failover peer dhcp: address not available
Oscar Ricardo Silva
osilva at scuff.cc.utexas.edu
Mon Jun 3 20:26:55 UTC 2013
This is getting strange (or at least I think it is). When I have this
configuration on the primary:
failover peer "dhcp" {
primary;
address 192.168.200.2;
port 647;
peer port 847;
peer address 192.168.201.2;
max-response-delay 60;
max-unacked-updates 10;
mclt 300;
split 128;
load balance max seconds 5;
}
and bring up dhcpd, I notice that it's only listening on the omapi-port
7911
# lsof -n | grep LISTEN
dhcpd 24025 root 8u IPv4 1254862 0t0 TCP *:7911 (LISTEN)
and I can't telnet from the secondary to the primary (for obvious reasons).
When I change the port to 520 (what was previously being used) then
dhcpd begins listening on both 520 and 7911:
failover peer "dhcp" {
primary;
address 192.168.200.2;
port 520;
peer port 847;
peer address 192.168.201.2;
max-response-delay 60;
max-unacked-updates 10;
mclt 300;
split 128;
load balance max seconds 5;
}
# lsof -n | egrep LISTEN
dhcpd 24049 root 8u IPv4 1255172 0t0 TCP *:7911 (LISTEN)
dhcpd 24049 root 0u IPv4 1255174 0t0 TCP 172.16.200.2:efs (LISTEN)
There's nothing else listening on 647.
On 06/03/2013 03:04 PM, Oscar Ricardo Silva wrote:
> I hang my head in shame for overlooking a basic troubleshooting
> technique: telnet to a port.
>
> From the primary I can telnet to port 847 of the secondary but from the
> secondary I can't telnet to port 647 of the primary. I've tried
> disabling iptables and router ACLs but so far I can't telnet from the
> secondary to the primary on the primary's port. I'll keep digging.
>
> Thanks for the suggestion.
>
>
> Oscar
>
>
>
> On 06/01/2013 09:12 AM, Glenn Satchell wrote:
>> A quick look at the source shows this message is only defined in the
>> function isc_result_totext(). It's only called a couple of times with
>> "failover peer %s". In these situations it is setting up the failover
>> link.
>>
>> As you mention there is traffic between to the failover port, then I
>> would
>> check that there is only one instance of dhcpd running, and it is the one
>> you expect. The new OS may have pulled in a default dhcp server for you
>> during installation.
>>
>> Also test that on the primary you can telnet to port 847 on the
>> secondary.
>>
>> As a side note, in the subnet definition include file you have
>>
>> option broadcast-address 255.255.255.255;
>>
>> This needs to be set to the correct broadcast address for the subnet, or
>> left out. dhppd will calculate subnet mask and brocadcast address from
>> the
>> subnet definition and netmask, so in general it is better to leave them
>> out to avoid incompatible settings.
>>
>> regards,
>> -gkenn
>>
>> On Sat, June 1, 2013 3:09 am, Oscar Ricardo Silva wrote:
>>> I recently reinstalled the operating system on our two dhcp servers and
>>> we're now seeing this message on the primary:
>>>
>>>
>>>
>>> May 31 11:38:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:39:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:41:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:42:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:44:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:45:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:47:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>> May 31 11:48:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>> available
>>>
>>>
>>>
>>> From looking at past messages to the list, it's been suggested there
>>> was a mismatch in dhcpd versions but I'm using the same configurations
>>> and version as I was before the OS replacement. Here are the version
>>> numbers and configurations:
>>>
>>>
>>> Primary:
>>>
>>> # dhcpd -v
>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>> Copyright 2004-2012 Internet Systems Consortium.
>>>
>>>
>>> option domain-name-servers 192.168.185.41, 192.168.185.40 ;
>>> option ntp-servers 192.168.185.40, 192.168.185.41;
>>> default-lease-time 172800;
>>> max-lease-time 172800;
>>> one-lease-per-client true;
>>> ddns-update-style ad-hoc;
>>> ddns-updates off;
>>> authoritative;
>>> key-off-mac-address true;
>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>> deny booting;
>>> }
>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>> set vendor-string = option vendor-class-identifier;
>>> failover peer "dhcp" {
>>> primary;
>>> address 192.168.200.2;
>>> port 647;
>>> peer port 847;
>>> peer address 192.168.201.2;
>>> max-response-delay 60;
>>> max-unacked-updates 10;
>>> mclt 300;
>>> split 128;
>>> load balance max seconds 5;
>>> }
>>> subnet 192.168.200.0 netmask 255.255.255.224 {
>>> }
>>> include "/dhcpd/dhcpd.networks.conf";
>>>
>>>
>>>
>>>
>>> Secondary:
>>>
>>> dhcpd -v
>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>> Copyright 2004-2012 Internet Systems Consortium.
>>>
>>>
>>> option domain-name-servers 192.168.185.40, 192.168.185.41 ;
>>> option ntp-servers 192.168.185.41, 192.168.185.40;
>>> default-lease-time 172800;
>>> max-lease-time 172800;
>>> one-lease-per-client true;
>>> ddns-update-style ad-hoc;
>>> ddns-updates off;
>>> authoritative;
>>> key-off-mac-address true;
>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>> deny booting;
>>> }
>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>> set vendor-string = option vendor-class-identifier;
>>> failover peer "dhcp" {
>>> secondary;
>>> address 192.168.201.2;
>>> port 847;
>>> peer port 647;
>>> peer address 192.168.200.2;
>>> max-response-delay 60;
>>> max-unacked-updates 10;
>>> load balance max seconds 5;
>>> }
>>> subnet 192.168.201.0 netmask 255.255.255.224 {
>>> }
>>> include "/dhcpd/dhcpd.networks.conf";
>>>
>>>
>>>
>>>
>>>
>>> All the network definitions are in "/dhcpd/dhcpd.networks.conf" and the
>>> file looks like this:
>>>
>>> subnet 192.168.235.0 netmask 255.255.255.128 {
>>> pool {
>>> range 192.168.235.13 192.168.235.126;
>>> deny dynamic bootp clients ;
>>> failover peer "dhcp" ;
>>> }
>>> option subnet-mask 255.255.255.128;
>>> option broadcast-address 255.255.255.255;
>>> option routers 192.168.235.1;
>>> }
>>>
>>>
>>>
>>> There are router ACLs between the two servers and iptables running on
>>> each but the entire /24 network for each server is allowed through. I
>>> can see traffic being exchanged between the two servers on ports 647 and
>>> 847.
>>>
>>> Any idea what's causing this error?
>>>
>>>
>>>
>>> Oscar
More information about the dhcp-users
mailing list