Failover and duplicate DHCPACKs

Glenn Satchell glenn.satchell at uniq.com.au
Fri Feb 19 22:32:27 UTC 2010


Kimmo Liikonen wrote:
> Hi,
> 
> I am running ISC DHCP server 3.1.3 with failover configured. My
> problem is that some clients gets duplicate DHCPACKs from servers (and
> i think that's causing the problem that some clients can't renew their
> lease).
> 
> Requests are coming thru DHCP relay and servers are in different
> subnets. Clients are behind routers that have two ip helper addresses
> configured.
> 
> IP/MAC addresses are masked:
> 
> 123.123.123.123 is Cisco 877W client
> 1.1.1.1 is DHCP relay
> aa:bb:cc:dd:ee:ff is mac address from Cisc 877W
> ff:ee:dd:cc:bb:aa is mac address from working client
> 2.2.2.2 is Server1
> 2.2.2.3 is Server2
> 
> Server1:
> 
> Feb 17 07:12:55 dhcp1 dhcpd: DHCPDISCOVER from aa:bb:cc:dd:ee:ff
> (c877w) via 1.1.1.1: load balance to peer dhcp-failover
> Feb 17 07:12:56 dhcp1 dhcpd: DHCPREQUEST for 123.123.123.123 (2.2.2.2)
> from aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 07:12:56 dhcp1 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 07:42:59 dhcp1 dhcpd: DHCPREQUEST for 123.123.123.123 from
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 07:42:59 dhcp1 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 08:05:30 dhcp1 dhcpd: DHCPREQUEST for 123.123.123.123 from
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 08:05:30 dhcp1 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 08:13:04 dhcp1 dhcpd: DHCPDISCOVER from aa:bb:cc:dd:ee:ff
> (c877w) via 1.1.1.1: load balance to peer dhcp-failover
> Feb 17 08:13:05 dhcp1 dhcpd: DHCPREQUEST for 123.123.123.123 (2.2.2.2)
> from aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 08:13:05 dhcp1 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> 
> Server2:
> 
> Feb 17 07:12:55 dhcp2 dhcpd: DHCPDISCOVER from aa:bb:cc:dd:ee:ff
> (c877w) via 1.1.1.1
> Feb 17 07:12:56 dhcp2 dhcpd: DHCPOFFER on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 07:12:56 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 (2.2.2.3)
> from aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 07:12:56 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 07:42:59 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 07:42:59 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 08:05:30 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 08:05:30 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 08:13:04 dhcp2 dhcpd: DHCPDISCOVER from aa:bb:cc:dd:ee:ff
> (c877w) via 1.1.1.1
> Feb 17 08:13:05 dhcp2 dhcpd: DHCPOFFER on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 08:13:05 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 (2.2.2.3)
> from aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 08:13:05 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> 
> The final result is that client's lease expires after 1 hour and have
> to go thru DISCOVER/OFFER/REQUEST/ACK to get it working.
> 
> After I shut down dhcp1 (and put dhcp2 to partner-down state), client
> can renew it's lease fine:
> 
> Feb 17 10:43:19 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 10:43:19 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 11:13:19 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 11:13:19 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 11:43:20 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 11:43:20 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 12:13:21 dhcp2 dhcpd: DHCPREQUEST for 123.123.123.123 from
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> Feb 17 12:13:21 dhcp2 dhcpd: DHCPACK on 123.123.123.123 to
> aa:bb:cc:dd:ee:ff (c877w) via 1.1.1.1
> 
> That client is Cisco 877W router, but i know there is others too that
> doesn't work.
> 
> For some other clients in same pool, other server reports that lease
> is owned by peer and client doesn't get duplicate DHCPACKs.
> 
> So this one is working fine:
> 
> Server1:
> 
> Feb 17 13:57:14 dhcp1 dhcpd: DHCPDISCOVER from ff:ee:dd:cc:bb:aa
> (Working-PC) via 1.1.1.1
> Feb 17 13:57:14 dhcp1 dhcpd: DHCPOFFER on 111.111.111.111 to
> ff:ee:dd:cc:bb:aa (Working-PC) via 1.1.1.1
> Feb 17 13:57:14 dhcp1 dhcpd: DHCPREQUEST for 111.111.111.111 (2.2.2.2)
> from ff:ee:dd:cc:bb:aa (Working-PC) via 1.1.1.1
> Feb 17 13:57:14 dhcp1 dhcpd: DHCPACK on 111.111.111.111 to
> ff:ee:dd:cc:bb:aa (Working-PC) via 1.1.1.1
> 
> Server2:
> 
> Feb 17 13:57:14 dhcp2 dhcpd: DHCPDISCOVER from ff:ee:dd:cc:bb:aa via
> 1.1.1.1: load balance to peer dhcp-failover
> Feb 17 13:57:14 dhcp2 dhcpd: DHCPREQUEST for 111.111.111.111 (2.2.2.3)
> from ff:ee:dd:cc:bb:aa via 1.1.1.1: lease owned by peer
> 
> Failover configuration from master server:
> 
> failover peer "dhcp-failover" {
>   primary;
>   address xx.xx.xx.xx;
>   port 647;
>   peer address xx.xx.xx.xx;
>   peer port 647;
>   max-response-delay 60;
>   max-unacked-updates 10;
>   load balance max seconds 3;
>   mclt 3600;
>   split 128;
> }
> 
> Lease time is 3600 sec.
> 
> Why is ISC dhcp server working differently between these two clients?
> 
> What i am doing wrong? Or is there something wrong with this failover
> implementation.
> 
> I am running multiple failover pairs and they all work similar way.
> 
> BR,
> 
> Kimmo Liikonen
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> 

Hi Kimmo

I don't think the multiple ACKs are the problem. It seems your client 
gets a lease, but is unable to renew it. Multiple ACKs is something that 
the client needs to be able to handle.

Looking at the log files in the first case with failover, the client 
goes through the discover/offer/request/ack cycle. 30 minutes later 
(half the lease time) it renesw using a request/ack. Then at the 60 
minute mark it goes through a discover/.. cycle again. The odd thing is 
that the renewals are going via the dhcp relay - renewals are unicast so 
they should go directly from the client to the dhcp server.

Check that you can ping the dhcp server from the client. There may be 
routing, NAT or firewall issues preventing this.

We probably need to see the subnet declaration part(s) of your 
dhcpd.conf as well.

-- 
regards,
-glenn
--
Glenn Satchell                            |  Miss 9: What do you
Uniq Advances Pty Ltd, Sydney Australia   |  do at work Dad?
mailto:glenn.satchell at uniq.com.au         |  Miss 6: He just
http://www.uniq.com.au tel:0409-458-580   |  types random stuff.



More information about the dhcp-users mailing list