Blog from November, 2020

RARE validated design: [ SOHO #008 ] - "It's the end of L2 at my home... At last !"
Fréderic LOUI posted on Nov 04, 2020

Starting from SOHO #007, everyone inside home network can:

  • reach the Internet thanks to NAT translation described in SOHO #004 
  • reach now their favorite Internet service by name thanks for SOHO #005
  • and get IPv4 (or IPv6) address from DHCP server (we took as a switch connected to sdn6)
  • this applies to all wired host but also all mobile host connected to the home wireless network

Requirement

  • Basic Linux/Unix knowledge
  • Service provider networking knowledge

Overview

I'm very fond listening music at home and started my personal music collection. I was aware of this practice, and since then started 24/96 flac collection. As mechanical hard drives became more and more affordable, storage was not an issue for the NAS I deployed. I purchased then a refurbished but still decent DLNA network player (DMP) that would be able to stream music sources from DLNA server(DMS). All of this is orchestrated though my mobile phone acting as DLNA media controller (DMC). So far so good, but DLNA alliance expects that all DLNA protagonists are in the same and unique broadcast domain.

You might have guess already, but I'm not a huge FAN of having a single layer 2 domain at home and throw everything inside the same subnetwork. Granted the fact that not all home network are running OSPF/ ISIS MPLS or Segment Routing, everything is so simple and more predictable to manage at layer 3 whether you use IPv4 or IPv6.

Long story short, I can't listen music by structuring my home network using layer 3 as it is now ... (sad)

Article objective

In this article we will pursue the SOHO network appliance installation and enable THE UNIQUE freeRouter feature that you won't find in any router in the world: UPNP forwarder server.

Diagrams

source: DLNA German wikipedia 

[ SOHO #008 ] - "It's the end of L2 at my home... At last !"

The first step is to configure an UPNP hub server

Identify WIFI module hardware
server upnphub upnp
 interface loopback0
 vrf inet
 exit
  • As any other server it is bound to loopback0
  • And operate inside VRF inet

Now that you have an UPNP hub, we need to configure any upnp forwarder client where we expect to see any incoming UPNP/DLNA message

UPNP forwarder client @ integrated WIFI
server upnpfwd wifi4-appliance
 target 192.168.254.1
 interface hairpin12
 vrf inet
 exit

In this case, WIFI network we encompasses all mobile clients. My phone is acting as DMC here, but it could also be a DMS. The upnp forwarder:

  • has a target UPNP hub (we configured 102.168.254.1)
  • is bound to interface sdn2
  • operates within VRF inet
UPNP forwarder client @ integrated WIFI
server upnpfwd wired-media
 target 192.168.254.1
 interface sdn2
 vrf inet
 exit

In this precise case wired-media is another UPNP fowarder client that will forward all UPNP message to UPNP hub 192.168.254.1. As you might have guessed behind sdn2 is cascaded my NAS and DLNA network streamer (DMP or DMR)

Tip

In this example the key idea is:

  • Create a UPNP hub
  • Create a UPNP forwarder bound to any interface where you expect DLNA/UPNP communication
  • In this case DMS and DMR are behind sdn2
  • DMC is behind WIFI

Verification

In the screenshot below, the DLNA player is shutdown

Check that the App is able to discover the DLNA server DMS in other L3 subnet

Conclusion

In this article we enabled RARE/freeRouter DLNA/UPNP server/client:

  • You have now the possibility to position any DLNA devices on any L3 subnet of your home network
  • Bye bye flat single VLAN design
  • Not having a flat VLAN is desirable when you have lots of IPv4/IPv6 devices of different nature. You would want domotic/IoT devices not in the same subnet as your wifi client and have a separate subnet for you NAS or wired services


RARE validated design: [ SOHO #006 ] - key take-away

In this example the key take-away are:

  • Configure an UPNP hub
  • Configure UPNP forwarder on very interface you expect DLNA/UPNP communication
  • Of course this is IPv4/IPv6 compliant

This is a pretty unique freeRouter feature !


RARE validated design: [ SOHO #007 ] - "I'm not wired ... I need connectivity too !"
Fréderic LOUI posted on Nov 03, 2020

So everyone inside home network can:

  • reach the Internet thanks to NAT translation described in SOHO #004 
  • reach now their favorite Internet service by name thanks for SOHO #005
  • and get IPv4 (or IPv6) address from DHCP server (we took as a switch connected to sdn6)

Requirement

  • Basic Linux/Unix knowledge
  • Service provider networking knowledge

Overview

In the previous articles we describe the hardware in SOHO #001 and initial staging steps in SOHO #002.

Note

You technically juts have to cut'n paste the config if you get the same hardware and operating system.

But if you pay attention, we did not cover one particular aspect of the hardware: integrated WIFI

Article objective

In this article we will pursue the SOHO network appliance installation and enable the integrated module so that all mobile host @ home can benefit from connectivity offered by SOHO router. In this basic example I'll show you basic WIFI implementation

  • WIFI is b/g/n module (therefore no 5Ghz wifi)
  • WIFI won't be directly under RARE/freeRouter control

Diagrams

[ SOHO #007 ] - "I'm not wired ... I need connectivity too !"

Log into linux appliance via management interface using previously configured veth1a IPv4 address: 192.168.128.1

Identify WIFI module hardware
lspci | grep -i wire
09:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01)

My google-fu indicated me that the lunux driver should be ath9k

Check integrated WIFI hardware driver is loaded
lsmod | grep ath
ath9k                 139264  0
ath9k_common           20480  1 ath9k
ath9k_hw              487424  2 ath9k_common,ath9k
ath                    36864  3 ath9k_common,ath9k,ath9k_hw
mac80211              917504  1 ath9k
cfg80211              897024  4 ath9k_common,ath9k,ath,mac80211

So it seems that Debian kernel has detected and loaded the proper module

Linux Access point software installation
ifconfig | grep w
wlan0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500

wlan0 interface appeared ! 

Warning

  • When freshly configured, wlan0 is disabled. You can enable it:
Linux Access point software installation
ip link set wlan0 up
  • However, note that in SOHO #002, all is set during startup script (/rtr/hwdet-all.sh) via systemd
  • Last observation is that in SOHO #002 we also disabled Linux systemd networking
    • systemd use to name linux interface based on their pcie id: wlp9s0
    • after disabling it, WIFI interface name appears to become: wlan0

Now that the hardware and corresponding linux driver is loaded we can proceed to Linux access point software installation

Linux Access point software installation
apt-get update
apt-get install hostapd

hostapd configuration is Debian is in /etc/hostapd/hostapd.conf. But remember this is no more under systemd startup control as we disabled entirely systemd networking.

hostapd.conf
cat /etc/hostapd/hostapd.conf
#change wlan0 to your wireless device
interface=wlan0
# "g" simply means 2.4GHz band
hw_mode=g
# the channel to use
channel=acs_survey
# limit the frequencies used to those allowed in the country
ieee80211d=1
# the country code
country_code=FR
# 802.11n support
ieee80211n=1
# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1
driver=nl80211
ssid=YOUR_HOME_WIFI_SSID
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=y0urverys1cr1tpassw0rd
wpa_key_mgmt=WPA-PSK FT-PSK WPA-PSK-SHA256 SAE FT-SAE
wpa_pairwise=CCMP
rsn_pairwise=CCMP

You can check that hostapd is correctly configured by launching it manually

hostapd manual launch
hostapd /etc/hostapd/hostapd.conf 
...

From that point from your mobile phone or laptop:

  • you should be able to see YOUR_HOME_WIFI_SSID appearing in the list of available wireless network
  • you should be able to connect to YOUR_HOME_WIFI_SSID
  • But your mobile device might say: "Internet might not be available or Cannot retrieve IP from YOUR_HOME_WIFI_SSID" 
  • hostapd id triggered when SOHO router is booting up (described in rtr-hw.txt)  
  • Remember wlan0 is visible from the Linux kernel and managed by hostapd
  • we created a veth pair (veth2a@linux side and veth2b@sdn998 SOHO router side)
  • we bind wlan0 to veth2a (Cf. rtr-hw.txt → proc wlan /rtr/pcap2pcap.bin wlan0 veth2a)
  • and then veth2a is bound to sdn998  which is interface veth2b controlled by DPDK (Cf. SOHO #002 and SOHO #003)

So at that point all traffic coming from wlan0 will also make its way to sdn998

Now we need to make wireless traffic visible through VRF inet as we need to enable IPv4 (or IPv6) connectivity for mobile device.

