DHCP Failover questions

Denis Laventure Denis_Laventure at uqac.ca
Fri Nov 13 17:12:54 UTC 2009


Hi,

> failover peer "dhcp0"

I think the failover peer in you config (failover peer definition and pool definition) is supposed to be the same on the primary and the secondary... That way they both sync for that pool. If they're different, they probably don't sync so they both respond as primary.

Denis

-----Message d'origine-----
De : dhcp-users-bounces at lists.isc.org [mailto:dhcp-users-bounces at lists.isc.org] De la part de Jason Frisvold
Envoyé : 13 novembre 2009 11:28
À : dhcp-users at lists.isc.org
Objet : DHCP Failover questions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

	We recently deployed a dual-server failover solution using ISC-DHCP.
Thus far, the system has been running pretty well, but we're seeing some
odd, unexpected behavior.

	According to the documentation, the "split" variable is used to specify
the split between primary and secondary server.  As I understand it,
when a DHCPDISCOVER comes in, the request is hashed (what's parts of the
request are used?) and based on the hash value, either the primary or
the secondary responds.  I would expect the hash to be identical for
each DHCPDISCOVER from the same host, correct?

	What we're seeing, however, is that both the primary and secondary
servers are responding.  And based on the nature of our network (each
switch has two connections to the core, routers are configured to
forward requests to both servers), this results in four offers being
sent to the remote client.  The client then chooses one (likely the
first that arrives) and goes through the process of acquiring the lease.

	What bothers us is that both servers are responding to the DHCPDISCOVER
packets coming in.  Why are the servers not honoring the split?  Are we
doing something wrong here?

	For completeness, here is some server information.  We're running dhcp
on a RHEL 5.4 xen host using the RHEL provided RPMS for dhcp.  According
to RPM, that means we're running version 3.0.5.  Our primary server is
configured as follows :

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
min-lease-time 3600;
max-lease-time 86400;
default-lease-time 86400;

allow bootp;
allow booting;

ddns-update-style ad-hoc;
ddns-updates off;

authoritative;

key OMAPI {
   algorithm hmac-md5;
   secret sooperseekritmd5hash;
};

omapi-port 7911;

failover peer "dhcp1" {
   primary;
   address 192.168.0.67;
   port 647;
   peer address 192.168.1.67;
   peer port 647;
   max-response-delay 60;
   max-unacked-updates 10;
   mclt 3600;
   split 128;
   load balance max seconds 3;
}

option domain-name "example.com";

include "/etc/dhcpd/dhcpd-primary.cfg";


And the secondary like this :


#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
min-lease-time 3600;
max-lease-time 86400;
default-lease-time 86400;

allow bootp;
allow booting;

ddns-update-style ad-hoc;
ddns-updates off;

authoritative;

key OMAPI {
   algorithm hmac-md5;
   secret sooperseekritmd5hash;
};

omapi-port 7911;

failover peer "dhcp0" {
   secondary;
   address 192.168.1.67;
   port 647;
   peer address 192.167.0.67;
   peer port 647;
   max-response-delay 60;
   max-unacked-updates 10;
   mclt 3600;
   load balance max seconds 3;
}

option domain-name "example.com";

include "/etc/dhcpd/dhcpd-secondary.cfg";



The "include"ed file contains the subnets, ranges, statics, etc.  That's
all generated via a web front end.  An example of that configuration
from the primary server is as follows :

subnet 10.0.0.0 netmask 255.255.255.0 {
	option routers 10.0.0.1;
	option domain-name-servers 192.168.0.53 , 192.168.1.53;
	pool {
		deny dynamic bootp clients;
		failover peer "dhcp1";
		range 10.0.0.2 10.0.0.254;
	}
}

And the secondary is identical except for the failover peer name :

subnet 10.0.0.0 netmask 255.255.255.0 {
	option routers 10.0.0.1;
	option domain-name-servers 192.168.0.53 , 192.168.1.53;
	pool {
		deny dynamic bootp clients;
		failover peer "dhcp0";
		range 10.0.0.2 10.0.0.254;
	}
}


Any and all help is appreciated.  Thanks!

- -- 
- ---------------------------
Jason Frisvold
Network Engineer
frisvolj at lafayette.edu
- ---------------------------
"What I cannot create, I do not understand"
   - Richard Feynman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkr9iQQACgkQO80o6DJ8UvlZKACggX1Ql/lj+U2BMkxpHhSNXMVu
f0MAoJPjLCbC9g39GmZDF//xa3QXJHk0
=A7Qa
-----END PGP SIGNATURE-----
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users



More information about the dhcp-users mailing list