3.1.0 failover and dynamic bootp clients

Simon Hobson dhcp1 at thehobsons.co.uk
Sat Aug 11 16:34:09 UTC 2007 

Carlos Vicente wrote:

>  Testing this in the lab, I just saw the two servers responding to a
>  bootp request with two different IP addresss.  They both have recorded
>  the individual leases as "active".  The configuration is identical on
>  both servers.

...

>  lease xxx.xxx.254.25 {
>    starts 5 2007/08/10 23:21:28;
>    ends 0 2007/09/09 23:21:28;
>    cltt 5 2007/08/10 23:21:28;
>    binding state active;
>    next binding state expired;
>    hardware ethernet 08:00:09:7c:c5:9a;
>  }
>  lease xxx.xxx.254.27 {
>    starts 5 2007/08/10 23:21:28;
>    ends 0 2007/09/09 23:21:28;
>    cltt 5 2007/08/10 23:21:28;
>    binding state active;
>    next binding state expired;
>    hardware ethernet 08:00:09:7c:c5:9a;
>  }

...

>  > Is this normal?  I'm guessing it's not.  Any hints appreciated.

I believe it is, but the times don't look right. AIUI, for dhcp 
clients under failover, both servers will respond to a client and 
offer different addresses from their free pool. They will create a 
short lease of 2 mins duration so as to 'reserve' the address should 
the client decide to accept the offer. The client will pick an offer 
(typically the first it receives) and request it from the server that 
offered it, and the server will confirm it - offering a longer lease. 
The offer which was not accepted will simply expire and the address 
will return to the free pool. At each stage, the servers will 
communicate the lease state changes to each other.

So I would expect one server to show a lease that was only valid for 
2 minutes and then expired - but I don't know if it's different for 
bootp clients. If it is, then this would be a simple attack vector 
for a malicious client since it does not even have to keep up a 
decent request rate to keep a pool exhausted !


At 11:07 -0400 11/8/07, Jeff Wieland wrote:

>So you need to disable dynamic bootp for any pools for which failover
>is enabled.

Support for dynamic bootp & failover added to v3.1.0, so this 
statement is wrong. If the man pages for 3.1.0 still say that bootp 
isn't supported on failover then they need correcting.

More information about the dhcp-users mailing list