So this is done in 2 steps.

Step - 1 - Create a bridge for wireless

Wireless bridge
bridge 1
 mac-learn
 mac-move
 exit

Note

Creating a bridge will also create interface bvi.

Step - 2 - Add veth2b to the wireless bridge

sdn998 addition into bridge 1
interface sdn998
 description SOHO@WLAN[veth2b-veth2a]
 mtu 1500
 bridge-group 1
 no shutdown
 no log-link-change
 exit

Warning

Make sure that bridge 1, sdn998, hairpin11 and hairpin12 are in declared into p4lang server

Linux Access point software installation
conf t
server p4lang p4 
 export-bridge 1
 export-port sdn998 7 1 0 0 0
 export-port hairpin11 11 0 0 0 0
 export-port hairpin12 12 0 0 0 0

The trick is to use hairpin interfaces. For experienced Junos user, this corresponds to Junos logical tunnel lt interface 

Step - 1 - Create a hairpin pair in order to redirect wireless traffic into VRF inet

Wireless bridge
conf t
hairpin 1

Note

Creating a hairpin 1 will also create interface hairpin11 and hairpin12.

Step - 2 - Add hairpin11 to the wireless bridge

hairpin11 addition into bridge 1
interface hairpin11
 no description
 bridge-group 1
 no shutdown
 no log-link-change
 exit

Step - 3 - Add hairpin12 into VRF inet

hairpin11 addition into bridge 1
interface hairpin12
 description SOHO@hairpin11
 mtu 1500
 vrf forwarding inet
 ipv4 address 192.168.129.1 255.255.255.0
 no shutdown
 no log-link-change
 exit

Warning

At that point all traffic from/to wireless will transit via hairpin12 and reach VRF inet

Now, DHCP request coming from mobile client can reach SOHO router VRF inet via hairpin12.

Step - 1 - Create DHCP server for Wireless client in VRF inet

DHCP configuration for Wireless client
server dhcp4 dh4-wlan
 pool 192.168.129.2 192.168.129.254
 gateway 192.168.129.1
 netmask 255.255.255.0
 dns-server 192.168.254.1
 domain-name local
 interface hairpin12
 vrf inet
 exit

Note

Creating hairpin 1 will also create interface hairpin11 and hairpin12.

Verification

Connect to WIFI via laptop wifi

DHCP debug command
debug server dhcp?                                                     
  dhcp4      - ipv4 dynamic host config protocol
  dhcp6      - ipv6 dynamic host config protocol

mjolnir#debug server dhcp4 ?                                                   
  <cr>
mjolnir#debug server dhcp4                                                     
mjolnir#terminal monitor
DHCP debug ouput when connecting laptop @ sdn6
mjolnir#debug server dhcp4                                                     
mjolnir#term mon                                                               
mjolnir#info ip.ipCor6.parseIPheader:ipCor6.java:95 got bad version from ::    
debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=1 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=discover dhcpsrv=null hstnm=MBP-de-Frederic dom=null lease=7776000 renew=0 mask=null gw=null dns1=null dns2=null req=null
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.129.83 op=rep sec=1 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=offer dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=1 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=offer dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=2 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=request dhcpsrv=192.168.129.1 hstnm=MBP-de-Frederic dom=null lease=0 renew=0 mask=null gw=null dns1=null dns2=null req=192.168.129.83
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.129.83 op=rep sec=2 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=ack dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=2 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=ack dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
...
mjolnir#

So based on the debug output:

  • DHCP allocated 192.168.129.83
  • Primary DNS (dns1) is 192.168.254.1
  • Network has /24 CIDR


