From nobody Thu Sep 26 20:16:49 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XF4dJ4XLtz5Xjrd for ; Thu, 26 Sep 2024 20:17:08 +0000 (UTC) (envelope-from sr@genyosha.net) Received: from ns1.genyosha.net (ns1.genyosha.net [50.39.243.221]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "float.home.genyosha.net", Issuer "float.home.genyosha.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XF4dJ1pPrz4DCm for ; Thu, 26 Sep 2024 20:17:08 +0000 (UTC) (envelope-from sr@genyosha.net) Authentication-Results: mx1.freebsd.org; none Received: from dragon.home.genyosha.net (ops0.genyosha.net [50.39.243.219]) by ns1.genyosha.net (8.18.1/8.18.1) with ESMTPS id 48QKGtBD051251 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 26 Sep 2024 13:16:56 -0700 (PDT) (envelope-from sr@genyosha.net) Received: from dragon.home.genyosha.net (localhost [127.0.0.1]) by dragon.home.genyosha.net (8.14.7/8.14.7) with ESMTP id 48QKGoWi022929; Thu, 26 Sep 2024 13:16:50 -0700 Received: (from sr@localhost) by dragon.home.genyosha.net (8.14.7/8.14.7/Submit) id 48QKGo5k022928; Thu, 26 Sep 2024 13:16:50 -0700 Date: Thu, 26 Sep 2024 13:16:49 -0700 From: Steve Rikli To: Frank Leonhardt Cc: questions Subject: Re: Why does dhcpd have a routers (plural) option for a subnet? Message-ID: References: <292574df4e30929138035c55f6d69185@fjl.co.uk> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <292574df4e30929138035c55f6d69185@fjl.co.uk> X-Greylist: inspected by milter-greylist-4.6.4 (ns1.genyosha.net [50.39.243.221]); Thu, 26 Sep 2024 13:16:56 -0700 (PDT) for IP:'50.39.243.219' DOMAIN:'ops0.genyosha.net' HELO:'dragon.home.genyosha.net' FROM:'sr@genyosha.net' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (ns1.genyosha.net [50.39.243.221]); Thu, 26 Sep 2024 13:16:56 -0700 (PDT) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:20055, ipnet:50.39.128.0/17, country:US] X-Rspamd-Queue-Id: 4XF4dJ1pPrz4DCm X-Spamd-Bar: ---- On Thu, Sep 26, 2024 at 03:29:39PM +0100, Frank Leonhardt wrote: > On 2024-09-25 21:04, Steve Rikli wrote: > > On Wed, Sep 25, 2024 at 08:39:39PM +0100, Frank Leonhardt wrote: > > > Ever wondered why there's a "routers" option in dhcpd.conf? I have. > > ... > > Fwiw, dhcp-options(5) says: > > > > option routers ip-address [, ip-address ...]; > > The routers option specifies a list of IP addresses for routers > > on the client's subnet. Routers should be listed in order of > > preference. > > > > That said, I've never really tried multiple address there either. :-) > > That's interesting! I was looking in man dhcpd.conf and elsewhere, but not > this man page (which appeared in FreeBSD 4.0 - I've just checked). > > This would require the host to rotate on failed gateways. I've always > thought this was a sensible and simple idea but networking geeks said it was > a really bad one and router standby protocols were the way to go. > > So the next interesting question would be which host stacks would accept > multiple gateways and what would they do with them? As an experiment, I configured DHCP service in the lab to offer 2 routers to some test VM's, using an option like this: option routers 172.16.0.1, 172.16.0.2; The original config had only 172.16.0.1, and 'netstat -rn' on the VM's reported same. After rebooting, FreeBSD 14.1 and NetBSD 10.0 both continued to use just the 1st router listed -- 172.16.0.1. A Debian 12.7 VM added the 2nd router, listing both afterwards: $ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 ens18 0.0.0.0 172.16.0.2 0.0.0.0 UG 0 0 0 ens18 172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens18 Checking "order of preference" from the man page, I reversed the routers list order in the DHCP offer, and rebooted the VM's; as you'd expect, the BSD's then used the 172.16.0.2 router, and Debian likewise re-ordered the netstat list to have 172.16.0.2 first. AFAI can see, DHCP makes no effort to determine if either router is up or valid, which is what I'd expect. E.g. 172.16.0.2 in my test was shutdown. So it looks like ISC DHCP is working as advertised, and how a given host makes use of this config is apparently OS-dependent. Seems reasonable. If you do have multiple gateway paths out of your network, this could provide a basic way to offer both to DHCP clients, in the absence of other router failover mechanisms, HSRP, pf+CARP, etc. But you'd still have to manage the DHCP routers list yourself -- not automatic. Cheers, sr.