"rejected: incoming update is less critical than outgoing update"

Cathy Almond cathya at isc.org
Thu Sep 12 07:18:43 UTC 2013


On 10/09/13 19:16, Martin McCormick wrote:
> 	We have a failover pair of dhcp servers which are about
> as alike as they can be. Both are virtual machines running on
> two SANS. The message quoted in the subject line of this posting
> is said to be normal but why are there many, many more of these
> messages on the secondary server than we see on the primary DHCP
> server?
> 
> 	I ran the following test on first the primary and then
> the secondary and counted the number of update rejection
> messages from Midnight to about 12:50 the next day. 
> 
> ssh primary cat /var/log/syslog \
> |grep "rejected: incoming update is less critical than outgoing update" \
> |wc -l
> 
> I immediately ran the same script on the secondary DHCP server
> to count those messages and got:
> 
> server 1      795
> server 2   316200
> 
> 	They both seem to be working and communicating with each
> other. If one does an uptime command, both are about as busy.
> 
> primary  1:09PM  up 18 days, 15:04, 2 users, load averages: 0.10, 0.09, 0.11
> secondary  1:09PM  up 18 days, 15:03, 2 users, load averages: 0.08, 0.07, 0.07
> 
> 	Both servers appear to be communicating. The secondary
> is usually always slightly less busy than the primary and
> neither one seems to be in distress.

The explanation of what the message means is here:

https://kb.isc.org/article/AA-00362/ (you'll need to self-register to
view it as well as other documents), but what it says is:

"What's happening is the local server is sending a binding update, and
has received a binding update before receiving an ack on its own update
(so it is still pending).

In this situation, the server doesn't want to ack the peer's update
because then the peer will receive that ack after the local server's
update - so it has to reject or nak the binding update to clear it from
the peer's queue.

If dhcpd gets a rejected update, it always logs the reason, but these
particular error reports can be ignored.

If you're seeing this on every single binding update, then it's likely
that they're being caused by an odd or incorrect configuration.  "

You'll most likely need to share your failover configuration with the
list for anyone to be able to suggest specifically why you're seeing
these messages so frequently.

Cathy







More information about the dhcp-users mailing list