failover issue?

Bob Harold rharolde at umich.edu
Fri Apr 3 12:30:57 UTC 2015 

On Fri, Apr 3, 2015 at 2:46 AM, Christian Bösch <boesch at fhv.at> wrote:

> sure below are the config snippets:
> thanks for investigation,
> chris
>
>> server1:
>
> failover peer "dhcp-failover" {
>   primary;
>   address 10.10.40.21;
>   port 647;
>   peer address 10.10.40.22;
>   peer port 647;
>   max-response-delay 30;
>   max-unacked-updates 10;
>   load balance max seconds 3;
>   mclt 1800;
>   split 128;
> }
>
> group {
>   if exists agent.circuit-id
>   {
>     log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".",
> leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/",
> suffix ( option agent.cir
> cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option
> agent.circuit-id, 2, 2))));
>   }
>   if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
>     ddns-updates off;
>     default-lease-time 60;
>     max-lease-time 120;
>   }
>   option domain-name-servers dns1.abc.net, dns2.abc.net;
>   option subnet-mask 255.255.255.0;
>   ddns-domainname "lan.abc.net";
>   ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
>   option domain-name "lan.abc.net";
>   subnet 172.21.166.0 netmask 255.255.255.0 {
>     option routers 172.21.166.1;
>     pool {
>       failover peer "dhcp-failover";
>       deny dynamic bootp clients;
>       allow unknown-clients;
>       default-lease-time 300;
>       max-lease-time     600;
>       range 172.21.166.5 172.21.166.254;
>     }
>   }
> }
>
>
> server2:
>
> failover peer "dhcp-failover" {
>   secondary;
>   address 10.10.40.22;
>   port 647;
>   peer address 10.10.40.21;
>   peer port 647;
>   max-response-delay 30;
>   max-unacked-updates 10;
>   load balance max seconds 3;
> }
>
> group {
>   if exists agent.circuit-id
>   {
>     log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".",
> leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/",
> suffix ( option agent.cir
> cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option
> agent.circuit-id, 2, 2))));
>   }
>   if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
>     ddns-updates off;
>     default-lease-time 60;
>     max-lease-time 120;
>   }
>   option domain-name-servers dns1.abc.net, dns2.abc.net;
>   option subnet-mask 255.255.255.0;
>   ddns-domainname "lan.abc.net";
>   ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
>   option domain-name "lan.abc.net";
>   subnet 172.21.166.0 netmask 255.255.255.0 {
>     option routers 172.21.166.1;
>     pool {
>       failover peer "dhcp-failover";
>       deny dynamic bootp clients;
>       allow unknown-clients;
>       default-lease-time 300;
>       max-lease-time     600;
>       range 172.21.166.5 172.21.166.254;
>     }
>   }
> }
>
>
Check for the MAC address (3c:97:0e:b8:6d:40) being defined anywhere in the
dhcpd.conf file.  If it has  "host" declaration, it is a "known" client and
will fail the "allow unknown-clients" test.  Because you have an "allow"
line, the default changes to "deny all others".  If you remove the "allow
unknown-clients" line, the default will be "allow everyone" - please try
that, at least temporarily, to see if it fixes the "peer holds all free
leases" message.

As an aside, perhaps "peer holds all free leases" should be reworded like
"I don't have a lease that I am allowed to give you, but you could check
with my peer in case it has different rules".   But in a failover setup it
would seem odd for a peer to have a different set of rules.


> On 02 Apr 2015, at 16:33 , Patrick Trapp <ptrapp at nex-tech.com> wrote:
>
> Can you share the config? You should generalize anything sensitive -
> whatever you post will be on the list forever...
>
> ------------------------------
> *From:* dhcp-users-bounces at lists.isc.org [dhcp-users-bounces at lists.isc.org]
> on behalf of Christian Bösch [boesch at fhv.at]
> *Sent:* Thursday, April 02, 2015 5:52 AM
> *To:* dhcp-users at lists.isc.org
> *Subject:* failover issue?
>
> Hi,
>
> I have a pair of failover dhcp servers (4.2.4) which work fine for a long
> time.
> Now I added some subnets (same config like the old working one) and in that
> subnets I get on both servers:
>
> Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via
> 172.21.166.1: peer holds all free leases
> Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via
> 172.21.166.1: peer holds all free leases
> Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via
> 172.21.166.1: peer holds all free leases
> Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via
> 172.21.166.1: peer holds all free leases
>
>
> Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via
> 172.21.166.1: peer holds all free leases
> Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via
> 172.21.166.1: peer holds all free leases
> Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via
> 172.21.166.1: peer holds all free leases
> Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via
> 172.21.166.1: peer holds all free leases
>
> But the pool seems to be well balanced:
>
> Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24
> total 250  free 125  backup 125  lts 0  max-own (+/-)25
> Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24
> total 250  free 125  backup 125  lts 0  max-misbal 38
>
> Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24
> total 250  free 125  backup 125  lts 0  max-own (+/-)25
> Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24
> total 250  free 125  backup 125  lts 0  max-misbal 38
>
> Does anyone have an idea what could be the reason for that?
> Thanks,
> Chris
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150403/15ba5bca/attachment.html>

More information about the dhcp-users mailing list