SOLVED Multiple interfaces with DHCP? [tldr; Not possible or desireable ]

[NASbox]

Is there any way to have DHCP on multiple interfaces? I'm running v11-U04, and FreeNAS connects to my core switch with a 2 port lag which is configured with 3 VLANs.

Each of the VLANs has its own DHCP server. Is there any way to have each VLAN obtain its IP/DNS/Gateway from the DHCP server on the VLAN?

Any assistance/suggestions are much appreciated.

 

[Chris Moore]

That sounds pretty crazy to me. A server should always have statically assigned IP addresses. Clients get IP addresses from a DHCP server because clients may come and go. Servers are supposed to be forever and should never have an IP address change, so the IP address should be programmed into the server OS, not provided by another server, when t the server boots.

 

[siconic]

That's not really best practice either. Normally, you would assign a static IP via the DHCP server, associated to the MAC of the device you wish to have a static IP. The reason: if for some reason (like a brown out) you lose power for longer than the DHCP lease times, when all the clients come back online, they may get assigned addresses "randomly" and the address that is set as static in the server, may have been given out to another client via DHCP.

Of course, you can also exclude a block of IPs from DHCP, but most home routers don't have that feature. So better to assign a static IP to the Servers MAC from the router/DHCP server, and allow the server to obtain it automatically.

Which makes me wonder why they allow you to have only one DHCP NIC. I kinda hate that.

 

[Chris Moore]

and the address that is set as static in the server, may have been given out to another client via DHCP.

You don't put your static addresses and your dynamic addresses in the same range.
Any DHCP server that doesn't have the ability to select the range of addresses is not worth having, throw it away and get something better.
Client systems can be assigned by DHCP, but a server never should be DHCP at all.

 

[siconic]

You don't put your static addresses and your dynamic addresses in the same range.

Agreed, but FreeNAS is a pretty consumer heavy product, and a lot of routers don't allow you to exclude a range of IPs from the DHCP pool. Of course, if you are making and using a FreeNAS box, I would assume you don't have standard "consumer grade" equipment. But you never know these days.

The first 40 IPs in my range are not part of the DHCP pool, but I still like to have my DHCP server assign them to the associated MAC anyway, just in case I feel like moving things around. I am also kind of lazy, and since I use a lot of linux VMs, I don't like to have to go into interfaces or hosts file. Much easier to assign by MAC. Again, lazy...

 

[Chris Moore]

I let my DHCP server hand out some of my addresses, but for things that will never move, like all of my servers and my primary workstation, I put the static assignment in the OS so I never have to wonder what the address is.
At work, we have several physically separated networks for security reasons and some have DHCP servers, but I manage three that have no DHCP server and I have to put the IP address into all of those systems manually. It is a huge management pain, but it is a requirement for the environment.
At home, I only have five systems that are manually assigned and the rest I leave to DHCP because I too am lazy. I originally did the MAC to IP binding in the DHCP server but I ran into problems once, and it was years ago, but once was all I needed to have enough of that. I lost connectivity to my NAS when I was replacing my old DHCP server with a new system. Since then, for the sake of reliability, I manually assign the addresses for the IPMI interface and the LAN interface. Since making that change, more years passed, and I migrated to another newer DHCP server and never had a connectivity problem with any of the servers because they were not looking to a DHCP server to get an IP address. Client computers I don't care as much about. They can shutdown, reboot, do without; it is the servers I care about. It is also because I have two of my NAS systems setup to use rsync to keep certain files synchronized between them and the systems target each other through the IP address. That address being embedded in a lengthy command the cron file means that the IP address needs to stay the same, no matter what.

 

[NASbox]

You don't put your static addresses and your dynamic addresses in the same range.
Any DHCP server that doesn't have the ability to select the range of addresses is not worth having, throw it away and get something better.
Client systems can be assigned by DHCP, but a server never should be DHCP at all.

What's the issue with setting up a static/reserved IP address in the DHCP server?

