Problem with abandoned leases

David W. Hankins David_Hankins at isc.org
Fri Mar 10 22:38:41 UTC 2006


Noticed this just today...got buried under the rest.

On Thu, Jan 19, 2006 at 08:48:35AM +1100, Bradley Baetz wrote:
> We've recently upgraded from 3.0.3b3 to 3.0.4b2, and are having some
> issues.

I don't think your upgrade is related.  At least I'm not sure how it
could be.

> The problem is that the lease found for the uid is the abandoned one.

Which means either the lease was DECLINEd by someone, or the ping-check
succeeded (probable if the client rebooting returns to BOUND state but
transmits messages as though in INIT state...that is, it is bound to
the address it previously had, but is broadcasting a DISCOVER).

> Then 2 minutes later the system reboots again. Its a dumb cable modem,
> and doesn't send a suggested IP, so we go through the whole thing again,
> with a new IP each time. And eventually this CM has all the IPs allocated
> to it and noone else can get online...

Nice.  So it just takes one abandoned entry for this client to get it
to soak up all the leases.

> Any thoughts on what should be happening to stop this from occurring?

A few things.

1) Ping-check shouldn't ping ACTIVE leases.  We know these kinds of
   clients exist, and this ping-check is a sanity-check device anyway
   not a really necessary component of the server.

2) The code around where you identified should be changed; the loops
   that find client-id'd or hardware-id'd leases should themselves
   omit leases that are ABANDONEd and look for the next one rather
   than pull the first lease blindly.

3) I don't recall there being a lot of guidance in the failover draft
   over what to do with ABANDONED leases, except the state engine where
   it is suggested ABANDONED->RESET->FREE might occur (RESET implying
   administrator intervention on a primary only).  Without failover,
   we treat ABANDONED leases as 'last resort FREE', that is they are
   allocated as normal, but only if no more free leases exist.  A
   similar approach is not unreasonable if we limit it to a single
   server, make it a primary-only behaviour.  But it's more worthwhile
   in a failover environment, I think, to proactively schedule a time
   to RESET these leases so the pools can be balanced.

   I think this behaviour should probably be substantively tuned.  I
   think a server operating in partner-down should be allowed to draw
   from abandoned leases as a last resort.  All that kind of thing.  I
   suspect the document is terse here to try and be as conservative as
   possible.

-- 
David W. Hankins		"If you don't do it right the first time,
Software Engineer			you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins


More information about the dhcp-users mailing list