Mailing List Archive: nsp: ipv6

DHCPv6 PD server

Index | Next | Previous | View Threaded

phil at philkern

Aug 1, 2012, 10:54 PM

Post #1 of 9 (935 views)
Permalink

DHCPv6 PD server

Hi,

is there a sane Linux open-source DHCPv6 server available that allows
one to properly delegate subnets? Of course they are all able to hand
out subnets, but none of those I saw was able to actually install a
route for the subnet to the client that requested the delegation. At
first glance I also didn't see any hooks that are ran post-delegation.
The use case here is CPE equipment, so that the C and J (and possibly
MikroTik) devices can do it doesn't really help me…

Kind regards and thanks in advance for hints
Philipp Kern

Attachments:

signature.asc (0.57 KB)

seth.mos at dds

Aug 2, 2012, 12:41 AM

Post #2 of 9 (896 views)
Permalink

Re: DHCPv6 PD server [In reply to]

Op 2-8-2012 7:54, Philipp Kern schreef:
> Hi,
>
> is there a sane Linux open-source DHCPv6 server available that allows
> one to properly delegate subnets? Of course they are all able to hand
> out subnets, but none of those I saw was able to actually install a
> route for the subnet to the client that requested the delegation. At
> first glance I also didn't see any hooks that are ran post-delegation.
> The use case here is CPE equipment, so that the C and J (and possibly
> MikroTik) devices can do it doesn't really help me…
>
> Kind regards and thanks in advance for hints
> Philipp Kern

Hi,

In the pfSense project (FreeBSD) we use ISC dhcpd, we have a seperate
monitor process for the dhcpd6.leases.

https://github.com/bsdperimeter/pfsense-tools/tree/master/pfPorts/dhcpleases6

This fires off a PHP script that inserts or removes the routes as
required. This works pretty well.

https://github.com/bsdperimeter/pfsense/blob/master/usr/local/sbin/prefixes.php

You could rewrite the PHP script in a multitude of languages, but that's
what we use exclusively on pfSense. Bar a few C programs ofcourse, but
that has to do with memory footprint

Cheers,

Seth

phil at philkern

Aug 2, 2012, 5:37 AM

Post #3 of 9 (890 views)
Permalink

Re: DHCPv6 PD server [In reply to]

Seth,

On Thu, Aug 02, 2012 at 09:41:13AM +0200, Seth Mos wrote:
> In the pfSense project (FreeBSD) we use ISC dhcpd, we have a
> seperate monitor process for the dhcpd6.leases.
> https://github.com/bsdperimeter/pfsense-tools/tree/master/pfPorts/dhcpleases6

yeah, I saw a bunch of scripts that monitored that file. I guess it's sort of
guaranteed that dhcpd writes it in a timely fashion. But still that doesn't
strike me as a sane solution. In my case it's OpenWrt, so it's Linux which has
different interfaces. It's slightly odd that nobody thought of implementing
that with a sane notification interface in the DHCPv6 server…

Kind regards
Philipp Kern

Attachments:

signature.asc (0.57 KB)

seth.mos at dds

Aug 2, 2012, 5:56 AM

Post #4 of 9 (896 views)
Permalink

Re: DHCPv6 PD server [In reply to]

Op 2-8-2012 14:37, Philipp Kern schreef:
> Seth,
>
> On Thu, Aug 02, 2012 at 09:41:13AM +0200, Seth Mos wrote:
>> In the pfSense project (FreeBSD) we use ISC dhcpd, we have a
>> seperate monitor process for the dhcpd6.leases.
>> https://github.com/bsdperimeter/pfsense-tools/tree/master/pfPorts/dhcpleases6
>
> yeah, I saw a bunch of scripts that monitored that file. I guess it's sort of
> guaranteed that dhcpd writes it in a timely fashion. But still that doesn't
> strike me as a sane solution. In my case it's OpenWrt, so it's Linux which has
> different interfaces. It's slightly odd that nobody thought of implementing
> that with a sane notification interface in the DHCPv6 server…

I sent a message on the ISC dhcpd list but got no response. My most
educated guess is that they do not have the resource to implement a
daemon that inserts routes into the routing table yet.

Note that this also applies to the dhcp6 relay. Which would need to
insert routes.

Because ISC dhcpcd is running under a unpriviledged user a 2nd daemon
would be required/signaled for the route insert/remove/update process.

I briefly looked at other servers but had pretty much the same
conclusion. This works because the leasefile is written when a new lease
is handed out, this also causes you lease per second performance of your
DHCP server to be limited by disk IO.

Regards,

Seth

phil at philkern

Aug 2, 2012, 6:07 AM

Post #5 of 9 (891 views)
Permalink

Re: DHCPv6 PD server [In reply to]

Seth,

On Thu, Aug 02, 2012 at 02:56:35PM +0200, Seth Mos wrote:
> I sent a message on the ISC dhcpd list but got no response. My most
> educated guess is that they do not have the resource to implement a
> daemon that inserts routes into the routing table yet.

but they have it on a list of known deficiencies?

> Note that this also applies to the dhcp6 relay. Which would need to
> insert routes.

True enough. This requires more logic than just en-/decapsulate those
DHCPv6 queries/answers. And it's also hard to do that from the outside
if it's not supported by the device, as I guess there's no proper
solution to inject routes into the routing table for things that are
not local to the injector. (Like through a routing protocol or using SNMP from
the outside.)

