3

According to this answer...

https://unix.stackexchange.com/a/457577/61742

... I can use the following configuration to use pushed routes from my DHCP server in my DHCP client by placing in the /etc/dhclient.conf or /etc/dhcp3/dhclient.conf file the following configuration...

option classless-static-routes code 121 = array of { ip-address, ip-address };

But in CentOS 7 this file does not exist, but the following files...

[root@localhost ~]# ps -eaf | grep dhcli
root       780   650  0 15:02 ?        00:00:00 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-enp0s8.pid -lf /var/lib/NetworkManager/dhclient-00cb8299-feb9-55b6-a378-3fdc720e0bc6-enp0s8.lease -cf /var/lib/NetworkManager/dhclient-enp0s8.conf enp0s8
root       783   650  0 15:02 ?        00:00:00 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-enp0s17.pid -lf /var/lib/NetworkManager/dhclient-8512e951-6012-c639-73b1-5b4d7b469f7f-enp0s17.lease -cf /var/lib/NetworkManager/dhclient-enp0s17.conf enp0s17
root      2218  1152  0 15:36 pts/0    00:00:00 grep --color=auto dhcli

NOTE: Note the value for the "-cf" parameter (files: /var/lib/NetworkManager/dhclient-enp0s8.conf and /var/lib/NetworkManager/dhclient-enp0s17.conf).

My question is: What is the correct way to use "classless-static-routes" (code 121) on a CentOS 7 DHCP client?

Thanks!

PLUS:

This is the configuration of my ISC KEA DHCP (DHCPv4)...

cat /usr/local/etc/kea/kea-dhcp4.conf

[...]
"option-def": [{
        "name": "rfc3442-classless-static-routes",
        "code": 121,
        "space": "dhcp4",
        "type": "record",
        "record-types": "uint8,uint8,uint8,ipv4-address"
    }
],
"option-data": [{
        "name": "rfc3442-classless-static-routes",
        "data": "10,1,4, 10.1.6.4"
}]
[...]

The goal is that requests to 10.1.4.0/24 be routed to ip 10.1.6.4/32 in my DHCP clients.

NOTE: Is the same thing I would get with the command ip route add 10.1.4.0/24 dev enp0s8 via 10.1.6.4 in each my DHCP clients.

Eduardo Lucio
  • 664
  • 2
  • 13
  • 34
  • I think `/etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes` does that job by default. Nonetheless, I am not much found of passing around static routes via DHCP. – Rui F Ribeiro Aug 01 '18 at 21:54
  • This file (`rfc3442-classless-routes`) does not exist in my CentOS 7. Thanks! – Eduardo Lucio Aug 01 '18 at 22:06
  • 1
    Please [read this](https://serverfault.com/questions/434246/linux-static-route-configuration-via-dhcp). Mainly: add `also request rfc3442-classless-static-routes;` (and the ms option for Microsoft) in the dhcp client config file (whichever it might be). –  Aug 01 '18 at 22:24
  • 1
    Hmmm, Network manager is not the best way to manage static routes from dhcp ([IMnshO](https://www.internetslang.com/IMNSHO-meaning-definition.asp)). Is that a **must** requirement? –  Aug 01 '18 at 22:30
  • @Isaac What would be your suggestion? =] – Eduardo Lucio Aug 02 '18 at 01:44
  • 1
    @EduardoLucio Network Manager is designed (and used) to bring interfaces up for each diferent user when the GUI (desktop manager) starts. That is not a "system wide" interface configuration. Where each interface has "static" values for all users. It is up to you to make take such decision. But it seems reasonable to me that "static routes" should be used with "static interfaces". Just saying ..... –  Aug 02 '18 at 01:53
  • @Isaac I'm really open to suggestions =D ! My idea is that if I have 20 DHCP clients that are on LAN 10.1.6.0/24 they can reach servers on the 10.1.4.0/24 LAN (the ip 10.1.6.4 runs a VPN client on a LAN-TO-LAN infrastructure) . I would like to do this centrally. This infrastructure will be mounted on a medium-sized remote server (Serverloft) running a hypervisor (XEN). – Eduardo Lucio Aug 02 '18 at 02:19
  • Shouldn't exist a router between network 10.1.6.0/24 and network 10.1.4.0/24 ?. Do you understand that **routing** is the basic job of a router [as explained here](http://www.think-like-a-computer.com/2011/07/18/how-routing-works/). And that making a server a forwarding (`net.ipv4.ip_forward=1`) device is a cheap (and incorrect) way to configure routing. All the networks must be connected to a router (and I am 100% sure that they already are now). The routing table of **that** (one or several) router(s) is what should be correctly configured and nothing else. @EduardoLucio –  Aug 02 '18 at 03:24
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/81028/discussion-between-isaac-and-eduardo-lucio). –  Aug 02 '18 at 03:25
  • 1
    The KEA server is misconfigured `"data": "10,1,4, 10.1.6.4"` will hand a route to network 1.4.0.0/10 (it's already wrong this would be 1.0.0.0/10) via 10.1.6.4 . The answer is in rfc 3422 + kea's informations (previous [link](https://lists.isc.org/pipermail/kea-users/2016-October/000559.html) I provided twice). Both have to be understood – A.B Aug 02 '18 at 06:44
  • @A.B What you have explained is exactly the part I did not understand. So I suppose if I inform `"data": "24,10,1,4 10.1.6.4"` I will have `10.1.4.0/24 via 10.1.6.4`. Right? One more detail... Parameters in `"record-types": "uint8, uint8, uint8, ipv4-address"` will they need to be changed as well? Thanks! – Eduardo Lucio Aug 02 '18 at 16:08
  • This question is closely related to this thread https://unix.stackexchange.com/questions/458502/how-can-i-use-isc-kea-dhcp-dhcpv4-server-to-push-routes-to-clients/460415#460415 . – Eduardo Lucio Aug 03 '18 at 20:45

