From: Cedric W. <ce...@op...> - 2005-05-31 15:06:10
|
I'm a new network admin with a fairly big project who is also = unfortunately completely new to Linux. I'm a little overwhelmed by the = mountain of documents, books, and Linux distros I'm trying to get = through so please bear with me. Uninterrupted internet connection is critical for my company and we have = two ADSL links going out. I've been thinking about setting up a DL based = router & DHCP server behind each ADSL modem and each is linked to two = subnets as well as to each other. (Diagram: = http://members.optushome.com.au/cedricw1/diagram1.jpg ) My questions = are: 1) I've heard that DHCP servers in Linux can't deal with a configuration = like this, with one server responsible for two different subnets = directly connected to it, because the requester hands out = 255.255.255.255 as the reply address and the server somehow can't figure = out which physical NIC it came from. Is this true with the one in DL? If = it is what if I use a relay agent in the routers and put the DHCP server = in one of the subnets? 2) Normally the routers should route their two subnets to their own ADSL = connections, but when one link goes down it is possible to have the = router automatically route its traffic to its neigbour instead? I'm not = familiar with dynamic routing and routing protocols so are these the = right things I should do more research on? 3) The other sticking point is there will be web servers, DNS servers as = well as normal users on different subnets. When the users ask the DNS = server for a site hosted internally they will obviously be given the = external address of the ADSL connection, unless I set up a dedicated = internal DNS which I'm trying to avoid. With the commercial SOHO ADSL = routers we currently have this just doesn't work when the server and = user are on the same subnet. So will the DL based routers work if... =20 3a) the client and web server are connected to different routers = and, 3b) they are connected to the same router but different subnet? 3c) same subnet? Thanks very much for your help! Much appreciated! Cedric |
From: Martin H. <ma...@ho...> - 2005-05-31 17:58:33
|
Hi, >I'm a new network admin with a fairly big project who is also >unfortunately completely new to Linux. I'm a little overwhelmed by the >mountain of documents, books, and Linux distros I'm trying to get through >so please bear with me. you might try switching to text only as a start :-) >Uninterrupted internet connection is critical for my company and we have >two ADSL links going out. I've been thinking about setting up a DL based >router & DHCP server behind each ADSL modem and each is linked to two >subnets as well as to each other. (Diagram: ><http://members.optushome.com.au/cedricw1/diagram1.jpg>http://members.optushome.com.au/cedricw1/diagram1.jpg ) >My questions are: why don't you bond these 2 DSL lines togehter? are these different ISPs? do they offer static IP or dynamic IP addresses? if it is the same ISP: does he offer some sort of failover? >2) Normally the routers should route their two subnets to their own ADSL >connections, but when one link goes down it is possible to have the >router automatically route its traffic to its neigbour instead? I'm not >familiar with dynamic routing and routing protocols so are these the right >things I should do more research on? > automatic failover is a tricky thing and you might reconsider what you want, esp when you have servers behind your DSL. >3) The other sticking point is there will be web servers, DNS servers as >well as normal users on different subnets. IP from DSL A web server behind NAT with portforwading on IP from ISP with DSL A DSL A goes down. what happens with your webserver? it will be offline >When the users ask the DNS server for a site hosted internally they will >obviously be given the external address of the ADSL connection, unless I >set up a dedicated internal DNS which I'm trying to avoid. why? set up a DNS caching server on your DL box. #m |
From: Cedric W. <ce...@op...> - 2005-05-31 18:17:40
|
