available for DHCP request via br2 It wouldn't offer a vlan9 address. There appeared to be a simple solution to this which was to assign static IPs to all vlan9 devices (switches, access points). But when I did, DHCP requests from the access points still appeared at the router! This would seem to be a fairly major bug (in the Ubiquti UniFi Wi-Fi system) but I'm wondering if this is in some way related to this problem (I can't think how, though). The access points have only one network interface and don't seem to offer any way to configure client-IDs so I still can't see a solution (apart from reverting everything to factory settings and building it all from scratch again - not something I want to do). If you've got any advice I'd be grateful. Cheers David On 4 March 2014 17:59, Simon Kelley si...@thekelleys.org.uk wrote: So, the same machine, with the same MAC address, seems to be talking to the dnsmasq DHCP server from (at least) three different subnets more-or-less simultaneously. This is not good, as the DHCP protocol (for IPv4, at least) assumes each interface will get _one_ address. Dnsmasq is chasing its tail, giving the machine one address, then abandoning that and giving it another, and so on. The APs have interfaces on multiple VLANS? If so you need to do one of two things 1) Get them to use different MAC addresses on each distinct VLAN, 2) Get them to use DHCP client-IDs and ensure that _those_ are distinct. As a unique identifier, client-ids override MAC addresses, so you should be OK leaving the interfaces with a single MAC address if you take the client-id route. Most DHCP clients have a way to configure which client-id they should use. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss