[Dnsmasq-discuss] assigning IP addresses to secondary subnets on the same vlan via dhcp relay

znuffy at gmail.com znuffy at gmail.com
Sun Nov 20 16:18:44 UTC 2022 

On Sun, Nov 20, 2022 at 2:34 AM Geert Stappers via Dnsmasq-discuss
<dnsmasq-discuss at lists.thekelleys.org.uk> wrote:
>
> On Sun, Nov 20, 2022 at 12:00:19AM +0200, znuffy at gmail.com wrote:
> > Hello,
> >
> > I've been struggling with this issue for over a year, and I'm still
> > not sure if this is a limitation of dnsmasq or I'm doing something
> > wrong.
> >
> > Situation:
> >
> > - core switch (Brocade)
> > - dnsmasq 2.87 running on a VM, IP address 10.11.19.20/24
> > - the core switch is configured to use the dnsmasq box as an "ip
> >   helper" (ie: dhcp relay)
> > - we have multiple /24's on specific VLANs
> >
> > The issue is that we can NOT assign IPs to any other than the primary
> > subnet of the vlan (ve interface) -- hence forward as BB.BB.93.5/24
>
> Please elaborate that "forward".

I meant "from this point on".

> > Relevant config of the interface on the switch:
> >
> >     SSH at core01(config-vif-501)#sh run int ve 501
> >     interface ve 501
> >     vrf forwarding core01
> >     ip address AA.AA.152.1 255.255.255.0
> >     ip address AA.AA.153.1 255.255.255.0
> >     ip address AA.AA.155.1 255.255.255.128
> >     ip address BB.BB.18.1 255.255.255.0
> >     ip address BB.BB.93.1 255.255.255.0
> >     no ip redirect
> >     ip helper-address 1 10.11.19.20
> >     --- snip ---
> >     !
> >
> > Relevant dnsmasq config:
> >
> >     # Don't function as a DNS server:
> >     port=0
> >     log-dhcp
> >
> >     shared-network=10.11.19.20,AA.AA.152.0
> >
> >     # TFTP Configuration
> >     enable-tftp
> >     tftp-root=/srv/pxe
> >     # -- removed irrelevant bootp/tftp stuff
> >
> >     # Set ranges and tags
> >     dhcp-range=set:405,10.11.19.0,static,255.255.255.0,1h
> >
> >     dhcp-range=set:501a,AA.AA.152.0,static,255.255.255.0,5m
> >     dhcp-range=set:501b,AA.AA.153.0,static,255.255.255.0,5m
> >     dhcp-range=set:501c,AA.AA.155.0,static,255.255.255.128,5m
> >     dhcp-range=set:501d,BB.BB.18.1,static,255.255.255.0,5m
> >     dhcp-range=set:501e,BB.BB.93.0,static,255.255.255.0,5m
> >
> >     # Set Netmask
> >     dhcp-option=tag:405,option:netmask,255.255.255.0
> >
> >     dhcp-option=tag:501a,option:netmask,255.255.255.0
> >     dhcp-option=tag:501b,option:netmask,255.255.255.0
> >     dhcp-option=tag:501c,option:netmask,255.255.255.128
> >     dhcp-option=tag:501d,option:netmask,255.255.255.0
> >     dhcp-option=tag:501e,option:netmask,255.255.255.0
> >
> >     # Set default gateway
> >     dhcp-option=tag:405,option:router,10.11.19.1
> >
> >     dhcp-option=tag:501a,option:router,AA.AA.152.1
> >     dhcp-option=tag:501b,option:router,AA.AA.153.1
> >     dhcp-option=tag:501c,option:router,AA.AA.155.1
> >     dhcp-option=tag:501d,option:router,BB.BB.18.1
> >     dhcp-option=tag:501e,option:router,BB.BB.93.1
> >
> >     # --- hosts ---
> >     dhcp-host=00:50:56:86:71:14,BB.BB.93.5,pxe-host
> >
> > This results into the following message in the logs:
> >
> > Nov 19 23:51:02 dnsmasq[1611436]: started, version 2.87 DNS disabled
> > Nov 19 23:51:02 dnsmasq[1611436]: compile time options: IPv6
> > GNU-getopt DBus no-UBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack
> > ipset nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
> > Nov 19 23:51:02 dnsmasq-dhcp[1611436]: DHCP, static leases only on AA.AA.155.0, lease time 5m
> > Nov 19 23:51:02 dnsmasq-dhcp[1611436]: DHCP, static leases only on BB.BB.93.0, lease time 5m
> > Nov 19 23:51:02 dnsmasq-dhcp[1611436]: DHCP, static leases only on BB.BB.18.1, lease time 5m
> > Nov 19 23:51:02 dnsmasq-dhcp[1611436]: DHCP, static leases only on AA.AA.155.0, lease time 5m
> > Nov 19 23:51:02 dnsmasq-dhcp[1611436]: DHCP, static leases only on AA.AA.153.0, lease time 5m
> > Nov 19 23:51:02 dnsmasq-dhcp[1611436]: DHCP, static leases only on AA.AA.152.0, lease time 5m
