"peer holds all free leases" problem

Fri Jul 16 16:11:16 UTC 2010

On 07/16/10 00:53, a.bell.is.a.cup. until.it.is.struck wrote:
> Hello, I'm having a problem with my setup and am hoping someone can help
> me find out what's going on.
>
> My setup: 2 centOS servers with dhcpd 3.0.5-Redhat (i've tried building
> from source and had the same problem, wound up going back to the centos
> rpm).
>
> A network that the dhcp failover pair is serving dhcp for has computers
> suddenly failing to get an IP; the logs show this on the primary:
> Jul 15 09:23:37 dhcp-01 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:23:41 dhcp-01 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:24:37 dhcp-01 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:24:40 dhcp-01 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:24:48 dhcp-01 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:25:04 dhcp-01 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
>
> and this on the secondary:
> Jul 15 09:21:46 dhcp-02 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:22:03 dhcp-02 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:22:35 dhcp-02 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:22:37 dhcp-02 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:22:45 dhcp-02 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
> Jul 15 09:23:02 dhcp-02 dhcpd: DHCPDISCOVER from 00:0c:46:81:7f:55 via
> 10.187.0.1: peer holds all free leases
>
> yes, the time was off by 2 minutes on the secondary; I have since fixed
> this, but this continues to happen though.
>
> here's the relevant snippets from my dhcpd.conf on the primary (the
> secondary's config is the same (except for the failover part) :
>
> ddns-update-style ad-hoc;
> allow client-updates;
> ddns-domainname "sub.domain.tld";
> option ntp-servers 172.16.16.239, 172.16.16.241;
> option domain-name "sub.domain.tld";
> option domain-name-servers 172.16.16.241, 172.16.16.239;
> option netbios-node-type 8;
> option netbios-name-servers 172.16.16.242, 172.16.16.239;
> default-lease-time 28800;
> max-lease-time 28800;
> authoritative;
>
> failover peer "dhcp-failover" {
> primary; # declare this to be the primary server
> address 172.16.8.86;
> port 647;
> peer address 172.16.8.87;
> peer port 647;
> max-response-delay 30;
> max-unacked-updates 10;
> load balance max seconds 3;
> mclt 1800;
> split 128;
> }
>
>
> # Use this to send dhcp log messages to a different log file (you also
> # have to hack syslog.conf to complete the redirection).
> log-facility local6;
>
> # printer-shared-network
> shared-network Printers {
> # Printers
> option routers 10.187.0.1;
> ddns-updates on;
> ddns-domainname "sub.domain.tld";
> # 10.187.0.0 Printers
> subnet 10.187.0.0 netmask 255.255.255.0 {
> authoritative;
> ddns-domainname "sub.domain.tld";
> ddns-updates on;
> }
> # 10.187.1.0 Printers
> subnet 10.187.1.0 netmask 255.255.255.0 {
> authoritative;
> ddns-domainname "sub.domain.tld";
> ddns-updates on;
> }
> # 10.187.10.0 Staff Printers
> subnet 10.187.10.0 netmask 255.255.255.0 {
> authoritative;
> ddns-domainname "sub.domain.tld";
> ddns-updates on;
> pool {
> range 10.187.0.80 10.187.0.254;
> range 10.187.1.2 10.187.1.254;
> failover peer "dhcp-failover";
> deny dynamic bootp clients;
> }
>
>
> The network has roughly 100 devices on it; certainly no more than 150.
> The pool's got 420-odd IP addresses available; even with the time
> mismatch there should be more than enough IP addresses to hand out.
> Why is this going on?
> Have I done something boneheaded with the failover section?
>
> I've looked through the archives and google, but to little success. Any
> help on this would be greatly appreciated.
>
> --
> a bell is a cup . . . until it is struck
>
Hmm, looks like thunderbird ate all your nice white-space :(

One thing I noticed was that you set a default route in the 
shared_network of 10.187.0.1. That will work fine on the 10.187.0.0/24 
subnet, but the other subnets will have an invalid default gateway as 
they won't know how to route back to that gateway, Depending on what 
subnet the dhcp server is on (or appears to be on) will mean that 
perhaps that once they get the initial offer they are unable to renew 
it? Don't know if this might make it use up all the available leases? 
Can you post a few from the end of the dhcpd.leases file?

Usually you will have option routers specified in every subnet. You also 
need something to route between all those shared subnets, and this will 
be the default gateway.

Having said all that, there are a *lot* of failover enhancements and bug 
fixes in later versions of dhcpd. You really should be using 3.1 (or 
preferably 4.1.1 or 4.2 now). I don't thing the RH guys will have back 
ported all the later failover fixes, that would be like taking the 4.0 
source and calling it 3.0.5 :)

regards,
-glenn