Re: [Dnsmasq-discuss] multiple dhcp6 servers
On 10/12/2012 04:41 PM, Simon Kelley wrote: On 12/10/12 13:56, Gene Czarcinski wrote: On 10/12/2012 06:44 AM, Simon Kelley wrote: OK, it is what is. Is there some practical way to tell dnsmasq an association for a hostname and an IPv6 address? I cannot see something like that used to update an authoritative name server but it would be useful to have some kind of an update capability with dnsmasq. If I've understood your question right, that's what dhcp-host does. I guess I am not making myself clear. First of all, my problem is running qemu/kvm/libvirt virtual networks/guests and will not likely occur in a real/hardware-only situation. It is also possible that my problem is unique but then, it may or may not be ... I might be just out front and getting some arrows in my back. With the cost and availability of today's hardware, it is possible to create large networks (multiple networks) of virtual guests ... my virtualization host runs Fedora 17 on hardware consisting of an 8-core AMD processor, 16GB memory, an SDD for root and home, and a couple of large SATA-III disks for data storage [those virtual systems run faster than real systems did a few years ago]. So, I wanted to run some IPv6 virtual networks (currently, I have 16 virtual networks defined). Now, if dns was invented because those little IPv4 numbers were hard to remember, then trying to remember IPv6 addresses is impossible. One of the things I want to do is access some of those guests from the virtualization host and (sometimes) from other hosts. Host names are much easier to remember and, using dnsmasq, it all works for IPv4. Well, I wanted the same thing for IPv6. One of the things libvirt does is to start a dnsmasq process for every virtual network -- you have 10 virtual networks started, you have 10 separate dnsmasqs started. If you add an IPv6 address to your virtual network definition, then libvirt adds a --listen-address=ip6-address to the dnsmasq command line and also starts radvd for that network (yes, you now have lots of radvd processes running too). I wanted libvirt to support dhcp6 for virtual networks. Before investing a lot of time into adding this support to libvirt, I thought I would run a little test to see how things worked. I created a little patch to modify the radvd parameters to use AdvManagedFlag on and a test-only kludge to add --dhcp-range ip6-address-range to the dnsmasq command line. Installed the modified libvirt and started the first virtual IPv6 network ... looks good. Started the second IPv6 network ... bang! The dnsmasq did not start because it could not get exclusive use of server port 547. [BTW, the first dnsmasq did not work because of the listen-address=/interface= which I covered in another message] Now if the networks were pretty static then it is possible to have one, big dnsmasq service all of the virtual networks. I do not know about others but I am bringing networks up and down. defining new networks, etc. in my test/research environment (like I said, maybe my situation is unique). A single dnsmasq is not practical and would be a significant change to libvirt. As things currently exist, I am using SLAAC IPv6 addresses and radvd for the default route. This works in that, via IPv6, I can access the virtualization host as well as other systems on my local network. But, I cannot go the other way because I have no idea what the IPv6 address are for individual virtual systems. Yes, I can use manual configuration for IPv6 and add entries in the /etc/hosts file for each of those systems but this does not scale. Note -- On second and third level virtual networks, I run my own virtual services with radvd and dnsmasq and that works fine. So, as i see it, here are the alternatives: 1. Get multiple copies of dnsmasq to run on a single hardware system so that I can use dhcp6. 2. Have some way to update the dnsmasq cache with the hostname and related IPv6 address. Any suggestions/comments? All understood. It's worth trying the following, to see if makes DHCPv6 with multiple instance work. In src/dhcp.c, the function make_fd() has the following code: if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) { #ifdef SO_REUSEPORT int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, oneopt, sizeof(oneopt)); #else int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, oneopt, sizeof(oneopt)); #endif if (rc == -1) die(_(failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s), NULL, EC_BADNET); } Add morally equivalent code to dhcp6_init() in src/dhcp6.c. That might be enough. I'm hoping that since you already have a test system in place, you can check this quickly, and see if does the trick. The test system was almost in place. A little quick editing and to sepearated conf files for two different networks on the same (virtual) system. Attached is the patch but is the basic part is: - + /* When bind-interfaces is set,
Re: [Dnsmasq-discuss] multiple dhcp6 servers
On 10/13/2012 01:20 PM, Gene Czarcinski wrote: - + /* When bind-interfaces is set, there might be more than one dnmsasq + instance binding port 547. That's OK if they serve different networks. + Need to set REUSEADDR to make this posible, or REUSEPORT on *BSD. */ + if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) +{ + int oneopt = 1; +#ifdef SO_REUSEPORT + int rc = setsockopt(fd, IPPROTO_IPV6, SO_REUSEPORT, oneopt, sizeof(oneopt)); +#else + int rc = setsockopt(fd, IPPROTO_IPV6, SO_REUSEADDR, oneopt, sizeof(oneopt)); +#endif + if (rc == -1) +die(_(failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s), NULL, EC_BADNET); +} + --- Arrgh! Well, you can tell that I don't really know what I am doing with socket code! Your original code inserted into dhcp6.c was the right thing to do. I just changed IPPROTO_IPV6 to SOL_SOCKET and it looks like it works (I have two of them running anyway). At this point I do now know if you need the V6ONLY or not. Now to do some real testing! Gene ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple dhcp6 servers
On 11/10/12 19:52, Gene Czarcinski wrote: I got a bit of a surprise today when I discovered that it is not possible to run more that one dhcp6 server on a single host. This appears to be true whether it is an ISC-dhcpd6 server and dnsmasq or two dnsmasq servers. They each want exclusive use of UDP6 port 547. With IPv4, you could run multiple dhcpd servers with each on dealing with a specific network and this is useful in qemu/kvm/libvirt implementation of virtualization where a dnsmasq is started for each virtual network. I assume there is some reason for this situation and that it has something to do with how IPv6 protocol is defined. It's not actually anything to do with IPv6 as such, more that the BSD sockets API makes it very hard to do. Getting it to work for IPv4 took a lot of hassle, some significant compromises, and some very unportable code. (It doesn't work on *BSD, still, for example). I don't think there's any reason why the same shouldn't be attempted for Ipv6, it hasn't because getting DHCPv6 to just work was the first priority. The nature of the beast is that there are no guarantees that it will work before it's been tried. OK, it is what is. Is there some practical way to tell dnsmasq an association for a hostname and an IPv6 address? I cannot see something like that used to update an authoritative name server but it would be useful to have some kind of an update capability with dnsmasq. If I've understood your question right, that's what dhcp-host does. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple dhcp6 servers
On 10/12/2012 06:44 AM, Simon Kelley wrote: OK, it is what is. Is there some practical way to tell dnsmasq an association for a hostname and an IPv6 address? I cannot see something like that used to update an authoritative name server but it would be useful to have some kind of an update capability with dnsmasq. If I've understood your question right, that's what dhcp-host does. I guess I am not making myself clear. First of all, my problem is running qemu/kvm/libvirt virtual networks/guests and will not likely occur in a real/hardware-only situation. It is also possible that my problem is unique but then, it may or may not be ... I might be just out front and getting some arrows in my back. With the cost and availability of today's hardware, it is possible to create large networks (multiple networks) of virtual guests ... my virtualization host runs Fedora 17 on hardware consisting of an 8-core AMD processor, 16GB memory, an SDD for root and home, and a couple of large SATA-III disks for data storage [those virtual systems run faster than real systems did a few years ago]. So, I wanted to run some IPv6 virtual networks (currently, I have 16 virtual networks defined). Now, if dns was invented because those little IPv4 numbers were hard to remember, then trying to remember IPv6 addresses is impossible. One of the things I want to do is access some of those guests from the virtualization host and (sometimes) from other hosts. Host names are much easier to remember and, using dnsmasq, it all works for IPv4. Well, I wanted the same thing for IPv6. One of the things libvirt does is to start a dnsmasq process for every virtual network -- you have 10 virtual networks started, you have 10 separate dnsmasqs started. If you add an IPv6 address to your virtual network definition, then libvirt adds a --listen-address=ip6-address to the dnsmasq command line and also starts radvd for that network (yes, you now have lots of radvd processes running too). I wanted libvirt to support dhcp6 for virtual networks. Before investing a lot of time into adding this support to libvirt, I thought I would run a little test to see how things worked. I created a little patch to modify the radvd parameters to use AdvManagedFlag on and a test-only kludge to add --dhcp-range ip6-address-range to the dnsmasq command line. Installed the modified libvirt and started the first virtual IPv6 network ... looks good. Started the second IPv6 network ... bang! The dnsmasq did not start because it could not get exclusive use of server port 547. [BTW, the first dnsmasq did not work because of the listen-address=/interface= which I covered in another message] Now if the networks were pretty static then it is possible to have one, big dnsmasq service all of the virtual networks. I do not know about others but I am bringing networks up and down. defining new networks, etc. in my test/research environment (like I said, maybe my situation is unique). A single dnsmasq is not practical and would be a significant change to libvirt. As things currently exist, I am using SLAAC IPv6 addresses and radvd for the default route. This works in that, via IPv6, I can access the virtualization host as well as other systems on my local network. But, I cannot go the other way because I have no idea what the IPv6 address are for individual virtual systems. Yes, I can use manual configuration for IPv6 and add entries in the /etc/hosts file for each of those systems but this does not scale. Note -- On second and third level virtual networks, I run my own virtual services with radvd and dnsmasq and that works fine. So, as i see it, here are the alternatives: 1. Get multiple copies of dnsmasq to run on a single hardware system so that I can use dhcp6. 2. Have some way to update the dnsmasq cache with the hostname and related IPv6 address. Any suggestions/comments? Gene ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] multiple dhcp6 servers