>>Uninterrupted internet connection is critical for my company and we have >>two ADSL links going out. I've been thinking about setting up a DL based >>router & DHCP server behind each ADSL modem and each is linked to two >>subnets as well as to each other. (Diagram: >><http://members.optushome.com.au/cedricw1/diagram1.jpg>http://members.optushome.com.au/cedricw1/diagram1.jpg >> ) >>My questions are: > > > > why don't you bond these 2 DSL lines togehter? > are these different ISPs? do they offer static IP or dynamic IP addresses? > if it is the same ISP: does he offer some sort of failover? > They are from different ISPs and yes they both have static IP. >>3) The other sticking point is there will be web servers, DNS servers as >>well as normal users on different subnets. > > > IP from DSL A > web server behind NAT with portforwading on IP from ISP with DSL A > DSL A goes down. > what happens with your webserver? it will be offline > If I remember correctly I was asked to supply two DNS server addresses when I registered the domain name. What if the Primary and Secondary DNS servers have different records? When Link A goes down outsiders can still contact the secondary server through Link B and they can still fetch the web pages through it, or so I reckon anyway. > >>When the users ask the DNS server for a site hosted internally they will >>obviously be given the external address of the ADSL connection, unless I >>set up a dedicated internal DNS which I'm trying to avoid. > > > why? set up a DNS caching server on your DL box. > I'm not familiar with DNS caching and I'm take a look at it. Thanks for the pointer. Cedric |
From: Martin H. <ma...@ho...> - 2005-06-01 06:16:47
|
>> why don't you bond these 2 DSL lines togehter? >> are these different ISPs? do they offer static IP or dynamic IP addresses? >> if it is the same ISP: does he offer some sort of failover? > >They are from different ISPs and yes they both have static IP. > ok >> IP from DSL A >> web server behind NAT with portforwading on IP from ISP with DSL A >> DSL A goes down. >> what happens with your webserver? it will be offline > >If I remember correctly I was asked to supply two DNS server addresses when >I registered the domain name. What if the Primary and Secondary DNS servers >have different records? this is not the idea of DNS >When Link A goes down outsiders can still contact >the secondary server through Link B and they can still fetch the web pages >through it, or so I reckon anyway. nah, half of the people will still try to connect via the IP where the link is down and can't reach the server. #m |
From: Andres J. <gan...@gm...> - 2005-06-01 09:51:51
|
> >When Link A goes down outsiders can still contact > >the secondary server through Link B and they can still fetch the web pag= es > >through it, or so I reckon anyway. >=20 > nah, half of the people will still try to connect via the IP where the li= nk > is down and can't reach the server. >=20 But at least half of the people will reach it. If "Uninterrupted internet connection is critical" that is not a too bad id= ea. A better solution will be having two domains (yourcompany.com and your company.net, for example). Each one pointing to one IP address. Users/customers can be advised that if yourcompany.com is not available they would try with yourcompany.net. That option can also be used as the easiest way of load balancing. If you say to your users/customers that both domains can be used when the performance is low in one domain they will switch to the other one. |
From: Martin H. <ma...@ho...> - 2005-06-01 10:13:58
|
At 10:51 Uhr +0100 01.06.2005, Andres Jimenez wrote: >> >When Link A goes down outsiders can still contact >> >the secondary server through Link B and they can still fetch the web pages >> >through it, or so I reckon anyway. >> >> nah, half of the people will still try to connect via the IP where the link >> is down and can't reach the server. >> >But at least half of the people will reach it. half is not good enough IMHO, but YMMV. >If "Uninterrupted internet connection is critical" that is not a too bad idea. you still lose 50%. and what do you do with email? >A better solution will be having two domains (yourcompany.com and your >company.net, for example). Each one pointing to one IP address. >Users/customers can be advised that if yourcompany.com is not >available they would try with yourcompany.net. >That option can also be used as the easiest way of load balancing. If >you say to your users/customers that both domains can be used when the >performance is low in one domain they will switch to the other one. then you have well educated customers :-) #m |
From: Andres J. <gan...@gm...> - 2005-06-01 10:38:02
|
2005/6/1, Martin Hotze <ma...@ho...>: > At 10:51 Uhr +0100 01.06.2005, Andres Jimenez wrote: > >> >When Link A goes down outsiders can still contact > >> >the secondary server through Link B and they can still fetch the web = pages > >> >through it, or so I reckon anyway. > >> > >> nah, half of the people will still try to connect via the IP where the= link > >> is down and can't reach the server. > >> > >But at least half of the people will reach it. >=20 > half is not good enough IMHO, but YMMV. >=20 > >If "Uninterrupted internet connection is critical" that is not a too bad= idea. >=20 > you still lose 50%. >=20 > and what do you do with email? >=20 I know using that config you are still losing, but what you prefer: losing 100% or 50%? The other option is another