<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="monospace">This looks like something that I'd like to
implement/test. Can you advise what other changes you reference
that need to be put in place b/f compiling? Also, was this ever
submitted for upstream patching? It looks like the comment
section above your patch indicates that ISC openly states that
this is a theoretical issue. I see that they have reasoning for
by default disregarding the check, although this should be a
compile-time option imo.<br>
<br>
Thanks!<br>
<br>
<br>
/* At this point it's possible that we will get a broadcast<br>
DHCPREQUEST for a lease that we didn't offer, because<br>
both we and the peer are in a position to offer it.<br>
In that case, we probably shouldn't answer. In order<br>
to not answer, we would have to compare the server<br>
identifier sent by the client with the list of possible<br>
server identifiers we can send, and if the client's<br>
identifier isn't on the list, drop the DHCPREQUEST.<br>
We aren't currently doing that for two reasons - first,<br>
it's not clear that all clients do the right thing<br>
with respect to sending the client identifier, which<br>
could mean that we might simply not respond to a client<br>
that is depending on us to respond. Secondly, we
allow<br>
the user to specify the server identifier to send, and<br>
we don't enforce that the server identifier should be<br>
one of our IP addresses. This is probably not a big<br>
deal, but it's theoretically an issue.<br>
<br>
The reason we care about this is that if both servers<br>
send a DHCPACK to the DHCPREQUEST, they are then going<br>
to send dueling BNDUPD messages, which could cause<br>
trouble. I think it causes no harm, but it seems<br>
wrong. */<br>
<br>
<br>
- Joey D.<br>
<br>
<br>
</font>
<div class="moz-cite-prefix">On 04/17/2014 02:11 AM, Torppa Jarkko
wrote:<br>
</div>
<blockquote
cite="mid:AA110561FC4BF54B9AFF0702A2657817C22F0E7754@SECU003.acc.master.epnet"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:FI;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
mso-fareast-language:FI;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">I wrote a patch for the server, for 3.x series
it’s couple of lines. Wont apply cleanly, as there are other
changes before that need to compile with –DHONOR_SERVER_ID<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">diff -u -r1.28 -r1.29<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">--- dhcp.c 4 Feb 2009 09:48:17 -0000
1.28<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+++ dhcp.c 8 Aug 2011 19:15:28 -0000
1.29<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">@@ -40,7 +40,7 @@<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> #include "dhcpd.h"<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> #ifndef lint<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">-static char lcopy[] = "$Id: dhcp.c,v 1.28
2009/02/04 09:48:17 torppa Exp $";<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+static char lcopy[] = "$Id: dhcp.c,v 1.29
2011/08/08 19:15:28 torppa Exp $";<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> #endif<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> int outstanding_pings;<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">@@ -689,6 +689,20 @@<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> to send dueling BNDUPD
messages, which could cause<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> trouble. I think it causes
no harm, but it seems<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> wrong. */<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+# if defined(HONOR_SERVER_ID)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ if(have_server_identifier) {<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ /* This does not look for
configures server-id XXX */<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ struct iaddr from;<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+
memcpy(&from.iabuf,&packet->interface->primary_address,sizeof(packet->interface->primary_address));<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ from.len =
sizeof(packet->interface->primary_address);<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ if(sip.len == from.len
&& memcmp(sip.iabuf, from.iabuf, from.len) != 0) {<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ /* We are not the server
with that SERVER_ID */<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ log_debug("%s: ignoring our
server-id %s", msgbuf, piaddr(from));<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ goto out;<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ }<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+ }<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">+# endif /* HONOR_SERVER_ID */<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> } else<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> peer = (dhcp_failover_state_t
*)0;<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> #endif<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US"> Joey D. [<a class="moz-txt-link-freetext" href="mailto:jobewan@gmail.com">mailto:jobewan@gmail.com</a>] <br>
<b>Sent:</b> 16. huhtikuuta 2014 17:43<br>
<b>To:</b> Torppa Jarkko<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:dhcp-hackers@lists.isc.org">dhcp-hackers@lists.isc.org</a><br>
<b>Subject:</b> Re: Multiple ACK Issue<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Can you elaborate as to how you
accomplished the dropping of the requests? Is that an
option or a script on the server? <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Wed, Apr 16, 2014 at 1:39 AM, Torppa
Jarkko <<a moz-do-not-send="true"
href="mailto:jarkko.torppa@elisa.fi" target="_blank">jarkko.torppa@elisa.fi</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">I had similar problem on 3.x, at that
time I tried to look at the code and did’nt see
anything that would try to prevent sending
duplicates. Some clients (juniper firewalls) don’t
like it if they get response from a server that they
did not specify.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Fixed the issue by making path that
drops the requests if our-id is not in the requests.