It makes system maintenance much easier... I can use one alias to set both the address and any firewall/access control rules. If I do it in the server then I need to make sure two places are set correctly instead of one. If I want to reconfigure the network I have to change two settings instead of just one.

Am I missing something?

Why block out DHCP on multiple interfaces?

 

[webdawg]

Yes I was thinking the same thing. I was just about to setup two DHCP interfaces on two different networks and it will not let you heh.

 

[Chris Moore]

What's the issue with setting up a static/reserved IP address in the DHCP server?

There is no problem with it on a workstation and it probably works fine most of the time on a server. The problem is when it doesn't work properly and the IP address of the server is undefined and you can't access the server because it has no address. For a server that has a monitor, keyboard and mouse that you can physically access, it still isn't a problem. When you have a server that is only remotely accessed via a NIC that now has no address, it can be a problem. It is able to be resolved. Just wait for the lease to expire and it will get a new address, maybe. Or turn it off and when it boots back up it might get a new address.
Admittedly, my situation is probably unusual, but it is a situation I did not want to repeat and I will do the extra work of putting a setting in two places to make sure the system works instead of ever having it not work.

 

[webdawg]

DHCP is quite handy when you have a ton of servers to manage or migrate, but static IPs have their place too. I think a good use of both is best.

I used to do static IPs on most of my server devices, but I worked on a project where I had to move ALL of the equipment every 6 months. The equipment might not be on the same network in the end. Static DHCP was very nice then. It also helped me keep track of what device had what address.

 

[siconic]

I guess it really comes down to preference and the fact that there really is more than one way of doing things.

In my work environment, some of our districts use static in server, and some use static assignments in DHCP. But we have 700 servers, and 100s of switches, 1000s of printers, and thousands of IP phones, and 10s of thousands of devices. Everything is on DHCP auto except printers, and servers. In my district, we use DHCP reservations, not static settings in the device. Just easier for overall management, so the network team does not have to visit a remote site to make a change to an IP, or walk a tech through how to change it.

 

[Chris Moore]

I work in a much different environment. The phone system is a totally separate system, managed by facilities (where it should be) instead of being an IT asset. Every single computer system (on the network that uses DHCP) has the MAC mapped to an IP address and every port on every switch has port security by MAC address. Nothing moves or changes without a minimum of three admins being involved. If a computer does move to another building, the IP gets changed because each building is on a different subnet. Security is so tight, you can't provision a new computer without six levels of approvals and a minimum of four admins being directly involved. It can literally take a week when it is fast-tracked.

 

[siconic]

Wow! I have heard tale that's how banks operate. Realistically, even where I work SHOULD have tighter security measures since we do have "sensitive" data. But that is pretty amazing, to hear from someone who actually works in an environment that tight...

 

[NASbox]

Good points and interesting dialogue, I'm just wondering why FreeNAS creates this restriction? Is there a problem implementing DHCP on multiple interfaces? Would it require a lot of rewriting/refactoring or add excessive bloat to add this feature?

I run a pfSense (FreeBSD based as well) which does my DHCP, DNS, interVLAN routing, VPNs and boarder firewall, and all interfaces can be static or DHCP.

FreeNAS is a great piece of S/W and it has been enriched with a lot of nice addons like jails/VMs and plugins, why would DHCP be limited to one interface?
Why not leave the choice of DHCP/Static on any or all interfaces up to the admin/network architect?

Comments?

 

[Chris Moore]

Good points and interesting dialogue, I'm just wondering why FreeNAS creates this restriction? Is there a problem implementing DHCP on multiple interfaces? Would it require a lot of rewriting/refactoring or add excessive bloat to add this feature?

I run a pfSense (FreeBSD based as well) which does my DHCP, DNS, interVLAN routing, VPNs and boarder firewall, and all interfaces can be static or DHCP.

FreeNAS is a great piece of S/W and it has been enriched with a lot of nice addons like jails/VMs and plugins, why would DHCP be limited to one interface?
Why not leave the choice of DHCP/Static on any or all interfaces up to the admin/network architect?