machine (with another IP) doing load balancing to both IP addresses, but the problem could be the worst. If the load balancing machines goes down (because of hardware, IP connection problem or whatever) you lose ALL your traffic. > >A better solution will be having two domains (yourcompany.com and your > >company.net, for example). Each one pointing to one IP address. > >Users/customers can be advised that if yourcompany.com is not > >available they would try with yourcompany.net. > >That option can also be used as the easiest way of load balancing. If > >you say to your users/customers that both domains can be used when the > >performance is low in one domain they will switch to the other one. >=20 > then you have well educated customers :-) You can always find users that like using the system in a different way if they can get a 1% improve in the performance. When a problem appears these guys often teach the others users. I think the two domain option is the less bad solution without using more machines&IPs. --=20 Andres Jimenez |
From: <Her...@sp...> - 2005-06-01 17:33:18
|
Hi Maybe I am missing something, but I was always under the impression that if you have multiple A records for one host, the client software such as a web browser is supposed to use the first available address (in tearms of reachability of the server) the DNS server in turn should allways rotate the order of the addresses when it answers for subsequent requests. If this is the case, you should be fine, setting up two different IP's on different connections and routing them to the same internal server. For MX records, I'm sure: When you set up MX records you allway specify a priority. When some server delivers mail to your domainit will get all MX records form DNS and then try to deliver the mail to the host with the most MX priority (the lowest number in the MX records). If this first server is not avilable, it will try the next server and so on, until it succeeds or there are no more MS records. This means, there is no need to swap arround DNS settings, if one of the lines is down, failover is managed over the DNS records. Please tell me, if I'm toatlly wrong about the A records. dev...@li... wrote on 01.06.2005 12:37:46: > 2005/6/1, Martin Hotze <ma...@ho...>: > > At 10:51 Uhr +0100 01.06.2005, Andres Jimenez wrote: > > >> >When Link A goes down outsiders can still contact > > >> >the secondary server through Link B and they can still fetch > the web pages > > >> >through it, or so I reckon anyway. > > >> > > >> nah, half of the people will still try to connect via the IP > where the link > > >> is down and can't reach the server. > > >> > > >But at least half of the people will reach it. > > > > half is not good enough IMHO, but YMMV. > > > > >If "Uninterrupted internet connection is critical" that is not a > too bad idea. > > > > you still lose 50%. > > > > and what do you do with email? > > > > I know using that config you are still losing, but what you prefer: > losing 100% or 50%? > The other option is another machine (with another IP) doing load > balancing to both IP addresses, but the problem could be the worst. If > the load balancing machines goes down (because of hardware, IP > connection problem or whatever) you lose ALL your traffic. > > > >A better solution will be having two domains (yourcompany.com and your > > >company.net, for example). Each one pointing to one IP address. > > >Users/customers can be advised that if yourcompany.com is not > > >available they would try with yourcompany.net. > > >That option can also be used as the easiest way of load balancing. If > > >you say to your users/customers that both domains can be used when the > > >performance is low in one domain they will switch to the other one. > > > > then you have well educated customers :-) > > You can always find users that like using the system in a different > way if they can get a 1% improve in the performance. When a problem > appears these guys often teach the others users. > > I think the two domain option is the less bad solution without using > more machines&IPs. > > > -- > Andres Jimenez > > > ------------------------------------------------------- > This SF.Net email is sponsored by Yahoo. > Introducing Yahoo! Search Developer Network - Create apps using Yahoo! > Search APIs Find out how you can build Yahoo! directly into your own > Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
From: Cedric W. <ce...@op...> - 2005-06-02 16:14:23
|
