DHCP Management Across a Diversified Network?

ET Admin writes "I work for a small Wireless ISP, where we are deploying new network hardware to allow for growth and contain broadcast traffic. All routing/switching equipment is Cisco. We use Linux stand-alone boxes and VMs (running on Win 2003 boxes). We have decided on a hybrid VLAN layout where we have certain VLANs limited by location, and other VLANs that are global across the network. And I want DHCP served across it all. Does anyone have experience with IPAM software that handles multiple DHCP servers? Our network is small so spending a couple grand is overkill at this point. Any recomendations to help me decide between serving DHCP from the Nix boxes, or from the Cisco gear? Knowing that a single DHCP server will handle from 100-500 hosts."

DHCP Relaying

setup DHCP Relaying on the switches to forward/relay all dhcp request across the vlans and subnets to one (or two) dhcp servers

Re:DHCP Relaying

[TaliesinWI]

Done in one. You can even train ISC DHCP to give out different pools based on the primary IP address of the gateway for a particular VLAN. At that point all you have to worry about are keeping the pools "fed".

Re:DHCP Relaying

DHCP Relay Agent in Cisco Routers

Cisco Routers support DHCP Relay Agents with ip helper-address command. To enable the ip helper-address on an interface that will receive client BOOTP/DHCP broadcasts.

From the Global configuration mode,

Router(config)# interface fa 0/0

Router(config-if)# ip helper-addres 10.10.10.1

Router(config-if)# ip helper-addres 10.10.10.2

Re:DHCP Relaying

[cr0nj0b]

Or two dhcp servers. Just in case the path to the first dhcp server is unavailable

http://www.madboa.com/geek/dhcp-failover/

Re:DHCP Relaying

[Curien]

This is definitely the way to go. If for some reason you cannot do this (as was once the case for me*), you can set up a PC on the network segment to act as a DHCP relay (the ISC DHCP distribution comes with a relay agent). On a network where we had more control, we set up a tunnel between the routers to forward the DHCP packets.

* The network involved military encryption devices which could not be configured to forward broadcast packets. I put together a Linux system that booted from a floppy, used arping to figure out the IP address of the router (to determine which network segment it was on), read a config file from the floppy that contained the segment-specific settings, and started the dhcrelay process. Since the system ran entirely from a ramdisk, the security office allowed us to leave it on even when the area was secured.

Re:DHCP Relaying

[Curien]

One of my main goals in this design is to limit broadcasts outside of each subnet, and ip helper obviously punches a hole in that philosophy.

ip helper doesn't forward as broadcasts. When the router on the host's segment detects the broadcast DHCP request, it forwards it directly to the next hop (just like any router does with a non-broadcast packet).

I have the solution you need...

[poptix_work]

http://lmgtfy.com/?q=cisco+dhcp+relay&l=1

You can easily run hundreds of thousands of hosts off a single DHCP server. It is not cpu intensive particularly if you have a decent lease duration.

Re:I have the solution you need...

[poptix_work]

Also, here's a small sample config for serving a particular pool on a particular interface (which would be the vlan "interface" on the Cisco), easily found on Google:

class "vlan1234"
{
                match if
                (
                                (binary-to-ascii(16, 8, ".", option agent.remote-id) = "0.15.63.ab.52.16") # This is the MAC of the switch
                                and
                                (binary-to-ascii (10,8, ".", option agent.circuit-id) = "0.0.0.47") # This is the interface number
                );
}

pool {
                range 192.168.100.5 192.168.100.254;
                max-lease-time 300;

                option subnet-mask 255.255.255.0;
                option routers 192.168.100.1;
                allow members of "vlan1234";
}

phpdhcpadmin

Someone in house here created it, and we use it across multiple vlans from a Gentoo box. It uses the ISC DHCPD server.

http://phpdhcpadmin.sourceforge.net

Re:Go IPV6 and leave DHCP in the dust

[Imagix]

Ahem... never heard of RFC 3315? DHCPv6 still has a place in an IPv6 network.

DNSMasq

[TheRealMindChild]

DNSMasq. Nuff said.

Some VLAN's globally???

[cdogg4ya]

I don't know enough about your environment but hopefully you know that that isn't a possibility across Layer 3 devices (and when I say VLAN's, I assume that you are talking about an IP segment and not just a VLAN number). That said the "ip dhcp helper" or DHCP relay I think is what you are looking for. This way you can have 1 DHCP server serving numerous VLAN's or L3 IP segments. If you have more specific questions feel free to reach out to me.

Carl Fugate
carl@iprouteradmin.com
BLOG: www.iprouteradmin.com
Router Lab: www.onlinerouterlab.com

Carnegie Mellon's NetReg

[vitroth]

Carnegie Mellon's NetReg is an open source system that provides a pretty complete IP Address Management toolset, including management of DNS & DHCP configurations for ISC bind/dhcpd. It can manage ISC dhcpd's failover configuration, and multiple server groups, etc.

Rather then just repeating what I've said before when the subject of IP Address Management came up on slashdot, I'll just link to it.

Note: While the project has been pretty quiet for quite some time now, thats mostly because its the system is very stable and there hasn't been a lot of major new development in the last couple of years. I used to be one of the core developers of the system before I moved on to another job, but its still in active use by many sites.