ISP DHCPd for 2 (or more) routers

TheGreatDoc · February 07, 2016, 02:18:10 AM

Hi All,

Im actually running 2 differents dhcp servers for 2 different routers who relays on them.

Im almost sure I can do this with only 1 dhcp server. Anyone here has done it before?

Option 82 is involved, but I dont really know how to do it and documentation is confusing for me

Thanks!

srg · February 07, 2016, 03:15:58 AM

No problem at all. Your two routers will relay with different GI addresses that you match with a subnet declaration in the ISC config file. You don't really need to care about o82 in this case.

We're doing this en masse, it's a really common setup.

TheGreatDoc · February 07, 2016, 03:46:00 AM

Quote from: srg on February 07, 2016, 03:15:58 AM
No problem at all. Your two routers will relay with different GI addresses that you match with a subnet declaration in the ISC config file. You don't really need to care about o82 in this case.

We're doing this en masse, it's a really common setup.

But the 2 routers handle 2 different networks. They are not 2 routers for the same network.

srg · February 07, 2016, 03:49:03 AM

Quote from: TheGreatDoc on February 07, 2016, 03:46:00 AM
Quote from: srg on February 07, 2016, 03:15:58 AM
No problem at all. Your two routers will relay with different GI addresses that you match with a subnet declaration in the ISC config file. You don't really need to care about o82 in this case.

We're doing this en masse, it's a really common setup.

But the 2 routers handle 2 different networks. They are not 2 routers for the same network.

Doesn't matter. Create a shared-network statement for each of the networks, both containing one or more subnet declarations for the network(s) (and the GI-address, if they differs).

Something like this (not complete):

Code Select

shared-network net1 {
        subnet 192.168.1.0 netmask 255.255.255.0 {
                pool {
                        range 192.168.1.1 192.168.1.254;
                     }
                option routers 192.168.1.1;
                option domain-name-servers 192.168.1.1;
                option broadcast-address 192.168.1.255;
                option subnet-mask 255.255.255.0;
        }
        
}

shared-network net2 {
        subnet 192.168.2.0 netmask 255.255.255.0 {
                pool {
                        range 192.168.2.1 192.168.2.254;
                     }
                option routers 192.168.2.1;
                option domain-name-servers 192.168.2.1;
                option broadcast-address 192.168.2.255;
                option subnet-mask 255.255.255.0;
        }
        
}

TheGreatDoc · February 07, 2016, 04:18:20 AM

Just to be sure, the GI Address represents the local interface listening or the Relay IP Address?

Also, im just looking for documentation and only 2 results are near what Im looking for, but not work for what I want and dont know how to adapt them.

This is a simulated topology(See Attachment).

R1 handles 10.10.0.0/16 as private assignement and 1.1.1.0/24 as publics address. Private are asigned static and public dynamic. Same for R2 and their networks.
Bot routers relays dhcp on 172.16.0.4 and in that server I must differ for dynamic assignment and their respective routers.

The private ones doesnt care as they are assigned by mac address, but How I differ from where comes the request to assign the correct public ip?

srg · February 07, 2016, 04:26:09 AM

Something like this then:

Code Select

shared-network r1-public {
        subnet 1.1.1.0 netmask 255.255.255.0 {
                pool {
                        range 1.1.1.2 1.1.1.254;
                     }
                option routers 1.1.1.1;
                option domain-name-servers 8.8.8.8, 8.8.4.4;
                option broadcast-address 1.1.1.255;
                option subnet-mask 255.255.255.0;
        }
        
}

shared-network r2-public {
        subnet 2.2.2.0 netmask 255.255.255.0 {
                pool {
                        range 2.2.2.2 2.2.2.254
                     }
                option routers 2.2.2.1;
                option domain-name-servers 8.8.8.8, 8.8.4.4;
                option broadcast-address 2.2.2.255;
                option subnet-mask 255.255.255.0;
        }
        
}

The GI address is the relaying interface address. This will be matched against a subnet declaration by the DHCP server to know from which shared-network it should provide IPs. If you would have multiple secondary IPs on an interface they would be specified as a separate subnets under the same shared-network.

TheGreatDoc · February 07, 2016, 04:33:38 AM

And how you spificy gi address to match one shared network or other?

srg · February 07, 2016, 04:34:13 AM

Quote from: TheGreatDoc on February 07, 2016, 04:33:38 AM
And how you spificy gi address to match one shared network or other?

The subnet declaration.

TheGreatDoc · February 07, 2016, 04:39:31 AM

Or im totally not understand you or you are totally not understanding me.

Where is the GI Address in the subnet declaration?

Relay address in R1 is 172.16.0.2 and in R2 is 172.16.0.3

srg · February 07, 2016, 06:11:40 AM

Quote from: TheGreatDoc on February 07, 2016, 04:39:31 AM
Or im totally not understand you or you are totally not understanding me.

Where is the GI Address in the subnet declaration?

Relay address in R1 is 172.16.0.2 and in R2 is 172.16.0.3

It's not. The GI/relay address is the primary IP of the interface where the ip-helper/relay is configured (it normally is, in certain boxes this is configurable, as in for example a BNG or BRAS). In your example that would be the Public interfaces of R1 and R2 (1.1.1.1 and 2.2.2.1). They will match the subnet declarations inside each shared-network.

This way you can also have secondary subnets on the router interface being relayed by the same GI address. As long as the subnet declarations for all secondary networks are put inside the same shared network as a subnet declaration for the GI, the server can provide IPs to all secondary networks as well.

TheGreatDoc · February 07, 2016, 06:23:39 AM

In this case, the primary IP Address of each router interface is the private one (10.10.0.1 and 10.11.0.1 for R1 and R2)

As example,

DHCPREQUEST for xxx.xxx.91.164 from 00:1d:d1:a4:f9:f4 via 10.10.0.1

Also, as you said, each router have several public secondary networks.

Anyways, I'll try to do in lab what you are saying (that is a really basic configuration of ISC DHCP), but im sure I tried that and didnt work as you are saying.

srg · February 07, 2016, 06:26:22 AM

As long as you have a subnet declaration for the GI address you should be fine. So from your example:

Code Select

shared-network r1-public {
        subnet 10.10.0.1 netmask 255.255.255.255 {}

        subnet 1.1.1.0 netmask 255.255.255.0 {
                pool {
                        range 1.1.1.2 1.1.1.254;
                     }
                option routers 1.1.1.1;
                option domain-name-servers 8.8.8.8, 8.8.4.4;
                option broadcast-address 1.1.1.255;
                option subnet-mask 255.255.255.0;
        }
        
}

shared-network r2-public {
        subnet 10.11.0.1 netmask 255.255.255.255 {}

        subnet 2.2.2.0 netmask 255.255.255.0 {
                pool {
                        range 2.2.2.2 2.2.2.254
                     }
                option routers 2.2.2.1;
                option domain-name-servers 8.8.8.8, 8.8.4.4;
                option broadcast-address 2.2.2.255;
                option subnet-mask 255.255.255.0;
        }
        
}

The subnet declarations for the GI addresses are only there to match into a shared-network, since they don't belong to the actual subnet you want to serve with DHCP from the server. IPs will be handed out from every subnet inside a share-network from where the GI matches.