Thanks for all the suggestions and hints so far. Does anybody have = pointers for me regarding the first question? Cedric ----- Original Message -----=20 From: Cedric Wong=20 To: dev...@li...=20 Sent: Wednesday, June 01, 2005 1:06 AM Subject: [Devil-Linux-discuss] First Timer's Questions (Routing & = DHCP) I'm a new network admin with a fairly big project who is also = unfortunately completely new to Linux. I'm a little overwhelmed by the = mountain of documents, books, and Linux distros I'm trying to get = through so please bear with me. Uninterrupted internet connection is critical for my company and we = have two ADSL links going out. I've been thinking about setting up a DL = based router & DHCP server behind each ADSL modem and each is linked to = two subnets as well as to each other. (Diagram: = http://members.optushome.com.au/cedricw1/diagram1.jpg ) My questions = are: 1) I've heard that DHCP servers in Linux can't deal with a = configuration like this, with one server responsible for two different = subnets directly connected to it, because the requester hands out = 255.255.255.255 as the reply address and the server somehow can't figure = out which physical NIC it came from. Is this true with the one in DL? If = it is what if I use a relay agent in the routers and put the DHCP server = in one of the subnets? 2) Normally the routers should route their two subnets to their own = ADSL connections, but when one link goes down it is possible to have the = router automatically route its traffic to its neigbour instead? I'm not = familiar with dynamic routing and routing protocols so are these the = right things I should do more research on? 3) The other sticking point is there will be web servers, DNS servers = as well as normal users on different subnets. When the users ask the DNS = server for a site hosted internally they will obviously be given the = external address of the ADSL connection, unless I set up a dedicated = internal DNS which I'm trying to avoid. With the commercial SOHO ADSL = routers we currently have this just doesn't work when the server and = user are on the same subnet. So will the DL based routers work if... =20 3a) the client and web server are connected to different routers = and, 3b) they are connected to the same router but different subnet? 3c) same subnet? Thanks very much for your help! Much appreciated! Cedric -------------------------------------------------------------------------= ----- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.3.0 - Release Date: 30/05/2005 |
From: Kari M. <ka...@tr...> - 2005-06-02 17:19:41
|
Cedric Wong wrote: > Thanks for all the suggestions and hints so far. Does anybody have > pointers for me regarding the first question? > > Cedric > > > 1) I've heard that DHCP servers in Linux can't deal with a > configuration like this, with one server responsible for two > different subnets directly connected to it, because the requester > hands out 255.255.255.255 as the reply address and the server > somehow can't figure out which physical NIC it came from. Is this > true with the one in DL? If it is what if I use a relay agent in the > routers and put the DHCP server in one of the subnets? What if you create /etc/dhcpd-eth0.conf, and /etc/dhcpd-eth1.conf, then cd /etc/init.d mv dhcpd dhcpd-eth0 cp dhcpd-eth0 dhcpd-eth1 Then you edit both scripts to only listen to eth0/eth1, and use a corresponding /etc/dhcpd-ethN.conf. You may also have to tinker with the .pid file setting - they have to be separate. Don't forget to edit those .conf files, too. save-config -q reboot ...and test it. Be aware, that when you upgrade your configuration, there will be a surplus /etc/init.d/dhcpd startup script, which comes with the new default configuration. Theoretically you should manually migrate any relevant changes to your scripts. This migration should only be needed, if dhcpd version is (radically) different from the current one. |
From: Fred F. <ffr...@lo...> - 2005-06-02 17:29:47
Attachments:
smime.p7s
|
What he is talking about is having to logical networks on the same physical cable. Unless he is doing some kind of vlan, then the dhcp broadcast should be to 255.255.255.255 however I think microsoft breaks the protocol and broadcast to the machines' subnet (e.x. 192.168.1.255) which allows their server to figure out what to serve. It may be that more modern Linux dhcp servers can emulate that bad behavior, but I don't know. I haven't done soemthing like thsi since 1997 or so. :) If he is using vlans then the it doesn't matter because even though the broadcast is to 255.255.255.255 the switch is routing the packet to the correct interface (or virtual interface) and you can have the server issuing 192.168.1.0 on vlan0 and 192.168.2.0 on vlan1 and everything is OK. vlans are a pain though. The question should be why the need to run two subnets on the same wire? If you are using a private network then put them all on the same. If you have too much traffic then split the traffic with a router on different wires or you are not doing much to improve that problem. If you are trying to