Dhcp failover not working properly

Mattia Gandolfi mgandolf at redhat.com
Fri Nov 21 13:49:10 UTC 2008


Hi all,

I've got a setup with 2 dhcp servers running Red Hat Enterprise Linux 5 
x86_64 (kernel 2.6.18-92.1.18.el5) and dhcp-3.0.5-13.el5

- dhcpmi-ese01 (10.72.252.254)
- dhcpmi-ese02 (10.72.253.254)

running in "dhcp-failover" mode. The configuration is attached
(dhcpd.conf.dhcpmi-ese01 and dhcpd.conf.dhcpmi-ese02).
This two systems provide the dhcp service for the whole company (about
4000 workstations), serving different subnets by using dhcp relays
configured on Cisco PIXes.

Failover mode works pretty well, however sometimes obtaining an ip 
address is a VERY slow process (it takes more than 1 minute), and in 
some cases a timeout occurs before the whole process can complete 
successfully.
By analyzing the network traffic (a tcpdump of a failed attempt is 
available at http://mattia.garl.it/chaos/dhcp_ko.pcap) it looks like

1. the client sends out a broadcast DHCP discover
2. the relay agent on the gateway forwards a DHCP offer from the first 
server (10.72.252.254)
3. the client sends a DHCP request to the first server (10.72.252.254)
4. the relay agent forwards a second DHCP offer from the second server 
(10.72.253.254)
5. the relay agent sends a DHCP ack to acknowledge the DHCP request, but 
  the Server Identifier filed contains the ip address of the second 
server  (10.72.253.254)
6. the client sends a second DHCP request to the first server 
(10.72.252.254)
7. the relay agent keeps sending acks from the second dhcp server

and it keeps going on like this for about 100 seconds, than the client 
times out, and there is no way from getting an ip address other than 
disconnecting/connecting the network cable again and hoping...

So my question is: shouldn't the two servers syncronize leases and 
informations, so that, when the client "chooses" one dhcp by sending a 
DHCP request, the ack is actually sent from the choosen system? Or is 
there something wrong with my configuration?

Thank you very much for any help

Cheers

Mattia

-- 
Mattia Gandolfi
Consultant | RHCE
Global Professional Services
Red Hat Italia
http://www.redhat.it

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dhcpd.conf.dhcpmi-ese01
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20081121/7bc17c1e/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dhcpd.conf.dhcpmi-ese02
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20081121/7bc17c1e/attachment-0001.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mgandolf.vcf
Type: text/x-vcard
Size: 337 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20081121/7bc17c1e/attachment.vcf>


More information about the dhcp-users mailing list