just my $.02 - I haven't worked with ubr, but surely have with dhcp - it will assign whomever and whatever information you want, as long as the appropriate subnet is declared within dhcpd.conf. Therefore, CM would probably get an address from the scope where provisioning server is, and where CMTS ports are. However, CPE can get whatever you want, just make sure it is routable both ways. AFAIK CPE can get any address, and it could be completely independent of the CM structure and networks.
as i said i have limited experience with CMTSes so your mileage may vary....
Yes, the DHCP can assign IPs from different subnets - no problem with that.
I'm speaking about subinterfaces, though. I.e. instead of having primary IP address on the cable/bundle interface for modems and secondary addresses for CPEs, I'd like to have them on different subinterfaces, i.e. Bundle1.1 for CMs, Bundle1.2 for CPEs, Bundle1.3 for some VPN client, etc., etc. This way it's easier to build access lists, and more interesting things could be done - different VRFs, etc.
The obvious way to do this would be to expect the CMTS to put the CPE in the subinterface according to the subnet of the IP address assigned from the DHCP. Apparently, that's not the case, or I can't find a way to do it.
There's a way to do this through the CM config file, though it requires hardcoding MAC addresses in it. I think there's a way to do that with some DHCP options in the reply, just can't seem to have a documented way to do that. If anyone has done it, please share your knowledge.
Yes this can be done on cisco hardware with dhcpd, we do this to facilitate autoprovisioning and it works great, however it is tricky.
given the following config:
bundle 1.1
ip address 10.0.0.1 255.255.0.0 #Authorized Modems
ip address 10.0.1.1 255.255.0.0 secondary # Unauthorized modems
bundle 1.2
ip address 192.168.0.1 255.255.255.0 # Authorized Clients
ipaddress 192.168.1.1 255.255.255.0 # Unauthorized Clients (MTA, PC etc....)
You need TWO dhcpd servers to make this work, one for modems and one for clients. The modem dhcpd server is configured with a shared network like this:
# The inclusion of the Authorized Modems subnet here tells DHCPD to treat it as if they were on the same network segment
shared-network AuthorizedModems {
subnet 10.0.0.0 255.255.0.0 {
# Subnet decl for Authed modems purposely left empty
}
subnet 192.168.0.0 netmask 255.255.255.0 {
# Subnet for Authorized clients
allow known-clients;
deny unknown-clients;
}
}
# The inclusion of the Unauthorized Modems subnet here tells DHCPD to treat it as if they were on the same network segment
shared-network UnuthorizedModems {
subnet 10.0.1.0 255.255.0.0 {
# Subnet decl for Unauthed modems purposely left empty
}
subnet 192.168.1.0 netmask 255.255.255.0 {
# Subnet for Unuthorized clients
allow unknown-clients;
deny known-clients;
}
}
On the CMTS you also need two cable helper-addresses on each bundle subinterface like so:
When the modem requests dhcp the cmts sends the dhcp request to the modems dhcpd server with the source address of 10.0.0.1 the modems dhcpd server then assigns it an ip from one of two+ subnets depending on whether it is known(authorized) or not.
When a client requests dhcp, the cmts forwards the request with the modems gateway as the source address, so on the clients dhcpd server if the modem has an IP from 10.0.0.1/16 subnet it will get an ip from 192.168.0.0/24, if the modem the client is connecting behind has an ip from the 10.0.1.0/16 subnet it will assign it an ip from the 192.168.1.0/24 subnet. More subnets can be added for MTAs, specific clients etc....
Hmm, I don't see a logical reason to use two different DHCP servers - if the UBR takes the subnet from the reply to really assign the CM / CPE to the appropriate subinterface, it should not matter if you do split requests from CMs and CPEs or not. Would definitely try that, though.
My idea was to not put all CPEs in one subinterface, though. E.g., in your example setup, put unathorized clients in one subinterface, and authorized in another. Or, put home clients on one subinterface, corporate clients on another, VPN clients each get their own subinterface, etc.
We've been doing this with MPLS tagging and CMs config files, but if the DHCP way works it will be superior.
Do you use this setup (or sth like this) in production, and it really does not require using any special DHCP options in the DHCPD config file?
Tnaks veyr much for your response!
----------------------------------- http://www.net1.cc
Yes we use it in production, it works very well, the reason two dhcpd servers are required is a limitation of dhcpd not the cmts. dhcpd does not allow the same subnet to be used in two different shared-networks on the same server, it does not generate an error but the second shared network is never looked at when requests come in. If you were to use ciscos CNR you could it with one server, other dhcp servers probably work as well.
We actually use one server still, but we use Virtual Machines to run both the client and modem dhcpd servers on the same machine. and the second machine for failover.
theoretically - why not?
Hey there Lancey,
just my $.02 - I haven't worked with ubr, but surely have with dhcp - it will assign whomever and whatever information you want, as long as the appropriate subnet is declared within dhcpd.conf. Therefore, CM would probably get an address from the scope where provisioning server is, and where CMTS ports are. However, CPE can get whatever you want, just make sure it is routable both ways. AFAIK CPE can get any address, and it could be completely independent of the CM structure and networks.
as i said i have limited experience with CMTSes so your mileage may vary....
