Re: [Dnsmasq-discuss] [PATCH] DHCPv6 - Multiple reservations for single host

Harald Jensås Wed, 08 Jan 2020 01:50:06 -0800

On Tue, 2020-01-07 at 21:51 +0000, Simon Kelley wrote:
> On 23/12/2019 11:24, Harald Jensas wrote:
> > Hi,
> > 
> > The patch below is a slight alteration to a possible solution
> > discussed in 
> > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/011289.html
> > .
> > 
> > My approach here does not require making dhcp-host conditional on a
> > tag. However, making dhcp-host conditional on a tag would be a nice
> > addition that could be introduced as a follow up to this to have a
> > match on the tag of the final OS to keep the provisioned system
> > consistently configured with a specific address can be very handy.
> > For
> > the Openstack use-case I am working in, this however is'nt
> > necessary.
> > 
> > I have confirmed that the patch below together with a small change
> > in
> > Openstack Ironic (see: https://review.opendev.org/700002) solved
> > the
> > long standing issue when doing network booting and node
> > provisioning
> > in combination with static only dhcp configuration.
> > 
> > We are looking forward to comments and feedback regarding this
> > approach.
> > 
> > Thank you!
> > 
> 
> If I've understood correctly, this looks like it might be a viable
> solution. Question: how many addresses do you configure for each
> host,
> and is this fragile if the boot process changes, for instance to add
> new
> steps?


Thank you for reviewing this!

I have tested using 4 addresses in total, I should be able to do with 2
addresses with the workflow I tested with which is OVMF-UEFI->iPXE-
>LinuxDeployRamdisk->Final OS. OVMF-UEFI uses two addresses just to do
PXE, but it is kind enough to release both addresses before executing
the network boot program. Then iPXE uses one, and the deploy ramdisk
one. Depending on wheater the deploy ramdisk does a release or not
before rebooting a third address would be used by the final OS. (This
is where dhcp-host conditional on a tag would be handy to control the
address of the final OS.)

In the openstack use case the dhcp-config is changed to have just a
single dhcp-host entry prior to booting into the final os, openstack's
networking service takes care of issuing a release during this step
making sure the leased addresses are released. (This is why the dhcp-
host conditional on a tag is'nt required in the openstack use case.

The number of addresses is indeed fragile, adding another bootstep
could increase the number of addresses needed. Also an unexpected reset
of the booting system would lock up addresses that where not released,
mainly problem with UEFI firmware that likes to generate new IAID's
every time it boots ...

  As digression, Pali Rohár `honor assignment based on MAC address`
patch is less fragile for this use case. I recognize it breaks other
parts of the DHCPv6 RFC, see my comments on a previous post in this
thread. Should we consider his approach if the patch can be re-worked
to be an opt-in via configuration and a note in docs that the behaviour
is not following RFC?

> Could we add new syntax to dhcp-host which allows it to configure
> a range of addresses, rather than having a number of dhcp-host
> entries
> for each stage of the boot process? That would be a bigger change,
> but
> might be a neater solution?
> 

I went for multiple dhcp-host entries because that accidentally happens
to be what openstack neutron already write in the dnsmasq configuration
when multiple ip addresses are added to a port in openstack.

Supporting either a list of addresses or a range of addresses in the
dhcp-host syntax might be neater. (I am biased to keeping it to
multiple dhcp-host entries due to how openstack currently works, but it
would be reasonably small work to change|fix openstack in case ...)

If we add dhcp-host conditional on a tag, one could use short lease
time, like 1m, on entries without a tag that the boot process uses. And
a longer lease time on the entry tagged for the final os. Doing so
could ease the issue of leases being held after an unexpected reset
during boot process. An argument to keep the multiple dhcp-host
entries?

> I guess that the final adddress that the host ends up with depends on
> the number of addresses allocated by other parts of the boot process,
> but as the DNS entry ends up pointing to that final address (does it?
> -
> need to check this) that's not a problem.
> 

Yes, the final address of the host depend on the number of address that
where allocated during the boot process.

Good point regarding DNS, I did'nt check how DNS entries are maintained
before you mentioned it. Your assumption that the DNS entry point to
the last address leased is correct. See annotated log below.


