Skip to content

GitLab

Open
Created by Pablo David Loggia@pablo

dhcrelay fowards 2 dhchrequest from a single request one with wrong giaddr

name: dhcrelay fowarding wrong giaddr
about: dhcrelay fowards 2 dhchrequest from a single request

DHCP Relay agent is fowarding 2 extra packages to DHCP server on renew in with giaddr for the vlan used to comunicate with DHCP Server.

What would be correct?

172.24.11.149 ==RENEW==> 10.1.4.3/4(DHCP Servers)===DHCP RELAY INTERCEPTS THE PACKAGE==RENEW SENT FROM RELAY WITH giaddr 172.24.11.254==>10.1.4.3/4(DHCP Servers)

How is behaving now?

The same as I describe before but with 2 extra packages with giaddr 10.1.40.2(DHCP RELAY AGENT CARD USED ONLY TO TALK TO DHCP SERVER) sent to the DHCP server.

####### DHCP Server Log ####### Server IP 10.1.40.3 and 10.1.40.4 (Balanced failover) May 10 05:39:27 lgdc1 dhcpd: DHCPREQUEST for 172.24.11.149 from 4e:67:f6:8f:67:d3 via eth0: lease 172.24.11.149 unavailable. May 10 05:39:27 lgdc1 dhcpd: DHCPNAK on 172.24.11.149 to 4e:67:f6:8f:67:d3 via eth0 May 10 05:39:27 lgdc1 dhcpd: Commit: IP: 172.24.11.149 Mac: 4e:67:f6:8f:67:d3 May 10 05:39:27 lgdc1 dhcpd: data: host_decl_name: not available May 10 05:39:27 lgdc1 dhcpd: circuit-id: eth2 May 10 05:39:27 lgdc1 dhcpd: giaddr: 172.24.11.254 May 10 05:39:27 lgdc1 dhcpd: DHCPREQUEST for 172.24.11.149 from 4e:67:f6:8f:67:d3 via 172.24.11.254 May 10 05:39:27 lgdc1 dhcpd: DHCPACK on 172.24.11.149 to 4e:67:f6:8f:67:d3 via 172.24.11.254 ### ONE OF THE REQUEST IS CORRECTLY RESPONDED May 10 05:39:27 lgdc1 dhcpd: DHCPREQUEST for 172.24.11.149 from 4e:67:f6:8f:67:d3 via 10.1.40.2: wrong network. May 10 05:39:27 lgdc1 dhcpd: DHCPNAK on 172.24.11.149 to 4e:67:f6:8f:67:d3 via 10.1.40.2 May 10 05:39:27 lgdc1 dhcpd: DHCPNAK from 4e:67:f6:8f:67:d3 via 10.1.40.2: unknown network segment

####### DHCP Relay Log ####### Server IP 10.1.40.2 May 10 05:12:13 lgrt1 dhcrelay: Forwarded BOOTREQUEST for 4e:67:f6:8f:67:d3 to 10.1.40.4 May 10 05:12:13 lgrt1 dhcrelay: Forwarded BOOTREQUEST for 4e:67:f6:8f:67:d3 to 10.1.40.3 May 10 05:12:13 lgrt1 dhcrelay: Adding 9-byte relay agent option May 10 05:12:13 lgrt1 dhcrelay: Forwarded BOOTREQUEST for 4e:67:f6:8f:67:d3 to 10.1.40.4 May 10 05:12:13 lgrt1 dhcrelay: Forwarded BOOTREQUEST for 4e:67:f6:8f:67:d3 to 10.1.40.3 May 10 05:12:13 lgrt1 dhcrelay: Forwarded BOOTREPLY for 4e:67:f6:8f:67:d3 to 255.255.255.255 May 10 05:12:13 lgrt1 dhcrelay: Forwarded BOOTREPLY for 4e:67:f6:8f:67:d3 to 172.24.11.149 May 10 05:12:13 lgrt1 dhcrelay: Forwarded BOOTREPLY for 4e:67:f6:8f:67:d3 to 255.255.255.255

