[Freeipa-devel] [DHCP] tree layout options

Simo Sorce simo at redhat.com
Thu Nov 1 15:43:23 UTC 2012


On Thu, 2012-07-19 at 22:20 +0930, William Brown wrote:
> Find attached two different ldifs showing how the tree for DHCP services
> could be layed out. I personally prefer 2 due to the way that
> sharedNetwork segments can be named uniquely in a location without
> clashing with another location. The way that ISC-DHCP generates the
> config is through essentially a depth-first subtree search of the
> objects below the dhcpService object (In this case, cn=pultney). Due to
> this, I think the best way to split ipv4 and ipv6 due to the conflicting
> DHCP options, would be to make cn=locations,cn=v4,cn=isc,cn=dhcp and
> cn=locations,cn=v6,isc,cn=dhcp OR
> cn=locations4,cn=isc,cn=dhcp and cn=locations6,cn=isc,cn=dhcp
> 
> Additionally, the option1 config does not at this time work with the
> ISC-DHCP server. It seems there is a bug in that it can parse the
> dhcpSharedNetworkDN attributes, and push them to a stack to follow them,
> but never parses the contents of them. Option 2 works, and generates a
> configuration for the networks and subnets correctly, but does not add
> any dhcpHost objects not the dhcpFailOverPeer information. I am
> investigating both.


Hi William,
sorry for the long delay, I finally found some time to look more in deep
at the 2 options, and I think I agree with you that 2 looks a better
option.

It also seem it would allow to have the same numerical newtork in two
separate locations (say a natted 192.168.1.0/24 network used for guests)
so that 2 different groups of dhcp servers would be able to serve that
data without conflict. Am I reading this right ?

It's a bit of a pity that ipv4/ipv6 would need to be split so deep down.
At a first glance it would seem that keeping them under the same
location would make management easy, however after deeper consideration
I can see how ipv6 and ipv4 location may also not overlap at all due the
the big difference in routing and address schemes employed by the two ip
versions, so having them separate at the root is not bad, and UI/CLI
sugar coating can be used to show both if they happen to have same
location subtrees underneath, if necessary.

So 2 seem to be the most promising option including your recommendations
for ipv4/ipv6 subtree splits.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-devel mailing list