> > Nov 19 23:51:02 dnsmasq-dhcp[1611436]: DHCP, static leases only on 10.11.19.0, lease time 1h
> > Nov 19 23:51:02 dnsmasq-tftp[1611436]: TFTP root is /srv/pxe
> > Nov 19 23:51:07 dnsmasq-dhcp[1611436]: 388452072 available DHCP subnet: AA.AA.152.0/255.255.255.0
> > Nov 19 23:51:07 dnsmasq-dhcp[1611436]: 388452072 vendor class: PXEClient:Arch:00007:UNDI:003000
> > Nov 19 23:51:07 dnsmasq-dhcp[1611436]: 388452072 DHCPDISCOVER(ens160) 00:50:56:86:71:14 no address available
> > Nov 19 23:51:11 dnsmasq-dhcp[1611436]: 388452072 available DHCP subnet: AA.AA.152.0/255.255.255.0
> > Nov 19 23:51:11 dnsmasq-dhcp[1611436]: 388452072 vendor class: PXEClient:Arch:00007:UNDI:003000
> > Nov 19 23:51:11 dnsmasq-dhcp[1611436]: 388452072 DHCPDISCOVER(ens160) 00:50:56:86:71:14 no address available
> > Nov 19 23:51:19 dnsmasq-dhcp[1611436]: 388452072 available DHCP subnet: AA.AA.152.0/255.255.255.0
> > Nov 19 23:51:19 dnsmasq-dhcp[1611436]: 388452072 vendor class: PXEClient:Arch:00007:UNDI:003000
> > Nov 19 23:51:19 dnsmasq-dhcp[1611436]: 388452072 DHCPDISCOVER(ens160) 00:50:56:86:71:14 no address available
> > Nov 19 23:51:35 dnsmasq-dhcp[1611436]: 388452072 available DHCP subnet: AA.AA.152.0/255.255.255.0
> > Nov 19 23:51:35 dnsmasq-dhcp[1611436]: 388452072 vendor class: PXEClient:Arch:00007:UNDI:003000
> > Nov 19 23:51:35 dnsmasq-dhcp[1611436]: 388452072 DHCPDISCOVER(ens160) 00:50:56:86:71:14 no address available
> >
> > Relevant tpcdump of the received DHCP Package:
> >
> > 23:51:02.144340 08:35:71:f0:fa:c1 > 00:50:56:a6:fd:79, ethertype IPv4
> > (0x0800), length 389: (tos 0x1,ECT(1), ttl 63, id 16378, offset 0,
> > flags [none], proto UDP (17), length 375)
> >     10.11.20.1.67 > 10.11.19.20.67: [udp sum ok] BOOTP/DHCP, Request
> > from 00:50:56:86:71:14, length 347, hops 1, xid 0xbb4e1961, secs 28,
> > Flags [Broadcast] (0x8000)
> >           Gateway-IP AA.AA.152.1
> >           Client-Ethernet-Address 00:50:56:86:71:14
> >           Vendor-rfc1048 Extensions
> >             Magic Cookie 0x63825363
> >             DHCP-Message Option 53, length 1: Discover
> >             MSZ Option 57, length 2: 1472
> >             Parameter-Request Option 55, length 35:
> >               Subnet-Mask, Time-Zone, Default-Gateway, Time-Server
> >               IEN-Name-Server, Domain-Name-Server, Hostname, BS
> >               Domain-Name, RP, EP, RSZ
> >               TTL, BR, YD, YS
> >               NTP, Vendor-Option, Requested-IP, Lease-Time
> >               Server-ID, RN, RB, Vendor-Class
> >               TFTP, BF, GUID, Option 128
> >               Option 129, Option 130, Option 131, Option 132
> >               Option 133, Option 134, Option 135
> >             GUID Option 97, length 17: 0.66.6.201.133.10.9.24.55.187.178.66.116.65.71.167.235
> >             NDI Option 94, length 3: 1.3.0
> >             ARCH Option 93, length 2: 7
> >             Vendor-Class Option 60, length 32: "PXEClient:Arch:00007:UNDI:003000"
> >
> > Any help/suggestions on what to do next?
>
> Consider to sent the completer configuration.
> Karma bonuspoints for not malforming it.
>
>
> > Is this just a misconfiguration issue on my side
> > or it's something that dnsmasq can't/won't do?
>
> Or another possibility.

As these things go, obviously after struggling with this issue for
years, as soon as I inquire about it I end up finding the solution
myself in the next 30 minutes.

The issue was me not completely understanding the "shared-network"
option. Once I've set this to:

shared-network=AA.AA.152.1,BB.BB.93.0

It worked right out of the gate.

My only confusion right now is if this is a repeatable option and if I
have to specify all my secondary/tertiary etc. subnets with this
option. I didn't exactly understand it from the man page.

> Groeten
> Geert Stappers
> --
> Silence is hard to parse
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list