failover peer dhcp: address not available
Oscar Ricardo Silva
osilva at scuff.cc.utexas.edu
Mon Jun 3 21:36:02 UTC 2013
And it was portreserve. Ugh.
Once I disabled that service, I restarted dhcpd with a listening port of
647 and it came right up.
Thank you.
On 06/03/2013 04:17 PM, Chris Buxton wrote:
> Could there be a kernel security feature blocking this? Something like SELinux?
>
> Chris Buxton
>
> On Jun 3, 2013, at 1:26 PM, Oscar Ricardo Silva <osilva at scuff.cc.utexas.edu> wrote:
>
>> This is getting strange (or at least I think it is). When I have this configuration on the primary:
>>
>>
>> failover peer "dhcp" {
>> primary;
>> address 192.168.200.2;
>> port 647;
>> peer port 847;
>> peer address 192.168.201.2;
>> max-response-delay 60;
>> max-unacked-updates 10;
>> mclt 300;
>> split 128;
>> load balance max seconds 5;
>> }
>>
>> and bring up dhcpd, I notice that it's only listening on the omapi-port 7911
>>
>> # lsof -n | grep LISTEN
>> dhcpd 24025 root 8u IPv4 1254862 0t0 TCP *:7911 (LISTEN)
>>
>>
>> and I can't telnet from the secondary to the primary (for obvious reasons).
>>
>>
>>
>> When I change the port to 520 (what was previously being used) then dhcpd begins listening on both 520 and 7911:
>>
>>
>> failover peer "dhcp" {
>> primary;
>> address 192.168.200.2;
>> port 520;
>> peer port 847;
>> peer address 192.168.201.2;
>> max-response-delay 60;
>> max-unacked-updates 10;
>> mclt 300;
>> split 128;
>> load balance max seconds 5;
>> }
>>
>> # lsof -n | egrep LISTEN
>> dhcpd 24049 root 8u IPv4 1255172 0t0 TCP *:7911 (LISTEN)
>> dhcpd 24049 root 0u IPv4 1255174 0t0 TCP 172.16.200.2:efs (LISTEN)
>>
>>
>>
>> There's nothing else listening on 647.
>>
>>
>>
>> On 06/03/2013 03:04 PM, Oscar Ricardo Silva wrote:
>>> I hang my head in shame for overlooking a basic troubleshooting
>>> technique: telnet to a port.
>>>
>>> From the primary I can telnet to port 847 of the secondary but from the
>>> secondary I can't telnet to port 647 of the primary. I've tried
>>> disabling iptables and router ACLs but so far I can't telnet from the
>>> secondary to the primary on the primary's port. I'll keep digging.
>>>
>>> Thanks for the suggestion.
>>>
>>>
>>> Oscar
>>>
>>>
>>>
>>> On 06/01/2013 09:12 AM, Glenn Satchell wrote:
>>>> A quick look at the source shows this message is only defined in the
>>>> function isc_result_totext(). It's only called a couple of times with
>>>> "failover peer %s". In these situations it is setting up the failover
>>>> link.
>>>>
>>>> As you mention there is traffic between to the failover port, then I
>>>> would
>>>> check that there is only one instance of dhcpd running, and it is the one
>>>> you expect. The new OS may have pulled in a default dhcp server for you
>>>> during installation.
>>>>
>>>> Also test that on the primary you can telnet to port 847 on the
>>>> secondary.
>>>>
>>>> As a side note, in the subnet definition include file you have
>>>>
>>>> option broadcast-address 255.255.255.255;
>>>>
>>>> This needs to be set to the correct broadcast address for the subnet, or
>>>> left out. dhppd will calculate subnet mask and brocadcast address from
>>>> the
>>>> subnet definition and netmask, so in general it is better to leave them
>>>> out to avoid incompatible settings.
