Unexpected behavior when moving from 'unknown' to 'known'

David Sotnick sotnickd-dhcp at ddv.com
Fri Aug 10 00:32:57 UTC 2007 

Oh, and to clarify-- the request in the log entry below comes from
138.72.129.254, but that subnet is also defined with a range which allows
'members of dynamic-hosts', like so:

subnet 138.72.129.0 netmask 255.255.255.0 {
  option routers 138.72.129.254;
  option broadcast-address 138.72.129.255;
  option subnet-mask 255.255.255.0;

  pool {
    deny unknown-clients;
    allow members of "dynamic-hosts";
    ddns-updates on;
    range 138.72.129.1 138.72.129.240;
    default-lease-time 7200;
    max-lease-time 7200;
  }
}

And yet, still the server is throwing a 'no free leases' message.

I have since done some tcpdumps and analyzed the output in wireshark.
The client is sending exactly the same packet each time, and in one case
when I changed the host {} definition to have the hardware ethernet
address in lower-case (an admin had changed it to all upper case), the
client was suddenly allowed to get a lease from the dynamic-hosts pool.

This all seems very intermittent and unpredictable and is causing me to
worry about our DHCP service even as I sit in the sun at a campsite,
supposedly on vacation...

-David

On Thu, 9 Aug 2007, David Sotnick wrote:

> Anyone? Mr. Hankins?
>
> Surely someone must have some insight here...
>
> On Tue, 7 Aug 2007, David Sotnick wrote:
>
> > I recently upgraded from dhcp-server 3.0.1r5 to 3.0.5r2, and then to
> > 3.0.6. My operating system is FreeBSD 6.2-CURRENT.
> >
> > I have cases where users machines will be unknown, that is there is no
> > host entry for the host (when it is new out of the box), and then once the
> > machine is built-out ("bootstrapped"), a host entry is added to the dhcp
> > config file.
> >
> > We have a small range of IP addresses we hand out to these uknown-clients,
> > and a separate range for the client when it is known to us. Both ranges
> > are in the same subnet.
> >
> > Under version 3.0.1r5 this was all working fine, but now I'm seeing some
> > reproducable and undesired effects.
> >
> > Here's the class and subnet definition:
> >
> > class "dynamic-hosts" {
> >     match hardware;
> > }
> >
> > # begin:mac-metro-buildout
> > subnet 138.72.199.0 netmask 255.255.255.128 {
> >   option routers 138.72.199.126;
> >   option broadcast-address 138.72.199.127;
> >   option subnet-mask 255.255.255.128;
> >
> >   # Dynamic DHCP pool for new hosts not yet in DHCP
> >   pool {
> >     allow unknown-clients;
> >     ddns-updates off;
> >     range 138.72.199.1 138.72.199.63;
> >     default-lease-time 3600;
> >     max-lease-time 3600;
> >   }
> >
> >   # Dynamic DHCP pool with ddns-enabled for dynamic hosts:
> >   pool {
> >     deny unknown-clients;
> >     allow members of "dynamic-hosts";
> >     ddns-updates on;
> >     range 138.72.199.64 138.72.199.124;
> >     default-lease-time 3600;
> >     max-lease-time 3600;
> >   }
> > }
> > # end:mac-metro-buildout
> >
> > And here's a sample host entry for one of these hosts, after it's been
> > built-out and is now 'known' to us, and in DHCP:
> >
> > host macbrenda-en0 {
> >   option host-name "macbrenda";
> >   ddns-hostname "macbrenda";
> >   hardware ethernet 00:17:f2:09:da:8e;
> > }
> > subclass "dynamic-hosts" 1:00:17:f2:09:da:8e;
> >
> > In case you were going to ask, I'm matching against 'hardware' and not
> > 'dhcp-client-identifier', in my class statement because I want to match
> > against something the user cannot change.
> >
> > Now, when the host first connects, it's unknown (the above host entry
> > doesn't yet exist in the config), and so it gets assigned an IP from the
> > pool for unknown-clients. The client gets a lease from the range in the
> > first pool, and the lease gets written to the dhcpd.leases file.
> >
> > Now for the interesting part... The client then gets added to the dhcp
> > config file, and is now considered 'known', and is part of the subclass
> > 'dynamic-hosts'. BUT, (I assume) since there is a lease for the client in
> > the dhcpd.leases file, the dhcp-server is responding to DHCP requests from
> > the client with "no free leases"
> >
> > Aug  6 17:17:23 arbiter dhcpd: DHCPDISCOVER from 00:17:f2:09:da:8e via 138.72.129.254: network 138.72.129/24: no free leases
> >
> > So I stop the dhcp-server, remove the two lease/binding entries for the
> > host, and start the server again, and now, when the client connects, it
> > obtains the lease, as it should, from the pool of known-clients.
> >
> > Since I wrote this, I realized I have "deny duplicates;" at the top of my
> > config file. I added "allow duplicates;" to the subnet declaration for the
> > subnet above, and it seems to have fixed the problem.
> >
> > Is this expected behavior?
> >
> > Thanks,
> > David Sotnick
> > --
> > Tech. Lead - Unix Infrastructure
> > Pixar Animation Studios
> > Emeryville, CA
> >
> >
>
>

More information about the dhcp-users mailing list