Jan 08 10:02:03 server.example.com systemd[1]: Started DNS caching server..
Jan 08 10:02:03 server.example.com dnsmasq[1444]: started, version 
2.80-102-g7d04e17 cachesize 150
Jan 08 10:02:03 server.example.com dnsmasq[1444]: compile time options: IPv6 
GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack 
ipset auth no-DNSSEC loop-detect inotify dumpfile
Jan 08 10:02:03 server.example.com dnsmasq-dhcp[1444]: DHCPv6, static leases 
only on fd12:3456:789a:1::afff, lease time 10m
Jan 08 10:02:03 server.example.com dnsmasq[1444]: using only locally-known 
addresses for domain mydomain.net
Jan 08 10:02:03 server.example.com dnsmasq[1444]: reading /etc/resolv.dnsmasq
Jan 08 10:02:03 server.example.com dnsmasq[1444]: using only locally-known 
addresses for domain mydomain.net
Jan 08 10:02:03 server.example.com dnsmasq[1444]: using nameserver 
192.168.122.1#53
Jan 08 10:02:03 server.example.com dnsmasq[1444]: cleared cache

/** No entries in the cache */

Jan 08 10:02:16 server.example.com dnsmasq[1444]: time 1578474136
Jan 08 10:02:16 server.example.com dnsmasq[1444]: cache size 150, 0/0 cache 
insertions re-used unexpired cache entries.
Jan 08 10:02:16 server.example.com dnsmasq[1444]: queries forwarded 0, queries 
answered locally 0
Jan 08 10:02:16 server.example.com dnsmasq[1444]: queries for authoritative 
zones 0
Jan 08 10:02:16 server.example.com dnsmasq[1444]: pool memory in use 0, max 0, 
allocated 0
Jan 08 10:02:16 server.example.com dnsmasq[1444]: server 192.168.122.1#53: 
queries sent 0, retried or failed 0
Jan 08 10:02:16 server.example.com dnsmasq[1444]: Host                          
           Address                        Flags      Expires
Jan 08 10:02:16 server.example.com dnsmasq[1444]: bind                          
                                           F I

/** Initial DHCPv6 request from OVMF UEFI is serviced, fd12:3456:789a:1::bacc 
is leased. */

Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 available 
DHCPv6 subnet: fd12:3456:789a:1::aaaa/64
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 client MAC 
address: 52:54:00:3f:5c:c0
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 
DHCPSOLICIT(eth1) 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 
DHCPADVERTISE(eth1) fd12:3456:789a:1::bacc 
00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c host1
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 requested 
options: 23:dns-server
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 tags: 
ctlplane-subnet, known, dhcpv6, eth1
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 18 
option:  1 client-id  00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0...
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 14 
option:  2 server-id  00:01:00:01:25:a8:56:f2:52:54:00:b5:b2:8f
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 40 
option:  3 ia-na  IAID=1073085951 T1=300 T2=525
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 nest size: 24 
option:  5 iaaddr  fd12:3456:789a:1::bacc PL=600 VL=600
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size:  9 
option: 13 status  0 success
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size:  1 
option:  7 preference  0
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 16 
option: 23 dns-server  fd12:3456:789a:1::1
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size:  7 
option: 39 FQDN  host1
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 available 
DHCPv6 subnet: fd12:3456:789a:1::aaaa/64
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 client MAC 
address: 52:54:00:3f:5c:c0
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 
DHCPREQUEST(eth1) 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 DHCPREPLY(eth1) 
fd12:3456:789a:1::bacc 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c 
host1
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 requested 
options: 23:dns-server
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 tags: 
ctlplane-subnet, known, dhcpv6, eth1
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 18 
option:  1 client-id  00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0...
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 14 
option:  2 server-id  00:01:00:01:25:a8:56:f2:52:54:00:b5:b2:8f
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 40 
option:  3 ia-na  IAID=1073085951 T1=300 T2=525
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 nest size: 24 
option:  5 iaaddr  fd12:3456:789a:1::bacc PL=600 VL=600
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size:  9 
option: 13 status  0 success
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 16 
option: 23 dns-server  fd12:3456:789a:1::1
Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 21 
option: 39 FQDN  host1.mydomain.net

/** DNS entry points to fd12:3456:789a:1::bacc */

Jan 08 10:02:32 server.example.com dnsmasq[1444]: time 1578474152
Jan 08 10:02:32 server.example.com dnsmasq[1444]: cache size 150, 0/0 cache 
insertions re-used unexpired cache entries.
Jan 08 10:02:32 server.example.com dnsmasq[1444]: queries forwarded 0, queries 
answered locally 0
Jan 08 10:02:32 server.example.com dnsmasq[1444]: queries for authoritative 
zones 0
Jan 08 10:02:32 server.example.com dnsmasq[1444]: pool memory in use 0, max 0, 
allocated 0
Jan 08 10:02:32 server.example.com dnsmasq[1444]: server 192.168.122.1#53: 
queries sent 0, retried or failed 0
Jan 08 10:02:32 server.example.com dnsmasq[1444]: Host                          
           Address                        Flags      Expires
Jan 08 10:02:32 server.example.com dnsmasq[1444]: net                           
                                           F  D      Wed Jan  8 10:12:27 2020
Jan 08 10:02:32 server.example.com dnsmasq[1444]: host1.mydomain.net            
 fd12:3456:789a:1::bacc                   6FR D      Wed Jan  8 10:12:27 2020
Jan 08 10:02:32 server.example.com dnsmasq[1444]: bind                          
                                           F I
Jan 08 10:02:32 server.example.com dnsmasq[1444]: host1                         
 fd12:3456:789a:1::bacc                   6F  D      Wed Jan  8 10:12:27 2020
Jan 08 10:02:32 server.example.com dnsmasq[1444]: mydomain.net                  
                                           F  D      Wed Jan  8 10:12:27 2020