>>>>
>>>> regards,
>>>> -gkenn
>>>>
>>>> On Sat, June 1, 2013 3:09 am, Oscar Ricardo Silva wrote:
>>>>> I recently reinstalled the operating system on our two dhcp servers and
>>>>> we're now seeing this message on the primary:
>>>>>
>>>>>
>>>>>
>>>>> May 31 11:38:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:39:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:41:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:42:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:44:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:45:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:47:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>> May 31 11:48:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>>> available
>>>>>
>>>>>
>>>>>
>>>>> From looking at past messages to the list, it's been suggested there
>>>>> was a mismatch in dhcpd versions but I'm using the same configurations
>>>>> and version as I was before the OS replacement. Here are the version
>>>>> numbers and configurations:
>>>>>
>>>>>
>>>>> Primary:
>>>>>
>>>>> # dhcpd -v
>>>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>>>> Copyright 2004-2012 Internet Systems Consortium.
>>>>>
>>>>>
>>>>> option domain-name-servers 192.168.185.41, 192.168.185.40 ;
>>>>> option ntp-servers 192.168.185.40, 192.168.185.41;
>>>>> default-lease-time 172800;
>>>>> max-lease-time 172800;
>>>>> one-lease-per-client true;
>>>>> ddns-update-style ad-hoc;
>>>>> ddns-updates off;
>>>>> authoritative;
>>>>> key-off-mac-address true;
>>>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>>>> deny booting;
>>>>> }
>>>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>>>> set vendor-string = option vendor-class-identifier;
>>>>> failover peer "dhcp" {
>>>>> primary;
>>>>> address 192.168.200.2;
>>>>> port 647;
>>>>> peer port 847;
>>>>> peer address 192.168.201.2;
>>>>> max-response-delay 60;
>>>>> max-unacked-updates 10;
>>>>> mclt 300;
>>>>> split 128;
>>>>> load balance max seconds 5;
>>>>> }
>>>>> subnet 192.168.200.0 netmask 255.255.255.224 {
>>>>> }
>>>>> include "/dhcpd/dhcpd.networks.conf";
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Secondary:
>>>>>
>>>>> dhcpd -v
>>>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>>>> Copyright 2004-2012 Internet Systems Consortium.
>>>>>
>>>>>
>>>>> option domain-name-servers 192.168.185.40, 192.168.185.41 ;
>>>>> option ntp-servers 192.168.185.41, 192.168.185.40;
>>>>> default-lease-time 172800;
>>>>> max-lease-time 172800;
>>>>> one-lease-per-client true;
>>>>> ddns-update-style ad-hoc;
>>>>> ddns-updates off;
>>>>> authoritative;
>>>>> key-off-mac-address true;
>>>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>>>> deny booting;
>>>>> }
>>>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>>>> set vendor-string = option vendor-class-identifier;
>>>>> failover peer "dhcp" {
>>>>> secondary;
>>>>> address 192.168.201.2;
>>>>> port 847;
>>>>> peer port 647;
>>>>> peer address 192.168.200.2;
>>>>> max-response-delay 60;
>>>>> max-unacked-updates 10;
>>>>> load balance max seconds 5;
>>>>> }
>>>>> subnet 192.168.201.0 netmask 255.255.255.224 {
>>>>> }
>>>>> include "/dhcpd/dhcpd.networks.conf";
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> All the network definitions are in "/dhcpd/dhcpd.networks.conf" and the
>>>>> file looks like this:
>>>>>
>>>>> subnet 192.168.235.0 netmask 255.255.255.128 {
>>>>> pool {
>>>>> range 192.168.235.13 192.168.235.126;
>>>>> deny dynamic bootp clients ;
>>>>> failover peer "dhcp" ;
>>>>> }
>>>>> option subnet-mask 255.255.255.128;
>>>>> option broadcast-address 255.255.255.255;
>>>>> option routers 192.168.235.1;
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>> There are router ACLs between the two servers and iptables running on
>>>>> each but the entire /24 network for each server is allowed through. I
>>>>> can see traffic being exchanged between the two servers on ports 647 and
>>>>> 847.
>>>>>
>>>>> Any idea what's causing this error?
>>>>>
>>>>>
>>>>>
>>>>> Oscar
More information about the dhcp-users
mailing list