Re: Cisco ASR 9006 – IOS XR 5.1.3 with DHCP Proxy = address flopping
perl-list at network1.net
Fri Feb 27 18:09:55 UTC 2015
see responses inline below
> From: "John Wobus" <jw354 at cornell.edu>
> To: "Users of ISC DHCP" <dhcp-users at lists.isc.org>
> Sent: Friday, February 27, 2015 11:31:38 AM
> Subject: Re: Cisco ASR 9006 – IOS XR 5.1.3 with DHCP Proxy = address flopping
> Re my impression/recollection of how dhcpd works:
> -You say the lease is still active, but in your scenario, you show a
> release. Wouldn't that terminate the lease?
That is true - the lease is terminated by the release that is sent by the Cisco 9k on behalf of the router (NOT by the client, however, *Grumble* Cisco).
> -On the other hand, if a lease is still active, isn't a discover a
> request for another IP? A MAC address is allowed to have multiple IPs
> by doing additional discovers. dhcpd can be configured to refuse to
> give more than one IP address to any specific MAC address but I don't
> recall what it does to an additional discover in that case.
We have one lease per client set. An additional discover will give them only the same IP. This works in all other scenarios. The client's are discovering because they were rebooted. They should get the same IP again, yet they don't. Perhaps because of the release, but I think only someone familiar with the source code could comment on that.
> -Does dhcpd take some time to bring a lease back to the "offerable"
> state when a lease terminates?
I don't know ... someone familiar with the source code would need to comment on that. The Release is sent only a few milliseconds (like less than 20) before the discover comes. This is because the Cisco 9k got the discover from the client and then sent a release to the server and then sent the discover.
> The symptoms suggest the lease isn't eligible to be offered at the
> desired moment so a different free lease is offered, perhaps because
> the lease is still active and the server interprets the discover as a
> request for another address. I assume these are dynamic, e.g. in a
> pool. For dynamic addresses, the lease file is essentially a short-
> term change log for leases and you may be able to locate the
> successive changes to the lease state for each IP to get a more
> detailed view of what is happening.
That may well be the case. There may be some short period of time after a release in which the IP address isn't available (especially in failover). If that is the case, then it would make sense why it offers the older IP. Maybe an ISC DHCP developer could wait on this.
> John Wobus
> Cornell IT
> On Feb 26, 2015, at 12:52 PM, perl-list wrote:
> > Folks,
> > A customer of mine has a problem where if a user device discovers
> > due to reboot or whatever, they will not get the same IP they had
> > previously (even tho current lease is still active).
> > Scenario:
> > 1) Reboot device - release / discover / offer / request / ack - get
> > ip x.x.x.12
> > 2) renews happen no problem - lease still active.
> > 3) reboot device - release / discover / offer / request / ack - get
> > ip x.x.x.42
> > 4) renews happen no problem - lease still active.
> > 5) reboot device - release / discover / offer / request / ack - get
> > ip x.x.x.12 (note that it went back to the original IP).
> > 6) renews happen no problem - lease still active.
> > 7) reboot device - release / discover / offer / request / ack - get
> > ip x.x.x.42 (note that it went back to IP obtained in step 3 above).
> > Specifics:
> > This configuration is with a Cisco 9k router with DHCP Proxy as
> > noted by their network admin:
> > "Cisco ASR 9006 – IOS XR 5.1.3
> > We are using sub-interfaces configured with IP unnumbered pointing
> > to loopback which contains all dynamic pools.
> > DHCP Proxy is a profile type created within the DHCP configuration
> > and is configured to point to the DHCP servers. This profile is
> > applied to each sub-interface. Proxy is also responsible for host
> > route management."
> > What we have observed is the the Cisco with DHCP Proxy is sending a
> > Release before sending the discover (please note that the client DID
> > NOT send a release). I don't know if that has anything to do with
> > it or not.
> > Also - there are two DHCP servers in a failover pair. Each running
> > 4.2.5-P1. According to documentation that we have found (and what
> > i've always understood), they should get the same address again.
> > The customer does not want the address to flop like this as it is
> > causing other problems. I am at a loss as to why this is happening.
> > It should also be noted that we have a packet capture from both
> > sides of the router and that there doesn't really seem to be any
> > difference in the packet content (aside from the added release
> > packet that was never sent by the client device). Actually, there
> > was one thing that I was unsure about from the packet capture.. the
> > release packet had the same transaction ID as the subsequent
> > discover / offer / request / ack packets according to Wireshark. I
> > don't know if that is a problem or not, however.
> > Also - the client device (a modem / router) is not sending the
> > Client Identifier option (nor is the Cisco inserting it).
> > Cisco tells them that the release sent before the discover is a
> > feature of DHCP Proxy and cannot be changed.
> > They cannot use normal DHCP relay (ip helper address x.x.x.x;) due
> > to their network configuration (or so Cisco said).
> > This whole thing was not previously a problem when they had a Cisco
> > 10k router using normal DHCP relay.
> > Thoughts as to this address flopping? Anyway to stop it?
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> dhcp-users mailing list
> dhcp-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dhcp-users