######## CAPTURE on eth2 card OF THE RELAY AGENT

[root@lgrt1 ~]# tcpdump -i eth2 port 67 -e -nn -vvv tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 262144 bytes 06:32:03.634465 4e:67:f6:8f:67:d3 > a6:80:94:13:d5:7d, ethertype IPv4 (0x0800), length 328: (tos 0x0, ttl 64, id 6259, offset 0, flags [DF], proto UDP (17), length 314) 172.24.11.149.68 > 10.1.40.3.67: [udp sum ok] BOOTP/DHCP, Request from 4e:67:f6:8f:67:d3, length 286, xid 0x36d55689, Flags [none] (0x0000) Client-IP 172.24.11.149 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Request Client-ID Option 61, length 7: ether 4e:67:f6:8f:67:d3 MSZ Option 57, length 2: 1500 Vendor-Class Option 60, length 15: "android-dhcp-10" Parameter-Request Option 55, length 10: Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name MTU, BR, Lease-Time, RN RB, Vendor-Option END Option 255, length 0 06:32:05.471260 4e:67:f6:8f:67:d3 > a6:80:94:13:d5:7d, ethertype IPv4 (0x0800), length 328: (tos 0x0, ttl 64, id 6493, offset 0, flags [DF], proto UDP (17), length 314) 172.24.11.149.68 > 10.1.40.3.67: [udp sum ok] BOOTP/DHCP, Request from 4e:67:f6:8f:67:d3, length 286, xid 0x36d55689, secs 1, Flags [none] (0x0000) Client-IP 172.24.11.149 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Request Client-ID Option 61, length 7: ether 4e:67:f6:8f:67:d3 MSZ Option 57, length 2: 1500 Vendor-Class Option 60, length 15: "android-dhcp-10" Parameter-Request Option 55, length 10: Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name MTU, BR, Lease-Time, RN RB, Vendor-Option END Option 255, length 0 06:32:05.475997 a6:80:94:13:d5:7d > 4e:67:f6:8f:67:d3, ethertype IPv4 (0x0800), length 347: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 333) 172.24.11.254.67 > 172.24.11.149.68: [udp sum ok] BOOTP/DHCP, Reply, length 305, hops 1, xid 0x36d55689, secs 1, Flags [none] (0x0000) Client-IP 172.24.11.149 Your-IP 172.24.11.149 Gateway-IP 172.24.11.254 Client-Ethernet-Address 4e:67:f6:8f:67:d3 sname "dhcp1.loggiaite.corp"[|bootp]

######## CAPTURE on eth6 card OF THE RELAY AGENT ##### THIS IS THE DHCP MAIN NET AND IS NOT SUPOSE TO SERVE ANY DHCPCLIENT

TAKE A LOOK AT THE giaddr, 2 packet correct 2 packets worng on the requests causing the server to respond a NACK but being a posible issue if I want to serve IPs on 10.1.40.0 network

