DHCP Failover and duplicate responses

John Tabasz (jtabasz) jtabasz at cisco.com
Fri Sep 7 22:23:48 UTC 2007 

I have a different sort of failover setup and have a question about it.
Every lease I serve is static. There are no pools defined at all. 
Rather than using failover, my idea is to use a duplicate server with
the same exact config file on it. That way if one server fails for a
reason unique to it, the other will still be there to server leases.  
Can anyone out there comment on this? What will happen when two servers
hear the DHCPDISCOVER requests from a client? I'm assuming there will be
some difference in response time, due to network topology and hardware
differences on the servers. Both servers have the same IP and netmask
etc information for any particular MAC address. 

Comments?

John

-----Original Message-----
From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
Behalf Of Glenn Satchell
Sent: Wednesday, September 05, 2007 4:40 PM
To: dhcp-users at isc.org
Subject: Re: DHCP Failover and duplicate responses

Setting dhcp-server-identifier to the gateway is wrong. The ip-helpers
on the gateway are only used when the client broadcasts the
DHCPDISCOVER. After that the client will send a normal unicast packet to
the dhcp server for renewal. The renewal is done when the IP stack is
fully configured, so it can route to the dhcp server if necessary.

In other respects the servers are behaving correctly. Each is receiving
the request and responding with an ack, as they are supposed to.

regards,
-glenn

>Date: Wed, 5 Sep 2007 16:27:26 -0500
>From: "Cory Meyer" <cory.meyer at gmail.com>
>Subject: DHCP Failover and duplicate responses
>
>With DHCP failover configured correctly should both servers be 
>responding to the same dhcp request?
>
>I know that the leases db is staying synced as they will both ACK with
the
>same IP.   I'm running into the issue with both 3.0.5 and 3.0.6 on
Debian
>3.1.  Just to be sure that it wasn't issues with my dhcpd.leases file 
>dhcpd was stopped on both servers, emptied and started again with the
same
>issue.   Running omshell to get the failover state is showing both
servers
>in normal mode once the recovery + MCLT has passed.
>
>The reason as to why this might be an issue is that in our production 
>enviroment our routers are setup with 2 ip helper-address statements.  
>One to the primary and one to the secondary server.  Option
>dhcp-server-identifier is set to the local GW for that network.   This
means
>that DHCREQUEST packets will be sent to both servers.    Normally with
both
>servers sending an identical ACK it should be an issue though I seem to

>remember Windows Me and 98 clients that would fail an IP renewal due to

>the almost identical ACK.
>
>
>Any ideas or suggestions?   So far the DHCP Handbook has been a great
help
>though I think I might have missed something.
>
>
>
>dhcp-01 is the primary.   dhcp-02 is the secondary.
>
>Here is what I'm seeing in the logs with a Windows XP SP2 client:
>
>Sep  5 11:13:20 dhcp-01 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0: load balance to peer dhcp Sep  5 11:13:20 
>dhcp-01 dhcpd: DHCPREQUEST for 10.2.1.128 ( 10.2.1.203) from
>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep  5 11:13:20 dhcp-02 
>dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0
>Sep  5 11:13:20 dhcp-01 dhcpd: DHCPACK on 10.2.1.128 to 
>52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0
>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPOFFER on 10.2.1.128 to 
>52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0
>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPREQUEST for 10.2.1.128 (10.2.1.203) 
>from
>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep  5 11:13:20 dhcp-02 
>dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0
>
>
>Here is my configuration:
>### dhcpd.conf   #This is mirrored on both servers.
>ddns-update-style none;
>one-lease-per-client true;
>authoritative;
>ping-check true;
>#use-host-decl-names on;
>omapi-port 7911;
>key "omapi_key" {
>        algorithm hmac-md5;
>        secret "******";
>};
>omapi-key omapi_key;
>
>log-facility local7;
>
>stash-agent-options on;
>include "/etc/dhcpd.failover.conf";
>include "/etc/dhcpd.pools.conf";
>## End dhcpd.conf
>
>## PRIMARY dhcpd.failover.conf ##
>failover peer "dhcp" {
>  primary;
>  address 10.2.1.202;
>  port 847;
>  peer address 10.2.1.203;
>  peer port 647;
>  max-response-delay 60;
>  max-unacked-updates 10;
>  load balance max seconds 3;
>  mclt 180;
>  split 128;
>}
>## End PRIMARY dhcpd.failover.conf ##
>
>## Secondary dhcpd.failover.conf ##
>failover peer "dhcp" {
>  secondary;
>  address 10.2.1.203;
>  port 647;
>  peer address 10.2.1.202;
>  peer port 847;
>  max-response-delay 180;
>  load balance max seconds 3;
>  max-unacked-updates 10;
>}
>## End Secondary dhcpd.failover.conf
>
>## dhcpd.pools.conf   ## Mirrored on both servers.
>shared-network testing1 {
>  subnet 10.2.1.0 netmask 255.255.255.0 {
>    pool {
>      failover peer "dhcp";
>      option routers 10.2.1.254;
>      option broadcast-address 10.2.1.255;
>      option subnet-mask 255.255.255.0;
>      deny dynamic bootp clients;
>      range 10.2.1.0 10.2.1.253;
>      option domain-name-servers 10.2.1.254 ;
>      default-lease-time 7200;
>      max-lease-time 14400;
>    }
>  }
>} ## End Shared-Network testing1
>##  End dhcpd.pools.conf

More information about the dhcp-users mailing list