DHCP Failover and duplicate responses
Jeff Wieland
wieland at purdue.edu
Fri Sep 7 23:23:09 UTC 2007
We've done this for years -- it works great. There is a way to
force a less-preferred server to wait with the min-secs statement.
Check the man page for it.
John Tabasz (jtabasz) wrote:
> I have a different sort of failover setup and have a question about it.
> Every lease I serve is static. There are no pools defined at all.
> Rather than using failover, my idea is to use a duplicate server with
> the same exact config file on it. That way if one server fails for a
> reason unique to it, the other will still be there to server leases.
> Can anyone out there comment on this? What will happen when two servers
> hear the DHCPDISCOVER requests from a client? I'm assuming there will be
> some difference in response time, due to network topology and hardware
> differences on the servers. Both servers have the same IP and netmask
> etc information for any particular MAC address.
>
> Comments?
>
> John
>
> -----Original Message-----
> From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
> Behalf Of Glenn Satchell
> Sent: Wednesday, September 05, 2007 4:40 PM
> To: dhcp-users at isc.org
> Subject: Re: DHCP Failover and duplicate responses
>
> Setting dhcp-server-identifier to the gateway is wrong. The ip-helpers
> on the gateway are only used when the client broadcasts the
> DHCPDISCOVER. After that the client will send a normal unicast packet to
> the dhcp server for renewal. The renewal is done when the IP stack is
> fully configured, so it can route to the dhcp server if necessary.
>
> In other respects the servers are behaving correctly. Each is receiving
> the request and responding with an ack, as they are supposed to.
>
> regards,
> -glenn
>
>> Date: Wed, 5 Sep 2007 16:27:26 -0500
>> From: "Cory Meyer" <cory.meyer at gmail.com>
>> Subject: DHCP Failover and duplicate responses
>>
>> With DHCP failover configured correctly should both servers be
>> responding to the same dhcp request?
>>
>> I know that the leases db is staying synced as they will both ACK with
> the
>> same IP. I'm running into the issue with both 3.0.5 and 3.0.6 on
> Debian
>> 3.1. Just to be sure that it wasn't issues with my dhcpd.leases file
>> dhcpd was stopped on both servers, emptied and started again with the
> same
>> issue. Running omshell to get the failover state is showing both
> servers
>> in normal mode once the recovery + MCLT has passed.
>>
>> The reason as to why this might be an issue is that in our production
>> enviroment our routers are setup with 2 ip helper-address statements.
>> One to the primary and one to the secondary server. Option
>> dhcp-server-identifier is set to the local GW for that network. This
> means
>> that DHCREQUEST packets will be sent to both servers. Normally with
> both
>> servers sending an identical ACK it should be an issue though I seem to
>
>> remember Windows Me and 98 clients that would fail an IP renewal due to
>
>> the almost identical ACK.
>>
>>
>> Any ideas or suggestions? So far the DHCP Handbook has been a great
> help
>> though I think I might have missed something.
>>
>>
>>
>> dhcp-01 is the primary. dhcp-02 is the secondary.
>>
>> Here is what I'm seeing in the logs with a Windows XP SP2 client:
>>
>> Sep 5 11:13:20 dhcp-01 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0: load balance to peer dhcp Sep 5 11:13:20
>> dhcp-01 dhcpd: DHCPREQUEST for 10.2.1.128 ( 10.2.1.203) from
>> 52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep 5 11:13:20 dhcp-02
>> dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0
>> Sep 5 11:13:20 dhcp-01 dhcpd: DHCPACK on 10.2.1.128 to
>> 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0
>> Sep 5 11:13:20 dhcp-02 dhcpd: DHCPOFFER on 10.2.1.128 to
>> 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0
>> Sep 5 11:13:20 dhcp-02 dhcpd: DHCPREQUEST for 10.2.1.128 (10.2.1.203)
>> from
>> 52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep 5 11:13:20 dhcp-02
>> dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
>> (noctest-jjmiw1z) via eth0
>>
>>
>> Here is my configuration:
>> ### dhcpd.conf #This is mirrored on both servers.
>> ddns-update-style none;
>> one-lease-per-client true;
>> authoritative;
>> ping-check true;
>> #use-host-decl-names on;
>> omapi-port 7911;
>> key "omapi_key" {
>> algorithm hmac-md5;
>> secret "******";
>> };
>> omapi-key omapi_key;
>>
>> log-facility local7;
>>
>> stash-agent-options on;
>> include "/etc/dhcpd.failover.conf";
>> include "/etc/dhcpd.pools.conf";
>> ## End dhcpd.conf
>>
>> ## PRIMARY dhcpd.failover.conf ##
>> failover peer "dhcp" {
>> primary;
>> address 10.2.1.202;
>> port 847;
>> peer address 10.2.1.203;
>> peer port 647;
>> max-response-delay 60;
>> max-unacked-updates 10;
>> load balance max seconds 3;
>> mclt 180;
>> split 128;
>> }
>> ## End PRIMARY dhcpd.failover.conf ##
>>
>> ## Secondary dhcpd.failover.conf ##
>> failover peer "dhcp" {
>> secondary;
>> address 10.2.1.203;
>> port 647;
>> peer address 10.2.1.202;
>> peer port 847;
>> max-response-delay 180;
>> load balance max seconds 3;
>> max-unacked-updates 10;
>> }
>> ## End Secondary dhcpd.failover.conf
>>
>> ## dhcpd.pools.conf ## Mirrored on both servers.
>> shared-network testing1 {
>> subnet 10.2.1.0 netmask 255.255.255.0 {
>> pool {
>> failover peer "dhcp";
>> option routers 10.2.1.254;
>> option broadcast-address 10.2.1.255;
>> option subnet-mask 255.255.255.0;
>> deny dynamic bootp clients;
>> range 10.2.1.0 10.2.1.253;
>> option domain-name-servers 10.2.1.254 ;
>> default-lease-time 7200;
>> max-lease-time 14400;
>> }
>> }
>> } ## End Shared-Network testing1
>> ## End dhcpd.pools.conf
>
--
Jeff Wieland | Purdue University
Network Systems Administrator | ITN&S Data Networks
Voice: (765)496-8234 | 501 Harrison Street
FAX: (765)494-6620 | West Lafayette, IN 47907-2025
More information about the dhcp-users
mailing list