Legacy DHCP server

Note

This document is kept for reference purposes and describes DHCP servers in versions prior to 2016.2. In 2016.2 a new and improved way to configure DHCP servers was introduced. Legacy DHCP server setups will continue to work in Bonded Internet 2016.1, but this feature is deprecated in 2016.2.

Bonders can host a DHCP server. This eliminates the need for a customer-supplied gateway at the customer premises.

Checking for manually installed DHCP servers

To check which nodes have a DHCP server manually installed, SSH into your management server and run the following command:

salt -G 'type:bonder' cmd.run 'case "$(readlink /proc/$(netstat -lnup | grep :67 | awk '"'"'{ print $6 }'"'"' | cut -d '"'"'/'"'"' -f1)/exe)" in "/usr/lib/bonding/bin/dnsmasq" ) echo "Bonding DHCP" ;; "" ) echo "No DHCP" ;; * ) echo "Other DHCP - remove prior to enabling DHCP on any connected IPs" ;; esac'

The result should identify nodes as having “Bonding DHCP”, “Other DHCP” or “No DHCP”. The nodes of interest are those which report “Other DHCP”. In this case, steps to remove this manually installed DHCP server should be taken. Nodes that report “Bonding DHCP” are up-to-date and running the correct version. For example,

node-44:
    Bonding DHCP
node-101:
    Other DHCP - remove prior to enabling DHCP on any connected IPs
node-115:
    No DHCP
node-740:
    Minion did not return. [Not connected]

This means that the bonder with ID 44 is running the newest version of Bonding DHCP, bonder 101 is running a manually installed DHCP server, bonder 115 isn’t running DHCP at all, and bonder 740 is not responding to the salt call.

Removal

To remove the legacy DHCP server, run the following commands. If you installed a DHCP server other than dnsmasq, please remove the service according to their documentation and re-run the above salt command to verify the removal succeeded.

service dnsmasq stop
apt-get remove dnsmasq
rm /etc/dnsmasq.conf.orig
service firewall stop
rm /etc/firewall.d/40_dhcp
service firewall start

Scenario

The result of DHCP setup instructions will be:

  1. CPE will have a private connected IP, 10.10.0.1/24 on eth0.
  2. Outgoing customer traffic will be translated through a single IP set up using a CPE NAT IP. The IP in our examples will be 203.0.113.1. Incoming traffic from that IP will be sent to the bonder itself. See CPE NAT IP documentation for how to change this if incoming traffic should be sent to one of the the customer’s hosts.
  3. Customer hosts will be assigned IPs from 10.10.0.100 to 10.10.100.199 by dnsmasq, a popular, small DNS forwarder and DHCP server.
  4. Customer hosts will use Google public DNS.

Configure bond

Configure the bond as follows:

  1. Create a private connected IP 10.10.0.1, netmask 255.255.255.0, interface eth0, and automatic aggregator routing. Save the form before adding the CPE NAT IP.
  2. Create a CPE NAT IP, address 203.0.113.1, destination NAT IP 10.10.0.1. (Replace 203.0.113.1 with an IP from your own datacenter.)

Configure DHCP server

Install dnsmasq.

apt-get install dnsmasq

Move the original dnsmasq configuration file to a new location. You will create a new configuration file.

mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

Configure dnsmasq by editing the file /etc/dnsmasq.conf:

/etc/dnsmasq.conf

interface=eth0 # eth0 is the network DHCP will listen on
dhcp-range=10.10.0.100,10.10.0.199,12h # DHCP start of range, end of range, and lease length in hours
dhcp-option=3,10.10.0.1 # Network gateway (the bonder)
dhcp-option=6,8.8.8.8,8.8.4.4 # DNS servers
port=0 # Disable DNS forwarding

Restart dnsmasq:

service dnsmasq restart

Add a firewall hook to allow DHCP requests from eth0. If the DHCP network is not eth0, specify the interface in the file /etc/default/firewall.d/40_dhcp:

/etc/default/firewall.d/40_dhcp

INTERFACE="eth2" # This file is only necessary if the DHCP network is not eth0

A default hook is distributed in the bonding package. Enable it with the following commands:

service firewall stop
ln -s /etc/firewall.d/40_dhcp.disabled /etc/firewall.d/40_dhcp
service firewall start

Test

  1. Connect a PC to eth0 of bonder, either directly or through a switch.
  2. Configure the PC for DHCP.
  3. Refresh the DHCP lease. On a Windows PC, open a command prompt and type: ipconfig /release ipconfig /renew
  4. Wait for DHCP to complete. Verify the settings are correct:
    1. IP: some IP from 10.10.0.100 to 10.10.0.199
    2. Netmask: 255.255.255.0
    3. Gateway: 10.10.0.1
    4. DNS servers: 8.8.8.8 and 8.8.4.4
  5. Verify the network address translation works properly: open a browser to icanhazip.com. The contents of the page should be the CPE NAT IP (i.e. 203.0.113.1).