Dhcp failover not working properly
Mattia Gandolfi
mgandolf at redhat.com
Fri Nov 21 13:49:10 UTC 2008
Hi all,
I've got a setup with 2 dhcp servers running Red Hat Enterprise Linux 5
x86_64 (kernel 2.6.18-92.1.18.el5) and dhcp-3.0.5-13.el5
- dhcpmi-ese01 (10.72.252.254)
- dhcpmi-ese02 (10.72.253.254)
running in "dhcp-failover" mode. The configuration is attached
(dhcpd.conf.dhcpmi-ese01 and dhcpd.conf.dhcpmi-ese02).
This two systems provide the dhcp service for the whole company (about
4000 workstations), serving different subnets by using dhcp relays
configured on Cisco PIXes.
Failover mode works pretty well, however sometimes obtaining an ip
address is a VERY slow process (it takes more than 1 minute), and in
some cases a timeout occurs before the whole process can complete
successfully.
By analyzing the network traffic (a tcpdump of a failed attempt is
available at http://mattia.garl.it/chaos/dhcp_ko.pcap) it looks like
1. the client sends out a broadcast DHCP discover
2. the relay agent on the gateway forwards a DHCP offer from the first
server (10.72.252.254)
3. the client sends a DHCP request to the first server (10.72.252.254)
4. the relay agent forwards a second DHCP offer from the second server
(10.72.253.254)
5. the relay agent sends a DHCP ack to acknowledge the DHCP request, but
the Server Identifier filed contains the ip address of the second
server (10.72.253.254)
6. the client sends a second DHCP request to the first server
(10.72.252.254)
7. the relay agent keeps sending acks from the second dhcp server
and it keeps going on like this for about 100 seconds, than the client
times out, and there is no way from getting an ip address other than
disconnecting/connecting the network cable again and hoping...
So my question is: shouldn't the two servers syncronize leases and
informations, so that, when the client "chooses" one dhcp by sending a
DHCP request, the ack is actually sent from the choosen system? Or is
there something wrong with my configuration?
Thank you very much for any help
Cheers
Mattia
--
Mattia Gandolfi
Consultant | RHCE
Global Professional Services
Red Hat Italia
http://www.redhat.it
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dhcpd.conf.dhcpmi-ese01
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20081121/7bc17c1e/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dhcpd.conf.dhcpmi-ese02
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20081121/7bc17c1e/attachment-0001.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mgandolf.vcf
Type: text/x-vcard
Size: 337 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20081121/7bc17c1e/attachment.vcf>
More information about the dhcp-users
mailing list