[K12OSN] Re: Making donations work better

Les Mikesell les at futuresource.com
Sun May 9 05:10:25 UTC 2004 

On Sat, 2004-05-08 at 20:14, Terrell Prude', Jr. wrote:
> However, 
> there is an issue we need to consider with such a remaster.  Not 
> everybody's going to be using 192.168.0.254 on their server--me, for 
> instance.  Due to the pre-existence of a DHCP server, and our 
> unwillingness to allow additional DHCP servers on our network for any 
> reason, I've got to use the pre-existing IP address scheme for the 
> clients.  That means a single-NIC K12LTSP install, and I'd wager I'm not 
> the only one in that situation.

That may be a matter of policy, and perhaps a common one, but
a double-nic k12ltsp server would work transparently in
that situation if you can position it between the main
network and the classroom switch.  That is, it can obtain
it's visible address from your existing dhcp and privately
provide isolated dhcp service for its clients hidden by
NAT from anywhere else.

>   In the case of our district, we run 
> subnets of 10.0.0.0/9, giving /20's to all of our schools.  The side 
> benefit of this single-NIC install is that the hard disk can also be 
> used as a regular file server very easily by the entire school.

That doesn't change even if you add a private branch for clients.
The one thing that does change that might be worth a policy
decision is that if you nat at the nearby server you won't
be able to see/log individual IP addresses of the client
machines as they go through other systems, like your
internet gateway or proxy.  However, thin clients don't
do anything but X from their own address anyway since all
the programs run on the server.

> HOWEVER....
> 
> The applicable effect, when remastering something like Knoppix or Damn 
> Small, is that we no longer have a thin client that netboots, thus no 
> longer getting its nfs and tftp parameters from a central, 
> easy-to-modify DHCP server.

It does pick up the dns server and its own domain, though.

> Now that IP address (or "those IP 
> addresses" if you get fancy) are hard-coded into the ISO image.

Or, you can use an unqualified hostname as the target.  The
client will append the domain name given to it, and query
the DNS server it got from DHCP for the IP address.  This
still leaves some possibilities for conflicts but it does
keep the process controlled by the server configuration. 

> Aunt 
> Tilly will, thus, have to have multiple ISO images for each of her 
> schools, unless we can somehow safely issue a broadcast query for XDM 
> servers, which I'd think would solve that issue.

You can.  However I think the first reply wins if there is more
than one server on the subnet.

> However, if you've got 
> more than one K12LTSP server on the same IP subnet, then you've got to 
> make sure you "broadcast" to the right one, so we're back at Square 1.  
> Putting each K12LTSP server on its own Layer 3 VLAN would fix that, but 
> you've got to have the gear to support that.
> 

You get that almost for free if you use 2 nics, but if you
put multiple servers on the same flat network you can either
do the domain/dns tricks to make a standard name hit the
right one, or designate one to handle -indirect queries
and let the users select their own server.

---
  Les Mikesell
   les at futuresource.com

More information about the K12OSN mailing list