Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: option dhcp-server-identifier (Simon Hobson)
2. Selective logging of Option82 markets (project722)
3. Re: option dhcp-server-identifier (John Ratliff)
4. Re: Selective logging of Option82 markets (Glenn Satchell)
5. Re: Selective logging of Option82 markets (Peter Rathlev)
6. Re: option dhcp-server-identifier (Ilkka Virta)
----------------------------------------------------------------------
Message: 1
Date: Wed, 12 Oct 2016 13:50:35 +0100
From: Simon Hobson <dh...@thehobsons.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: option dhcp-server-identifier
Message-ID: <6a8a6434-0626-4a96-a9b7-68515ea87...@thehobsons.co.uk>
Content-Type: text/plain; charset=us-ascii
John Ratliff <jratl...@bluemarble.net> wrote:
> It seems that the running server always sends packets from the primary IP
> on the NIC, and sets the dhcp-server-identifier option to this IP. So when
> a DHCP client tries to renew, if the server has changed, it takes quite a
> while before the client realizes this.
Thomas has already given the fix for the address used (and I always prefer a
proper fix to a workaround), but without this there should be no impact
whatsoever on the clients. They may take a while to find the other server, but
they will not lose their current lease - if they do then you have other issues
to investigate.
The default behaviour (at least for the ISC client, I think most are pretty
similar) is to renew (by unicast to the server) the lease at half time. So if
you use (say) 8 hours leases, the client will attempt to renew it when there's
4 hours left - at this point it will get no reply if the original server is
down but that will not in any way affect client operation.
The client will continue at decreasing intervals until (by default) 7/8 of the
lease is expired - so when there is still 1 hour of an 8 hours lease left. Then
it will switch to broadcasting renewal requests - at which point, the other
server will pick up the packet and renew the lease, and the client can then
carry on as normal without any network interruption.
Any client that breaks network connections under this condition is broken.
Only if the lease completely expires should the client drop it's IP address and
break any network connections that are open.
I hope that's clear.
------------------------------
Message: 2
Date: Wed, 12 Oct 2016 09:28:52 -0500
From: project722 <project...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Selective logging of Option82 markets
Message-ID:
<CAPBQMZB9ThA=ob59Z_yRogZjB=wn5oav2xzako-pfun4shm...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
I'm using a global statement which allows me to log all data that comes
into the server with Option82 in it. Here is what I am using:
if((option dhcp-message-type = 3 or option dhcp-message-type = 5) and
exists agent.circuit-id) {
log(info, concat( "OPTION-82 | IP =",
binary-to-ascii (10, 8, ".",leased-address),
" | MAC=",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 1, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 2, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 3, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 4, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 5, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 6, 1))),2),
#" | CIRCUIT-ID=",
#binary-to-ascii (10, 8, ".", option agent.circuit-id),
#" | REMOTE-ID=",
#binary-to-ascii (10, 8, ".", option agent.remote-id),
" | CIRCUIT-ID=",
substring( option agent.circuit-id, 0, 9999),
" | REMOTE-ID=",
substring( option agent.remote-id, 0, 9999)));
}
We have about 25 markets, or "pools", subnet declarations, whatever you
want to call it. Some of which are test markets we are using for internal
use. I need the ability to enable/disable option82 logging for these
markets. I'd rather keep the logging statement global then disable only the
few internal use markets that I need to. Is there a way to accomplish this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20161012/53c3b2a7/attachment-0001.html>
------------------------------
Message: 3
Date: Wed, 12 Oct 2016 11:21:18 -0400 (EDT)
From: "John Ratliff" <jratl...@bluemarble.net>
To: "Users of ISC DHCP" <dhcp-users@lists.isc.org>
Subject: Re: option dhcp-server-identifier
Message-ID:
<83754e94fa7e944798e35696e022562e.squir...@webmail.smithville.com>
Content-Type: text/plain;charset=iso-8859-1
<quote who="Simon Hobson">
> John Ratliff <jratl...@bluemarble.net> wrote:
>
>> It seems that the running server always sends packets from the primary
>> IP
>> on the NIC, and sets the dhcp-server-identifier option to this IP. So
>> when
>> a DHCP client tries to renew, if the server has changed, it takes quite
>> a
>> while before the client realizes this.
