Failover and duplicate DHCPACKs

Kimmo Liikonen kimmoanttiaadolf at gmail.com
Fri Feb 19 12:39:05 UTC 2010 

Hi,

I am running ISC DHCP server 3.1.3 with failover configured. My
problem is that some clients gets duplicate DHCPACKs from servers (and
i think that's causing the problem that some clients can't renew their
lease).

Requests are coming thru DHCP relay and servers are in different
subnets. Clients are behind routers that have two ip helper addresses
configured.

IP/MAC addresses are masked:

123.123.123.123 is Cisco 877W client
1.1.1.1 is DHCP relay
aa:bb:cc:dd:ee:ff is mac address from Cisc 877W
ff:ee:dd:cc:bb:aa is mac address from working client
2.2.2.2 is Server1
2.2.2.3 is Server2

Server1:

Feb 17 07:12:55 dhcp1 dhcpd: DHCPDISCOVER from aa:bb:cc:dd:ee:ff
(c877w) via 1.1.1.1: load balance to peer dhcp-failover
Feb 17 07:12:56 dhcp1 dhcpd: DHCPREQUEST for 123.123.123.123 (2.2.2.2)
from aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 07:12:56 dhcp1 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 07:42:59 dhcp1 dhcpd: DHCPREQUEST for 123.123.123.123 from
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 07:42:59 dhcp1 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 08:05:30 dhcp1 dhcpd: DHCPREQUEST for 123.123.123.123 from
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 08:05:30 dhcp1 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 08:13:04 dhcp1 dhcpd: DHCPDISCOVER from aa:bb:cc:dd:ee:ff
(c877w) via 1.1.1.1: load balance to peer dhcp-failover
Feb 17 08:13:05 dhcp1 dhcpd: DHCPREQUEST for 123.123.123.123 (2.2.2.2)
from aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 08:13:05 dhcp1 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1

Server2:

Feb 17 07:12:55 dhcp2 dhcpd: DHCPDISCOVER from aa:bb:cc:dd:ee:ff
(c877w) via 1.1.1.1
Feb 17 07:12:56 dhcp2 dhcpd: DHCPOFFER on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 07:12:56 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 (2.2.2.3)
from aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 07:12:56 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 07:42:59 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 07:42:59 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 08:05:30 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 08:05:30 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 08:13:04 dhcp2 dhcpd: DHCPDISCOVER from aa:bb:cc:dd:ee:ff
(c877w) via 1.1.1.1
Feb 17 08:13:05 dhcp2 dhcpd: DHCPOFFER on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 08:13:05 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 (2.2.2.3)
from aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 08:13:05 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1

The final result is that client's lease expires after 1 hour and have
to go thru DISCOVER/OFFER/REQUEST/ACK to get it working.

After I shut down dhcp1 (and put dhcp2 to partner-down state), client
can renew it's lease fine:

Feb 17 10:43:19 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 10:43:19 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 11:13:19 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 11:13:19 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 11:43:20 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 11:43:20 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 12:13:21 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
Feb 17 12:13:21 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1

That client is Cisco 877W router, but i know there is others too that
doesn't work.

For some other clients in same pool, other server reports that lease
is owned by peer and client doesn't get duplicate DHCPACKs.

So this one is working fine:

Server1:

Feb 17 13:57:14 dhcp1 dhcpd: DHCPDISCOVER from ff:ee:dd:cc:bb:aa
(Working-PC) via 1.1.1.1
Feb 17 13:57:14 dhcp1 dhcpd: DHCPOFFER on 111.111.111.111 to
ff:ee:dd:cc:bb:aa (Working-PC) via 1.1.1.1
Feb 17 13:57:14 dhcp1 dhcpd: DHCPREQUEST for 111.111.111.111 (2.2.2.2)
from ff:ee:dd:cc:bb:aa (Working-PC) via 1.1.1.1
Feb 17 13:57:14 dhcp1 dhcpd: DHCPACK on 111.111.111.111 to
ff:ee:dd:cc:bb:aa (Working-PC) via 1.1.1.1

Server2:

Feb 17 13:57:14 dhcp2 dhcpd: DHCPDISCOVER from ff:ee:dd:cc:bb:aa via
1.1.1.1: load balance to peer dhcp-failover
Feb 17 13:57:14 dhcp2 dhcpd: DHCPREQUEST for 111.111.111.111 (2.2.2.3)
from ff:ee:dd:cc:bb:aa via 1.1.1.1: lease owned by peer

Failover configuration from master server:

failover peer "dhcp-failover" {
  primary;
  address xx.xx.xx.xx;
  port 647;
  peer address xx.xx.xx.xx;
  peer port 647;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 3600;
  split 128;
}

Lease time is 3600 sec.

Why is ISC dhcp server working differently between these two clients?

What i am doing wrong? Or is there something wrong with this failover
implementation.

I am running multiple failover pairs and they all work similar way.

BR,

Kimmo Liikonen

More information about the dhcp-users mailing list