[root@lgrt1 ~]# tcpdump -i eth6 port 67 -e -nn -vvv tcpdump: listening on eth6, link-type EN10MB (Ethernet), capture size 262144 bytes 05:27:17.792451 32:c0:0c:f5:de:cc > 32:04:0f:dc:02:1a, ethertype IPv4 (0x0800), length 328: (tos 0x0, ttl 63, id 60976, offset 0, flags [DF], proto UDP (17), length 314) 10.1.40.2.68 > 10.1.40.3.67: [udp sum ok] BOOTP/DHCP, Request from 4e:67:f6:8f:67:d3, length 286, xid 0x87797fcb, Flags [none] (0x0000) Client-IP 172.24.11.149 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Request Client-ID Option 61, length 7: ether 4e:67:f6:8f:67:d3 MSZ Option 57, length 2: 1500 Vendor-Class Option 60, length 15: "android-dhcp-10" Parameter-Request Option 55, length 10: Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name MTU, BR, Lease-Time, RN RB, Vendor-Option END Option 255, length 0 05:27:17.792596 32:c0:0c:f5:de:cc > 76:d6:12:bf:2f:8f, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 3855, offset 0, flags [DF], proto UDP (17), length 328) 10.1.40.2.67 > 10.1.40.4.67: [bad udp cksum 0x654d -> 0x41dd!] BOOTP/DHCP, Request from 4e:67:f6:8f:67:d3, length 300, hops 1, xid 0x87797fcb, Flags [none] (0x0000) Client-IP 172.24.11.149 Gateway-IP 172.24.11.254 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Request Client-ID Option 61, length 7: ether 4e:67:f6:8f:67:d3 MSZ Option 57, length 2: 1500 Vendor-Class Option 60, length 15: "android-dhcp-10" Parameter-Request Option 55, length 10: Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name MTU, BR, Lease-Time, RN RB, Vendor-Option Agent-Information Option 82, length 6: Circuit-ID SubOption 1, length 4: eth2 END Option 255, length 0 PAD Option 0, length 0, occurs 6 05:27:17.792631 32:c0:0c:f5:de:cc > 32:04:0f:dc:02:1a, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 573, offset 0, flags [DF], proto UDP (17), length 328) 10.1.40.2.67 > 10.1.40.3.67: [bad udp cksum 0x654c -> 0x41de!] BOOTP/DHCP, Request from 4e:67:f6:8f:67:d3, length 300, hops 1, xid 0x87797fcb, Flags [none] (0x0000) Client-IP 172.24.11.149 Gateway-IP 172.24.11.254 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Request Client-ID Option 61, length 7: ether 4e:67:f6:8f:67:d3 MSZ Option 57, length 2: 1500 Vendor-Class Option 60, length 15: "android-dhcp-10" Parameter-Request Option 55, length 10: Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name MTU, BR, Lease-Time, RN RB, Vendor-Option Agent-Information Option 82, length 6: Circuit-ID SubOption 1, length 4: eth2 END Option 255, length 0 PAD Option 0, length 0, occurs 6 05:27:17.792660 32:c0:0c:f5:de:cc > 76:d6:12:bf:2f:8f, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 3856, offset 0, flags [DF], proto UDP (17), length 328) 10.1.40.2.67 > 10.1.40.4.67: [bad udp cksum 0x654d -> 0xc3f0!] BOOTP/DHCP, Request from 4e:67:f6:8f:67:d3, length 300, hops 1, xid 0x87797fcb, Flags [none] (0x0000) Client-IP 172.24.11.149 Gateway-IP 10.1.40.2 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Request Client-ID Option 61, length 7: ether 4e:67:f6:8f:67:d3 MSZ Option 57, length 2: 1500 Vendor-Class Option 60, length 15: "android-dhcp-10" Parameter-Request Option 55, length 10: Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name MTU, BR, Lease-Time, RN RB, Vendor-Option Agent-Information Option 82, length 6: Circuit-ID SubOption 1, length 4: eth6 END Option 255, length 0 PAD Option 0, length 0, occurs 6 05:27:17.792677 32:c0:0c:f5:de:cc > 32:04:0f:dc:02:1a, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 574, offset 0, flags [DF], proto UDP (17), length 328) 10.1.40.2.67 > 10.1.40.3.67: [bad udp cksum 0x654c -> 0xc3f1!] BOOTP/DHCP, Request from 4e:67:f6:8f:67:d3, length 300, hops 1, xid 0x87797fcb, Flags [none] (0x0000) Client-IP 172.24.11.149 ** Gateway-IP 10.1.40.2** Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Request Client-ID Option 61, length 7: ether 4e:67:f6:8f:67:d3 MSZ Option 57, length 2: 1500 Vendor-Class Option 60, length 15: "android-dhcp-10" Parameter-Request Option 55, length 10: Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name MTU, BR, Lease-Time, RN RB, Vendor-Option Agent-Information Option 82, length 6: Circuit-ID SubOption 1, length 4: eth6 END Option 255, length 0 PAD Option 0, length 0, occurs 6 05:27:17.793009 32:04:0f:dc:02:1a > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 10.1.40.3.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x87797fcb, Flags [Broadcast] (0x8000) Server-IP 10.1.40.3 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: NACK Server-ID Option 54, length 4: 10.1.40.3 MSG Option 56, length 31: "requested address not available" Agent-Information Option 82, length 6: Circuit-ID SubOption 1, length 4: eth2 END Option 255, length 0 PAD Option 0, length 0, occurs 9 05:27:17.794031 32:04:0f:dc:02:1a > 32:c0:0c:f5:de:cc, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 12765, offset 0, flags [DF], proto UDP (17), length 328) 10.1.40.3.67 > 10.1.40.2.67: [bad udp cksum 0x654c -> 0x4309!] BOOTP/DHCP, Reply, length 300, hops 1, xid 0x87797fcb, Flags [Broadcast] (0x8000) Server-IP 10.1.40.3 Gateway-IP 10.1.40.2 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: NACK Server-ID Option 54, length 4: 10.1.40.3 MSG Option 56, length 31: "requested address not available" Agent-Information Option 82, length 6: Circuit-ID SubOption 1, length 4: eth6 END Option 255, length 0 PAD Option 0, length 0, occurs 9 05:27:17.794971 32:c0:0c:f5:de:cc > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 10.1.40.2.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, hops 1, xid 0x87797fcb, Flags [Broadcast] (0x8000) Server-IP 10.1.40.3 Gateway-IP 10.1.40.2 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: NACK Server-ID Option 54, length 4: 10.1.40.3 MSG Option 56, length 31: "requested address not available" END Option 255, length 0 PAD Option 0, length 0, occurs 17 05:27:17.796762 76:d6:12:bf:2f:8f > 32:c0:0c:f5:de:cc, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 49095, offset 0, flags [DF], proto UDP (17), length 328) 10.1.40.4.67 > 10.1.40.2.67: [udp sum ok] BOOTP/DHCP, Reply, length 300, hops 1, xid 0x87797fcb, Flags [Broadcast] (0x8000) Server-IP 10.1.40.4 Gateway-IP 10.1.40.2 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: NACK Server-ID Option 54, length 4: 10.1.40.4 MSG Option 56, length 31: "requested address not available" Agent-Information Option 82, length 6: Circuit-ID SubOption 1, length 4: eth6 END Option 255, length 0 PAD Option 0, length 0, occurs 9 05:27:17.797691 32:c0:0c:f5:de:cc > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 10.1.40.2.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, hops 1, xid 0x87797fcb, Flags [Broadcast] (0x8000) Server-IP 10.1.40.4 Gateway-IP 10.1.40.2 Client-Ethernet-Address 4e:67:f6:8f:67:d3 Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: NACK Server-ID Option 54, length 4: 10.1.40.4 MSG Option 56, length 31: "requested address not available" END Option 255, length 0 PAD Option 0, length 0, occurs 17