/** DHCPv6 request from OVMF UEFI PXE boot is serviced, fd12:3456:789a:1::aacc 
is leased. */

Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 available 
DHCPv6 subnet: fd12:3456:789a:1::aaaa/64
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 vendor class: 
343
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 client MAC 
address: 52:54:00:3f:5c:c0
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 
DHCPSOLICIT(eth1) 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 
DHCPADVERTISE(eth1) fd12:3456:789a:1::aacc 
00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c host1
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 requested 
options: 59:bootfile-url, 60:bootfile-param, 23:dns-server,
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 requested 
options: 16:vendor-class
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 tags: 
ctlplane-subnet, known, efi6, dhcpv6, eth1
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 18 
option:  1 client-id  00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0...
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 14 
option:  2 server-id  00:01:00:01:25:a8:56:f2:52:54:00:b5:b2:8f
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 40 
option:  3 ia-na  IAID=3217423454 T1=300 T2=525
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 nest size: 24 
option:  5 iaaddr  fd12:3456:789a:1::aacc PL=600 VL=600
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size:  9 
option: 13 status  0 success
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size:  1 
option:  7 preference  0
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 37 
option: 59 bootfile-url  tftp://[fd12:3456:789a:1::1]/ipxe.efi
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 16 
option: 23 dns-server  fd12:3456:789a:1::1
Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size:  7 
option: 39 FQDN  host1
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 available 
DHCPv6 subnet: fd12:3456:789a:1::aaaa/64
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 vendor class: 
343
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 client MAC 
address: 52:54:00:3f:5c:c0
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 
DHCPREQUEST(eth1) 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 DHCPREPLY(eth1) 
fd12:3456:789a:1::aacc 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c 
host1
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 requested 
options: 59:bootfile-url, 60:bootfile-param, 23:dns-server,
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 requested 
options: 16:vendor-class
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 tags: 
ctlplane-subnet, known, efi6, dhcpv6, eth1
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 18 
option:  1 client-id  00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0...
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 14 
option:  2 server-id  00:01:00:01:25:a8:56:f2:52:54:00:b5:b2:8f
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 40 
option:  3 ia-na  IAID=3217423454 T1=300 T2=525
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 nest size: 24 
option:  5 iaaddr  fd12:3456:789a:1::aacc PL=600 VL=600
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size:  9 
option: 13 status  0 success
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 37 
option: 59 bootfile-url  tftp://[fd12:3456:789a:1::1]/ipxe.efi
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 16 
option: 23 dns-server  fd12:3456:789a:1::1
Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 21 
option: 39 FQDN  host1.mydomain.net

/** DNS entry now points to fd12:3456:789a:1::aacc */

Jan 08 10:03:39 server.example.com dnsmasq[1444]: time 1578474219
Jan 08 10:03:39 server.example.com dnsmasq[1444]: cache size 150, 0/0 cache 
insertions re-used unexpired cache entries.
Jan 08 10:03:39 server.example.com dnsmasq[1444]: queries forwarded 0, queries 
answered locally 0
Jan 08 10:03:39 server.example.com dnsmasq[1444]: queries for authoritative 
zones 0
Jan 08 10:03:39 server.example.com dnsmasq[1444]: pool memory in use 0, max 0, 
allocated 0
Jan 08 10:03:39 server.example.com dnsmasq[1444]: server 192.168.122.1#53: 
queries sent 0, retried or failed 0
Jan 08 10:03:39 server.example.com dnsmasq[1444]: Host                          
           Address                        Flags      Expires
Jan 08 10:03:39 server.example.com dnsmasq[1444]: net                           
                                           F  D      Wed Jan  8 10:13:38 2020
Jan 08 10:03:39 server.example.com dnsmasq[1444]: host1.mydomain.net            
 fd12:3456:789a:1::aacc                   6FR D      Wed Jan  8 10:13:38 2020
Jan 08 10:03:39 server.example.com dnsmasq[1444]: bind                          
                                           F I
Jan 08 10:03:39 server.example.com dnsmasq[1444]: host1                         
 fd12:3456:789a:1::aacc                   6F  D      Wed Jan  8 10:13:38 2020
Jan 08 10:03:39 server.example.com dnsmasq[1444]: mydomain.net                  
                                           F  D      Wed Jan  8 10:13:38 2020



--
Harald


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 - Multiple reservations for single host

Reply via email to