2 Answers2

2

Shameless copying from this answer:

If you wish to do this via DHCP, ensure that your have properly configured your DHCP client per the RedHat Knowledgebase article in here

To ensure that RFC3442-standard classless static routes provided by a DHCP server are processed correctly when using NetworkManager, the following lines should be placed into /etc/dhclient.conf or, if using per-interface DHCP options, /etc/dhclient-<ifname>.conf:

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; 
option ms-classless-static-routes code 249 = array of unsigned integer 8; 
also request rfc3442-classless-static-routes;
also request ms-classless-static-routes;

These lines will ensure that RFC3442 classless static routes are requested from the DHCP server, and that they are properly processed by NetworkManager.

muru
  • 69,900
  • 13
  • 192
  • 292
  • I tried what you suggested, but it did not work. Note that the `/var/lib/NetworkManager/dhclient-enp0s8.conf` file contains everything that should be in `/etc/dhclient-.conf`. The impression I have is that in reality this is already configured... I'm really confused... =/ Thanks! – Eduardo Lucio Aug 02 '18 at 02:37
  • 1
    *It did not work* is a pretty broad statement. It does not give any detail of what did work and what exactly did not work. Are the static routes being emitted by the DHCP server? Are the static routes being loaded to the route table of the client computers? Is a ping meant to reach a computer in the 10.1.6.0/24 network and sent from a computer in the 10.1.4.0/24 actually reaching the 10.1.6.0/24 network? Are the pings in the 10.1.4.0/24 network being answered by the target computer? Are the answer packets traveling back to the 10.1.6.0/24 network? so on and so forth ...@EduardoLucio –  Aug 02 '18 at 02:52
  • Any suggestions on what tests (a bash command, for example) could I do to get you better information? =D Thanks! – Eduardo Lucio Aug 02 '18 at 03:01
  • That's basic networking work that you **must** be able to perform on your own. It is pretty complex to build a shell script to do all of that (and several different commands should be executed in different computers at different times). No, not something that you should expect to get here (nor anywhere else). @EduardoLucio –  Aug 02 '18 at 03:09
1

In fact this answer is a complement to @Isaac's answer and some pitfalls - may seem a bit obvious, but not to me - on the issue presented.

First of all, although there is some pattern within the presented universe, it is necessary to understand a correlation between what is configured in DHCP Server and what is expected in DHCP Client. Practically, parameters such as "option-def" -> "name" can vary between "rfc3442-classless-static-routes" and "classless-static-routes", "option-def" -> "record-types" between "uint8, uint8, uint8, ipv4-address" and "uint8, uint8, uint8, uint8, uint8, uint8, uint8, uint8", and so on... That is, it depends on what the DHCP Client expects from the "other side" basically.

In the case of CentOS 7 what is pointed out in the thread https://unix.stackexchange.com/a/459963/61742 is already configured by default, then it is only necessary to configure in ISC KEA DHCP (DHCPv4) (my case) what CentOS 7 waits from the "other side".

Finally, the configuration looks like this...

cat /usr/local/etc/kea/kea-dhcp4.conf

[...]
"option-def": [{
        "name": "rfc3442-classless-static-routes",
        "code": 121,
        "space": "dhcp4",
        "type": "record",
        "array": true,
        "record-types": "uint8,uint8,uint8,uint8,uint8,uint8,uint8,uint8"
    }
],
"option-data": [{
        "name": "rfc3442-classless-static-routes",
        "data": "24,10,1,4,10,1,6,4"
}]
[...]

... since CentOS 7 is configured as...

cat /var/lib/NetworkManager/dhclient-enp0s8.conf

[...]
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; 
also request rfc3442-classless-static-routes;
[...]

SOME CLARIFICATIONS:

"record-types" is a mask, that is, what is in each position of the array informed in "date" that as expected in CentOS 7 is an "array of unsigned integer 8" (uint8).

"data" works according to the following example: if I want the following routing 10.1.4.0/24 via 10.1.6.4 then I will inform "24,10,1,4,10,1,6,4". Note that the zero in 10.1.4.0/24 should be omitted since it is a mask for 3 octets (/24).

TIP: The "option-data" parameter can be placed in multiple locations in "subnet4" (file "/usr/local/etc/kea/kea-dhcp4.conf") and this will depend on how you want to distribute your configuration for routing.

Especial thanks to @Isaac , @Rui F Ribeiro and @A.B !

Eduardo Lucio
  • 664
  • 2
  • 13
  • 34
  • 1
    kea guide 8.2.9. Custom DHCPv4 options: "When array is set to true and type is set to "record", the last field is an array, i.e., it can contain more than one value" [...] so a single (or to be more rigorous 5 uint8 for a /0 + 1 ipv4) uint8 should work for all cases (as is done with the dhcpd equivalent). 8 uint8 will work only for /17 or narrower. – A.B Aug 02 '18 at 17:39