DHCP Failover and duplicate responses

[Jeff Wieland]

We've done this for years -- it works great.  There is a way to
force a less-preferred server to wait with the min-secs statement.
Check the man page for it.

John Tabasz (jtabasz) wrote:
> I have a different sort of failover setup and have a question about it.
> Every lease I serve is static. There are no pools defined at all. 
> Rather than using failover, my idea is to use a duplicate server with
> the same exact config file on it. That way if one server fails for a
> reason unique to it, the other will still be there to server leases.  
> Can anyone out there comment on this? What will happen when two servers
> hear the DHCPDISCOVER requests from a client? I'm assuming there will be
> some difference in response time, due to network topology and hardware
> differences on the servers. Both servers have the same IP and netmask
> etc information for any particular MAC address. 
> 
> Comments?
> 
> John
> 
> -----Original Message-----
> From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
> Behalf Of Glenn Satchell
> Sent: Wednesday, September 05, 2007 4:40 PM
> To: dhcp-users at isc.org
> Subject: Re: DHCP Failover and duplicate responses
> 
> Setting dhcp-server-identifier to the gateway is wrong. The ip-helpers
> on the gateway are only used when the client broadcasts the
> DHCPDISCOVER. After that the client will send a normal unicast packet to
> the dhcp server for renewal. The renewal is done when the IP stack is
> fully configured, so it can route to the dhcp server if necessary.
> 
> In other respects the servers are behaving correctly. Each is receiving
> the request and responding with an ack, as they are supposed to.
> 
> regards,
> -glenn
> 
>> Date: Wed, 5 Sep 2007 16:27:26 -0500
>> From: "Cory Meyer" <cory.meyer at gmail.com>
>> Subject: DHCP Failover and duplicate responses
>>
>> With DHCP failover configured correctly should both servers be 
>> responding to the same dhcp request?
>>
>> I know that the leases db is staying synced as they will both ACK with
> the
>> same IP.   I'm running into the issue with both 3.0.5 and 3.0.6 on
> Debian
>> 3.1.  Just to be sure that it wasn't issues with my dhcpd.leases file 
>> dhcpd was stopped on both servers, emptied and started again with the
> same
>> issue.   Running omshell to get the failover state is showing both
> servers
>> in normal mode once the recovery + MCLT has passed.
>>
>> The reason as to why this might be an issue is that in our production 
>> enviroment our routers are setup with 2 ip helper-address statements.  
>> One to the primary and one to the secondary server.  Option
>> dhcp-server-identifier is set to the local GW for that network.   This
> means
>> that DHCREQUEST packets will be sent to both servers.    Normally with
> both
>> servers sending an identical ACK it should be an issue though I seem to
> 
>> remember Windows Me and 98 clients that would fail an IP renewal due to
> 
>> the almost identical ACK.
>>
>>
>> Any ideas or suggestions?   So far the DHCP Handbook has been a great
> help
>> though I think I might have missed something.
>>
>>
>>
>> dhcp-01 is the primary.   dhcp-02 is the secondary.
>>
>> Here is what I'm seeing in the logs with a Windows XP SP2 client:
>>
>> Sep  5 11:13:20 dhcp-01 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0: load balance to peer dhcp Sep  5 11:13:20 
>> dhcp-01 dhcpd: DHCPREQUEST for 10.2.1.128 ( 10.2.1.203) from
>> 52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep  5 11:13:20 dhcp-02 
>> dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0
>> Sep  5 11:13:20 dhcp-01 dhcpd: DHCPACK on 10.2.1.128 to 
>> 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0
>> Sep  5 11:13:20 dhcp-02 dhcpd: DHCPOFFER on 10.2.1.128 to 
>> 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0
>> Sep  5 11:13:20 dhcp-02 dhcpd: DHCPREQUEST for 10.2.1.128 (10.2.1.203) 
>> from
>> 52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep  5 11:13:20 dhcp-02 
>> dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0
>>
>>
>> Here is my configuration:
>> ### dhcpd.conf   #This is mirrored on both servers.
>> ddns-update-style none;
>> one-lease-per-client true;
>> authoritative;
>> ping-check true;
>> #use-host-decl-names on;
>> omapi-port 7911;
>> key "omapi_key" {
>>        algorithm hmac-md5;
>>        secret "******";
>> };
>> omapi-key omapi_key;
>>
>> log-facility local7;
>>
>> stash-agent-options on;
>> include "/etc/dhcpd.failover.conf";
>> include "/etc/dhcpd.pools.conf";
>> ## End dhcpd.conf
>>
>> ## PRIMARY dhcpd.failover.conf ##
>> failover peer "dhcp" {
>>  primary;
>>  address 10.2.1.202;
>>  port 847;
>>  peer address 10.2.1.203;
>>  peer port 647;
>>  max-response-delay 60;
>>  max-unacked-updates 10;
>>  load balance max seconds 3;
>>  mclt 180;
>>  split 128;
>> }
>> ## End PRIMARY dhcpd.failover.conf ##
>>
>> ## Secondary dhcpd.failover.conf ##
>> failover peer "dhcp" {
>>  secondary;
>>  address 10.2.1.203;
>>  port 647;
>>  peer address 10.2.1.202;
>>  peer port 847;
>>  max-response-delay 180;
>>  load balance max seconds 3;
>>  max-unacked-updates 10;
>> }
>> ## End Secondary dhcpd.failover.conf
>>
>> ## dhcpd.pools.conf   ## Mirrored on both servers.
>> shared-network testing1 {
>>  subnet 10.2.1.0 netmask 255.255.255.0 {
>>    pool {
>>      failover peer "dhcp";
>>      option routers 10.2.1.254;
>>      option broadcast-address 10.2.1.255;
>>      option subnet-mask 255.255.255.0;
>>      deny dynamic bootp clients;
>>      range 10.2.1.0 10.2.1.253;
>>      option domain-name-servers 10.2.1.254 ;
>>      default-lease-time 7200;
>>      max-lease-time 14400;
>>    }
>>  }
>> } ## End Shared-Network testing1
>> ##  End dhcpd.pools.conf
> 


-- 
           Jeff Wieland            |         Purdue University
    Network Systems Administrator  |        ITN&S Data Networks
        Voice: (765)496-8234       |        501 Harrison Street
         FAX: (765)494-6620        |   West Lafayette, IN 47907-2025