ARP entries @ hairpin12
mjolnir#sh ipv4 arp hairpin12                                                  
mac             address          time      static
...
88e9.fe76.7f9b  192.168.129.83   00:00:13  false
...
mjolnir#
DHCP debug command
╭─[11/3/20|3:17:21]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ifconfig en0    
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether 88:e9:fe:76:7f:9b 
        inet6 fe80::1cf1:eacf:9ba9:43c3%en0 prefixlen 64 secured scopeid 0x5 
        inet 192.168.129.83 netmask 0xffffff00 broadcast 192.168.129.255
        inet6 2a01:e0a:159:2857:86:8cf9:a786:8f18 prefixlen 64 autoconf secured 
        inet6 2a01:e0a:159:2857:904b:4faa:5684:b7a0 prefixlen 64 autoconf temporary 
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: active
╭─[11/3/20|3:24:08]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  nslookup 212.27.48.10
Server:         fd00:2200::1
Address:        fd00:2200::1#53

Non-authoritative answer:
10.48.27.212.in-addr.arpa       name = www.free.fr.

Authoritative answers can be found from:

Pay attention to the server that answered ! At the present moment it should not be fd00:2200::1. It is simply because I had a setup with IPv6 fully enabled.

DNS resolution from CLI (DNS query originated by router)
╭─[11/3/20|3:14:17]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ping 212.27.48.10
PING www.free.fr (212.27.48.10): 56 data bytes
64 bytes from 212.27.48.10: icmp_seq=0 ttl=57 time=6.528 ms
64 bytes from 212.27.48.10: icmp_seq=1 ttl=57 time=4.666 ms
64 bytes from 212.27.48.10: icmp_seq=2 ttl=57 time=4.330 ms
64 bytes from 212.27.48.10: icmp_seq=3 ttl=57 time=4.446 ms
Check that NAT is occuring for 192.168.129.83
show ipv4 nat inet translations | i 192.168.129.83                     
1      192.168.129.83 -211222528  212.27.48.10 -211222528  192.168.0.90 -211222528  212.27.48.10 -211222528    00:00:17  00:00:17  00:05:00  1        84
1      212.27.48.10 -211222528    192.168.0.90 -211222528  212.27.48.10 -211222528  192.168.129.83 -211222528  00:00:17  00:00:17  00:05:00  1        84
1      192.168.129.83 -211222527  212.27.48.10 -211222527  192.168.0.90 -211222527  212.27.48.10 -211222527    00:00:16  00:00:16  00:05:00  1        84
1      212.27.48.10 -211222527    192.168.0.90 -211222527  212.27.48.10 -211222527  192.168.129.83 -211222527  00:00:16  00:00:16  00:05:00  1        84
1      192.168.129.83 -211222526  212.27.48.10 -211222526  192.168.0.90 -211222526  212.27.48.10 -211222526    00:00:15  00:00:15  00:05:00  1        84
1      212.27.48.10 -211222526    192.168.0.90 -211222526  212.27.48.10 -211222526  192.168.129.83 -211222526  00:00:15  00:00:15  00:05:00  1        84
DNS resolution from CLI (DNS query originated by router)
╭─[11/2/20|4:36:18]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ping www.free.fr -c 5 
PING www.free.fr (212.27.48.10): 56 data bytes
64 bytes from 212.27.48.10: icmp_seq=0 ttl=57 time=3.903 ms
64 bytes from 212.27.48.10: icmp_seq=1 ttl=57 time=5.883 ms
64 bytes from 212.27.48.10: icmp_seq=2 ttl=57 time=3.658 ms
64 bytes from 212.27.48.10: icmp_seq=3 ttl=57 time=4.872 ms
64 bytes from 212.27.48.10: icmp_seq=4 ttl=57 time=4.488 ms