As I red RFC at that time that would be the correct
behavior.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US"> dhcp-hackers-bounces+jarkko.torppa=<a
moz-do-not-send="true"
href="mailto:elisa.fi@lists.isc.org"
target="_blank">elisa.fi@lists.isc.org</a>
[mailto:<a moz-do-not-send="true"
href="mailto:dhcp-hackers-bounces%2Bjarkko.torppa"
target="_blank">dhcp-hackers-bounces+jarkko.torppa</a>=<a
moz-do-not-send="true"
href="mailto:elisa.fi@lists.isc.org"
target="_blank">elisa.fi@lists.isc.org</a>] <b>On
Behalf Of </b>Joey D.<br>
<b>Sent:</b> 15. huhtikuuta 2014 20:47<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:dhcp-hackers@lists.isc.org"
target="_blank">dhcp-hackers@lists.isc.org</a><br>
<b>Subject:</b> Re: Multiple ACK Issue</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I'm
still looking for any/all input regarding this
issue. Is there a different mailing list that
would be more appropriate for this?<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
Wed, Apr 9, 2014 at 12:05 PM, Joey D. <<a
moz-do-not-send="true"
href="mailto:jobewan@gmail.com"
target="_blank">jobewan@gmail.com</a>>
wrote:<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">bumping
this into the dhcp-hackers list in hopes
of a response.<span style="color:#888888"><br>
<br>
- Joey D.</span><o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
Mon, Apr 7, 2014 at 11:49 AM, Joey
D. <<a moz-do-not-send="true"
href="mailto:jobewan@gmail.com"
target="_blank">jobewan@gmail.com</a>>
wrote:<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">It
looks like the last
response/inquiry was not sent to
the list. I'm sending it back
through in hopes of getting
additional feedback on my
issue. I'm still looking for
info as to whether this is
expected behaviour.<span
style="color:#888888"><br>
<br>
- Joey D.</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
04/04/2014 01:50 PM, Joey
D. wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-family:"Courier
New""> I have
tested this with
numerous packet
captures. In every
Packet capture, there
are 2 DISCOVERs, 1 OFFER
(from 'Server B',
indicating the
load-balancing algorithm
is doing it's job), 2
REQUESTs (from the
client, with option 54
noting Server B), 2 ACKS
with each server sending
their own option 54
address.<br>
<br>
This scenario does not
occur if I wipe the
lease data for that
client from both
servers' lease tables;
this results in only 1
ACK from the server
listed in option 54 in
the REQUEST (Server B).
Once that works, if I
reboot the client, we
are back in the state of
ACKS being sent from
both servers. I can
submit more data in a
bug report if necessary,
but I'm not sure if this
is a bug just yet...<br>
<br>
In the event of T2
timer, there is no
option 54 info as
mentioned.<br>
<br>
I included the email
thread including
additional data below
(we use split 128).<br>
<br>
Regards,<br>
<br>
- Joey D.</span><o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
<br>
On 04/04/2014 01:24 PM,
Bruce Hudson wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre> My DHCP is a bit rusty these days but I would definitely not expect<o:p></o:p></pre>
<pre>multiple ACKs during a regular DORA. The request from the client should<o:p></o:p></pre>
<pre>include the server identifier of the offer it is accepting; and only<o:p></o:p></pre>
<pre>that server should process the request. That is part of the protocol.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> If you are seeing multiple ACKs, either (1) the client is broken<o:p></o:p></pre>
<pre>and is not including a server identifier, (2) the servers are somehow<o:p></o:p></pre>
<pre>set to use the same identifier, or (3) the DHCP server is broken and<o:p></o:p></pre>
<pre>ignoring the identifier in the request. In the absence of packet traces,<o:p></o:p></pre>
<pre>I am inclined to assume one of the first two. Can you see a server<o:p></o:p></pre>
<pre>ACKing a client request that includes a different identifier?<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> A client can definitely broadcast a request without an identifier,<o:p></o:p></pre>
<pre>either during a reboot or at T2 as you suggest. In those cases I would<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>expect any server that sees the request to respond. You will see <o:p></o:p></pre>
<pre>multiple ACKs. <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> You did not say (or I missed) whether or not these two servers are<o:p></o:p></pre>
<pre>part of a redundancy pair or not. If they are, that might be the code<o:p></o:p></pre>
<pre>path that leads to ignoring the server identifier. On the other hand,<o:p></o:p></pre>
<pre>in that case I would expect the "split" statement to prevent both<o:p></o:p></pre>
<pre>servers from responding. Do you set the split to 255? <o:p></o:p></pre>
<pre>--<o:p></o:p></pre>
<pre>Bruce A. Hudson | <a moz-do-not-send="true" href="mailto:Bruce.Hudson@Dal.CA" target="_blank">Bruce.Hudson@Dal.CA</a><o:p></o:p></pre>
<pre>ITS, Networks and Systems |<o:p></o:p></pre>
<pre>Dalhousie University |<o:p></o:p></pre>
<pre>Halifax, Nova Scotia, Canada | <a moz-do-not-send="true" href="tel:%28902%29%20494-3405" target="_blank">(902) 494-3405</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
04/04/2014 12:04 PM,
Joey D. wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span
style="font-family:"Courier
New""> I
apologize if it's not
proper etiquette to
post the same issue to
both mailing lists,
but I'm looking for a
bit of feedback as to
whether what I'm
experiencing is
'expected' behaviour
from the isc dhcp
software. It looks as
though myself and
Leigh are both
observing the same
'multiple ack'
scenario, but it's a
bit of a "muddy"
explanation in the RFC
as to whether both
ACKs should present
themself during a
reboot/DORA (although
I'd expect it to
happen at a T2 timer).<br>
<br>
- Joey D.</span><o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
04/02/2014 12:48 PM,
jobewan wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">
In our environment,
multiple ACKs are
causing an issue. We
have our servers setup
in 2 different
geographic regions,
and there is a DHCP
proxy in-line near the
client site. The
issue is that the
anti-spoofing
mechanism in the
dhcp-proxy always
picks up on the 1st
ack to make it back,
which is always going
to be 'Server A' (due
to the latency b/t the
regions); although
'Server B' is sending
the offer. This in
turn causes issues for
the client that is
wanting an IP address
from Server B.<br>
<br>
Is the double ACK an
expected behavior on a
reboot? The RFC on
3.1 says "If the
client already knows
its address, some
steps may be omitted",
which indicates that
this should
potentially follow the
process noted in 3.2
(showing both servers
sending an ACK).