.play.open.minded.
Yes, the DHCP can assign IPs
Yes, the DHCP can assign IPs from different subnets - no problem with that.
I'm speaking about subinterfaces, though. I.e. instead of having primary IP address on the cable/bundle interface for modems and secondary addresses for CPEs, I'd like to have them on different subinterfaces, i.e. Bundle1.1 for CMs, Bundle1.2 for CPEs, Bundle1.3 for some VPN client, etc., etc. This way it's easier to build access lists, and more interesting things could be done - different VRFs, etc.
The obvious way to do this would be to expect the CMTS to put the CPE in the subinterface according to the subnet of the IP address assigned from the DHCP. Apparently, that's not the case, or I can't find a way to do it.
There's a way to do this through the CM config file, though it requires hardcoding MAC addresses in it. I think there's a way to do that with some DHCP options in the reply, just can't seem to have a documented way to do that. If anyone has done it, please share your knowledge.
-----------------------------------
http://www.net1.cc
Yes this can be done on
Yes this can be done on cisco hardware with dhcpd, we do this to facilitate autoprovisioning and it works great, however it is tricky.
given the following config:
bundle 1.1
ip address 10.0.0.1 255.255.0.0 #Authorized Modems
ip address 10.0.1.1 255.255.0.0 secondary # Unauthorized modems
bundle 1.2
ip address 192.168.0.1 255.255.255.0 # Authorized Clients
ipaddress 192.168.1.1 255.255.255.0 # Unauthorized Clients (MTA, PC etc....)
You need TWO dhcpd servers to make this work, one for modems and one for clients. The modem dhcpd server is configured with a shared network like this:
shared-network Modems {
subnet 10.0.0.0 netmask 255.255.0.0 {
allow known-clients;
deny unknown-clients;
# Subnet for Authorized modems
}
subnet 10.0.1.0 netmask 255.255.0.0 {
allow unknown-clients;
deny known-clients;
# Subnet for Unauthorized modems
}
}
The Client dhcpd server is configured like so
# The inclusion of the Authorized Modems subnet here tells DHCPD to treat it as if they were on the same network segment
shared-network AuthorizedModems {
subnet 10.0.0.0 255.255.0.0 {
# Subnet decl for Authed modems purposely left empty
}
subnet 192.168.0.0 netmask 255.255.255.0 {
# Subnet for Authorized clients
allow known-clients;
deny unknown-clients;
}
}
# The inclusion of the Unauthorized Modems subnet here tells DHCPD to treat it as if they were on the same network segment
shared-network UnuthorizedModems {
subnet 10.0.1.0 255.255.0.0 {
# Subnet decl for Unauthed modems purposely left empty
}
subnet 192.168.1.0 netmask 255.255.255.0 {
# Subnet for Unuthorized clients
allow unknown-clients;
deny known-clients;
}
}
On the CMTS you also need two cable helper-addresses on each bundle subinterface like so:
interface bundle 1.1
cable helper-address 10.5.0.1 cable-modems
cable helper-address 10.5.0.2 hosts
When the modem requests dhcp the cmts sends the dhcp request to the modems dhcpd server with the source address of 10.0.0.1 the modems dhcpd server then assigns it an ip from one of two+ subnets depending on whether it is known(authorized) or not.
When a client requests dhcp, the cmts forwards the request with the modems gateway as the source address, so on the clients dhcpd server if the modem has an IP from 10.0.0.1/16 subnet it will get an ip from 192.168.0.0/24, if the modem the client is connecting behind has an ip from the 10.0.1.0/16 subnet it will assign it an ip from the 192.168.1.0/24 subnet. More subnets can be added for MTAs, specific clients etc....
Hmm, I don't see a logical
Hmm, I don't see a logical reason to use two different DHCP servers - if the UBR takes the subnet from the reply to really assign the CM / CPE to the appropriate subinterface, it should not matter if you do split requests from CMs and CPEs or not. Would definitely try that, though.
My idea was to not put all CPEs in one subinterface, though. E.g., in your example setup, put unathorized clients in one subinterface, and authorized in another. Or, put home clients on one subinterface, corporate clients on another, VPN clients each get their own subinterface, etc.
We've been doing this with MPLS tagging and CMs config files, but if the DHCP way works it will be superior.
Do you use this setup (or sth like this) in production, and it really does not require using any special DHCP options in the DHCPD config file?
Tnaks veyr much for your response!
-----------------------------------
http://www.net1.cc
Yes we use it in production,
Yes we use it in production, it works very well, the reason two dhcpd servers are required is a limitation of dhcpd not the cmts. dhcpd does not allow the same subnet to be used in two different shared-networks on the same server, it does not generate an error but the second shared network is never looked at when requests come in. If you were to use ciscos CNR you could it with one server, other dhcp servers probably work as well.
We actually use one server still, but we use Virtual Machines to run both the client and modem dhcpd servers on the same machine. and the second machine for failover.