failover peer dhcp: address not available

Oscar Ricardo Silva osilva at scuff.cc.utexas.edu
Mon Jun 3 21:36:02 UTC 2013 

And it was portreserve.  Ugh.

Once I disabled that service, I restarted dhcpd with a listening port of 
647 and it came right up.


Thank you.



On 06/03/2013 04:17 PM, Chris Buxton wrote:
> Could there be a kernel security feature blocking this? Something like SELinux?
>
> Chris Buxton
>
> On Jun 3, 2013, at 1:26 PM, Oscar Ricardo Silva <osilva at scuff.cc.utexas.edu> wrote:
>
>> This is getting strange (or at least I think it is).  When I have this configuration on the primary:
>>
>>
>> failover peer "dhcp" {
>> 	primary;
>> 	address 192.168.200.2;
>> 	port 647;
>> 	peer port 847;
>> 	peer address 192.168.201.2;
>> 	max-response-delay 60;
>> 	max-unacked-updates 10;
>> 	mclt 300;
>> 	split 128;
>> 	load balance max seconds 5;
>> }
>>
>> and bring up dhcpd, I notice that it's only listening on the omapi-port 7911
>>
>> # lsof -n | grep LISTEN
>> dhcpd  24025  root  8u  IPv4   1254862   0t0     TCP *:7911 (LISTEN)
>>
>>
>> and I can't telnet from the secondary to the primary (for obvious reasons).
>>
>>
>>
>> When I change the port to 520 (what was previously being used) then dhcpd begins listening on both 520 and 7911:
>>
>>
>> failover peer "dhcp" {
>> 	primary;
>> 	address 192.168.200.2;
>> 	port 520;
>> 	peer port 847;
>> 	peer address 192.168.201.2;
>> 	max-response-delay 60;
>> 	max-unacked-updates 10;
>> 	mclt 300;
>> 	split 128;
>> 	load balance max seconds 5;
>> }
>>
>> # lsof -n | egrep LISTEN
>> dhcpd   24049  root  8u   IPv4  1255172  0t0   TCP *:7911 (LISTEN)
>> dhcpd   24049  root  0u   IPv4  1255174  0t0   TCP 172.16.200.2:efs (LISTEN)
>>
>>
>>
>> There's nothing else listening on 647.
>>
>>
>>
>> On 06/03/2013 03:04 PM, Oscar Ricardo Silva wrote:
>>> I hang my head in shame for overlooking a basic troubleshooting
>>> technique:  telnet to a port.
>>>
>>>  From the primary I can telnet to port 847 of the secondary but from the
>>> secondary I can't telnet to port 647 of the primary.  I've tried
>>> disabling iptables and router ACLs but so far I can't telnet from the
>>> secondary to the primary on the primary's port.  I'll keep digging.
>>>
>>> Thanks for the suggestion.
>>>
>>>
>>> Oscar
>>>
>>>
>>>
>>> On 06/01/2013 09:12 AM, Glenn Satchell wrote:
>>>> A quick look at the source shows this message is only defined in the
>>>> function isc_result_totext(). It's only called a couple of times with
>>>> "failover peer %s". In these situations it is setting up the failover
>>>> link.
>>>>
>>>> As you mention there is traffic between to the failover port, then I
>>>> would
>>>> check that there is only one instance of dhcpd running, and it is the one
>>>> you expect. The new OS may have pulled in a default dhcp server for you
>>>> during installation.
>>>>
>>>> Also test that on the primary you can telnet to port 847 on the
>>>> secondary.
>>>>
>>>> As a side note, in the subnet definition include file you have
>>>>
>>>>      option broadcast-address 255.255.255.255;
>>>>
>>>> This needs to be set to the correct broadcast address for the subnet, or
>>>> left out. dhppd will calculate subnet mask and brocadcast address from
>>>> the
>>>> subnet definition and netmask, so in general it is better to leave them
>>>> out to avoid incompatible settings.
>>>>
>>>> regards,
>>>> -gkenn
>>>>
>>>> On Sat, June 1, 2013 3:09 am, Oscar Ricardo Silva wrote:
>>>>> I recently reinstalled the operating system on our two dhcp servers and
>>>>> we're now seeing this message on the primary:
>>>>>
>>>>>
>>>>>
>>>>> May 31 11:38:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:39:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:41:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:42:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:44:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:45:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:47:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:48:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>>
>>>>>
>>>>>
>>>>>   From looking at past messages to the list, it's been suggested there
>>>>> was a mismatch in dhcpd versions but I'm using the same configurations
>>>>> and version as I was before the OS replacement.  Here are the version
>>>>> numbers and configurations:
>>>>>
>>>>>
>>>>> Primary:
>>>>>
>>>>> # dhcpd -v
>>>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>>>> Copyright 2004-2012 Internet Systems Consortium.
>>>>>
>>>>>
>>>>> option domain-name-servers 192.168.185.41, 192.168.185.40 ;
>>>>> option ntp-servers 192.168.185.40, 192.168.185.41;
>>>>> default-lease-time 172800;
>>>>> max-lease-time 172800;
>>>>> one-lease-per-client true;
>>>>> ddns-update-style ad-hoc;
>>>>> ddns-updates off;
>>>>> authoritative;
>>>>> key-off-mac-address true;
>>>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>>>>           deny booting;
>>>>> }
>>>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>>>> set vendor-string = option vendor-class-identifier;
>>>>> failover peer "dhcp" {
>>>>>            primary;
>>>>>            address 192.168.200.2;
>>>>>            port 647;
>>>>>            peer port 847;
>>>>>            peer address 192.168.201.2;
>>>>>            max-response-delay 60;
>>>>>            max-unacked-updates 10;
>>>>>            mclt 300;
>>>>>      split 128;
>>>>>            load balance max seconds 5;
>>>>>          }
>>>>> subnet 192.168.200.0 netmask 255.255.255.224 {
>>>>>     }
>>>>> include "/dhcpd/dhcpd.networks.conf";
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Secondary:
>>>>>
>>>>> dhcpd -v
>>>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>>>> Copyright 2004-2012 Internet Systems Consortium.
>>>>>
>>>>>
>>>>> option domain-name-servers 192.168.185.40, 192.168.185.41 ;
>>>>> option ntp-servers 192.168.185.41, 192.168.185.40;
>>>>> default-lease-time 172800;
>>>>> max-lease-time 172800;
>>>>> one-lease-per-client true;
>>>>> ddns-update-style ad-hoc;
>>>>> ddns-updates off;
>>>>> authoritative;
>>>>> key-off-mac-address true;
>>>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>>>>           deny booting;
>>>>> }
>>>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>>>> set vendor-string = option vendor-class-identifier;
>>>>> failover peer "dhcp" {
>>>>>            secondary;
>>>>>            address 192.168.201.2;
>>>>>            port 847;
>>>>>            peer port 647;
>>>>>            peer address 192.168.200.2;
>>>>>            max-response-delay 60;
>>>>>            max-unacked-updates 10;
>>>>>            load balance max seconds 5;
>>>>>          }
>>>>> subnet 192.168.201.0 netmask 255.255.255.224 {
>>>>>     }
>>>>> include "/dhcpd/dhcpd.networks.conf";
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> All the network definitions are in "/dhcpd/dhcpd.networks.conf" and the
>>>>> file looks like this:
>>>>>
>>>>> subnet 192.168.235.0 netmask 255.255.255.128 {
>>>>>                   pool {
>>>>>                           range 192.168.235.13 192.168.235.126;
>>>>>                           deny dynamic bootp clients ;
>>>>>                           failover peer "dhcp" ;
>>>>>                   }
>>>>>           option subnet-mask 255.255.255.128;
>>>>>           option broadcast-address 255.255.255.255;
>>>>>           option routers 192.168.235.1;
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>> There are router ACLs between the two servers and iptables running on
>>>>> each but the entire /24 network for each server is allowed through. I
>>>>> can see traffic being exchanged between the two servers on ports 647 and
>>>>> 847.
>>>>>
>>>>> Any idea what's causing this error?
>>>>>
>>>>>
>>>>>
>>>>> Oscar

More information about the dhcp-users mailing list