keep information separate then running on the same physical network doesn;t fix much since anyone capable of doing anything will be able to see the traffic for both networks (that is where vlans help though since each interface sees the traffic of the vlan the switch is configured to send there only). Hope this helps, there may be outdated information on this answer but hopefully you can look at some more modern howto's or even at the home page of the dhcp program you are using. Kari Mattsson wrote: > Cedric Wong wrote: > >> Thanks for all the suggestions and hints so far. Does anybody have >> pointers for me regarding the first question? >> >> Cedric >> >> 1) I've heard that DHCP servers in Linux can't deal with a >> configuration like this, with one server responsible for two >> different subnets directly connected to it, because the requester >> hands out 255.255.255.255 as the reply address and the server >> somehow can't figure out which physical NIC it came from. Is this >> true with the one in DL? If it is what if I use a relay agent in the >> routers and put the DHCP server in one of the subnets? > > > What if you create /etc/dhcpd-eth0.conf, and /etc/dhcpd-eth1.conf, then > > cd /etc/init.d > mv dhcpd dhcpd-eth0 > cp dhcpd-eth0 dhcpd-eth1 > > Then you edit both scripts to only listen to eth0/eth1, and use a > corresponding /etc/dhcpd-ethN.conf. You may also have to tinker with the > .pid file setting - they have to be separate. > > Don't forget to edit those .conf files, too. > > save-config -q > reboot > > ...and test it. > > Be aware, that when you upgrade your configuration, there will be a > surplus /etc/init.d/dhcpd startup script, which comes with the new > default configuration. Theoretically you should manually migrate any > relevant changes to your scripts. This migration should only be needed, > if dhcpd version is (radically) different from the current one. > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Yahoo. > Introducing Yahoo! Search Developer Network - Create apps using Yahoo! > Search APIs Find out how you can build Yahoo! directly into your own > Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Fred Frigerio Locust USA This electronic message transmission contains information from Locust USA which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us by telephone (305-889-5410) or by reply via electronic mail immediately. |
From: Eric C. <me...@is...> - 2005-06-02 18:33:35
|
anyone suggested the use of subinterfaces yet ? I really do not have experience about setting up a linux dhcp server, but i know about the theory, so if i'm wrong, please someone tell me. anyways, if you have 2 lans on the same wire, I would use 2 subinterfaces on that physical interface... (eth0:1 eth0:2...) then i would configure the ips of the interfaces and the DHCP to work on these 2 networks... that's it Eric Fred Frigerio <ffr...@lo...> said: > What he is talking about is having to logical networks on the same > physical cable. Unless he is doing some kind of vlan, then the dhcp > broadcast should be to 255.255.255.255 however I think microsoft breaks > the protocol and broadcast to the machines' subnet (e.x. 192.168.1.255) > which allows their server to figure out what to serve. > > It may be that more modern Linux dhcp servers can emulate that bad > behavior, but I don't know. I haven't done soemthing like thsi since > 1997 or so. :) > > If he is using vlans then the it doesn't matter because even though the > broadcast is to 255.255.255.255 the switch is routing the packet to the > correct interface (or virtual interface) and you can have the server > issuing 192.168.1.0 on vlan0 and 192.168.2.0 on vlan1 and everything is > OK. vlans are a pain though. > > The question should be why the need to run two subnets on the same wire? > If you are using a private network then put them all on the same. If you > have too much traffic then split the traffic with a router on different > wires or you are not doing much to improve that problem. If you are > trying to keep information separate then running on the same physical > network doesn;t fix much since anyone capable of doing anything will be > able to see the traffic for both networks (that is where vlans help > though since each interface sees the traffic of the vlan the switch is > configured to send there only). > > Hope this helps, there may be outdated information on this answer but > hopefully you can look at some more modern howto's or even at the home > page of the dhcp program you are using. > > Kari Mattsson wrote: > > Cedric Wong wrote: > > > >> Thanks for all the suggestions and hints so far. Does anybody have > >> pointers for me regarding the first question? > >> > >> Cedric > >> > >> 1) I've heard that DHCP servers in Linux can't deal with