dhcpcd-discuss

Hi Jeff

On 04/10/2017 18:47, Jeff Kletsky wrote:
> First off, I'm glad I found dhcpcd after fighting with ISC dhclient and 
> ifup for far too long with the best result being politely described as 
> tweaky and fragile.
>
> At least for now, I'm running self-built dhcpcd-7.0.0-rc2 on Ubuntu 17.04.
>
> Seeing that dhcpcd is a solid FreeBSD port means that the transition to 
> my strong preference of FreeBSD may not be far off in the future.

dhcpcd works well on all major open source platforms :)
Even some passing support for IllumOS.

> I've got a somewhat non-standard application. I'm running a PCEngines 
> APU2C4 that has three Intel nics; enp1s0, enp2s0, and enp3s0.

Let me start off by saying holy wall of text batman!
I'll try and answer as best I can, if I miss something, poke me.

> enp1s0:
> Connected to a "Motorola" SB8600 DOCSIS 3.1 modem on Comcast.
> Comcast will supply both IPv4 and IPv6 address and route information 
> over DHCP
> Comcast will assign a /64 PD on unqualified request, a /60PD on specific 
> request, over DHCP
> The modem management interface is on 192.168.1.100.
>
> enp2s0:
> Connected to the firewall, no "clients" on the link
> Uses manually configured RFC1918 IPv4 and ULA/link-local addressing for 
> IPv6.
> This is a "private" link with VLANs for segregation of main data flows 
> and management channels.
>
> enp3s0:
> Generally without link
> I mess up badly enough, I want to be able to drag a cable over to it and 
> have it get an address and then can access the headless box.
>
>
> DHCPv4/6 is handled by various relays and kea running on another machine 
> behind the firewall.
>
>
> I've got a Type 4 DUID that I use for client ID so that the 
> configuration is hardware independent.
>
>
> I'd like to be able to configure dhcpcd to help do the following:
>
> enp1s0:
> * Immediately gets 192.168.1.n statically assigned so I can access the 
> modem
> * Gets a public IPv4 address and IPv6 IA_NA address from Comcast's DHCP 
> and configures them on enp1s0
> * Routing tables are locally updated with the IPv4 and IPv6 default 
> routes via Comcast
> * Obtains a /60 PD from Comcast and does nothing with it (outside of the 
> scripts that run)
> * Comcast gets whatever else they need to route the PD via the IA_NA 
> address(likely nothing)
>
> enp2s0:
> * Manually configured
> * no RA/RS
>
> enp3s0:
> * Comes "alive" when I plug in the cable
> * Gets an IPv4 and/or IPv6 address from my local DHCP server
>
>
> Challenge 1 -- clientid/DUID
> ============================
>
> The first challenge I'm having is that dhcpcd doesn't use the clientid 
> given.
>
> In the config below, the actual Type 4 DUID has been redacted. I am 
> using the DUID value that is currently working with dhclient and Comcast 
> for both IPv4 and IPv6. The logs and wireshark show a Type 1 DUID in use 
> by dhcpcd.
>
> I originally had the clientid statement only at the "global" level. 
> Adding it to the interface level didn't change the behavior.
>
> (The Type 4 DUID allows me to change hardware without changing the DUID, 
> hopefully preserving addressing)
>
>
> Right now, dhcpcd is being started as a systemd service:
>
>      Wants=network.target
>      Before=network.target
>      After=network-pre.target

You might want to look into the dhcpcd-online(8) command installed by 
the dhcpcd-ui package I also provide but don't maintain as much as I 
would like. This provides excellent support for systemd to inform it 
when it's up - works similar to nm-online from network manager.

> I'm hardly a systemd expert, but I believe it's up and running after the 
> interfaces are known and before the network is considered "up" (the logs 
> seem to confirm this)
>
> I haven't yet extended this to enp3s0, nor added things like noipv4ll. 
> The default IAID is being used for the IA_NA (and its value has been 
> confirmed with wireshark). The IAID for the PD was set to "0" as it 
> appears that a single IAID can't be used for both the IA_NA and the 
> IA_PD by dhcpcd.

