1

We are set up with a two-branch MPLS with a DCHP Helper on the Remote subnet. The DHCP service is running on a CentOS box.

So I have two subnets:

  • HostRange: 192.168.0.1 - 192.168.1.254
  • RemoteRange: 192.168.2.1 - 192.168.3.254

There are two problems:

  1. When I tested this configuration at the host location, the computer I tested with pulled from a guest pool instead of receiving its assigned ip address.
  2. The DHCP server doesn't like to see the same device in both subnets and throws an error saying it is listed twice.

Now, how do I specify the two networks in my config file? This is what I have come up with, which doesn't work:

shared-network CompleteNetwork {
    subnet 192.168.2.0 netmask 255.255.254.0 {
    option subnet-mask          255.255.254.0;
    option broadcast-address    192.168.3.255;
        option routers      192.168.2.1;
        #reserved pool for Guests (freely distributed)
    pool {
    range 192.168.3.101 192.168.3.150;
    }

    # ----A Laptop Computer for testing sake
    host TestSubject {
    hardware ethernet AA:BB:00:11:22:33;
    fixed-address 192.168.2.205;
    }
        #...
    }
    subnet 192.168.0.0 netmask 255.255.254.0 {
    option subnet-mask      255.255.254.0;
    option broadcast-address    192.168.3.255;
        option routers      192.168.1.1;

        #reserved pool for Guests   <------ ONLY RANGE DISTRIBUTED FREELY
    pool {
    range 192.168.0.101 192.168.0.150;
    }

    # ----A Laptop Computer for testing sake
    host TestSubject {
    hardware ethernet AA:BB:00:11:22:33;
    fixed-address 192.168.1.205;
    }
        #...
    }
}

[edit]

So I understand now that to have the same device on both networks I must specify a different host name. I also understand now that I don't need the shared-network part.

Also, Am I right to use that network broadcast over both subnets like that?

bgmCoder
  • 706
  • 4
  • 16
  • 29
  • Are you sure this is wise? I Would definitly not do that unless you can guarantee a extreme high uptime at the remote network - MPLS down = No DHCP. A small local appliance can bring stability, especially as ipv4 is not ipv6 and thus does not assign the addresses once the network is back up. Whatever you use for MPLS should be able to handle the DHCP on the other end. – TomTom Feb 16 '14 at 04:35
  • I've already gone the rounds with the IT architect and the ISP and have made the decision to use a single dhcp server. If it turns out to be problematic, I'll set up a second dhcp server at the other location. We have a DHCP helper, so it will point the other network to the single DHCP server. – bgmCoder Feb 16 '14 at 17:24

1 Answers1

1

First of all, enclosing everything in "shared-network" is not necessary. From man dhcpd.conf:

The shared-network statement is used to inform the DHCP server that some IP subnets actually share the same physical network. Any subnets in a shared network should be declared within a shared-network statement. ... If any subnet in a shared network has addresses available for dynamic allocation, those addresses are collected into a common pool for that shared network and assigned to clients as needed. There is no way to distinguish on which subnet of a shared network a client should boot.

This is not the case in your setup - the two networks are physically and logically separate.

Second, you're getting errors about two TestSubjects because dhcpd does not allow you to have two hosts with the same name. Change the name on one of them, and even if the MAC addresses are the same, and I'm pretty sure the errors will go away and you host reservations will work as intended.

The name in the host declaration does not have to match whatever the client thinks its hostname should be - in this case it's more of an arbitrary identifier. The server matches a client to a host declaration based on the subnet on which the request is received and the hardware address.

Finally, the broadcast address for the second subnet should be 192.168.1.255 (sorry I missed that earlier!) You're really setting up two separate layer 3 networks here (assuming this is a Layer 3 MPLS VPN).

There's a lot of good reference info in the manual pages for ISC dhcpd - I highly suggest reading through man dhcpd and man dhcpd.conf.

Regarding the wisdom of setting up your network this way - I agree that it's probably not the ideal configuration, especially if your only link between the two sites is a single MPLS VPN. I work for a small telco that provides MPLS service to our customers. I know that we have some customers who run a single DHCP server at their main location. I know this because when their WAN links go down, they call up our NOC in a panic asking us to enable the DHCP server on our CPE router. If you have some device at the remote office that can provide the DHCP service you need, your network will be more resilient if you enable DHCP locally. If you have to run DHCP across a WAN link, I'd strongly recommend at least setting the lease lifetime to a high value. Adding a backup link, like a VPN connection over the Internet (assuming each site has a separate internet connection) could also help to ensure the availability of DHCP service.

hcsteve
  • 341
  • 2
  • 7
  • So, you recommend just specifying the two subnets without putting them in the shared-network? Does it not matter that the host name matches what the device thinks it's own host name is? – bgmCoder Feb 16 '14 at 17:22
  • 1
    @BGM - Yes, just specify the two sinners without the shared-network declaration. The name in the host declaration does not have to match the client's hostname. See the edit to my answer for more info. – hcsteve Feb 16 '14 at 18:46
  • What about my network broadcast - is that correct to work with both subnets (and @hcsteve did you really mean to say "sinners"? Ha ha) – bgmCoder Feb 16 '14 at 21:20
  • 1
    @BGM Ha, sorry, I'm on mobile. Check my latest edit for info re: broadcast address. – hcsteve Feb 16 '14 at 22:17
  • (doh! I had forgot to click the update button) You have told me exactly what I was looking for. I'd give you another +1 if I had one. Thank you so much for your help. I will think about how to set up a backup link. I like the single DCHP server - my locations are about a mile apart, and my DCHP is over a LAN link through the MPLS, not a WAN address. I like the idea of the longer leases, too. My two sites have their own separate internet connections, so I could maybe do the backup link as you propose. – bgmCoder Feb 17 '14 at 01:51
  • You're welcome! I'd definitely recommend the backup VPN tunnel - even if you don't go all the way and get data failover working automatically, it's a good idea to at least have a plan for what to do if your MPLS link goes down. – hcsteve Feb 17 '14 at 03:08
  • when I run with that configuration, the service restarts without any errors, but my laptop does not receive the ipaddress that it was assigned - instead it receives from the guest pool. Any clue? On the machine I've released and renewed the ipconfig (windows). – bgmCoder Feb 17 '14 at 15:14
  • 1
    Ah - never mind - the laptop had a different mac address for its wired network than for its wireless network. It's working now! – bgmCoder Feb 17 '14 at 15:45