######## DHCP RELAY SERVER configuration

[root@lgrt1 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 1e:22:b4:4b:0a:71 brd ff:ff:ff:ff:ff:ff inet 192.168.3.1/24 brd 192.168.3.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether a6:80:94:13:d5:7d brd ff:ff:ff:ff:ff:ff inet 172.24.11.254/24 brd 172.24.11.255 scope global noprefixroute eth2 valid_lft forever preferred_lft forever 6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether ee:f9:5d:2b:d5:f5 brd ff:ff:ff:ff:ff:ff inet 172.34.11.1/24 brd 172.34.11.255 scope global noprefixroute eth4 valid_lft forever preferred_lft forever 8: eth6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 32:c0:0c:f5:de:cc brd ff:ff:ff:ff:ff:ff inet 10.1.40.2/24 brd 10.1.40.255 scope global noprefixroute eth6 valid_lft forever preferred_lft forever [root@lgrt1 ~]#

[root@lgrt1 ~]# cat /etc/systemd/system/dhcrelay.service [Unit] Description=DHCP Relay Agent Daemon Documentation=man:dhcrelay(8) Wants=network-online.target After=network-online.target

[Service] Type=notify ExecStart=/usr/sbin/dhcrelay -4 -d --no-pid -i eth6 -i eth1 -i eth2 -i eth4 -a 10.1.40.3 10.1.40.4

[Install] WantedBy=multi-user.target [root@lgrt1 ~]#

######## DHCP SERVER configuration #SERVER 1 [root@lgdc1 serverconf.d]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 120: eth0@if121: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 32:04:0f:dc:02:1a brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.1.40.3/24 brd 10.1.40.255 scope global eth0 valid_lft forever preferred_lft forever