a > >> configuration like this, with one server responsible for two > >> different subnets directly connected to it, because the requester > >> hands out 255.255.255.255 as the reply address and the server > >> somehow can't figure out which physical NIC it came from. Is this > >> true with the one in DL? If it is what if I use a relay agent in the > >> routers and put the DHCP server in one of the subnets? > > > > > > What if you create /etc/dhcpd-eth0.conf, and /etc/dhcpd-eth1.conf, then > > > > cd /etc/init.d > > mv dhcpd dhcpd-eth0 > > cp dhcpd-eth0 dhcpd-eth1 > > > > Then you edit both scripts to only listen to eth0/eth1, and use a > > corresponding /etc/dhcpd-ethN.conf. You may also have to tinker with the > > .pid file setting - they have to be separate. > > > > Don't forget to edit those .conf files, too. > > > > save-config -q > > reboot > > > > ...and test it. > > > > Be aware, that when you upgrade your configuration, there will be a > > surplus /etc/init.d/dhcpd startup script, which comes with the new > > default configuration. Theoretically you should manually migrate any > > relevant changes to your scripts. This migration should only be needed, > > if dhcpd version is (radically) different from the current one. > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by Yahoo. > > Introducing Yahoo! Search Developer Network - Create apps using Yahoo! > > Search APIs Find out how you can build Yahoo! directly into your own > > Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 > > _______________________________________________ > > Devil-linux-discuss mailing list > > Dev...@li... > > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > -- > Fred Frigerio > Locust USA > > This electronic message transmission contains information from Locust > USA which may be confidential or privileged. The information is > intended to be for the use of the individual or entity named above. If > you are not the intended recipient, be aware that any disclosure, > copying, distribution or use of the contents of this information is > prohibited. If you have received this electronic transmission in error, > please notify us by telephone (305-889-5410) or by reply via electronic > mail immediately. > -- ------------------------------- Eric Constantineau b.ing. ccna me...@is... http://mekanik.propel.to |
From: Fred F. <ffr...@lo...> - 2005-06-02 20:37:08
Attachments:
smime.p7s
|
I think the problem is still that they are on the same wire, so unless the packets are tagged somehow, then they are identical. A computer just coming up on the network should send a broadcast to 255.255.255.255 asking for a dhcp with a 0.0.0.0 source. The server replies with an IP and remembers the MAC address of the machine. That is in a nutshell what happens (I think) :). So unless you bind IPs to MAC addresses in the configuration file then you may end up with all the machines on one network or assigned IPs at random. Again this is all old stuff I remember you may want to do some googling around to see if things are different today. Eric Constantineau wrote: > anyone suggested the use of subinterfaces yet ? > > I really do not have experience about setting up a linux dhcp server, but i > know about the theory, so if i'm wrong, please someone tell me. > > anyways, if you have 2 lans on the same wire, I would use 2 subinterfaces on > that physical interface... (eth0:1 eth0:2...) then i would configure the ips > of the interfaces and the DHCP to work on these 2 networks... > > that's it > > Eric > > > > Fred Frigerio <ffr...@lo...> said: > > >>What he is talking about is having to logical networks on the same >>physical cable. Unless he is doing some kind of vlan, then the dhcp >>broadcast should be to 255.255.255.255 however I think microsoft breaks >>the protocol and broadcast to the machines' subnet (e.x. 192.168.1.255) >>which allows their server to figure out what to serve. >> >>It may be that more modern Linux dhcp servers can emulate that bad >>behavior, but I don't know. I haven't done soemthing like thsi since >>1997 or so. :) >> >>If he is using vlans then the it doesn't matter because even though the >>broadcast is to 255.255.255.255 the switch is routing the packet to the >>correct interface (or virtual interface) and you can have the server >>issuing 192.168.1.0 on vlan0 and 192.168.2.0 on vlan1 and everything is >>OK. vlans are a pain though. >> >>The question should be why the need to run two subnets on the same wire? >>If you are using a private network then put them all on the same. If you >>have too much traffic then split the traffic with a router on different >>wires or you are not doing much to improve that problem. If you are >>trying to keep information separate then running on the same physical >>network doesn;t fix much