>
> Thomas has already given the fix for the address used (and I always prefer
> a proper fix to a workaround), but without this there should be no impact
> whatsoever on the clients. They may take a while to find the other server,
> but they will not lose their current lease - if they do then you have
> other issues to investigate.
>
> The default behaviour (at least for the ISC client, I think most are
> pretty similar) is to renew (by unicast to the server) the lease at half
> time. So if you use (say) 8 hours leases, the client will attempt to renew
> it when there's 4 hours left - at this point it will get no reply if the
> original server is down but that will not in any way affect client
> operation.
> The client will continue at decreasing intervals until (by default) 7/8 of
> the lease is expired - so when there is still 1 hour of an 8 hours lease
> left. Then it will switch to broadcasting renewal requests - at which
> point, the other server will pick up the packet and renew the lease, and
> the client can then carry on as normal without any network interruption.
>
> Any client that breaks network connections under this condition is broken.
>
> Only if the lease completely expires should the client drop it's IP
> address and break any network connections that are open.
>
> I hope that's clear.
Thanks to the both of you. Yes, the configuration directive is working.
And yes, we didn't think it should actually be a problem, but you see a
lot of broken DHCP clients working for an ISP, so I prefer to guard
against them as much as possible.
--John
------------------------------
Message: 4
Date: Thu, 13 Oct 2016 16:01:43 +1100
From: "Glenn Satchell" <glenn.satch...@uniq.com.au>
To: "Users of ISC DHCP" <dhcp-users@lists.isc.org>
Subject: Re: Selective logging of Option82 markets
Message-ID:
<bcd2aa3dfd42204da91c46f9f4bb0fcd.squir...@mail.uniq.com.au>
Content-Type: text/plain;charset=iso-8859-1
I don't have a specific answer to your question, but I noticed the
suffix(concat()) usage from a post I originally made way back in 2003. So
great to see that it is still in widespread use.
Original post:
http://marc.info/?l=dhcp-server&m=105689607527110&w=2
regards,
-glenn
On Thu, October 13, 2016 1:28 am, project722 wrote:
> I'm using a global statement which allows me to log all data that comes
> into the server with Option82 in it. Here is what I am using:
>
> if((option dhcp-message-type = 3 or option dhcp-message-type = 5) and
> exists agent.circuit-id) {
>
> log(info, concat( "OPTION-82 | IP =",
> binary-to-ascii (10, 8, ".",leased-address),
> " | MAC=",
> suffix (concat("0", binary-to-ascii (16, 8, "",
> substring( hardware, 1, 1))),2),":",
> suffix (concat("0", binary-to-ascii (16, 8, "",
> substring( hardware, 2, 1))),2),":",
> suffix (concat("0", binary-to-ascii (16, 8, "",
> substring( hardware, 3, 1))),2),":",
> suffix (concat("0", binary-to-ascii (16, 8, "",
> substring( hardware, 4, 1))),2),":",
> suffix (concat("0", binary-to-ascii (16, 8, "",
> substring( hardware, 5, 1))),2),":",
> suffix (concat("0", binary-to-ascii (16, 8, "",
> substring( hardware, 6, 1))),2),
> #" | CIRCUIT-ID=",
> #binary-to-ascii (10, 8, ".", option agent.circuit-id),
> #" | REMOTE-ID=",
> #binary-to-ascii (10, 8, ".", option agent.remote-id),
> " | CIRCUIT-ID=",
> substring( option agent.circuit-id, 0, 9999),
> " | REMOTE-ID=",
> substring( option agent.remote-id, 0, 9999)));
> }
>
> We have about 25 markets, or "pools", subnet declarations, whatever you
> want to call it. Some of which are test markets we are using for internal
> use. I need the ability to enable/disable option82 logging for these
> markets. I'd rather keep the logging statement global then disable only
> the
> few internal use markets that I need to. Is there a way to accomplish
> this.
