Example: DHCP and multihoming
This example explains how to set up a System i™ model as a Dynamic Host Configuration Protocol (DHCP) server for a LAN that is connected to the Internet by an Internet router.
This example is much like the Simple DHCP subnet example. In this example, the data entry clients are only communicating among themselves and the System i model. They obtain their IP information dynamically from the System i DHCP server.
However, a new version of their data entry application requires that the network communicate with the Internet, and the company decides to provide Internet access through an Internet router as shown in the following figure. In addition to the router, the administrator also adds another interface with an IP address to communicate with the Internet. When multiple IP addresses are assigned to the same adapter, the system is multihoming.
Figure 1. Using DHCP with multiple IP addresses assigned to the same adapterAlthough this is a feasible way to connect your network to the Internet, it is not the most secure way. It suits the purposes of this DHCP example, but you should consider the security implications when you configure your own DHCP server.
The DHCP setup must take into account that the System i model is known by two different IP addresses. To understand how to set up DHCP correctly for this scenario, it is helpful to understand what happens when a client sends out a DHCP DISCOVER packet.
When a client sends out a DHCP DISCOVER packet, it is broadcasted on the ring. Therefore, the System i DHCP server cannot determine which IP address the packet is intended for. If this packet is marked with the 10.1.1.1 interface IP (the one used for DHCP), your clients receive their IP information as expected. But it is possible that the packet can actually get marked with the 192.168.1.1 address (the one connected to the Internet). If the packet is received on the 192.168.1.1 interface, your data entry client does not receive any IP information.
To set up DHCP in this situation, you need to not only create the data entry DHCP subnet, but also create a subnet for the Internet network. The Internet policy consists of a subnet with no available addresses. The easiest way to do this is to define the subnet with at least one IP address (like 192.168.1.1), then exclude that same IP address. With the two subnets defined, you now combine the two (or more) subnets into a subnet group. If the DISCOVER packet gets marked with the 192.168.1.1 interface, the data entry subnet will still issue valid IP information.
To make this scenario work, the data entry subnet must pass its clients their router address for access to the Internet. In this case, the router address is the System i interface of 10.1.1.1. You must also set IP datagram forwarding to on for the two interfaces to route packets to each other. This example uses reserved IP addresses to represent both internal and external IP addresses. If your network matches this scenario, you also need to use network address translation (NAT) for your data entry clients to communicate with the Internet.
Using subnet groups to eliminate this marking problem is not limited to only multihoming examples. Any time multiple interfaces connect to the same network, you might encounter the same problem. The following figure illustrates how the System i model can have two physical connections to the data entry network. This network configuration requires a similar DHCP group policy as the multihoming setup, because DHCP DISCOVER packets could conceivably be answered by the 192.168.1.1 interface.
Figure 2. Using DHCP with multiple interfaces connected to the same network
Planning the DHCP setup for multihoming
Table 1. Global configuration options (applies to all clients served by the DHCP server) Object Value Is the system performing DNS updates? No Is the system supporting BOOTP clients? No
Table 2. Subnet for Data Entry clients Object Value Subnet name Data Entry Addresses to manage 10.1.1.2 - 10.1.1.150 Lease time 24 hours (default) Configuration options option 1: Subnet mask 255.255.255.0 option 3: Router 10.1.1.1 option 6: Domain name server 10.1.1.1 option 15: Domain name mycompany.com Subnet addresses not assigned by server 10.1.1.1 (Router, DNS server)
Table 3. Subnet for Internet clients (empty Subnet) Object Value Subnet name Internet Addresses to manage 192.168.1.1 - 192.168.1.1 Subnet addresses not assigned by server 192.168.1.1 (All IP addresses available)
Table 4. Subnet group for all incoming DISCOVER packets Object Value Subnet Group Name Multihomed Subnets included in group Subnet Internet
Subnet DataEntry
Other setup
- Set IP Datagram forwarding to 'on' for the two interfaces
- Set up NAT for the Data Entry clients
Parent topic:
Examples: DHCPRelated reference
Example: Simple DHCP subnet