[j-nsp] DHCP server recommendation for subscribers management

Andrey Kostin ankost at podolsk.ru
Wed Aug 11 09:00:38 EDT 2021 

Nathan Ward писал 2021-08-10 20:53:

> Yeah the FreeRADIUS docs are hard to navigate - but getting better.
> 
> You want to look in the example configs. Start from an understanding
> of what you want the RADIUS messages to have in them. You can do this
> with just a static Users file in your test environment with just one
> subscriber, and then look at moving that in to sqlippool or similar,
> with whatever logic you need to get those attributes in to the right
> place. Framed-IP-Address obviously, but maybe also Framed-IP-Netmask
> etc. - better to experiment with the attributes and get them right
> without the sqlippool complexity.
> 
> https://wiki.freeradius.org/modules/Rlm_sqlippool This is alright (it
> appears outdated on the surface, but is up to date I think)
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-available/sqlippool
> This is the example config and has some more detail than the above.
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-config/sql/ippool/postgresql/queries.conf
> This is useful to understand some of the internals
> 

Thanks for links. I'm pretty well familiar with radius users file syntax 
but freeradius modules calls puzzles me a little.

> 
> A good setup for IPv4 DHCP relay is:
> 
> lo0 addresses on BNG-1
> 192.168.0.1/32 - use as giaddr
> 10.0.0.1/32
> 10.0.1.1/32
> 10.0.2.1/32
> 10.0.3.1/32
> 
> lo0 addresses on BNG-2
> 192.168.0.2/32 - use as giaddr
> 10.0.0.1/32
> 10.0.1.1/32
> 10.0.2.1/32
> 10.0.3.1/32
> 
> DHCP server:
> Single shared network over all these subnets:
> Subnet 192.168.0.0/24 - i.e. covering giaddrs
>   No pool
> Subnet 10.0.0.0/24
>   pool 10.0.0.2-254
> Subnet 10.0.1.0/24
>   pool 10.0.1.2-254
> Subnet 10.0.2.0/24
>   pool 10.0.2.2-254
> Subnet 10.0.3.0/24
>   pool 10.0.3.2-254
> 
> This causes your giaddrs to be in the shared network with the subnets
> you want to assign addresses from (i.e. the ones with pools), so the
> DHCP server can match them up, but, with no pool in the 192.168.0.0/24
> subnet you don’t assign addresses out of that network.
> 
> Otherwise you have to have a unique /32 for each BNG in each subnet
> and you burn lots of addresses that way.

How is potential IP conflict handled in this case if BNGs are connected 
to the switched LAN segment? In my case with vlan per customer it can 
happen when a client requests the lease and can get replies from same IP 
but different MACs. BNGs can also see each other and report IP conflict.

Kind regards,

Andrey

More information about the juniper-nsp mailing list