Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

ADR 0009: Eliminate Dual DHCP and Establish a Single Boundary

Status

Accepted

Context

The network previously had both the ISP gateway and OpenWRT serving DHCP on the same subnet. This created an ambiguous boundary and undermined consistent policy enforcement at the edge.

Decision Drivers

  • Avoid non-deterministic gateway assignment and client routing.
  • Ensure consistent DNS behavior to support split-horizon.
  • Prepare for future HA/VIP routing patterns without conflicting DHCP sources.
  • Maintain a clear, singular security boundary for policy enforcement.

Decision

  • Place the ISP router/modem into bridge mode.
  • Make OpenWRT the sole DHCP and NAT authority for the subnet.
  • Keep IPMI disconnected by default due to port exhaustion and power constraints; connect only when needed.

Consequences

  • Single Boundary: A single NAT/DHCP boundary improves policy enforcement and troubleshooting.
  • Predictable Clients: Gateway and DNS assignment become deterministic.
  • Future Migration: Simplifies future migration to a dedicated firewall or HA topology.
  • Operational Trade-off: IPMI access is on-demand rather than always available.