Re: DHCP serving more than one subnet (longish)

From: Mark Berryman (Mark.Berryman_at_Mvb.Saic.Com)
Date: 10/25/03

Next message: JF Mezei: "Re: EV79 CANCELED !!!!!!!!!"
Previous message: Michael T. Davis: "Re: DHCP serving more than one subnet (longish)"
In reply to: JF Mezei: "Re: DHCP serving more than one subnet (longish)"
Next in thread: JF Mezei: "Re: DHCP serving more than one subnet (longish)"
Reply: JF Mezei: "Re: DHCP serving more than one subnet (longish)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 24 Oct 2003 18:12:48 -0700

JF Mezei wrote:
> Mark Berryman wrote:
>
>>DHCP packets are formatted the same as any other IP packet. The only
>>real difference is that the source address is all zeros and the
>>destination address is all ones (which means it is a broadcast packet).
>
>
> Responses from the server however rely on the ethernet address only since
> there is no IP address to send the response to. (responses are not
> broadcasts). So while it may have the same format as an IP packet, it isn't
> one per say when it comes to issues related to routers.

Not correct. DHCP works over media other than ethernet. The DHCP
server knows nothing about any ethernet packet, all it ever sees is the
UDP packet. The ethernet (or other media) encapsulation has been
stripped off by the time the DHCP server sees the packet. The DHCP
server gets what you are calling the "ethernet address" from the chaddr
field of the DHCP packet. If the client identifier option has been
included in the packet by the client then the DHCP server may ignore the
"ethernet address" entirely. The DHCP packet itself is a fully built,
fully functional UDP packet. It most definitely is NOT an ethernet-only
packet.

>
>>Optional. The response can be either broadcast or addressed directly.
>
>
> Nop. Responses are sent to the client's ethernet address or to the ip address
> of a relay server if the giaddr field is not null. In the later case, the
> relay server will issue an ethernet packet on the other ethernet segment that
> is adressed to the client directly.

Sorry, wrong again. To quote from the RFC:

    If the 'giaddr' field in a DHCP message from a client is non-zero,
    the server sends any return messages to the 'DHCP server' port on the
    BOOTP relay agent whose address appears in 'giaddr'. [This will be
    the case if the request is relayed through a router].

    If the 'giaddr'
    field is zero and the 'ciaddr' field is nonzero, then the server
    unicasts DHCPOFFER and DHCPACK messages to the address in 'ciaddr'.
    [This will be the case when an address is being renewed.]

    If 'giaddr' is zero and 'ciaddr' is zero, and the broadcast bit is
    set, then the server broadcasts DHCPOFFER and DHCPACK messages to
    0xffffffff. If the broadcast bit is not set and 'giaddr' is zero and
    'ciaddr' is zero, then the server unicasts DHCPOFFER and DHCPACK
    messages to the client's hardware address and 'yiaddr' address.

    Note the option; the broadcast bit determines whether a response is
    unicast or broadcast and the setting of that bit can be controlled
    within the DHCP server configuration.

>>I think you have a semantic issue here. The response packet is a
>>properly formatted IP packet. If it weren't, no router would pass it
>>and DHCP requests can certainly be relayed via a router.
>
>
> Nop. DHCP requests cannot be passed by a ROUTER. You need a relay server
> (which I assume can be integrated into a router, but it isn't part of the
> basic role of a router).

Sorry, you are 0 for 3 here. A DHCP request is a standard UDP datagram
and can be passed by any router. You may be confusing the need for a
relay agent on the router to fill in the giaddr field but lack of that
agent does not prevent the router from passing the packet (and I can
even configure a network so that DHCP will work if the router doesn't
have such an agent).

>>Not quite. The relay agent simply enters info into the gateway field.
>
>
> I stand corrected. giaddr is filled with the relay server's IP address on the
> other side of the client's lan. Interstsingly, the relay server RFC did
> mention the addition of options in the client originated messages.
>
>
>>This tells the DHCP server what subnet the requesting host is part of
>>and also how to return the packet.
>
>
> It doesn't directly tell it what subnet it is coming from. For instance,
> consider a router that have 4 interfaces. The IP address in the giaddr would
> be the IP address of the interface talking to the DHCP server and the DHCP
> server would then not know which of the other 3 subnets the client request
> originated from. (I think that this is where those relay server options come in)

The giaddr field will be filled in with the address of the interface
that is on the same LAN as the requesting client, not the interface
closest to the DHCP server. The DHCP server will then use this field
to, among other things, determine what network (or subnet if you prefer)
the client is on (you really need to re-read the RFC).

>>The bottom line: dynamic addressing and multiple subnets on the same LAN
>>do not mix. Only one of the subnets can be dynamic, the other(s) must
>>be static.
>
>
> Not quite. You should be able to define a whole bunch of ethernet adresses as
> belonging to a group, and that group has its own range of dynamic IP adresses.

Sorry, I wasn't clear here. Having to manually maintain a list of MAC
addresses is the same thing as having to maintain a bunch of static
configurations in my book. However, your statement is correct. You can
create a group of hosts and dynamically allocate within that group if
you willing to do the manual maintenance.

> However, on the VMS DHCP server, I haven't quite figured out how to associate
> a group with an IP range.

What are you calling the "VMS DHCP" server? There are several DHCP
servers that run on VMS.

Mark Berryman

Next message: JF Mezei: "Re: EV79 CANCELED !!!!!!!!!"
Previous message: Michael T. Davis: "Re: DHCP serving more than one subnet (longish)"
In reply to: JF Mezei: "Re: DHCP serving more than one subnet (longish)"
Next in thread: JF Mezei: "Re: DHCP serving more than one subnet (longish)"
Reply: JF Mezei: "Re: DHCP serving more than one subnet (longish)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: SBS 2003 Misconfigured?
... I've thrown quite a bit at them, and just have to disagree that they are inherently less secure than the netgear. ... setup DHCP and I have also gone in and manually created a new scope ... when I first used the Netgear router with SBS 2003, ... than one SBS server in a company makes no sense. ...
(microsoft.public.windows.server.sbs)
Re: SBS 2003 Misconfigured?
... Yeah, maybe it's not that different from the Netgear, for all that. ... that when I first used the Netgear router with SBS 2003, ... tech spend 4+ hours on my system, and then tell me to enable DHCP ... more than one SBS server in a company makes no sense. ...
(microsoft.public.windows.server.sbs)
Re: How do I configure SBS 2003 as a DHCP server?
... To disable the private "LAN" side DHCP service (not the DHCP service on the ... of the PPPoE adapter and enable your Speedstream as a DSL modem and router. ... For the Vista computer to interact with SBS, ... Windows Small Business Server 2003: ...
(microsoft.public.windows.server.sbs)
Re: Urgent! New router and big disaster
... OK, yes, I've struck a router which would only allow DHCP clients access to ... no internet connection from the server. ...
(microsoft.public.windows.server.sbs)
Packet cap diff... for classic dhcp over winxp s/w bridge prob.
... the server simultaneously. ... DHCP Discover - Transaction ID 0xe5448fbb ... Time delta from previous packet: ... Time since reference or first frame: ...
(comp.os.linux.networking)