Configuring a Dual Stacked DHCP Server
As part of my IPv6 Testing, I needed to test whether we would either use SLAAC or DHCPv6 in a particular situation. Having never setup a DHCP server before, of course, I had to write a post on how I did it :D
Dynamic Host Configuration Protocol or DHCP is defined in RFC2131:
The Dynamic Host Configuration Protocol (DHCP) provides configuration parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocation of network addresses to hosts.
DHCP supports three mechanisms of IP address allocation; Automatic, Dynamic and Manual allocation
. RFC2131 describes how each of these mechanisms works within the DHCP process:
Dynamic allocation is the only one of the three mechanisms that allows automatic reuse of an address that is no longer needed by the client to which it was assigned. Thus, dynamic allocation is particularly useful for assigning an address to a client that will be connected to the network only temporarily or for sharing a limited pool of IP addresses among a group of clients that do not need permanent IP addresses. Dynamic allocation may also be a good choice for assigning an IP address to a new client being permanently connected to a network where IP addresses are sufficiently scarce that it is important to reclaim them when old clients are retired. Manual allocation allows DHCP to be used to eliminate the error-prone process of manually configuring hosts with IP addresses in environments where (for whatever reasons) it is desirable to manage IP address assignment outside of the DHCP mechanisms.
In a nutshell:
Automatic allocation
; the DHCP process will assign a permanent IP address to the host/device.Dynamic allocation
; the DHCP assigns an IP address to a client for a limited period of time or until the client release the address.Manual allocation
; the a client’s IP address is assigned by the network administrator, and DHCP is used simply to convey the assigned address to the client.
With DHCPv6 the communication process between server and client is a little different compared DHCPv4, as explained in RFC3315:
Clients and servers exchange DHCP messages using UDP. The client uses a link-local address or addresses determined through other mechanisms for transmitting and receiving DHCP messages. DHCP servers receive messages from clients using a reserved, link-scoped multicast address. A DHCP client transmits most messages to this reserved multicast address, so that the client need not be configured with the address or addresses of DHCP servers.
To allow a DHCP client to send a message to a DHCP server that is not attached to the same link, a DHCP relay agent on the client’s link will relay messages between the client and server. The operation of the relay agent is transparent to the client and the discussion of message exchanges in the remainder of this section will omit the description of message relaying by relay agents. Once the client has determined the address of a server, it may under some circumstances send messages directly to the server using unicast.
For more in-depth detail about the DHCP and DHCPv6, I would suggest looking into RFC2131 and RFC3315 respectfully.
For this testing, I used a two ESXi Ubuntu 14.04LTS Hosts, one as the DHCP server and client, and the other was a Juniper EX4200 connecting them together. The switch configuration is extremely basic, both devices are in the same Vlan and the Vlan has a layer-3 interface IPv4: 192.168.1.1/24 and IPv6: 2001:192:168:1::1/64.
With all the talk out of way.. Let’s get cracking :)
You will need to have sudo or root
privileges
Firstly, a static IPv4 and IPv6 will need to be set on the interface that will be advertising the DHCP to the LAN. For my example I’m using eth1
marquk01@km-vm2:~$ ifconfig -a eth1
eth1 Link encap:Ethernet HWaddr 00:0c:29:d3:ac:77
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fed3:ac77/64 Scope:Link
inet6 addr: 2001:192:168:1::2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1308 (1.3 KB) TX bytes:4204 (4.2 KB)
The DHCP package is available via the apt-get repository
sudo apt-get install isc-dhcp-server
You will need to edit /etc/default/isc-dhcp-server
and set the NIC that you want to run DHCP from. In addition, you need to set options with -6
flag to tell the package we’ll be running IPv6. For my server, I’ll be using interface eth1
. Make you use the appropriate NIC in your configuration.
marquk01@km-vm2:~$ cat /etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server initscript
# sourced by /etc/init.d/isc-dhcp-server
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPD\_CONF=/etc/dhcp/dhcpd.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPD\_PID=/var/run/dhcpd.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD\_CONF/ DHCPD\_PID instead
OPTIONS="-6"
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="eth1"
From doing some digging, unfortunately the original isc-dhcp-server doesn’t allow you to run IPv4 and IPv6 under the same config file. I had to create a new file and edit it to be IPv6 specific. I backed the original dhcpd.conf file and created a new dhcpd6.conf
file; the two files should look similar to the below if you have a simple set up like myself.
With a DHCP server you can have the server configured to set DNS, hostnames and other administrative settings. You can see examples of this if you look at the full original dhcpd.conf file. This is out of scope of what I was testing currently, but with knowing what else I’ll be testing in the future I’ll likely shown how in a future post :)
IPv6 config file dhcpd6.conf⌗
marquk01@km-vm2:~$ cat /etc/dhcp/dhcpd6.conf
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed.
ddns-update-style none;
# Option definitions common to all supported networks...
default-lease-time 600;
max-lease-time 7200;
# This DHCP server is the official DHCP server for the local network
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# Subnet declaration
subnet6 2001:192:168:1::/64 {
range6 2001:192:168:1::110 2001:192:168:1::120;
}
IPv4 config file dhcpd.conf⌗
marquk01@km-vm2:~$ cat /etc/dhcp/dhcpd.conf
#
# Sample configuration file for ISC dhcpd for Debian
#
# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
# configuration file instead of this file.
#
#
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# This is a very basic subnet declaration.
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.110 192.168.1.120;
}
An DHCPv6 lease file will need to be created because, unlike IPv4, there isn’t a predefined file. In addition this file will need to have its owner changed to dhcpd daemon. This is because the daemon will need write, read and execute permissions
sudo touch /var/lib/dhcp/dhcpd6.leases
sudo chown dhcpd:dhcpd /var/lib/dhcp/dhcpd6.leases
To finish up on the server, we will need to start the DCHP processes
sudo service isc-dhcp-server start
sudo service isc-dhcp-server6 start
Once this has been done, the server is configured. Next we will hop to the other VM to see if we can get some IP addresses assigned!
Once on the client, we have to set its interface to listening for DHCP packets. Under /etc/network/interfaces
both for IPv4 and IPv6 we will need to DHCP.
marquk01@km-vm1:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
{...}
auto eth1
iface eth1 inet dhcp
# This is an autoconfigured IPv6 interface
iface eth0 inet6 auto
auto eth1
iface eth1 inet6 dhcp
Once this has been set, the interface will automatically pick up an address. If you’re like me and want to see everything, you can manually release any addresses learnt by using the following commands:
IPv6: dhclient -6 -v -r eth1
IPv4: dhclient -v -r eth1
dhclient -v -r eth1⌗
marquk01@km-vm1:~$ sudo dhclient -v -r eth1
\[sudo\] password for marquk01:
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/00:0c:29:4f:26:c5
Sending on LPF/eth1/00:0c:29:4f:26:c5
Sending on Socket/fallback
DHCPRELEASE on eth1 to 192.168.1.2 port 67 (xid=0x45baa909)
dhclient -6 -v -r eth1⌗
marquk01@km-vm1:~$ sudo dhclient -6 -v -r eth1
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Bound to \*:546
Listening on Socket/eth1
Sending on Socket/eth1
RTNETLINK answers: Cannot assign requested address
XMT: Forming Release, 0 ms elapsed.
XMT: X-- IA\_NA 29:4f:26:c5
XMT: | X-- Release Address 2001:192:168:1::111
XMT: V IA\_NA appended.
XMT: Release on eth1, interval 1000ms.
RCV: Reply message on eth1 from fe80::20c:29ff:fed3:ac77.
RCV: X-- Server ID: 00:01:00:01:1d:dc:60:db:00:0c:29:d3:ac:77
message status code Success: "Release received."
Running an ifconfig will show that eth1 has no IP addresses set (except for its link-local address)
marquk01@km-vm1:~$ ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0c:29:4f:26:c5
inet6 addr: fe80::20c:29ff:fe4f:26c5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3487 errors:0 dropped:0 overruns:0 frame:0
TX packets:1272 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:501952 (501.9 KB) TX bytes:267192 (267.1 KB)
Now we can request addresses from DHCP server to bind the next available IP addresses to km-vm1 by using the same commands dhclient -v eth1
and dhclient -6 -v eth1
.
dhclient -v eth1⌗
marquk01@km-vm1:~$ sudo dhclient -v eth1
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/00:0c:29:4f:26:c5
Sending on LPF/eth1/00:0c:29:4f:26:c5
Sending on Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x7cae5613)
DHCPREQUEST of 192.168.1.112 on eth1 to 255.255.255.255 port 67 (xid=0x1356ae7c)
DHCPOFFER of 192.168.1.112 from 192.168.1.2
DHCPACK of 192.168.1.112 from 192.168.1.2
bound to 192.168.1.112 -- renewal in 230 seconds.
dhclient -6 -v eth1⌗
marquk01@km-vm1:~$ sudo dhclient -6 -v eth1
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Bound to \*:546
Listening on Socket/eth1
Sending on Socket/eth1
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT: X-- IA\_NA 29:4f:26:c5
XMT: | X-- Request renew in +3600
XMT: | X-- Request rebind in +5400
XMT: | X-- Request address 2001:192:168:1::111.
XMT: | | X-- Request preferred in +7200
XMT: | | X-- Request valid in +10800
XMT: Solicit on eth1, interval 1050ms.
RCV: Advertise message on eth1 from fe80::20c:29ff:fed3:ac77.
RCV: X-- IA\_NA 29:4f:26:c5
RCV: | X-- starts 1447710742
RCV: | X-- t1 - renew +0
RCV: | X-- t2 - rebind +0
RCV: | X-- \[Options\]
RCV: | | X-- IAADDR 2001:192:168:1::111
RCV: | | | X-- Preferred lifetime 7200.
RCV: | | | X-- Max lifetime 43200.
RCV: X-- Server ID: 00:01:00:01:1d:dc:60:db:00:0c:29:d3:ac:77
RCV: Advertisement recorded.
PRC: Selecting best advertised lease.
PRC: Considering best lease.
PRC: X-- Initial candidate 00:01:00:01:1d:dc:60:db:00:0c:29:d3:ac:77 (s: 153, p: 0).
XMT: Forming Request, 0 ms elapsed.
XMT: X-- IA\_NA 29:4f:26:c5
XMT: | X-- Requested renew +3600
XMT: | X-- Requested rebind +5400
XMT: | | X-- IAADDR 2001:192:168:1::111
XMT: | | | X-- Preferred lifetime +7200
XMT: | | | X-- Max lifetime +7500
XMT: V IA\_NA appended.
XMT: Request on eth1, interval 1040ms.
RCV: Reply message on eth1 from fe80::20c:29ff:fed3:ac77.
RCV: X-- IA\_NA 29:4f:26:c5
RCV: | X-- starts 1447710744
RCV: | X-- t1 - renew +0
RCV: | X-- t2 - rebind +0
RCV: | X-- \[Options\]
RCV: | | X-- IAADDR 2001:192:168:1::111
RCV: | | | X-- Preferred lifetime 7200.
RCV: | | | X-- Max lifetime 43200.
RCV: X-- Server ID: 00:01:00:01:1d:dc:60:db:00:0c:29:d3:ac:77
PRC: Bound to lease 00:01:00:01:1d:dc:60:db:00:0c:29:d3:ac:77.
We can confirm by using ifconfig again:
marquk01@km-vm1:~$ ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0c:29:4f:26:c5
inet addr:192.168.1.110 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe4f:26c5/64 Scope:Link
inet6 addr: 2001:192:168:1::111/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3647 errors:0 dropped:0 overruns:0 frame:0
TX packets:1365 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:519662 (519.6 KB) TX bytes:292435 (292.4 KB)
And with that, we now have a Dual Stacked DHCP server! Although this looks quite straightforward, now I’ll tell you that it took me a few days to get understand and get the IPv6 side of things working as expected. There was plenty of googling, troubleshooting, screen staring and frustration with this one, but I have to give major props to a great page by Jochen Kirstätter on how the IPv6 side of install was done if I hadn’t have found it, I would still be poking in the dark covers face! You will find some great nuggets on Jochen’s blog here :)