--- www.free.fr ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.658/4.561/5.883/0.787 ms
Check that NAT is occuring for 192.168.136.126 and www.free.fr IPv4 address
show ipv4 nat inet translations | i 192.168.129.83                     
1      192.168.129.83 -211222528  212.27.48.10 -211222528  192.168.0.90 -211222528  212.27.48.10 -211222528    00:00:17  00:00:17  00:05:00  1        84
1      212.27.48.10 -211222528    192.168.0.90 -211222528  212.27.48.10 -211222528  192.168.129.83 -211222528  00:00:17  00:00:17  00:05:00  1        84
1      192.168.129.83 -211222527  212.27.48.10 -211222527  192.168.0.90 -211222527  212.27.48.10 -211222527    00:00:16  00:00:16  00:05:00  1        84
1      212.27.48.10 -211222527    192.168.0.90 -211222527  212.27.48.10 -211222527  192.168.129.83 -211222527  00:00:16  00:00:16  00:05:00  1        84
1      192.168.129.83 -211222526  212.27.48.10 -211222526  192.168.0.90 -211222526  212.27.48.10 -211222526    00:00:15  00:00:15  00:05:00  1        84
1      212.27.48.10 -211222526    192.168.0.90 -211222526  212.27.48.10 -211222526  192.168.129.83 -211222526  00:00:15  00:00:15  00:05:00  1        84

Conclusion

In this article we enabled the appliance WIFI integrated hardware:

  • We ensured that wifi hardware was detected by Linux kernel
  • We also ensured that Linux loaded the right wifi driver kernel module
  • hostapd would control wireless interface
  • we create a veth pair  (veth2a Linux side - veth2b / DPDK side)
  • wlan0 traffic is bound to veth2a using pcap2pcap utility (in freeRouter binaries bundle)
  • veth2b is bound to sdn998 (and declalred in p4lang server)
  • we create a hairpin 1 (hairpin11 , hairpin12) interface
  • bridge 1 has also been created
  • sdn998 and hairpin11 have been added to the bridge
  • hairpin12 is a routed interface declared in VRF inet and has an IP 192.168.129.1 inside wireless subnet 192.168.129.0/24


RARE validated design: [ SOHO #006 ] - key take-away

In this example the key take-away are:

  • The above action lead to bridge wireless traffic and pour it into VRF inet
  • From that point all defined previously will apply (NAT, DHCP) but now with wireless subnetwork

This example cover the case of a basic bridge in which we included a basic interface sdn998 and a hairpin interfaces pouring traffic from/to VRF inet. freeRouter is acting as a wireless controller local to the integrated WIFI. We will see in further article another typical WIFI implementation more flexible. Pleas note that we could have directly applied routing at sdn998 (so without the use of the bridge and hairpin). The usage of bridge and hairpin setup will be described in a next article describing alternate wifi implementation. In short we will add an OpenWRT Access point behind sdn6 and SOHO router will act as WIFI controller for both the integrated WIFI hotspot and the newly added OpenWRT.

RARE validated design: [ SOHO #006 ] - "Do you need an IP ?"
Fréderic LOUI posted on Nov 02, 2020

So everyone inside home network can reach the Internet thanks to NAT translation described in SOHO #004 and reach now their favorite Internet service by name thanks for SOHO #005.

Requirement

  • Basic Linux/Unix knowledge
  • Service provider networking knowledge

Overview

In the previous article during the verification we assume to have one host connected to a subnetwork cascaded behind SOHO router@sdn6. However, we did not described how the host could get connectivity.

Article objective

In this article we will pursue the SOHO network appliance installation and enable DHCP for IPv4 server. SOHO router can then answer to DHCPv4 request ingressing sdn6 interface.

  • Let's assume we have a switch connected to SOHO router@sdn6 for the future
  • sdn6 has ipv4 interface 192.168.136.1 manually configured
  • switch has IPv4 192.168.136.2
  • subnetwork behind sdn6 is 192.168.136.0/24
  • DHCPv4 will serve 192.168.136.3 → 192.168.136.254

Diagrams

[ SOHO #006 ] - "Do you need an IP ?"

First step, configure sdn6 and bind it to VRF inet. few considerations:

  • sdn6 has ipv4 192.168.136.1 manually configured
  • sdn6 will act as gateway for all connected host in subnetwork 192.168.136.0/24
  • In SOHO #004 ,  192.168.136.0/24 NAT is already taken into account


SOHO router DHCP server in VRF inet
conf t
interface sdn6
 mtu 1500
 vrf forwarding inet
 ipv4 address 192.168.136.1 255.255.255.0
 no shutdown
 no log-link-change
 exit
!

