DHCP Server Question. I am questioning the IT consulting group..... | docsis.org

You are here

DHCP Server Question. I am questioning the IT consulting group.....

9 posts / 0 new
Last post
redpeppers
DHCP Server Question. I am questioning the IT consulting group.....

An IT consulting group is telling me that i must have a DHCP server running for each property of mine. The problem stated by them is the fact that each property has a different WAN IP and IP block (T1 to each property) I would like to use one DHCP server for all properties if possiable.....Ideas?

bealsm
If you are talking about

If you are talking about connecting to the property through the internet cloud, then having one per property is the best option IMHO. That's what I'm doing right now and it works well.

If you wanted to get around this, you would have to:

1. Give the DHCP server and CMTS a public IP (or at least public ports), and setup DHCP relay for CM's and CPE's. Doable, but your DHCP server is public... It can be locked down with firewall rules, but it still seems like a bad idea to me.

2. VPN. Put modems and CPE's on different networks and create a VPN tunnel from the CM network back to the main corporate office with the DHCP server. Use DHCP relay to forward CPE DHCP requests over to the CM network. We actually experimented with this solution, but found VPN to be too unstable

3. MPLS. MPLS is like VPN but more stable. You in essence have your own backbone where all traffic is delivered back to your main network. You have complete control over the networking.

Right now I run 4 sites with their own DHCP/TFTP servers which I manage with a home-built provisioning system that uses a master msyql database of subscribers and OMAPI to authorize/deactivate modems on the remote servers. It actually works really well and is fairly fault tolerant. We are in the process of upgrading to an MPLS network where we will consolidate down to one DHCP (well one and a failover) server.

redpeppers
one DHCP server for all properties.....

I want one DHCP server that handles all properties. IDEAS?

Where there's a wire there's a way.

bealsm
I gave you 3 options. You

I gave you 3 options.

You are going to want to have two isolated networks on each property (one for the CM's, one for the CPE's). If you use relay on the CMTS, you can put all DHCP traffic from the CPE's on the CM network (or put all DHCP traffic from both networks on it's own third network if you like).

Then you just have to figure out how to allow the CM network to talk to the DHCP server. This part is actually pretty easy to do. You can do it straight through the cloud via NAT or by assigning public IP's and strict firewall rules (1), or by setting up a VPN (2), or with an MPLS network (3). The tricky part is getting a server at the main office to contact the CM's for monitoring and rebooting. That requires the entire CM network to be routable from the main office, which requires giving all cm's a public ip (BAD IDEA), or a vpn/mpls solution.

We never found VPN's to be stable enough to trust, so we run stand alone servers on each property that are centrally managed, and are currently upgrading to MPLS service on a few props.

redpeppers
Can i see a copy or example

Can i see a copy or example of the DHCPD.conf file from someones DHCP server that is running multiple CMTS' at multiple properties......but using only one dhcp server.

bealsm
my config
This is my config for 3 properties connected over an MPLS network. The topology is: Headend: 172.16.0.0/255.255.248.0 DHCP/tftp/TOD server: 172.16.0.7 router to MPLS wan: 172.16.0.8 default gateway: 172.16.0.1 Sites: CM network: 172.16.x.0/255.255.248.0 CPE network: 172.20.x.0/255.255.248.0 CMTS: 172.16.x.9 CMTS CPE realy (helper) IP: 172.20.x.11 CM relay (helper) IP: 172.16.x.9 Router: 172.16.x.8 and 172.20.x.1 Each site has two subnets. The subnet type is identified with the second octet (16 or 20 for CM or CPE respectively) and the property is identified with the third octet. The dhcp server assigns addresses from the pools based on the subnet of the relay IP. We haven't had any issues with latency yet, even when rebooting an entire property, but we are also assigning COS1 priority to CM subnet traffic, so DHCP requests are taking priority over everything else. [code] omapi-port 9991; key omapi_key { algorithm HMAC-MD5; secret "***************************************"; }; omapi-key omapi_key; class "cm" { match if substring(option vendor-class-identifier,0,6) = "docsis"; spawn with option agent.remote-id; } authoritative; ddns-update-style none; log-facility local7; ########################################### ### Default network ### ### ########################################### subnet 172.16.0.0 netmask 255.255.248.0 { } ################################################# ### Property 1 ### ### ################################################### ########################## ##### CM Pool ############ subnet 172.16.8.0 netmask 255.255.248.0 { pool{ range 172.16.8.12 172.16.15.0; option routers 172.16.8.8; option domain-name-servers 12.127.16.68,12.127.16.67; option broadcast-address 172.16.15.255; default-lease-time 86400; max-lease-time 86400; option time-offset -25200; option time-servers 172.16.0.7; option tftp-server-name "172.16.0.7"; next-server 172.16.0.7; server-name "172.16.0.7"; allow members of "cm"; deny unknown-clients; } } ############################# ##### CPE Pool ############## subnet 172.20.8.0 netmask 255.255.248.0 { pool{ range 172.20.8.12 172.20.15.0; option routers 172.20.8.1; option domain-name-servers 12.127.16.68,12.127.16.67; option broadcast-address 172.20.15.255; deny members of "cm"; deny dynamic bootp clients; default-lease-time 86400; max-lease-time 86400; } } ################################################## ### Property 2 ### ### ################################################# ############################## ##### CM Pool ################ subnet 172.16.16.0 netmask 255.255.248.0 { pool{ range 172.16.16.12 172.16.20.0; option routers 172.16.16.8; option domain-name-servers 12.127.16.68,12.127.16.67; option broadcast-address 172.16.23.255; allow members of "cm"; deny unknown-clients; option tftp-server-name "172.16.0.7"; next-server 172.16.0.7; server-name "172.16.0.7"; default-lease-time 86400; max-lease-time 86400; option time-offset -25200; option time-servers 172.16.0.7; } } ############################### ##### CPE Pool ################ subnet 172.20.16.0 netmask 255.255.248.0 { pool{ range 172.20.16.12 172.20.20.0; option routers 172.20.16.1; option domain-name-servers 12.127.16.68,12.127.16.67; option broadcast-address 172.20.23.255; deny members of "cm"; deny dynamic bootp clients; default-lease-time 86400; max-lease-time 86400; } } ################################################# ### Property 3 ### ### ################################################## ############################## ##### CM Pool ################ subnet 172.16.24.0 netmask 255.255.248.0 { pool{ range 172.16.24.12 172.16.31.0; option routers 172.16.24.8; option domain-name-servers 12.127.16.68,12.127.16.67; option broadcast-address 172.16.31.255; default-lease-time 86400; max-lease-time 86400; option time-offset -25200; option time-servers 172.16.0.7; option tftp-server-name "172.16.0.7"; next-server 172.16.0.7; server-name "172.16.0.7"; allow members of "cm"; deny unknown-clients; } } ############################## ##### CPE Pool ############### subnet 172.20.24.0 netmask 255.255.248.0 { pool{ range 172.20.24.12 172.20.31.0; option routers 172.20.24.1; option domain-name-servers 12.127.16.68,12.127.16.67; option broadcast-address 172.20.31.255; deny members of "cm"; deny dynamic bootp clients; default-lease-time 86400; max-lease-time 86400; } } ################################# ## QOS profiles ## ################################ ################# ### Gold: 800x800 group "gold" { filename "gold.bin"; option bootfile-name "gold.bin"; } [/code]
kwesibrunee
It can be done, with cisco

It can be done, with cisco gear the trick is to give the cable or bundle interface a routeable IP as its primary IP, as this is where dhcp requests will originate from after they are relayed through the CMTS.

The problem is the latency between your headends and your central dhcp server. While it does work, it is considerably slower. for normal operations it will work adequately but the first time you have to reboot all the modems plan on a lot longer for them to come up.

We have done it but usually as a bandaid fix while we get an onsite replacement.

Most DHCP clients only have about a 2-3 second timeout, which if they have not received a dhcp response generate a new request. The problem is unless you have a really low latency connection i.e. 10-25 ms it is going to take too long in transit/processing and the dhcp clients are going to send another dhcp request further complicating the problem. I have read in some old cisco CNR docs that if you can't your dhcp reply back to the dhcp client in less than a second or two your going to have problems. This has generally proven true in our systems.

redpeppers
Cable modem config file

Can you paste an example of one of the cable modem config files you are using on there properties so i can reference to the current ones i am using on my networks. Thanks for the info....your a life saver!!

bealsm
i don't have the exact file
i don't have the exact file in front of me, but it's a standard docsis 1.0 config file. Something like this should work: [code] Main { NetworkAccess 1; MaxCPE 3; ClassOfService { ClassID 1; MaxRateDown 1500000; MaxRateUp 256000; PrivacyEnable 0; } } [/code] The one I use is very similar to that, except I put in some MIB filters on junk ports, like netbios
Log in or register to post comments