Correct.
IAID needs unique for each address request on the host regardless of 
interface it goes by.

Although an IAID of 0 is fine, I generally prefer to use non zero values.

> The assignment of the static, modem-access IPv4 address is presently 
> done through /etc/network/interfaces. It appears properly retained when 
> dhcpcd assigns the Comcast-assigned public IP addresses.
>
> auto enp1s0:0
> iface enp1s0:0 inet static
>    address 192.168.100.101
>    netmask 255.255.255.0

I do a similar thing on my NetBSD powered erlite router, also connected 
to a DOCSIS modem. Sadly, no IPv6 support from my current ISP :(

Here's my current /etc/dhcpcd.exit-hook to handle this
# SuperHub3 router mode is 192.168.0.1
# SuperHub3 modem mode is 192.168.100.1
# However, those addresses cannot exist on the interface when parsing
# NPF rules.

if [ "$interface" = cnmac0 ]; then
        case "$reason" in
        BOUND|RENEW|REBIND)
                if [ "$new_ip_address" != "$old_ip_address" ]; then
                        ifconfig cnmac0 inet -alias 192.168.0.73/24
                        ifconfig cnmac0 inet -alias 192.168.100.73/24
                        /etc/rc.d/npf reload
                fi
                ;;
        esac
        ifconfig cnmac0 inet alias 192.168.0.73/24
        ifconfig cnmac0 inet alias 192.168.100.73/24
fi

You may not need to remove them, but just in case it's a good example :)

> dhcpd.conf
> ----------
>
> controlgroup root
>
> # For now, undo what is done on exit
> # persistent
>
> option rapid_commit
> option classless_static_routes
> option interface_mtu
> require dhcp_server_identifier
> slaac private
>
> debug
>
> allowinterfaces enp1s0
> denyinterfaces  enp2s0
>
> clientid 00:04:00:11:22:33:44:55:66:77:88:99:00:aa:bb:cc:d
>
> nohook resolv.conf
>
> interface enp1s0
>      clientid 00:04:00:11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd
> ia_na
>      ia_pd 0
>      ipv6rs
>      ipv6ra_noautoconf

I tested this - it works fine.
Remember that clientid is literally setting the ClientID option - it's 
not a DUID as such.
So you need to encode correctly - ff is required, the next 4 bytes are 
the IAID and the rest is the DUID. See RFC4361 for exact details.

	clientid ff:00:11:22:33:AA

Of course, you could just use the duid option (enabled by default) and 
then supply your own /var/db/dhcpcd/duid (file location varies per 
platform) and then just set the iaid per interface definition

interface enp1s0
        iaid 00:11:22:33

But this means you can't specify the duid per interface (which you can't 
do for DHCPv6 at all)

> Challenge 2 -- Obtain, but don't use IA_PD
> ==========================================
>
> Even after reading the man page from dhcpcd-7.0.0-rc2 I'm at a bit of a 
> loss as to how to get a /60 IA_PD, especially without assigning it to 
> interfaces.
>
> I'm not adverse to figuring out some of the detailsbut I'm stuck getting 
> started with two points related to the ia_pd configuration line
>
>      ia_pd [iaid [/ prefix / prefix_len] [interface [/ sla_id [/ 
> prefix_len [/ suffix]]]]]
>
>
> The first is what to use as a prefix. It seems like something of a 
> Catch-22 if I need the prefix I'm about to get to be able to request a 
> /60 (Comcast only gives out a /64 unless you request otherwise).
>
>
> The second is how to *not* do anything with the PD other than pass its 
> value to the scripts;"If no interface is given then we will assign a 
> prefix to every other interface with a sla_id equivalent to the 
> interface index assigned by the OS."
>
>
> Any suggestions that keep me going on this would be greatly appreciated!

This is possible, but not elegant!

interface enp1s0
	ia_pd 1//60 foobar

The trick is to delegate to the foobar interface, which does not exist ;)

I'm not sure why you would want to do this though.

Hopefully this answers all your queries!

Roy