Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. simple DHCPv6 config with /56-Prefix (Walter H.)
2. Re: simple DHCPv6 config with /56-Prefix (Adam Nielsen)
3. DHCPD Leases, no way to clean the file? (Jorge Bastos)
----------------------------------------------------------------------
Message: 1
Date: Sun, 21 Aug 2022 08:59:09 +0200
From: "Walter H." <walte...@mathemainzel.info>
To: dhcp-users@lists.isc.org
Subject: simple DHCPv6 config with /56-Prefix
Message-ID: <5e0fd928-819d-fde6-d932-4e3da733a...@mathemainzel.info>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hello,
I got 2001:db8:0:100::/56? for my LAN, and what I want is the following:
that the DHCP only hands out IPv6 addresses within this range:
2001:db8:0:17f::/64, my dhcpd6.conf looks like this:
<dhcpd6.conf>
ddns-updates off;
update-static-leases true;
allow leasequery;
authoritative;
default-lease-time 7200;
max-lease-time 86400;
dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases";
subnet6 2001:db8:0:100::/56 {
??????? range6 2001:db8:0:17f:0:0:0:0 2001:db8:0:17f:ffff:ffff:ffff:ffff;
??????? range6 2001:db8:0:17f::/64 temporary;
??????? option dhcp6.name-servers 2001:db8:0:100::1,
2001:db8:0:101::444e:5330;
??????? option dhcp6.domain-search "example.com";
??????? option dhcp6.info-refresh-time 600;
??????? option dhcp6.preference 255;
}
</dhcpd6.conf>
the router - runs BIND, DHCP, DHCPv6, ... - has on its LAN side the
following IPv6 address
2001:db8:0:100::1/56???????? <-- is this correct?
I also gave the LAN interface this scope local IPv6 addess: fe80::1/64
I configured my workstation [Win10] with this:
????? 2001:db8:0:110::1 and for the subnet prefix length I gave 56 and
fe80::1 as the default gateway
and my local mail server [a Linux] with this:
???? 2001:db8:0:101::4d:4149:4c30/56
now the strange thing: when I run VM on my workstation, that uses DHCP,
it gets
e.g. 2001:db8:0:17f:34a8:8ba4:67c7:fbd
(if it is a linux it does show 128 as the prefix length)
why is it possible for this VM to connect to my workstation without any
problems,
but has troubles connecting to the mail server?
when I change the prefix length of the mail server from 56 to 64, it works?
why is that?
Thanks,
Walter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3550 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20220821/7ecf1d40/attachment-0001.bin>
------------------------------
Message: 2
Date: Sun, 21 Aug 2022 17:51:52 +1000
From: Adam Nielsen <a.niel...@shikadi.net>
To: dhcp-users@lists.isc.org
Subject: Re: simple DHCPv6 config with /56-Prefix
Message-ID: <20220821175152.7e7b2...@vorticon.teln.shikadi.net>
Content-Type: text/plain; charset=UTF-8
I'm far from an expert, so don't take my suggestions as guaranteed.
> I got 2001:db8:0:100::/56? for my LAN, and what I want is the
> following:
Great. So with a /56, it means you can further delegate a bunch of /64
subnets. You probably don't want to use the whole /56 as a single
subnet.
> that the DHCP only hands out IPv6 addresses within this range:
> 2001:db8:0:17f::/64
So you've picked a single /64 for DHCP clients? What other /64 subnet
have you selected for the other hosts in your LAN?
> the router - runs BIND, DHCP, DHCPv6, ... - has on its LAN side the
> following IPv6 address
> 2001:db8:0:100::1/56???????? <-- is this correct?
I don't think it is. If you're putting hosts in at the /56 level, then
you have a single /56 subnet so you can't further break it up into
smaller subnets. If you want multiple subnets then whatever size you
break this up into (/57, /58, etc.) you need to keep that same subnet
size for all of them at that level. For example you can have one /56,
two /57, four /58, or 256 /64s. But you can't have a /56 and a /64 that
overlap and share some of the same IPs as it will lead to confusion.
Each of these subnets you can split further (so e.g. if you have two
/57s then you can keep one as a /57 and split the other /57 into 128
/64s) however what you can't do is have a single IP that belongs to two
different subnets at the same time.
Since your router is assigned to 2001:db8:0:100::1/56, this /56 also
includes your 2001:db8:0:17f::/64 DHCP subnet. So if you picked a
random IP like 2001:db8:0:17f::1, which subnet does that belong to?
Technically it is in both the /64 and the /56 at the same time, which
leads to confusion. This is because when 2001:db8:0:17f::1/64 wants to
send a message to 2001:db8:0:100::1/56, it's outside the /64 subnet so
it will try to contact a gateway. But when 2001:db8:0:100::1/56
replies, it thinks 2001:db8:0:17f::1/64 is within its own subnet so
there is no need to reply via a gateway. But then when
2001:db8:0:17f::1/64 receives the reply direct from an IP outside its
subnet that didn't come from a gateway, it will probably discard the
packet as invalid, and so the two hosts are unable to connect to each
other.
> I also gave the LAN interface this scope local IPv6 addess: fe80::1/64
This is fine, but as above, the confusion is more around when packets
should/shouldn't go via this gateway.
> and my local mail server [a Linux] with this:
> ???? 2001:db8:0:101::4d:4149:4c30/56
>
> why is it possible for this VM to connect to my workstation without
> any problems, but has troubles connecting to the mail server?
You'll probably find it can contact the mail server fine, but the mail
server cannot send any packets back as it does not realise those
packets need to be sent via a gateway. I thinks the VM is in the same
subnet as it is, so it tries to contact it directly, which is incorrect.
> when I change the prefix length of the mail server from 56 to 64, it
> works?
When you do this it's clear to both ends that they are in a different
subnet, and thus they need to send all their packets via the gateway,
in both directions.
Note that if you put all your DHCP clients in one /64 and your servers
in another /64, all traffic between the two subnets will transit via
your router. Assuming all machines are connected to the same switch
this is quite inefficient, as all network traffic will be pushed
through a single host (your router) even when the machines could
have communicated with each other directly via the switch.
If this is your set up, you will get better performance by assigning a
single /63 that covers all devices plugged into the switch, and then
allocating half of that (equivalent to a /64) to DHCP and putting your
servers in the other half of the /63. This way, all machines are in the
same /63 subnet so they can communicate with each other directly, and
you avoid forcing all traffic through your router, which will then only
need to handle traffic entering and leaving the /63 subnet.
Hopefully this makes sense!
Cheers,
Adam.
------------------------------
Message: 3
Date: Sun, 21 Aug 2022 11:03:51 +0100
From: Jorge Bastos <mysql.jo...@decimal.pt>
To: dhcp-users@lists.isc.org
Subject: DHCPD Leases, no way to clean the file?
Message-ID: <f1f544f1a4fc44629c53d9b873999...@decimal.pt>
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Howdy,
I've started using DHCPD, and noticed that the lease file is not
"cleaned",
What I mean is, if some cliente request IP, and get .....11, and after
two days/another time request again after the lease time ends, and the
......11 is already in someone else, it will get a new IP, so far so
good.
But the lease file stays with the information about the old lease,
aswell the new one.
No way to make it have only the new lease for that MACADDRR? for example
like it does the MSWindows DHCPD.
I've been searching docs and did not found any information about it, but
did found people exposing extra large dhcpd.leases file (+1GB), aswell
others saying that their dhcpd.leases file dont have more than 50 or
100kb
Thanks in advanced,
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20220821/c2f926ad/attachment-0001.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 166, Issue 5
******************************************