------------------------------
Message: 5
Date: Thu, 13 Oct 2016 12:29:57 +0200
From: Peter Rathlev <pe...@rathlev.dk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: Selective logging of Option82 markets
Message-ID: <1476354597.9073.20.ca...@rathlev.dk>
Content-Type: text/plain; charset="UTF-8"
On Wed, 2016-10-12 at 09:28 -0500, project722 wrote:
> I'm using a global statement which allows me to log all data that
> comes into the server with Option82 in it. Here is what I am using:
>
> if((option dhcp-message-type = 3 or option dhcp-message-type = 5) and
> ? ? ? exists agent.circuit-id) {
>
> ? ? log(info, concat( "OPTION-82 | IP =",
...
> We have about 25 markets, or "pools", subnet declarations, whatever
> you want to call it. Some of which are test markets we are using for
> internal use. I need the ability to enable/disable option82 logging
> for these markets. I'd rather keep the logging statement global then
> disable only the few internal use markets that I need to. Is there a
> way to accomplish this.
We use "config-option" selectors in class-statements, you might be able
to do the same with your log statement. An example:
? ?option X-Siedle-Options code 253 = string;
???class "Siedle" {
???????match if substring(hardware, 1, 3) = d4:e3:2c;
???????if (config-option X-Siedle-Options = "LOCATOR-ID") {
???????????set X-Siedle-Options-served = "LOCATOR-ID";
???????????option time-servers 192.0.2.234;
???????????option log-servers 192.0.2.234;
???????????option ntp-servers 192.0.2.234;
???????????option tftp-server-name "192.0.2.234";
???????????option bootfile-name "SSS/Axxx/locator.xml";
???????}
???}
???
???group {
???????option X-Siedle-Options "LOCATOR-ID";
???????subnet 198.51.100.0 netmask 255.255.255.0 {
???????????option routers 198.51.100.1;
???????????pool {
???????????????failover peer "rmnet-failover";?
???????????????range 198.51.100.50 198.51.100.239;
???????????}
???????}
???}
You might be able to attach a custom option to the subnets that
shouldn't be logged and then add
? ... and not (pick-first-value(config-option OPTION-NAME, "") = "SOMETHING")
to your existing "if" statement.
I'm not certain it will work though. It might depend on how much state
is present when the log statement is called. But for message type
REQUEST (3) and ACK (5) the subnet has probably already been parsed.
--?
Peter
------------------------------
Message: 6
Date: Thu, 13 Oct 2016 13:31:12 +0300
From: Ilkka Virta <itvi...@iki.fi>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: option dhcp-server-identifier
Message-ID: <8466f0ae-293f-b56b-24c9-e287ca4ba...@iki.fi>
Content-Type: text/plain; charset=windows-1252; format=flowed
On 12.10. 05:39, John Ratliff wrote:
> I have a pair of isc dhcp servers, version 4.3.1 on Debian 8 Jessie.
>
> I do not want to use the DHCP failover protocol. Instead, I want to use a
> virtual IP on the primary active server, and have the backup server
> shutdown. I have a cronjob to sync the lease file automatically, but
> failover will be strictly a manual process.
Just a thought:
I don't think you'll be able to sync new leases in real-time this way,
i.e. there's a window between the server giving out the lease and the
cron job running. (And with cron, you can't usually run more often than
once per minute.) If the primary server crashes with unsynced leases,
the client will still use the IP address, but the backup server will may
happily give it to someone else. I think the failover protocol tries to
work hard to prevent this.
Though of course the server tries to keep every client using the same IP
address, so this may not be much of a problem.
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 96, Issue 17
******************************************