Comments?

You said you had them bonded together

Sent from my SAMSUNG-SGH-I537 using Tapatalk

 

[NASbox]

You said you had them bonded together

Yes, I have a lagg, but it doesn't seem to matter.

I have an unused NIC, and if I try to configure it, I can't configure it for DHCP, I need to manually set IP address/net mask. The lagg creates additional interfaces - one for each VLAN, but only ONE of the interfaces can be configured for DHCP. Is there something I'm missing?

 

[FreeNASftw]

Resurrecting an old thread here because I've just run into this too.
There are multiple threads on this exact topic and none of them answer the question, instead they resort to attacking the person raising the question.

Why has someone seemingly wasted time coding it so you can't have multiple DHCP interfaces?

 

[jgreco]

Resurrecting an old thread here because I've just run into this too.
There are multiple threads on this exact topic and none of them answer the question, instead they resort to attacking the person raising the question.

Why has someone seemingly wasted time coding it so you can't have multiple DHCP interfaces?

Because you get nondeterministic behaviour (who gets to define the default route? who gets to define nameservers?) and because having your servers pick up configuration via DHCP is generally pretty broken to begin with. iX is creating an enterprise product here, and NONE of their customers would be asking for this.

I had a padawan who had managed to set up FreeNAS and ESXi on his own. He also ran DHCP and loved DHCP because it gave a central point to configure IP assignments, and being about 500% too clever for his own good, he had both his ESXi and his FreeNAS getting their assigned IP's via DHCP. This even seemed to work quite well, until one day DHCP died, and then his FreeNAS lost its IP addresses, all his VM's freaked and froze, and he had trouble even getting at the DHCP server because parts of his network ran on the VM's. He was a sadawan that day. Part of network engineering is knowing how and when to use a tool. DHCP has its uses, but this wasn't one of them.

For a home network with a single network and single broadcast domain, DHCP is merely suboptimal because there is the potential for things to break when a lease is changed during renewal or if the DHCP server craps out.

For a network that is more complex, multiple networks etc., a competent network administrator needs to define a configuration that is correct, because DHCP lacks the ability to properly express configuration when there is more than a single interface. FreeNAS needs proper configuration of the default route, of naemservers, etc. It is simply not possible to guarantee that DHCP will correctly configure a NAS with multiple interfaces. You can't really make it happen correctly even for clients, and servers are much more important within the network.

If you *really* want to do the bad thing anyways, you can always set up some manual tasks to run dhclient on each interface.

 

[jgreco]

none of them answer the question, instead they resort to attacking the person raising the question.

Also, this bothers me. @Chris Moore provided the correct answer in this thread.

That sounds pretty crazy to me. A server should always have statically assigned IP addresses. Clients get IP addresses from a DHCP server because clients may come and go. Servers are supposed to be forever and should never have an IP address change, so the IP address should be programmed into the server OS, not provided by another server, when t the server boots.

This *IS* the correct answer to the question. It is literally the direct answer to the opening post in this thread. It does not appear to be any sort of ad hominem attack. It does attack the concept, which is fair game. Your wanting the correct answer to be a wrong answer doesn't mean that the question hasn't been answered, or that they're attacking the person. The discussion below the second post seems quite reasonable to the issue, although it does seem to miss some of the technical merit in forbidding multiple DHCP. There is a deep wealth of knowledge and experience here on these forums. Even though we're not always going to agree with people - I definitely don't always agree with @Chris Moore - I also respect that there are other people with other backgrounds and that circumstances often vary. I would always consider what @Chris Moore says and give it some serious consideration. @siconic offers the classic reasoning for wanting servers to be DHCP-configured above, and that's fine for what it is worth. Tradeoffs.

 

[Chris Moore]

, instead they resort to attacking the person raising the question.

Sorry it looks like an attack to you. I don't know the specific incident you are thinking is an attack, but reason was likely an effort to convince the poster that they should not do what they were trying to do.