since anyone capable of doing anything will be >>able to see the traffic for both networks (that is where vlans help >>though since each interface sees the traffic of the vlan the switch is >>configured to send there only). >> >>Hope this helps, there may be outdated information on this answer but >>hopefully you can look at some more modern howto's or even at the home >>page of the dhcp program you are using. >> >>Kari Mattsson wrote: >> >>>Cedric Wong wrote: >>> >>> >>>>Thanks for all the suggestions and hints so far. Does anybody have >>>>pointers for me regarding the first question? >>>> >>>>Cedric >>>> >>>> 1) I've heard that DHCP servers in Linux can't deal with a >>>> configuration like this, with one server responsible for two >>>> different subnets directly connected to it, because the requester >>>> hands out 255.255.255.255 as the reply address and the server >>>> somehow can't figure out which physical NIC it came from. Is this >>>> true with the one in DL? If it is what if I use a relay agent in the >>>> routers and put the DHCP server in one of the subnets? >>> >>> >>>What if you create /etc/dhcpd-eth0.conf, and /etc/dhcpd-eth1.conf, then >>> >>>cd /etc/init.d >>>mv dhcpd dhcpd-eth0 >>>cp dhcpd-eth0 dhcpd-eth1 >>> >>>Then you edit both scripts to only listen to eth0/eth1, and use a >>>corresponding /etc/dhcpd-ethN.conf. You may also have to tinker with the >>>.pid file setting - they have to be separate. >>> >>>Don't forget to edit those .conf files, too. >>> >>>save-config -q >>>reboot >>> >>>...and test it. >>> >>>Be aware, that when you upgrade your configuration, there will be a >>>surplus /etc/init.d/dhcpd startup script, which comes with the new >>>default configuration. Theoretically you should manually migrate any >>>relevant changes to your scripts. This migration should only be needed, >>>if dhcpd version is (radically) different from the current one. >>> >>> >>> >>>------------------------------------------------------- >>>This SF.Net email is sponsored by Yahoo. >>>Introducing Yahoo! Search Developer Network - Create apps using Yahoo! >>>Search APIs Find out how you can build Yahoo! directly into your own >>>Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 >>>_______________________________________________ >>>Devil-linux-discuss mailing list >>>Dev...@li... >>>https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> >>-- >>Fred Frigerio >>Locust USA >> >>This electronic message transmission contains information from Locust >>USA which may be confidential or privileged. The information is >>intended to be for the use of the individual or entity named above. If >>you are not the intended recipient, be aware that any disclosure, >>copying, distribution or use of the contents of this information is >>prohibited. If you have received this electronic transmission in error, >>please notify us by telephone (305-889-5410) or by reply via electronic >>mail immediately. >> > > > > -- Fred Frigerio Locust USA This electronic message transmission contains information from Locust USA which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us by telephone (305-889-5410) or by reply via electronic mail immediately. |
From: Eric C. <me...@is...> - 2005-06-02 20:52:17
|
mmm, so how about using bootp instead of dhcp ? Fred Frigerio <ffr...@lo...> said: > I think the problem is still that they are on the same wire, so unless > the packets are tagged somehow, then they are identical. A computer just > coming up on the network should send a broadcast to 255.255.255.255 > asking for a dhcp with a 0.0.0.0 source. The server replies with an IP > and remembers the MAC address of the machine. That is in a nutshell what > happens (I think) :). > > So unless you bind IPs to MAC addresses in the configuration file then > you may end up with all the machines on one network or assigned IPs at > random. > > Again this is all old stuff I remember you may want to do some googling > around to see if things are different today. > > Eric Constantineau wrote: > > anyone suggested the use of subinterfaces yet ? > > > > I really do not have experience about setting up a linux dhcp server, but i > > know about the theory, so if i'm wrong, please someone tell me. > > > > anyways, if you have 2 lans on the same wire, I would use 2 subinterfaces on > > that physical interface... (eth0:1 eth0:2...) then i would configure the ips > > of the interfaces and the DHCP to work on these 2 networks... > > > > that's it > > > > Eric > > > > > > > > Fred Frigerio <ffr...@lo...