On 12/10/12 13:56, Gene Czarcinski wrote: On 10/12/2012 06:44 AM, Simon Kelley wrote: OK, it is what is. Is there some practical way to tell dnsmasq an association for a hostname and an IPv6 address? I cannot see something like that used to update an authoritative name server but it would be useful to have some kind of an update capability with dnsmasq. If I've understood your question right, that's what dhcp-host does. I guess I am not making myself clear. First of all, my problem is running qemu/kvm/libvirt virtual networks/guests and will not likely occur in a real/hardware-only situation. It is also possible that my problem is unique but then, it may or may not be ... I might be just out front and getting some arrows in my back. With the cost and availability of today's hardware, it is possible to create large networks (multiple networks) of virtual guests ... my virtualization host runs Fedora 17 on hardware consisting of an 8-core AMD processor, 16GB memory, an SDD for root and home, and a couple of large SATA-III disks for data storage [those virtual systems run faster than real systems did a few years ago]. So, I wanted to run some IPv6 virtual networks (currently, I have 16 virtual networks defined). Now, if dns was invented because those little IPv4 numbers were hard to remember, then trying to remember IPv6 addresses is impossible. One of the things I want to do is access some of those guests from the virtualization host and (sometimes) from other hosts. Host names are much easier to remember and, using dnsmasq, it all works for IPv4. Well, I wanted the same thing for IPv6. One of the things libvirt does is to start a dnsmasq process for every virtual network -- you have 10 virtual networks started, you have 10 separate dnsmasqs started. If you add an IPv6 address to your virtual network definition, then libvirt adds a --listen-address=ip6-address to the dnsmasq command line and also starts radvd for that network (yes, you now have lots of radvd processes running too). I wanted libvirt to support dhcp6 for virtual networks. Before investing a lot of time into adding this support to libvirt, I thought I would run a little test to see how things worked. I created a little patch to modify the radvd parameters to use AdvManagedFlag on and a test-only kludge to add --dhcp-range ip6-address-range to the dnsmasq command line. Installed the modified libvirt and started the first virtual IPv6 network ... looks good. Started the second IPv6 network ... bang! The dnsmasq did not start because it could not get exclusive use of server port 547. [BTW, the first dnsmasq did not work because of the listen-address=/interface= which I covered in another message] Now if the networks were pretty static then it is possible to have one, big dnsmasq service all of the virtual networks. I do not know about others but I am bringing networks up and down. defining new networks, etc. in my test/research environment (like I said, maybe my situation is unique). A single dnsmasq is not practical and would be a significant change to libvirt. As things currently exist, I am using SLAAC IPv6 addresses and radvd for the default route. This works in that, via IPv6, I can access the virtualization host as well as other systems on my local network. But, I cannot go the other way because I have no idea what the IPv6 address are for individual virtual systems. Yes, I can use manual configuration for IPv6 and add entries in the /etc/hosts file for each of those systems but this does not scale. Note -- On second and third level virtual networks, I run my own virtual services with radvd and dnsmasq and that works fine. So, as i see it, here are the alternatives: 1. Get multiple copies of dnsmasq to run on a single hardware system so that I can use dhcp6. 2. Have some way to update the dnsmasq cache with the hostname and related IPv6 address. Any suggestions/comments? All understood. It's worth trying the following, to see if makes DHCPv6 with multiple instance work. In src/dhcp.c, the function make_fd() has the following code: if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) { #ifdef SO_REUSEPORT int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, oneopt, sizeof(oneopt)); #else int rc = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, oneopt, sizeof(oneopt)); #endif if (rc == -1) die(_(failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s), NULL, EC_BADNET); } Add morally equivalent code to dhcp6_init() in src/dhcp6.c. That might be enough. I'm hoping that since you already have a test system in place, you can check this quickly, and see if does the trick. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] multiple dhcp6 servers
I got a bit of a surprise today when I discovered that it is not possible to run more that one dhcp6 server on a single host. This appears to be true whether it is an ISC-dhcpd6 server and dnsmasq or two dnsmasq servers. They each want exclusive use of UDP6 port 547. With IPv4, you could run multiple dhcpd servers with each on dealing with a specific network and this is useful in qemu/kvm/libvirt implementation of virtualization where a dnsmasq is started for each virtual network. I assume there is some reason for this situation and that it has something to do with how IPv6 protocol is defined. OK, it is what is. Is there some practical way to tell dnsmasq an association for a hostname and an IPv6 address? I cannot see something like that used to update an authoritative name server but it would be useful to have some kind of an update capability with dnsmasq. Comments? Gene ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss