failover peer dhcp: address not available

Oscar Ricardo Silva osilva at scuff.cc.utexas.edu
Mon Jun 3 20:26:55 UTC 2013


This is getting strange (or at least I think it is).  When I have this 
configuration on the primary:


failover peer "dhcp" {
	primary;
	address 192.168.200.2;
	port 647;
	peer port 847;
	peer address 192.168.201.2;
	max-response-delay 60;
	max-unacked-updates 10;
	mclt 300;
	split 128;
	load balance max seconds 5;
}

and bring up dhcpd, I notice that it's only listening on the omapi-port 
7911

# lsof -n | grep LISTEN
dhcpd  24025  root  8u  IPv4   1254862   0t0     TCP *:7911 (LISTEN)


and I can't telnet from the secondary to the primary (for obvious reasons).



When I change the port to 520 (what was previously being used) then 
dhcpd begins listening on both 520 and 7911:


failover peer "dhcp" {
	primary;
	address 192.168.200.2;
	port 520;
	peer port 847;
	peer address 192.168.201.2;
	max-response-delay 60;
	max-unacked-updates 10;
	mclt 300;
	split 128;
	load balance max seconds 5;
}

# lsof -n | egrep LISTEN
dhcpd   24049  root  8u   IPv4  1255172  0t0   TCP *:7911 (LISTEN)
dhcpd   24049  root  0u   IPv4  1255174  0t0   TCP 172.16.200.2:efs (LISTEN)



There's nothing else listening on 647.



On 06/03/2013 03:04 PM, Oscar Ricardo Silva wrote:
> I hang my head in shame for overlooking a basic troubleshooting
> technique:  telnet to a port.
>
>  From the primary I can telnet to port 847 of the secondary but from the
> secondary I can't telnet to port 647 of the primary.  I've tried
> disabling iptables and router ACLs but so far I can't telnet from the
> secondary to the primary on the primary's port.  I'll keep digging.
>
> Thanks for the suggestion.
>
>
> Oscar
>
>
>
> On 06/01/2013 09:12 AM, Glenn Satchell wrote:
>> A quick look at the source shows this message is only defined in the
>> function isc_result_totext(). It's only called a couple of times with
>> "failover peer %s". In these situations it is setting up the failover
>> link.
>>
>> As you mention there is traffic between to the failover port, then I
>> would
>> check that there is only one instance of dhcpd running, and it is the one
>> you expect. The new OS may have pulled in a default dhcp server for you
>> during installation.
>>
>> Also test that on the primary you can telnet to port 847 on the
>> secondary.
>>
>> As a side note, in the subnet definition include file you have
>>
>>      option broadcast-address 255.255.255.255;
>>
>> This needs to be set to the correct broadcast address for the subnet, or
>> left out. dhppd will calculate subnet mask and brocadcast address from
>> the
>> subnet definition and netmask, so in general it is better to leave them
>> out to avoid incompatible settings.
>>
>> regards,
>> -gkenn
>>
>> On Sat, June 1, 2013 3:09 am, Oscar Ricardo Silva wrote:
>>> I recently reinstalled the operating system on our two dhcp servers and
>>> we're now seeing this message on the primary:
>>>
>>>
>>>
>>> May 31 11:38:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:39:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:41:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:42:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:44:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:45:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:47:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:48:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>>
>>>
>>>
>>>   From looking at past messages to the list, it's been suggested there
>>> was a mismatch in dhcpd versions but I'm using the same configurations
>>> and version as I was before the OS replacement.  Here are the version
>>> numbers and configurations:
>>>
>>>
>>> Primary:
>>>
>>> # dhcpd -v
>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>> Copyright 2004-2012 Internet Systems Consortium.
>>>
>>>
>>> option domain-name-servers 192.168.185.41, 192.168.185.40 ;
>>> option ntp-servers 192.168.185.40, 192.168.185.41;
>>> default-lease-time 172800;
>>> max-lease-time 172800;
>>> one-lease-per-client true;
>>> ddns-update-style ad-hoc;
>>> ddns-updates off;
>>> authoritative;
>>> key-off-mac-address true;
>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>>           deny booting;
>>> }
>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>> set vendor-string = option vendor-class-identifier;
>>> failover peer "dhcp" {
>>>            primary;
>>>            address 192.168.200.2;
>>>            port 647;
>>>            peer port 847;
>>>            peer address 192.168.201.2;
>>>            max-response-delay 60;
>>>            max-unacked-updates 10;
>>>            mclt 300;
>>>      split 128;
>>>            load balance max seconds 5;
>>>          }
>>> subnet 192.168.200.0 netmask 255.255.255.224 {
>>>     }
>>> include "/dhcpd/dhcpd.networks.conf";
>>>
>>>
>>>
>>>
>>> Secondary:
>>>
>>> dhcpd -v
>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>> Copyright 2004-2012 Internet Systems Consortium.
>>>
>>>
>>> option domain-name-servers 192.168.185.40, 192.168.185.41 ;
>>> option ntp-servers 192.168.185.41, 192.168.185.40;
>>> default-lease-time 172800;
>>> max-lease-time 172800;
>>> one-lease-per-client true;
>>> ddns-update-style ad-hoc;
>>> ddns-updates off;
>>> authoritative;
>>> key-off-mac-address true;
>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>>           deny booting;
>>> }
>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>> set vendor-string = option vendor-class-identifier;
>>> failover peer "dhcp" {
>>>            secondary;
>>>            address 192.168.201.2;
>>>            port 847;
>>>            peer port 647;
>>>            peer address 192.168.200.2;
>>>            max-response-delay 60;
>>>            max-unacked-updates 10;
>>>            load balance max seconds 5;
>>>          }
>>> subnet 192.168.201.0 netmask 255.255.255.224 {
>>>     }
>>> include "/dhcpd/dhcpd.networks.conf";
>>>
>>>
>>>
>>>
>>>
>>> All the network definitions are in "/dhcpd/dhcpd.networks.conf" and the
>>> file looks like this:
>>>
>>> subnet 192.168.235.0 netmask 255.255.255.128 {
>>>                   pool {
>>>                           range 192.168.235.13 192.168.235.126;
>>>                           deny dynamic bootp clients ;
>>>                           failover peer "dhcp" ;
>>>                   }
>>>           option subnet-mask 255.255.255.128;
>>>           option broadcast-address 255.255.255.255;
>>>           option routers 192.168.235.1;
>>> }
>>>
>>>
>>>
>>> There are router ACLs between the two servers and iptables running on
>>> each but the entire /24 network for each server is allowed through. I
>>> can see traffic being exchanged between the two servers on ports 647 and
>>> 847.
>>>
>>> Any idea what's causing this error?
>>>
>>>
>>>
>>> Oscar



More information about the dhcp-users mailing list