Second step, configure a DHCPv4 server@ SOHO router

SOHO router DHCP server in VRF inet
conf t
server dhcp4 dh4-16
 pool 192.168.136.3 192.168.136.254
 gateway 192.168.136.1
 netmask 255.255.255.0
 dns-server 192.168.254.1
 domain-name local
 interface sdn6
 vrf inet
 exit
!

In this case DHCPv4 will allocate IPv4 address:

  • from a pool going from 192.168.136.3 → 192.168.136.254
  • All host will set their gateway to 192.168.136.1 (which is SOHO@sdn6)
  • All connected host to sdn6 subnet will get an IP from pool within 192.168.136.0/24 subnet
  • All hosts will also consider SOHO@192.168.254.1 as DNS server as we implemented in SOHO #005
  • And we bind this DHCPv4 to interface sdn6 (without binding DHCP request coming from all interface belonging to VRF inet will be processed)
  • lastly DHCPv4 server will act into VRF inet only 

Verification

Connect a host to the switch connected to sdn6 then issue DHCP debug command

DHCP debug command
debug server dhcp?                                                     
  dhcp4      - ipv4 dynamic host config protocol
  dhcp6      - ipv6 dynamic host config protocol

mjolnir#debug server dhcp4 ?                                                   
  <cr>
mjolnir#debug server dhcp4                                                     
mjolnir#terminal monitor
DHCP debug ouput when connecting laptop @ sdn6
mjolnir#..                                                          debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=1 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=9ceb.e8d5.2c51 srv= fil= op=discover dhcpsrv=null hstnm=MBP-de-Frederic dom=null lease=7776000 renew=0 mask=null gw=null dns1=null dns2=null req=null
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.136.123 op=rep sec=1 cia=0.0.0.0 yia=192.168.136.123 sia=192.168.136.1 gia=0.0.0.0 cha=9ceb.e8d5.2c51 srv= fil= op=offer dhcpsrv=192.168.136.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.136.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=1 cia=0.0.0.0 yia=192.168.136.123 sia=192.168.136.1 gia=0.0.0.0 cha=9ceb.e8d5.2c51 srv= fil= op=offer dhcpsrv=192.168.136.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.136.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=2 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=9ceb.e8d5.2c51 srv= fil= op=request dhcpsrv=192.168.136.1 hstnm=MBP-de-Frederic dom=null lease=0 renew=0 mask=null gw=null dns1=null dns2=null req=192.168.136.123
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.136.123 op=rep sec=2 cia=0.0.0.0 yia=192.168.136.123 sia=192.168.136.1 gia=0.0.0.0 cha=9ceb.e8d5.2c51 srv= fil= op=ack dhcpsrv=192.168.136.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.136.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=2 cia=0.0.0.0 yia=192.168.136.123 sia=192.168.136.1 gia=0.0.0.0 cha=9ceb.e8d5.2c51 srv= fil= op=ack dhcpsrv=192.168.136.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.136.1 dns1=192.168.254.1 dns2=null req=null
info ip.ipCor6.parseIPheader:ipCor6.java:95 got bad version from ::
...
mjolnir#

So based on the debug output:

  • DHCP allocated 192.168.136.123
  • Primary DNS (dns1) is 192.168.136.1
  • Network has /24 CIDR
DHCP debug command
╭─[11/2/20|4:30:09]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ifconfig en8
en8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=6407<RXCSUM,TXCSUM,VLAN_MTU,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
        ether 9c:eb:e8:d5:2c:51 
        inet6 fe80::c93:c3b1:dfb3:77c0%en8 prefixlen 64 secured scopeid 0x13 
        inet 192.168.136.123 netmask 0xffffff00 broadcast 192.168.136.255
        inet6 2a01:e0a:159:2856:832:82f5:8519:70 prefixlen 64 autoconf secured 
        inet6 2a01:e0a:159:2856:653c:d1b2:dca9:c9da prefixlen 64 autoconf temporary 
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect (1000baseT <full-duplex>)
        status: active

╭─[11/2/20|4:37:05]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  nslookup www.free.fr      
Server:         192.168.254.1
Address:        192.168.254.1#53

Non-authoritative answer:
Name:   www.free.fr
Address: 212.27.48.10

Pay attention to the DNS server that answered ! Sweet !

