DHCP on /31 subnet?
-
If I use DHCP in pfSense to lease out the only usable IP address in a /30 subnet everything works. If I try the same thing with a /31 subnet pfSense complains that the broadcast address cannot be used.
The usability scenarios in this case should be the same - use DHCP to lease out the only usable IP address in a PtP subnet. From what I understand, in a /31 subnet the traditional network and broadcast addresses aren't supposed to be needed.
The usage scenario here is a large pool of PtP links which must be isolated onto individual subnets, but preferably using only 2 IP addresses per client instead of 4. DHCP is helpful in this scenario because the client machines are not under my control and the address space could be fluid. Managing a static IP address on each client would be an untenable proposition.
Is there a way to make pfSense lease the usable client address in a /31 subnet or am I stuck with one of the more unpalatable alternatives?
Thank you in advance for the assistance.
-
-_-
-
Try running this scenario through an online subnet calculator:
http://jodies.de/ipcalc?host=192.168.0.1&mask1=31&mask2=
You'll see that with this subnet the broadcast address and the only available address in that 'range' are the same. A /30 subnet will give you just two addresses - the absolute minimum.
-
/31 is a valid subnet mask for point to point links which is what CaptainElmo is doing.
https://tools.ietf.org/html/rfc302
http://networkengineering.stackexchange.com/questions/1547/31-point-to-point-bitmasks -
DHCP relies on broadcasts. Not sure how anyone expects that to work without a broadcast address.
-
DHCP relies on broadcasts. Not sure how anyone expects that to work without a broadcast address.
DHCP broadcasts do no rely on the subnet broadcast address (how will the client know what the subnet broadcast is before it knows the subnet?).
DHCP always uses the 255.255.255.255 broadcast address.
-
Yeah. Here's another thread:
http://www.dslreports.com/forum/r29832727-Mikrotik-DHCP-31-subnet
This is probably something that's going to have to shake out before vendors reliably work with one another.
You might try manually updating the dhcpd.conf file and seeing if you can get it working that way. Maybe post your findings and if it requires a validation change in the DHCP config pages to make it work, that's pretty easy.
-
You might try manually updating the dhcpd.conf file and seeing if you can get it working that way. Maybe post your findings and if it requires a validation change in the DHCP config pages to make it work, that's pretty easy.
Yeah that's my suggestion.
Though where the clients aren't under your control, trying to do DHCP on /31s is likely to cause you all kinds of grief. Not sure how many devices will work in that circumstance but I'm sure there are a lot that won't. /31s are really intended for static assignment on point to point links where routers, not clients, are involved.
-
@cmb:
You might try manually updating the dhcpd.conf file and seeing if you can get it working that way. Maybe post your findings and if it requires a validation change in the DHCP config pages to make it work, that's pretty easy.
Yeah that's my suggestion.
Though where the clients aren't under your control, trying to do DHCP on /31s is likely to cause you all kinds of grief. Not sure how many devices will work in that circumstance but I'm sure there are a lot that won't. /31s are really intended for static assignment on point to point links where routers, not clients, are involved.
I've seen DHCP on /31 used in places so that network changes could be done easily from just the DHCP server… but I'm not sure how much effort it actually saves.
Is there a way of getting pfSense to stop overwriting the dhcpd.conf file? I was trying to play around with a DHCP on /31 out of curiosity and I can't get my dhcpd.conf edits to stay.
-
I've seen DHCP on /31 used in places so that network changes could be done easily from just the DHCP server… but I'm not sure how much effort it actually saves.
It's not the effort so much as access to the remote client. In some cases I will not have easy access to the client so being able to modify things unilaterally at the head end is a requirement.
For now I've resorted to using /30 subnets since that works, but ideally it would be better to have DHCP support /31 as well in order to not waste so many IP addresses. If a DHCP client doesn't like that configuration I can always fall back to a /30 only in those edge cases.
-
It's easy enough to disable our input validation to see if it works. If it does, perhaps we can relax the GUI input validation for that special case.
FreeBSD and pfSense only recently gained support for /31 networks so it's no surprise if other areas need to catch up.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
Back from the dead: https://www.reddit.com/r/PFSENSE/comments/vaxhcj/dhcp_service_on_a_31_interface/
-
A /31, with only 2 addresses, does not have a broadcast or network address.
-
@jimp said in DHCP on /31 subnet?:
FreeBSD and pfSense only recently gained support for /31 networks so it's no surprise if other areas need to catch up.
That's only for a point to point link, not a broadcast network.
-
It appears someone needs a refresher on DHCP. In addition to a server and client address, it also uses 0.0.0.0 for the client before it learns it's own address and the broadcast address. By my count, that's 4 addresses, which are hard to squeeze into a /31.