Although, during a
reboot, the client
doesn't know it's ip
address and follows a
simple DORA which
would indicate it
would use the process
in 3.1 (meaning only 1
server sends an ACK)<br>
<br>
(also, sorry for the
double post, It
appeared that my
initial mail was
caught by a
spamfilter).<br>
<br>
- Joey D.<o:p></o:p></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
04/02/2014 11:16 AM,
Leigh Porter wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
see a similar
issue with a
similar config,
however the
duplicate ACK is
not on the
initial request
but for lease
renewals.</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ve
not bothered
investigating so
far as it seemed
to do no harm
for now..</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">--</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Leigh</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US"> <a
moz-do-not-send="true"
href="mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org"
target="_blank">dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org</a>
[<a
moz-do-not-send="true"
href="mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org"
target="_blank">mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org</a>]
<b>On Behalf Of
</b>Joey D.<br>
<b>Sent:</b> 02
April 2014 17:04<br>
<b>To:</b> <a
moz-do-not-send="true"
href="mailto:dhcp-users@lists.isc.org" target="_blank">dhcp-users@lists.isc.org</a><br>
<b>Subject:</b>
Multiple ACK
Issue</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> Below
is a diagram
of what we
witness is
happening in
the event of a
device reboot
of a
previously
connected
device
(meaning the
device is
already
established in
the leases db
on both
servers), as
well as our
failover
config. Is
there a
configuration
directive that
can be used
which mandates
that only the
server sending
the offer can
send the ACK?
(much like
what is done
when
allocating a
fresh lease
like in sec
3.2 in the
rfc). I can
detail a bit
more as to the
environment
layout if
necessary, but
I'm hoping
there is an
option I'm
simply
overlooking. </span><o:p></o:p></p>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
Server A
Client
Server B</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
v
v
v</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| Begins
initialization
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
_____________/|\____________
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|/DHCPDISCOVER
|
DHCPDISCOVER\|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
___________/|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
/DHCPOFFER |</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|/
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
Selects
configuration
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
_____________/|\____________
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|/
DHCPREQUEST |
DHCPREQUEST\|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|\_____________
|
____________/|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
DHCPACK \|/
DHCPACK |</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
|
|</span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|
Initialization
complete | </span><o:p></o:p></p>
</div>
<div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
</div>
<p
class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
<br>
<br>
SERVER A: <br>
stash-agent-options
true; <br>
<br>
failover peer
"iah-kcm" { <br>
primary; <br>
address
x.x.1.248; <br>
port
647; <br>
peer
address
x.x.2.248; <br>
peer
port 647; <br>
auto-partner-down
121; <br>
max-response-delay
120; <br>
max-unacked-updates
10; <br>
load
balance max
seconds 5; <br>
mclt
3600; <br>
split
128; <br>
<br>
} <br>
server-identifier
x.x.1.248; <br>
ping-check
false; <br>
<br>
<br>
SERVER B: <br>
stash-agent-options
true; <br>
<br>
failover peer
"iah-kcm" { <br>
<br>
secondary; <br>
address
x.x.2.248; <br>
port
647; <br>
peer
address
x.x.1.248; <br>
peer
port 647; <br>
auto-partner-down
121; <br>
max-response-delay
120; <br>
max-unacked-updates
10; <br>
load
balance max
seconds 5; <br>
} <br>
server-identifier
x.x.2.248; <br>
ping-check
false; <br>
<br>
<br>
- Joey D. </span><o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
______________________________________________________________________<br>
This email has
been scanned by
the Symantec Email
Security.cloud
service.<br>
For more
information please
visit <a
moz-do-not-send="true"
href="http://www.symanteccloud.com" target="_blank">http://www.symanteccloud.com</a><br>
______________________________________________________________________<o:p></o:p></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><br
clear="all">
______________________________________________________________________<br>
This email has been
scanned by the
Symantec Email
Security.cloud
service.<br>
For more information
please visit <a
moz-do-not-send="true"
href="http://www.symanteccloud.com" target="_blank">http://www.symanteccloud.com</a><br>
______________________________________________________________________<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>dhcp-users mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:dhcp-users@lists.isc.org" target="_blank">dhcp-users@lists.isc.org</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><o:p></o:p></pre>
</blockquote>
</blockquote>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</blockquote>
<br>
</body>
</html>