[Dnsmasq-discuss] dhcp doesn't work with dnsmasq in multi ip environment

Discussion:

Philipp Kolmann

2016-08-04 07:45:48 UTC

Hi,

I have a special setup with two IP Subnets on one Interface:

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
inet 172.18.92.60/24 brd 172.18.92.255 scope global eth1
valid_lft forever preferred_lft forever
inet 172.17.32.1/24 brd 172.17.32.255 scope global eth1:0
valid_lft forever preferred_lft forever

primary IP is 172.18.92.60, secondary is 172.17.32.1

I now want to use dnsmasq to supply clients identified by MAC Address an
IP address in the secondary range:

interface=eth1
dhcp-range = set:power, 172.17.32.0, static, 255.255.255.0
dhcp-host = set:power, 00:19:32:00:8f:90, fh-tuck-1p, 172.17.32.8,12h
dhcp-option = tag:power, option:ntp-server, 172.17.32.1
dhcp-option = tag:power, option:dns-server, 172.17.32.1
dhcp-option = tag:power, option:router, 172.17.32.1

My issue is now, that the Network-enabled power distribution unit (GUDE
EXPERT POWER CONTROL NET D4X 1200) seems to have an issue if dnsmasq is
providing an IP address from the secondary range. If I turn primary and
secondary IP, it works.

I have now also tested with ISC DHCP server and there the PDU accepts
the IP Address. The only difference that i found is the following:

The Source IP of the packets is the primary of the interface: 172.18.92.60

in ISC DHCP the option 54 IP (DHCP Server Identifier) is the primary,
172.18.92.60

in dnsmasq the option 54 IP is the secondary: 172.17.32.1

It seems that this is a discrepancy and therefore the PDU doesn't accept
the IP address, since the IP source and the DHCP Server Identifier do
not match.

Find attached the wireshark logs.

I tried to set

dhcp-option = tag:power, 54, 172.18.92.60

but this option is not used for the packet.

Any help is appriciated.
Thanks
Philipp

--
-----------------------------------------------------------------------
DI Mag. Philipp Kolmann mail:***@zid.tuwien.ac.at
Technische Universitaet Wien web:www.zid.tuwien.ac.at
Zentraler Informatikdienst (ZID) tel: +43(1)58801-42011
Wiedner Hauptstr. 8-10, A-1040 Wien DVR: 0005886
-----------------------------------------------------------------------

Simon Kelley

2016-08-05 15:35:27 UTC

Permalink

The DHCP client, once it establishes contact with the DHCP server will
need to be able to send packet to the address in the DHCP-identifier
option. This implies that once the client is set up and has an IP
address and default route, it can talk to the server-identifier
address (ie 172.18.92.60) Is that the case? If not that would explain
what you're seeing.

Cheers,

Simon.

Post by Philipp Kolmann
Hi,
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP group default qlen 1000 inet 172.18.92.60/24
brd 172.18.92.255 scope global eth1 valid_lft forever preferred_lft
forever inet 172.17.32.1/24 brd 172.17.32.255 scope global eth1:0
valid_lft forever preferred_lft forever
primary IP is 172.18.92.60, secondary is 172.17.32.1
I now want to use dnsmasq to supply clients identified by MAC
interface=eth1 dhcp-range = set:power, 172.17.32.0, static,
255.255.255.0 dhcp-host = set:power, 00:19:32:00:8f:90, fh-tuck-1p,
172.17.32.8,12h dhcp-option = tag:power, option:ntp-server,
172.17.32.1 dhcp-option = tag:power, option:dns-server,
172.17.32.1 dhcp-option = tag:power, option:router, 172.17.32.1
My issue is now, that the Network-enabled power distribution unit
(GUDE EXPERT POWER CONTROL NET D4X 1200) seems to have an issue if
dnsmasq is providing an IP address from the secondary range. If I
turn primary and secondary IP, it works.
I have now also tested with ISC DHCP server and there the PDU
accepts the IP Address. The only difference that i found is the
172.18.92.60
in ISC DHCP the option 54 IP (DHCP Server Identifier) is the
primary, 172.18.92.60
in dnsmasq the option 54 IP is the secondary: 172.17.32.1
It seems that this is a discrepancy and therefore the PDU doesn't
accept the IP address, since the IP source and the DHCP Server
Identifier do not match.
Find attached the wireshark logs.
I tried to set
dhcp-option = tag:power, 54, 172.18.92.60
but this option is not used for the packet.
Any help is appriciated. Thanks Philipp
_______________________________________________ Dnsmasq-discuss
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Kolmann Philipp

2016-08-09 07:04:51 UTC

Permalink

Hi Simon,

thanks for your answer. The Default Gateway (172.17.32.1) and the 172.18.92.60 are on the same interface of one linux server. Strangely if I use isc-dhcp-server, it works, but with dnsmasq it doesn't work. That are the two wireshark protocols I attached to my first mail.

