DHCPDEXPERIMENT

Or how to spend 2 days on a problem that is not a problem.

While preparing a dhcp server on my project, I had a small design problem, as the VLANs under Linux are on the same physical interface (where the trunk arrives), I couldn’t set up a dhcp (because the address is the same and the lease will be given to the first one connected in a FIFO way).

I want to insist on the point that this problem does not exist under OpenBSD, because, on OpenBSD, I just have to set up a virtual ethernet on my vlan interface and I have a unique mac address for my vether.

so, in order to have a unique mac address, I found as an option the macvlan (\o/ <- epic win, at least that’s what I thought).

but (there’s always a but), I end up with the same problem as with openvswitch… damn MAC address that changes with each reboot. So I tried to fix the address, to change options in the kernel… nothing to do, I can’t do it (you can by making an ip link … address… but it’s very dirty and you have to put it in a cron at @onboot, I don’t like it).

Let’s continue our research, and by reading the documentation (this is a first). I discover this wonderful option in the dhclient.conf: dhcp-client-identifier which allows me to add an identifier so that it is this one that is taken into consideration instead of the mac address.
But there you go, impossible to make it work. Each time I modify the /etc/dhcp/dhclient.conf it doesn’t change anything to the problem.

host server-3-v9 {
    option dhcp-client-identifier "SRV3-VLAN9"; 
    fixed-address 192.168.122.253; 
} 
iterface "VLAN9" {
  send option dhcp-client-identifier "SRV3-VLAN9";
}

After a bit of research I realise that nothing changes and, re-reading my notes from the LPI certification preparation courses, I figure out that for Redhat, dhclient is daemonised and that it is necessary to delete the lease in order to request a new one with ‘dhclient -r iface’. What an idiot… I try again, do a dhclient VLAN9 and it works BUT…

that’s it, it doesn’t survive the reboot :'(
After a few hours of coffee. I go back to work and above all I lift my paws from the keyboard to think. When suddenly I experiment a micro-satori, the idea comes to my mind, the interface is managed by NetworkManager and has nothing to do with the dhclient daemon .
Ahhhhh for sure.

We’re moving forward.
By searching a little bit, I find the option I want so much and when I create my connection I directly add the client id and all is well in the best of worlds.
Well almost.

nmcli connection add type vlan ifname VLAN9 dev ens3 id 9 connection.zone admin_network ipv4.dhcp-client-id "SRV3-VLAN9"

It doesn’t work any more.
After a short reading break (Networking for System Administrators) which is an exceptional book (help yourself, buy it) I started my analysis again more logically by sniffing the traffic and here is the result.

tcpdump -s1500 -n -vv -X -i vether9 dst port 67  
 tcpdump: listening on vether9, link-type EN10MB
 10:46:06.399534 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok]  xid:0x54a42a70 secs:1 vend-rfc1048 DHCP:DISCOVER CID:0.83.82.86.51.45.86.76.65.78.57 PR:SM+TZ+NS+HN+DN+MTU+BR+121+DG+SR+YD+YS+NTP+119+249+252+RP MSZ:576 HN:"server-3" (DF) [tos 0xc0] (ttl 64, id 0, len 318)
   0000: 45c0 013e 0000 4000 4011 38f0 0000 0000  E..>..@.@.8…..
   0010: ffff ffff 0044 0043 012a 160e 0101 0600  …..D.C.……   
   0020: 54a4 2a70 0001 0000 0000 0000 0000 0000  T.p…………
   0030: 0000 0000 0000 0000 0cfb 8a49 c900 0000  ………..I….
   0040: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0050: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0060: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0070: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0080: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0090: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0100: 0000 0000 0000 0000 6382 5363 3501 013d  ……..c.Sc5..=
   0110: 0b00 5352 5633 2d56 4c41 4e39 3711 0102  ..SRV3-VLAN97…
   0120: 060c 0f1a 1c79 0321 2829 2a77 f9fc 1139  …..y.!()*w…9
   0130: 0202 400c 0873 6572 7665 722d 33ff       ..@..server-3.

As can be seen, at 0110 nmcli add type 0b and a null byte at the beginning of the ID. After reading some articles online, I tried to add \0 in the server configuration without any conclusive result.
So, I tried to put directly the values in hexa which was well taken into account without adding the null byte.

nmcli connection add type vlan ifname VLAN9 dev ens3 id 9 connection.zone admin_network ipv4.dhcp-client-id 53:52:56:33:2d:56:4c:41:4e:39

and now:

tcpdump -s1500 -n -vv -X -i vether9 dst port 67       
 tcpdump: listening on vether9, link-type EN10MB
 10:42:15.012423 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok]  xid:0x6a404d4e secs:1 vend-rfc1048 DHCP:REQUEST CID:83.82.86.51.45.86.76.65.78.57 PR:SM+TZ+NS+HN+DN+MTU+BR+121+DG+SR+YD+YS+NTP+119+249+252+RP MSZ:576 RQ:192.168.122.253 HN:"server-3" (DF) [tos 0xc0] (ttl 64, id 0, len 323)
   0000: 45c0 0143 0000 4000 4011 38eb 0000 0000  E..C..@.@.8…..
   0010: ffff ffff 0044 0043 012f f15c 0101 0600  …..D.C./..…
   0020: 6a40 4d4e 0001 0000 0000 0000 0000 0000  j@MN…………
   0030: 0000 0000 0000 0000 0cfb 8a49 c900 0000  ………..I….
   0040: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0050: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0060: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0070: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0080: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0090: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  …………….
   0100: 0000 0000 0000 0000 6382 5363 3501 033d  ……..c.Sc5..=
   0110: 0a53 5256 332d 564c 414e 3937 1101 0206  .SRV3-VLAN97….
   0120: 0c0f 1a1c 7903 2128 292a 77f9 fc11 3902  ….y.!()*w…9.
   0130: 0240 3204 c0a8 7afd 0c08 7365 7276 6572  .@2…z…server
   0140: 2d33 ff                                  -3.

0110: Type 0a it work.

Finally I can make my epic win => \o/