> Because ISC dhcpcd is running under a unpriviledged user a 2nd
> daemon would be required/signaled for the route insert/remove/update
> process.

I presume you mean dhcpd, not dhcpcd? Well, given recent developments
in the Linux world I wouldn't be surprised about a dbus call trying to add
routes and somebody else picking them up. ;-)

In this case a proper signal/hook would already be "enough" for a first stab,
though.

> I briefly looked at other servers but had pretty much the same
> conclusion. This works because the leasefile is written when a new
> lease is handed out, this also causes you lease per second
> performance of your DHCP server to be limited by disk IO.

True. For a recent conference I had to run the DHCPv4 server with eatmydata
because it actually fsync()ed for every lease, which was horrible for
desktop hardware. (There seems to be a configure option for this, too.)
I guess events for the modified file would fire in the same instant even if the
content does not reach persistent storage space.

Kind regards
Philipp Kern

Attachments:

signature.asc (0.57 KB)

gert at space

Aug 2, 2012, 6:17 AM

Post #6 of 9 (897 views)
Permalink

Re: DHCPv6 PD server [In reply to]

Hi,

On Thu, Aug 02, 2012 at 02:56:35PM +0200, Seth Mos wrote:
> I sent a message on the ISC dhcpd list but got no response. My most
> educated guess is that they do not have the resource to implement a
> daemon that inserts routes into the routing table yet.

I can't see why they would to have to write the full daemon. Just have
a call-out API ("a script hook") that gets called whenever a PD lease
changes would be perfectly sufficient. Sorting out privileges won't
be trivial, but "monitoring and parsing a leases file" - which is
basically "internal data" - is not exactly good design either (if it's
all you have, it's better than "no support", of course :) )

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

olipro at 8

Aug 12, 2012, 12:20 AM

Post #7 of 9 (806 views)
Permalink

Re: DHCPv6 PD server [In reply to]

On Thursday 02 August 2012 15:17:27 Gert Doering wrote:
> I can't see why they would to have to write the full daemon. Just have
> a call-out API ("a script hook") that gets called whenever a PD lease
> changes would be perfectly sufficient. Sorting out privileges won't
> be trivial, but "monitoring and parsing a leases file" - which is
> basically "internal data" - is not exactly good design either (if it's
> all you have, it's better than "no support", of course :) )
>
> Gert Doering
> -- NetMaster

The ISC suite implements "OMAPI" for reading/writing/trapping on events - you
should be able to write a monitoring daemon that connects to OMAPI for the
purposes of being notified about PDs that have been handed out; much cleaner
than poking a leases file :)

Regards,
Oliver

gert at space

Aug 13, 2012, 8:42 AM

Post #8 of 9 (800 views)
Permalink

Re: DHCPv6 PD server [In reply to]

Hi,

On Sun, Aug 12, 2012 at 11:07:42AM +0200, Oliver wrote:
> The ISC suite implements "OMAPI" for reading/writing/trapping on events - you
> should be able to write a monitoring daemon that connects to OMAPI for the
> purposes of being notified about PDs that have been handed out; much cleaner
> than poking a leases file :)

Will the dhcpd actually *notify* the client of changes? From reading
omapi(3), this very much looks like a "command/response" interface,
with no way to install callbacks / select on "activity".

Better than parsing the dhcpd.leases file, maybe, but much worse to use
a polling interface than just passively wait for the dhcpd.leases file
to change (inotify etc).

A callback handler that runs an arbitrary command (e.g. script) with
some well-defined environment would be the right way forward...

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

shane at time-travellers

Aug 13, 2012, 11:03 AM

Post #9 of 9 (801 views)
Permalink

Re: DHCPv6 PD server [In reply to]

Gert and all,

On Monday, 2012-08-13 17:42:17 +0200,
Gert Doering <gert [at] space> wrote:
> Hi,
>
> On Sun, Aug 12, 2012 at 11:07:42AM +0200, Oliver wrote:
> > The ISC suite implements "OMAPI" for reading/writing/trapping on
> > events - you should be able to write a monitoring daemon that
> > connects to OMAPI for the purposes of being notified about PDs that
> > have been handed out; much cleaner than poking a leases file :)
>
> Will the dhcpd actually *notify* the client of changes? From reading
> omapi(3), this very much looks like a "command/response" interface,
> with no way to install callbacks / select on "activity".
>
> Better than parsing the dhcpd.leases file, maybe, but much worse to
> use a polling interface than just passively wait for the dhcpd.leases
> file to change (inotify etc).
>
> A callback handler that runs an arbitrary command (e.g. script) with
> some well-defined environment would be the right way forward...

I asked the ISC DHCP team, and got the following answer:

ISC DHCP4 code does support execute statement. Although I haven't
done it myself, my understanding is that it can be done. In
particular, quick look at common/execute.c indicates that we seem to
support on-commit, on-release and on-expiry, so all cases are
covered. I assume that assigned options are passed to that script. I
haven't checked if it is possible to to call execute() on both
client and server (it should be).

The other open source that does support calling external scripts is
Dibbler. The approach is very similar - external script can be
called whenever something happens to a lease.

Sadly, the DHCP documentation is a bit lacking right now. We've started
on a Administrator's Reference Manual, which will include explanations
of this sort of thing along with examples.

Cheers,

--
Shane

--
Shane

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads