Novell Home

Working with DHCP in OES 2.0 Linux

Novell Cool Solutions: AppNote
By Bindu Nayar, Ruma Chakraborty

Digg This - Slashdot This

Posted: 27 Sep 2007
 

1. Working with DHCP in OES 2.0 Linux

This AppNote examines Novell DHCP in OES 2.0 Linux and introduces its new features.

This AppNote is divided into the following sections:

2. Introduction to DHCP

The Dynamic Host Configuration Protocol (DHCP) is a mechanism to allocate network addresses as well as certain host-specific configuration parameters from a DHCP server to a host. It uses a client/server structure to provide configuration parameters to hosts.

DHCP on Linux is based on the latest implementation from ISC and is distributed as a part of SLES distro. It has significant enhancements compared to the DHCP solution on NetWare and has moved from a proprietary implementation of DHCP to a more standard based and RFC compliant solution.

To simplify the management of IP addresses, Novell includes Dynamic Host Configuration Protocol(DHCP) integrated tightly with LDAP in OES 2.0. This gives additional value to the customers on top of the file based implementation available from ISC. This enables you to centrally configure, administer and manage IP addresses and host names in an enterprise wide network.

The new solution on Linux maintains feature parity with the existing solution on NetWare. On the management side, the interface for managing DHCP objects on Linux remain the same as on NetWare.

In addition to this, DHCP on Linux has significant enhancements in terms of Secured Dynamic Updates, Subnet sharing, User classes, support of Option 82 and other RFC compliant features.

NetWare and Linux DHCP servers can coexist in the same tree serving different subnets. To migrate from NetWare to Linux, YaST based migration utility is provided.

3. Difference between DHCP solutions on Linux and NetWare

NetWare DHCP Server is tightly integrated with eDirectory using a proprietary eDirectory schema. All the configuration and leased data are stored in eDirectory, which helps in centralized administration and enterprise-wide management of DHCP Services.

NetWare DHCP can be administered and managed using a Stand Alone Java utility or iManager.

Linux DHCP supports almost all the features supported in NetWare. It comes with a new schema which provides significant improvements in terms of additional functionality and RFC compliance. Although the underlying basic functionality remains same, there are significant additions in the representation of the DHCP data

When you install Novell DHCP Services on Linux, the schema is extended automatically. This creates the following new NDS objects:

  • dhcpLocator
  • DHCPGroup
  • DHCP_<hostname of the server>

Section 4 explains the new objects introduced in OES 2.0 Linux. Section 5 explains the objects which have changed their identity but are similar to some corresponding item in NetWare.

Let us look at the enhancements offered by OES 2.0 Linux:

Multiple Interfaces:

Linux DHCP server supports multiple interfaces like text file and LDAP enabled directory service (Open LDAP, eDirectory) for configuration data storage unlike the single eDirectory interface in NetWare. Configuration of a file-based DHCP server can be managed by YaST and other open source tools like Webmin. Though NetWare DHCP provides centralized administration and eDirectory integration, it lacks many features in other platforms like Linux and Windows.

LDAP integration is limited to configuration and doesn't support leased data, which is stored in ASCII format at /var/lib/dhcp/db/dhcpd.leases in the local system.

Secured Updates:

Apart from the data representation, there are improvements in the operational aspects in terms of Secured Dynamic Updates. The secured updates are based on RFC 2136 and thus OES 2 Linux DHCP server can work with any DNS server doing a secured update. This helps you to work in a mixed environment with Windows, Linux, NetWare or any other DNS server which understands 2136 updates. This is an improvement over the NetWare DHCP server which was limited to Novell proprietary updates thus limiting its co-existence with NetWare DNS.

Managing eDirectory Objects:

The enhanced management interface has provisions to administer the new objects which are introduced with OES 2 Linux. It has the same management interfaces as NetWare. However management through iManager is limited to eDirectory only. iManager cannot be used to manage DHCP Server with configuration stored in files or any other LDAP server other than eDirectory. Instead use of YaST is recommended to do file based or OpenLDAP based DHCP.

The tab based view of the new DHCP iManager plugin and the tree view of iManager 2.7 introduced in OES Linux 2.0 enhances the usability of the iManager plugin.

The Management utility does not provide subnet utilization details as the lease-data is stored in files.

4. DHCP configuration objects introduced in OES Linux

  1. Service:

    The DHCP Service object is an container object that contains the DHCP configuration for entire network, subset of the networks or a single server.

  2. Class:

    The Class object helps in segregating clients into classes and these clients can be treated differently depending on the class they are in. For example, you can declare a class of clients and do address allocation based on that.

    In the example below, we define a class which segregates clients based on the Vendor class option sent by them. If the option starts with "SUNW" as the first 4 letters, the clients become a membner of myClass. All clients which belong to this category will get IP addresses between 192.10.29.10 and 192.10.29.250. They will be strictly denied IP addresses between 192.10.224.10 and 192.10.224.230.

    class "myClass" {
    	match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
    		}
    shared-network 224-29 {
            subnet 192.10.29.0 netmask 255.255.255.0 {
    	}
              subnet 192.10.224.0 netmask 255.255.255.0 {
             }
    
    pool {
    	allow members of "myClass";
    	range 192.10.29.10 192.10.29.250;
    	}
    pool {
    	deny members of "myClass";
    	range 192.10.224.10 192.0.224.230;
    	}
    }

  3. Zone:

    A DNS Zone object is an eDirectory™ container object that holds all the data for a single DNS zone. DHCP Zone is the actual DN of each DNS Zone object which contains the address of the DNS server which is used for dynamic updates.


  4. TSIG Key:

    TSIG stands for "Transaction signature" and is used for cryptographically signing the dynamic updates between DHCP and DNS using a secret key. When you set your DNS server to allow updates from the DHCP server, you may be exposing it to unauthorized updates. To avoid this, it is recommended to use TSIG signatures.

5. Other DHCP Configuration Objects

  1. Server:

    The DHCP Server object serves one or more DHCP service objects. Each DHCP server can be associated with one or more DHCP services depending on the needs of your organization. In a typical scenario, there must be one DHCP Server object configured for every system running DHCP Service.
    Keeping the DHCP server and its configuration details (in DHCP Service) as separate entities provide the much needed flexibility in associating and switching between DHCP Servers and configurations. DHCP Server in Linux is not associated with any NCP server.

  2. Shared network:

    Some installations have physical networks on which more than one IP subnet operates. Shared Network will list what pools and subnets are in one physical network. This is similar to the SubnetPool on NetWare. A shared network object has to be created under a Service object.

  3. Subnet:

    Subnet object includes configuration information associated with a subnet, including a range and a net mask. It can also be used to provide subnet-specific parameters and to specify what addresses may be dynamically allocated to clients booting on that subnet. This is similar to the Subnet object in NetWare, however, in Linux Subnet objects should be contained within a Service or a Subnet Pool.

    If clients on a subnet are to be assigned addresses dynamically, a range declaration must appear within the subnet declaration. For clients with statically assigned addresses, or for installations where only known clients will be served, each such client must have a host declaration.

    For every physical subnet to which the DHCP server is connected, there must be one subnet declaration, which tells DHCP how to recognize that an address is on that subnet.

    Note: In Linux DHCP options can be configured at any level including the Service, Subnet, Server, Class, Pool and Host. The options configured at the host will override options at the Subnet level. Options configured at the Subnet level will override those configured at the Service level. However, certain NetWare specific options are not standard options available on Linux, eg All suboptions of Option 62. To configure them add it as part of Custom options. Instead some new options like Option 82 are newly introduced.

  4. Pool

    The pool declaration can be used to specify a pool of addresses that will be treated differently than another pool of addresses, even on the same subnet. It is also possible to set up entirely different subnets for known and unknown clients. Pools exist at the level of shared networks, so address ranges within pool declarations can be on different subnets. You can create multiple pool objects under a Subnet object.

    The pool object must be created under a service-shared network hierarchy.

  5. Host:

    The Host object represents a client in the network with statically assigned IP address and is identified by a host name.

    When configuring an individual host object, you can provide specific options that override options that are set at the subnet/service level. NetWare IP addresses are similar to Host addresses in Linux but the difference lies in allocation of the IP address. For example, If an IP address is a part of dynamic address range and also assigned manually to a host then NetWare DHCP server will not assign this particular IP address to any other host but the standard DHCP server can assign this IP address to other host.

    Note: When a host is configured with a fixed IP address, the admin is responsible to eliminate the IP address from the pool declaration. For eg. The range of addresses defined within a pool is from 192.10.1.0 -192.10.1.30. And we configure a Host with fixed address as 192.10.1.20 , then the range of IP addresses will be divided into two ranges one with range from 192.10.1.0-192.10.1.19 and other as 192.10.1.21-192.10.1.30.
  6. With all the above descriptions the table below gives the differences between configuration objects in NetWare and Linux:

    Table: Comparison of configuration objects of NetWare and Linux

    NetWare DHCP object hierarchy OES Linux DHCP object hierarchy
     
    Subnet Pool
             Subnet
    Address Range
    IP address(Manual)
    IP address(Leases)
     
     
     
    +Service
    #Shared Network
             #Subnet
    #Pool(with Address Range)
    #Host
     
    +TSIGKey
    +Class
    +Zone

    +: New Objects in Linux DHCP
    #: Linux Objects mapped to NetWare objects

Better things to offer to customers

With DHCP in OES Linux the following things are offered as additional features:

  1. Secure LDAP authentication through CASA. This is recommended and the default but is optional.
  2. File based server configuration is also supported providing multiface interface support of DHCP in Linux.
  3. RFC 2136 compliant secured DDNS which helps Linux DHCP to co-exist with any DNS server allowing 2136 compliant updates.
  4. Seamless Migration tool from NetWare to Linux OES 2.0.
  5. Secured DDNS
  6. Better management interface.

Limitations

There are some limitations as well. The management plugins will not allow you to configure the entire gamut of configurations which the current LDAP integrated DHCP supports. However, most of the basic configurations are supported. Particularly, all the configurations in DHCP which are similar to NetWare are supported. Some of the things which were existing in NetWare and will not be supported in Linux are as follows:

  • Remote start and stop of DHCP services are supported through iManager however command line parameters can't be passed while loading and unloading remotely from iManager.
  • Features like last used option, subnet utilization, SNMP traps, mobile user option, Event and Audit log are not supported.
  • DHCP server does not support fault tolerance. However, if a DHCP server is running with its configurations in eDirectory, a local copy of the eDirectory configuration is logged in /var/log/dhcp-ldap-startup.log by default. So if by chance the eDirectory goes down for sometime this log file can be copied to /etc/dhcpd.conf file and one can fallback to a file based DHCP.
  • The following NetWare specific global options are not supported:
    • wild-card support in Exclude Include of MAC address,
    • support of 22 different hardware types in IP address management, in Linux only 3 types are supported.

Also, there is no interoperability of NetWare and Linux DHCP servers. This is because of the differences in the configuration elements in Linux and NetWare as has been discussed in Section 4 and Section 5.

6. Case Study

Objective :Install DHCP server and provide IP addresses to a specified subnet

Assumptions: The basic configuration for DHCP would be Server, Service, Subnet, and Address Pool.

Server machine IP address: 192.10.1.1
Subnet mask              : 255.255.255.0
Serve  for               : 40 clients which can be assigned IP in the same subnet.
Procedure:
  1. In the YaST install, on the Installation Settings page, click Software to go to the Software Selections and System Tasks page.

    From the OES Services option, select Novell DHCP. You will see that when you select the "Novell DHCP" option, the dependencies get selected as well.

    Click Accept.
    After installation, verify the presence of following objects in the eDirectory tree using iManager:
    • dhcpLocator
    • DHCPGroup
    • DHCP_<hostname>

  2. Ensure the /etc/dhcpd.conf file contains the following parameters
    ldap-server 
    ldap-port 
    ldap-ssl
    ldap-base-dn
    ldap-method 
    ldap-debug-file 
    ldap-dhcp-server-cn 
    ldap-referrals

  3. Open the url: https:<ipaddress of a server running iManager>/nps/iManager.html in IE/Mozilla browser.

  4. Login to the tree of which the server 192.10.1.1 is a part as admin or the preferred user who has proper rights to the dhcp objects.

  5. Go to the DHCP(OES Linux) role on the left pane. Select Service task. Choose to Create Service from the Available Task drop down list. Give the Service name and choose the Context from the NDS browser. In this example here we take the ServiceName as TestService and the context as novell.

  6. Go to the DHCP(OES Linux) role on the left pane. Select Service task. Choose View/Modify Service. Click the General tab. In the Select the Server drop down choose the required server.

  7. Go to the DHCP(OES Linux) role on the left pane. Select Subnet task. Choose Create Subnet from the Available Task drop down list. In the next screen in the Select the Service drop down box choose the "TestService.novell" and in the Subnet IP address field type 192.10.1.0 and in the Subnet mask field type 255.255.255.0. Click on Create. The screen shot given below shows the relevant entries.




  8. Go to the DHCP(OES Linux) role on the left pane. Select Pool task. Choose Create Pool from the Available Task drop down list. In the next screen in the Select the Service field choose the "TestService.novell" and in the Select the Subnet field choose "192.10.1.0.TestService.novell". Give a name to the Pool. The name is considered only for iManager. DHCP server does not require the pool name. Give Start Address as 10 and End Address as 50 and Click on OK.

  9. Go to the DHCP(OES Linux) role on the left pane. Select Server task. Choose Load/Unload Server from the Available Task drop down list. Give the server IP address(192.10.1.1) or the DNS server name in the text box entry which comes on the next page. Click on OK. In the next page select to Load the server. It is expected that the server should be loaded successfully.

    Your DHCP server is now ready to serve the required clients in your network with an IP addresses between 192.10.1.10 and 192.10.1.50


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell