我试图在4个networking接口eth0-3上设置一个dhcp服务器(在debian 8上的isc dhcpd(在esxi环境中的vm))。 dhcp服务器应该在接口eth1 , eth2 , eth3上提供不同的子网。 每个子网都有自己的vSwitch(vSphere),dhcp服务器连接到每个vSwitch。
networking接口设置如下所示:
source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.100 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 auto eth1 iface eth1 inet static address 10.0.0.1 netmask 255.255.255.0 network 10.0.0.0 broadcast 10.0.0.255 auto eth2 iface eth2 inet static address 172.16.0.1 netmask 255.255.255.0 network 172.16.0.0 broadcast 172.16.0.255 auto eth3 iface eth3 inet static address 10.0.1.1 netmask 255.255.255.0 network 10.0.1.0 broadcast 10.0.1.255 目前的dhcpdconfiguration如下所示:
# dhcpd.conf default-lease-time 600; max-lease-time 7200; subnet 172.16.0.0 netmask 255.255.255.0 { range 172.16.0.2 172.16.0.100; option subnet-mask 255.255.255.0; option domain-name-servers 172.16.0.1; option routers 172.16.0.1; option broadcast-address 172.16.0.255; } subnet 10.0.0.0 netmask 255.255.255.0 { range 10.0.0.2 10.0.0.100; option subnet-mask 255.255.255.0; option domain-name-servers 10.0.0.1; option routers 10.0.0.1; option broadcast-address 10.0.0.255; } subnet 10.0.1.0 netmask 255.255.255.0 { range 10.0.1.2 10.0.1.100; option subnet-mask 255.255.255.0; option domain-name-servers 10.0.1.1; option routers 10.0.1.1; option broadcast-address 10.0.1.255; }
最后,dhcpd初始化脚本如下所示:
# /etc/default/isc-dhcp-server DHCPD_CONF=/etc/dhcp/dhcpd.conf DHCPD_PID=/var/run/dhcpd.pid INTERFACES="eth1 eth2 eth3"
到现在为止还挺好。 但是,目前发生的情况是,客户端只能通过eth1接口获得DHCPstream量。 另外两个networking接口被忽略。 即使当我从isc-dhcp-server init脚本中删除eth1时,它仍然被使用并提供ip地址:
isc-dhcp-server[1467]: Starting ISC DHCP server: dhcpd. dhcpd: DHCPDISCOVER from 00:0a:26:37:6f:12 via eth1 dhcpd: DHCPOFFER on 10.0.0.2 to 00:0a:26:37:6f:12 (client0) via eth1 dhcpd: DHCPREQUEST for 10.0.0.2 (10.0.0.1) from 00:0a:26:37:6f:12 (client0) via eth1 dhcpd: DHCPACK on 10.0.0.2 to 00:0a:26:37:6f:12 (client0) via eth1
我怎样才能确定,某个networking/子网只能通过特定的networking接口进行服务? dhcp服务器如何知道哪个客户端属于哪个子网? 我知道我可以使用主机符号(硬件地址,主机名等)为子网指定主机。 但是,对于我来说,打破了DHCP的目的,因为我希望能够dynamic分配IP地址,而不必接触DHCPconfiguration,只要我添加一个新的客户端到子网。
所以在这里我们稍微解释一下发生了什么。 请注意,我强烈build议在testing环境中运行configuration,以确保一切按照您的要求运行!
编辑:请注意,您的交换机需要正确configuration。 我们正在使用CISCO交换机。 要生成OMAPI密钥,您可以按照guide1或guide2 。
如何使isc-dhcp-server在多个子网上侦听。 这个迷你指南将给你一个基本的configuration思路和一些额外的材料阅读,以充分理解发生了什么事情。
dhcpd.conf中:
omapi-port 7911; omapi-key omapi_key; key omapi_key { algorithm hmac-md5; secret your-secret-key; } # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; # option definitions common to all supported networks... # option domain-name-servers xxxx,yyyy; option netbios-node-type 2; default-lease-time 7200; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # Failover Configuration failover peer "failover-partner" { primary; # this servers ip address address AAAA; port 519; # dhcp failover ip address peer address BBBB; peer port 520; max-response-delay 60; max-unacked-updates 10; mclt 3600; split 128; load balance max seconds 3; } # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. # here we include specific configuration files for our different subnets. # I'll provide an example for a configuration file, all other subnet configuration files # are (in my scenario) written the same way. include "/etc/dhcp/XY1.Z.conf"; include "/etc/dhcp/XY2.Z.conf"; include "/etc/dhcp/XY3.Z.conf";
XY1.Z.conf:
#____________________________________ # subnet information XY1.0/24 #____________________________________ subnet XY1.0 netmask 255.255.255.0 { deny client-updates; deny unknown-clients; # gateway of this subnet option routers XY1.254; # DNS server(s) option domain-name-servers 123.123.123.1, 123.123.123.2; # search domain(s) for this subnet. Needs the "" to work! option domain-search "domain1", "domain2"; # name of domain of this subnet (if exists, otherwise comment out) option domain-name "mydomain"; # ntp server if you are running one option ntp-servers XYZ254; default-lease-time 86400; max-lease-time 86400; group { use-host-decl-names on; # Infodisplay host dns-name-1 { # mac address of client hardware ethernet 00:00:00:00:00:00; # ip address the above mac address will receive fixed-address 123.123.123.1; } }
其他子网的configuration文件也是相同的。 请确保,如果您在ESXi内部运行DHCP虚拟机,则可使虚拟机适用于您的所有networking/ VLAN。 然后, isc-dhcp-server需要监听所有期望的networking,以便在isc-dhcp-server的一个运行实例内处理所有不同的子网。 如果你想省略宕机时间或非工作networking,你当然可以在slave模式下运行第二台虚拟机,其中isc-dhcp-server是这样的:
从属dhcpd.conf:
omapi-port 7911; omapi-key omapi_key; key omapi_key { algorithm hmac-md5; secret your-secret-key; } # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages ('none', since DHCP v2 didn't # have support for DDNS.) ddns-update-style none; # option definitions common to all supported networks... # option domain-name-servers xxxx,yyyy; option netbios-node-type 2; default-lease-time 7200; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # Failover Configuration failover peer "failover-partner" { primary; # this servers ip address address BBBB; port 519; # dhcp master ip address peer address AAAA; peer port 520; max-response-delay 60; max-unacked-updates 10; mclt 3600; split 128; load balance max seconds 3; } # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. # here we include specific configuration files for our different subnets. # I'll provide an example for a configuration file, all other subnet configuration files # are (in my scenario) written the same way. include "/etc/dhcp/XY1.Z.conf"; include "/etc/dhcp/XY2.Z.conf"; include "/etc/dhcp/XY3.Z.conf";
确保两台机器上的密钥相同,否则客户端和服务器无法通信,或者如果服务器发生故障,从服务器甚至不能进行故障切换,从服务器将接pipedhcpfunction。
如果您有硬件/设置选项,请在实验环境中设置所有这些选项。
请不要在生产环境中立即运行 。
你可以停止让你的networking客户端在几秒钟内工作,这是你的老板不会喜欢的。