[root@lgdc1 serverconf.d]# cat /etc/dhcp/dhcpd.conf

ONLY FOR SUBNET AND STATIC HOSTS

INCLUDES

####################################

include "/etc/dhcp/serverconf.d/general.conf"; include "/etc/dhcp/serverconf.d/failover.conf";

SHARED NET DEFINITIONS

####################################

Relay domain for lgrt1.loggiaite.corp

shared-network lgrt1-relay {

SHARED NET GENERAL OPTIONS

####################################

interface eth0; ddns-updates on;

CLIENTS CLASS DEFINITIONS (POLICIES)

####################################

class "vlan3" { match if binary-to-ascii(10,8, ".", packet(24,4)) = "192.168.3.1"; #giaddr Filter }

class "vlan4" { match if binary-to-ascii(10,8, ".", packet(24,4)) = "172.24.11.254"; #giaddr Filter }

class "vlan90" { match if binary-to-ascii(10,8, ".", packet(24,4)) = "172.34.11.1"; #giaddr Filter }

SUBNETS

####################################

VLAN_INT_CASA

subnet 192.168.3.0 netmask 255.255.255.0 { option domain-name "int.loggiaite.corp"; option routers 192.168.3.1; option broadcast-address 192.168.3.255; pool { allow members of "vlan3"; failover peer "failover-dhcp"; range 192.168.3.50 192.168.3.248; } ......(STATIC IPS CONFIG)..... }

VLAN_INTERNET

subnet 172.24.11.0 netmask 255.255.255.0 { option domain-name "wifi.loggiaite.corp"; option routers 172.24.11.254; option broadcast-address 172.24.11.255; pool { allow members of "vlan4"; range 172.24.11.50 172.24.11.248; failover peer "failover-dhcp"; } ......(STATIC IPS CONFIG)..... }

VLAN_CAMARAS

subnet 172.34.11.0 netmask 255.255.255.0 { option domain-name "vigilancia.loggiaite.corp"; option routers 172.34.11.1; option broadcast-address 172.34.11.255; pool { allow members of "vlan90"; range 172.34.11.50 172.34.11.248; failover peer "failover-dhcp"; } ......(STATIC IPS CONFIG)..... }

[root@lgdc1 serverconf.d]# cat general.conf

general.conf

OPTIONS FOR ALL NETWORKS

####################################

option definitions common to all supported networks...

option domain-name-servers 192.168.3.8, 192.168.3.9; option domain-search "loggiaite.corp"; #option ntp-servers 192.168.3.1; #option time-server 192.168.3.1; #option time-offset 3600; use-host-decl-names on; default-lease-time 86400; max-lease-time 604800; authoritative; omapi-port 7911; omapi-key dhcp-key;

DDNS SETTINGS

#####################################

#ddns-update-style none; # Use this to disable dynamic dns updates globally. #ddns-update-style interim; # old non standard way used TXT records changed 20170718 to standard #ddns-update-style ad-hoc; # not supporter in future versions

ddns-update-style standard; # how to update the DNS update-static-leases off; # reserved leases update ddns-ttl 600; # seconds after entry times out deny client-updates; # ingnore DNS update by Client ignore client-updates; # do not update DNS on windows clients request update-conflict-detection true; # true, the server will perform standard DHCID multiple-client, one-name conflict detection update-optimization off; # if false client will allways be renewed in DNS

ddns-hostname = concat ( binary-to-ascii(10, 8, ".", leased-address),"-", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2) );

key XXXX { algorithm hmac-md5; secret XXXX; } key XXXX1 { secret XXXX; algorithm hmac-md5; }

Loggia ITE internal

zone int.loggiaite.corp. { primary 10.1.40.3; key XXXX; }

Loggia ITE Wifi

zone wifi.loggiaite.corp. { primary 10.1.40.3; key XXXX; }

Loggia ITE Vigilancia

zone vigilancia.loggiaite.corp. { primary 10.1.40.3; key XXXX; }

11.24.172.in-addr.arpa.

zone 11.24.172.in-addr.arpa. { primary 10.1.40.3; key XXXX; }

11.34.172.in-addr.arpa.

