Ask Your Question

On a VLAN tenant network, how can I allow an external device to pick up a dhcp address from neutron's dhcp service (the dhcp service associated with the subnet created in the tenant vlan network)?

asked 2016-02-26 09:24:33 -0600

Switters gravatar image
  • I'm using liberty, and have created some vlan networks as admin user, and assigned them to the 'demo' project
  • logged in as demo, I've created a dhcp-enabled subnet in one of the vlan networks, and a security group that allows hosts in the same subnet to connect to openstack guests in that subnet
  • I've created some openstack guest VMs in the subnet - they came up ok and picked up dhcp ip addresses. I can connect to these guests from an external server on the same VLAN (a server outside of openstack). I can connect to the external server from the openstack guest VMs. All as expected.

What I'm trying to do is to get an external (non-openstack) device on the same vlan to pick up a dhcp ip address from the openstack dhcp service for that subnet. Using wireshark I can see the dhcp request packets from my device, on the correct vlan, reaching my neutron network node where the dnsmasq dhcp service is running, but there's never a reply. I've tried putting wide-open ingress rules in the security group, but haven't got it to work yet (I'm not actually sure if the security group has any bearing at the subnet level as per AWS, or if it applies only to guest VMs...)

Anyone know what I need to do? I'll keep at it meantime


edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-05-16 06:50:05 -0600

Switters gravatar image

Hi all -

if anyone's interested, the following patch provides the functionality I needed. It's based on an older patch from

Patch is for RDO package (liberty) python-neutron-7.0.1-1.el7.noarch

--- ./usr/lib/python2.7/site-packages/neutron/agent/dhcp/   2016-03-11 11:08:45.674664463 +0000
+++ ./usr/lib/python2.7/site-packages/neutron/agent/dhcp/  2016-03-11 11:24:44.686955075 +0000
@@ -55,6 +55,8 @@
                 help=_('Comma-separated list of the DNS servers which will be '
                        'used as forwarders.'),
+    cfg.BoolOpt('dhcp_serve_subnet', default=False,
+                help=_('DHCP will service any MAC on subnet')),
     cfg.BoolOpt('dhcp_delete_namespaces', default=True,
                 help=_("Delete namespace after removing a dhcp server."
                        "This option is deprecated and "

--- ./usr/lib/python2.7/site-packages/neutron/agent/linux/     2016-02-29 15:59:45.591930854 +0000
+++ ./usr/lib/python2.7/site-packages/neutron/agent/linux/    2016-03-11 11:50:16.599613303 +0000
@@ -357,9 +357,25 @@
             # mode is optional and is not set - skip it
             if mode:
                 if subnet.ip_version == 4:
-                    cmd.append('--dhcp-range=%s%s,%s,%s,%s' %
-                               ('set:', self._TAG_PREFIX % i,
-                      , mode, lease))
+                       # Change to use the entire dhcp-range as allocation-pool
+                       # rather than just static
+                       # --dab
+                       if (self.conf.dhcp_serve_subnet):
+                               for ap in subnet.allocation_pools:
+                                       cmd.append('--dhcp-range=%s%s,%s,%s,%s' %
+                                               ('set:', self._TAG_PREFIX % i,
+                                               getattr(ap, 'start'),
+                                               getattr(ap, 'end'),
+                                               lease))
+                       else:
+                               cmd.append('--dhcp-range=%s%s,%s,%s,%s' %
+                                       ('set:', self._TAG_PREFIX % i,
+                             ,
+                                       mode,
+                                       lease))
                     cmd.append('--dhcp-range=%s%s,%s,%s,%d,%s' %
                                ('set:', self._TAG_PREFIX % i,

Apply the patches, then add a config line to /etc/neutron/dhcp_agent.ini on the network node (or wherever dhcp agent is running) to use the new config parameter:

# to allow dhcp addresses to be given to non-openstack devices on vlan tenant networks
dhcp_serve_subnet = true

Then restart the neutron-dhcp-agent service.

cheers Iain

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2016-02-26 09:24:33 -0600

Seen: 584 times

Last updated: May 16 '16