> said: > > > > > >>What he is talking about is having to logical networks on the same > >>physical cable. Unless he is doing some kind of vlan, then the dhcp > >>broadcast should be to 255.255.255.255 however I think microsoft breaks > >>the protocol and broadcast to the machines' subnet (e.x. 192.168.1.255) > >>which allows their server to figure out what to serve. > >> > >>It may be that more modern Linux dhcp servers can emulate that bad > >>behavior, but I don't know. I haven't done soemthing like thsi since > >>1997 or so. :) > >> > >>If he is using vlans then the it doesn't matter because even though the > >>broadcast is to 255.255.255.255 the switch is routing the packet to the > >>correct interface (or virtual interface) and you can have the server > >>issuing 192.168.1.0 on vlan0 and 192.168.2.0 on vlan1 and everything is > >>OK. vlans are a pain though. > >> > >>The question should be why the need to run two subnets on the same wire? > >>If you are using a private network then put them all on the same. If you > >>have too much traffic then split the traffic with a router on different > >>wires or you are not doing much to improve that problem. If you are > >>trying to keep information separate then running on the same physical > >>network doesn;t fix much since anyone capable of doing anything will be > >>able to see the traffic for both networks (that is where vlans help > >>though since each interface sees the traffic of the vlan the switch is > >>configured to send there only). > >> > >>Hope this helps, there may be outdated information on this answer but > >>hopefully you can look at some more modern howto's or even at the home > >>page of the dhcp program you are using. > >> > >>Kari Mattsson wrote: > >> > >>>Cedric Wong wrote: > >>> > >>> > >>>>Thanks for all the suggestions and hints so far. Does anybody have > >>>>pointers for me regarding the first question? > >>>> > >>>>Cedric > >>>> > >>>> 1) I've heard that DHCP servers in Linux can't deal with a > >>>> configuration like this, with one server responsible for two > >>>> different subnets directly connected to it, because the requester > >>>> hands out 255.255.255.255 as the reply address and the server > >>>> somehow can't figure out which physical NIC it came from. Is this > >>>> true with the one in DL? If it is what if I use a relay agent in the > >>>> routers and put the DHCP server in one of the subnets? > >>> > >>> > >>>What if you create /etc/dhcpd-eth0.conf, and /etc/dhcpd-eth1.conf, then > >>> > >>>cd /etc/init.d > >>>mv dhcpd dhcpd-eth0 > >>>cp dhcpd-eth0 dhcpd-eth1 > >>> > >>>Then you edit both scripts to only listen to eth0/eth1, and use a > >>>corresponding /etc/dhcpd-ethN.conf. You may also have to tinker with the > >>>.pid file setting - they have to be separate. > >>> > >>>Don't forget to edit those .conf files, too. > >>> > >>>save-config -q > >>>reboot > >>> > >>>...and test it. > >>> > >>>Be aware, that when you upgrade your configuration, there will be a > >>>surplus /etc/init.d/dhcpd startup script, which comes with the new > >>>default configuration. Theoretically you should manually migrate any > >>>relevant changes to your scripts. This migration should only be needed, > >>>if dhcpd version is (radically) different from the current one. > >>> > >>> > >>> > >>>------------------------------------------------------- > >>>This SF.Net email is sponsored by Yahoo. > >>>Introducing Yahoo! Search Developer Network - Create apps using Yahoo! > >>>Search APIs Find out how you can build Yahoo! directly into your own > >>>Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg- q22005 > >>>_______________________________________________ > >>>Devil-linux-discuss mailing list > >>>Dev...@li... > >>>https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > >> > >>-- > >>Fred Frigerio > >>Locust USA > >> > >>This electronic message transmission contains information from Locust > >>USA which may be confidential or privileged. The information is > >>intended to be for the use of the individual or entity named above. If > >>you are not the intended recipient, be aware that any disclosure, > >>copying, distribution or use of the contents of this information is > >>prohibited. If you have received this electronic transmission in error, > >>please notify us by telephone (305-889-5410) or by reply via electronic > >>mail immediately. > >> > > > > > > > > > > -- > Fred Frigerio > Locust USA > > This electronic message transmission contains information from Locust > USA which may be confidential or privileged. The information is > intended to be for the use of the individual or entity named above. If > you are not the intended recipient, be aware that any disclosure, > copying, distribution or use of the contents of this information is > prohibited. If you have received this electronic transmission in error, > please notify us by telephone (305-889-5410) or by reply via electronic > mail immediately. > -- ------------------------------- Eric Constantineau b.ing. ccna me...@is... http://mekanik.propel.to |