zone 11.34.172.in-addr.arpa. { primary 10.1.40.3; key XXXX; }

3.168.192.in-addr.arpa.

zone 3.168.192.in-addr.arpa. { primary 10.1.40.3; key XXXX; }

LOGGING SETTINGS

#########################################

Use this to send dhcp log messages to a different log file (you also

have to hack syslog.conf to complete the redirection).

log-facility local7;

on commit { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)); log(INFO,concat("Commit: IP: ", ClientIP, " Mac: ", ClientMac)); log(INFO,concat("Commit: IP: ", ClientIP, " Hostname: ", pick (option fqdn.hostname,option host-name,host-decl-name))); log(INFO,concat("circuit-id: ", option agent.circuit-id)); log(INFO,concat("giaddr: ", binary-to-ascii(10,8, ".", packet(24,4)))) ; log(INFO,concat("Link: ", option agent.link-selection)); } on release { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)); log(INFO,concat("Release: IP: ", ClientIP, " Mac: ", ClientMac)); log(INFO,concat("Release: IP: ", ClientIP, " Hostname: ", pick (option fqdn.hostname,option host-name,host-decl-name))); log(INFO,concat("circuit-id: ", option agent.circuit-id)); log(INFO,concat("giaddr: ", binary-to-ascii(10,8, ".", packet(24,4)))) ; log(INFO,concat("Link: ", option agent.link-selection)); } on expiry { set ClientIP = binary-to-ascii(10, 8, ".", leased-address); set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)); log(INFO,concat("Expiry: IP: ", ClientIP, " Mac: ", ClientMac)); log(INFO,concat("Expiry: IP: ", ClientIP, " Hostname: ", pick (option fqdn.hostname,option host-name,host-decl-name))); log(INFO,concat("circuit-id: ", option agent.circuit-id)); log(INFO,concat("giaddr: ", binary-to-ascii(10,8, ".", packet(24,4)))) ; log(INFO,concat("Link: ", option agent.link-selection)); }

[root@lgdc1 serverconf.d]# cat failover.conf

failover configuration

failover peer "failover-dhcp" { primary; # This defines the master address 10.1.40.3; port 647; peer address 10.1.40.4; peer port 648; max-response-delay 60; max-unacked-updates 10; mclt 3600; split 128; load balance max seconds 3; } server-name "dhcp1.loggiaite.corp"; option dhcp-server-identifier 10.1.40.3;

#####Server 2 only is diferent on the file fileover.conf

[root@lgdc2 serverconf.d]# cat failover.conf

failover configuration

failover peer "failover-dhcp" { secondary; # This defines the slave address 10.1.40.4; port 648; peer address 10.1.40.3; peer port 647; max-response-delay 60; max-unacked-updates 10; load balance max seconds 3; }

server-name "dhcp2.loggiaite.corp"; option dhcp-server-identifier 10.1.40.4;

[root@lgdc2 serverconf.d]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 100: eth0@if101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 76:d6:12:bf:2f:8f brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.1.40.4/24 brd 10.1.40.255 scope global eth0 valid_lft forever preferred_lft forever

[root@lgrt1 ~]# dhcpd --version isc-dhcpd-4.2.5 [root@lgrt1 ~]# cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core) [root@lgrt1 ~]#

Describe the solution you'd like I would expect not to relay fowarded messages from other interfaces and/or DHCP renews sent directly to DHCP server. I think that a solution would be to identify unicast messages sent to the DHCP server from other interfaces diferent.

Some initial questions

  • Are you sure your feature is not already implemented in the latest ISC DHCP version?, NO, I am not, anyway it would be GREAT a fix for this on this particular version.
  • Are you sure your requrested feature is not already impemented in Kea? Perhaps it's a good time to consider migration? I am not considering a migration to Kea, why should I?, I really apreciate flexible split (RFC3074) for loadbalancing, MCLT implementation and pool rebalancing, I don't need to move to Kea.

Pablo David Loggia Intraway Corp. Professional Service Consultant/Linux Especialist/ IT Architect Mobile +54 (911) 6418-7284 loggiapablo@gmail.com