DNS resolution from CLI (DNS query originated by router)
╭─[11/2/20|4:30:11]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ping 8.8.8.8 -c 5
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=119 time=4.171 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=4.334 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=4.208 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=3.856 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=119 time=4.090 ms
Check that NAT is occuring for 192.168.136.126
mjolnir#show ipv4 nat inet translations | i 192.168.136.123                    
1      8.8.8.8 710148096           192.168.0.90 710148096   8.8.8.8 710148096        192.168.136.123 710148096   00:02:46  00:02:46  00:05:00  1       84
1      192.168.136.123 710148096   8.8.8.8 710148096        192.168.0.90 710148096   8.8.8.8 710148096           00:02:46  00:02:46  00:05:00  1       84
1      8.8.8.8 710148097           192.168.0.90 710148097   8.8.8.8 710148097        192.168.136.123 710148097   00:02:45  00:02:45  00:05:00  1       84
1      192.168.136.123 710148097   8.8.8.8 710148097        192.168.0.90 710148097   8.8.8.8 710148097           00:02:45  00:02:45  00:05:00  1       84
1      8.8.8.8 710148098           192.168.0.90 710148098   8.8.8.8 710148098        192.168.136.123 710148098   00:02:44  00:02:44  00:05:00  1       84
DNS resolution from CLI (DNS query originated by router)
╭─[11/2/20|4:36:18]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ping www.free.fr -c 5 
PING www.free.fr (212.27.48.10): 56 data bytes
64 bytes from 212.27.48.10: icmp_seq=0 ttl=57 time=3.903 ms
64 bytes from 212.27.48.10: icmp_seq=1 ttl=57 time=5.883 ms
64 bytes from 212.27.48.10: icmp_seq=2 ttl=57 time=3.658 ms
64 bytes from 212.27.48.10: icmp_seq=3 ttl=57 time=4.872 ms
64 bytes from 212.27.48.10: icmp_seq=4 ttl=57 time=4.488 ms

--- www.free.fr ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.658/4.561/5.883/0.787 ms
Check that NAT is occuring for 192.168.136.126 and www.free.fr IPv4 address
mjolnir#show ipv4 nat inet translations | i 212.27.48.10                       
1      192.168.136.123 1263796224  212.27.48.10 1263796224  192.168.0.90 1263796224  212.27.48.10 1263796224     00:03:47  00:03:47  00:05:00  1       84
1      212.27.48.10 1263796224     192.168.0.90 1263796224  212.27.48.10 1263796224  192.168.136.123 1263796224  00:03:47  00:03:47  00:05:00  1       84
1      192.168.136.123 1263796225  212.27.48.10 1263796225  192.168.0.90 1263796225  212.27.48.10 1263796225     00:03:46  00:03:46  00:05:00  1       84
1      212.27.48.10 1263796225     192.168.0.90 1263796225  212.27.48.10 1263796225  192.168.136.123 1263796225  00:03:46  00:03:46  00:05:00  1       84
1      192.168.136.123 1263796226  212.27.48.10 1263796226  192.168.0.90 1263796226  212.27.48.10 1263796226     00:03:45  00:03:45  00:05:00  1       84

Conclusion

In this article DHCP service has been enabled at:

  • SOHO router level 
  • All host getting an IPv4 via DHCP will get a DNS server set to SOHO@loopback0 (192.168.254.1)

RARE validated design: [ SOHO #005 ] - key take-away

In this example the key take-away are:

  • DHCP is available for IPv4 and IPv6
  • DHCP here is bound to an interface so rogue DHCP request coming from any router interface other than the speficied interface won't be honoured
  • Feel free to explore all DHCP options propose by RARE/freeRouter

DHCP for IPv6 is also available if you want to strictly reproduce IPv4 allocation scheme. In our case we will use IPv6 SLAC.