The only difference I could spot, was that with isc-dhcpd the server-identifier is set to the same IP as the source address of the package and with dnsmasq I see that the DHCP ACK Package comes from the primary interface address (172.18.92.60) and the server-identifier is set to the Gateway IP (172.17.32.1).

So I was wondering, if I could specify the server-identifier via config file?

Thanks
Philipp

-----Ursprüngliche Nachricht-----
Von: Dnsmasq-discuss [mailto:dnsmasq-discuss-***@lists.thekelleys.org.uk] Im Auftrag von Simon Kelley
Gesendet: Freitag, 05. August 2016 17:35
An: dnsmasq-***@lists.thekelleys.org.uk
Betreff: Re: [Dnsmasq-discuss] dhcp doesn't work with dnsmasq in multi ip environment

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The DHCP client, once it establishes contact with the DHCP server will
need to be able to send packet to the address in the DHCP-identifier
option. This implies that once the client is set up and has an IP
address and default route, it can talk to the server-identifier
address (ie 172.18.92.60) Is that the case? If not that would explain
what you're seeing.

Cheers,

Simon.

Kolmann Philipp

2016-08-09 07:23:15 UTC

Permalink

I have checked the isc-dhcpd man page and found there a switch for dhcp-server-identifier. I have tested my power-socket with isc-dhcpd with the following setup:

shared-network eth1 {
subnet 172.18.92.0 netmask 255.255.255.0 {
}

subnet 172.17.32.0 netmask 255.255.255.0 {
}
}

host fh-tuck-1p {
hardware ethernet 00:19:32:00:8f:90;
fixed-address 172.17.32.8;
option host-name "fh-tuck-1p";
option dhcp-server-identifier 172.17.32.1;
}

Now I see in the DHCP-ACK Message the source-ip of the packet and the server identifier both set to 172.17.32.1.

I suspect, that the power-socket dhcp client has a problem, if the packet source ip and the server-identifier are not set the same.

Would it be possible to set the packet-source ip and server-identifier to the same ip address?

Thanks
Philipp

-----Ursprüngliche Nachricht-----
Von: Kolmann Philipp
Gesendet: Dienstag, 09. August 2016 09:05
An: 'Simon Kelley' <***@thekelleys.org.uk>; dnsmasq-***@lists.thekelleys.org.uk
Betreff: AW: [Dnsmasq-discuss] dhcp doesn't work with dnsmasq in multi ip environment

Hi Simon,

thanks for your answer. The Default Gateway (172.17.32.1) and the 172.18.92.60 are on the same interface of one linux server. Strangely if I use isc-dhcp-server, it works, but with dnsmasq it doesn't work. That are the two wireshark protocols I attached to my first mail.

The only difference I could spot, was that with isc-dhcpd the server-identifier is set to the same IP as the source address of the package and with dnsmasq I see that the DHCP ACK Package comes from the primary interface address (172.18.92.60) and the server-identifier is set to the Gateway IP (172.17.32.1).

So I was wondering, if I could specify the server-identifier via config file?

Thanks
Philipp

-----Ursprüngliche Nachricht-----
Von: Dnsmasq-discuss [mailto:dnsmasq-discuss-***@lists.thekelleys.org.uk] Im Auftrag von Simon Kelley
Gesendet: Freitag, 05. August 2016 17:35
An: dnsmasq-***@lists.thekelleys.org.uk
Betreff: Re: [Dnsmasq-discuss] dhcp doesn't work with dnsmasq in multi ip environment

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The DHCP client, once it establishes contact with the DHCP server will
need to be able to send packet to the address in the DHCP-identifier
option. This implies that once the client is set up and has an IP
address and default route, it can talk to the server-identifier
address (ie 172.18.92.60) Is that the case? If not that would explain
what you're seeing.

Cheers,

Simon.

Simon Kelley

2016-08-13 19:37:13 UTC

Permalink

Post by Kolmann Philipp
shared-network eth1 {
subnet 172.18.92.0 netmask 255.255.255.0 {
}
subnet 172.17.32.0 netmask 255.255.255.0 {
}
}
host fh-tuck-1p {
hardware ethernet 00:19:32:00:8f:90;
fixed-address 172.17.32.8;
option host-name "fh-tuck-1p";
option dhcp-server-identifier 172.17.32.1;
}
Now I see in the DHCP-ACK Message the source-ip of the packet and the server identifier both set to 172.17.32.1.
I suspect, that the power-socket dhcp client has a problem, if the packet source ip and the server-identifier are not set the same.
Would it be possible to set the packet-source ip and server-identifier to the same ip address?
Thanks
Philipp

That's not something that can be done in general: there are
circumstances where the server-id is not an address which belongs to the
host sending the DHCP packet. For instance is the DHCP reply is returned
by a DHCP relay, then the server-id will be the address of the server,
but the packet will be sourced by the relay agent, which won;t have an
interface with that address. If your DHCP client is really rejecting
packets where source address != server_id, then it's broken.

I thought about modifications to set the source address when possible,
but I fear that it will just provoke a different set of bugs in
different clients.

Cheers,

Simon.