<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
In our environment, multiple ACKs are causing an issue. We have
our servers setup in 2 different geographic regions, and there is a
DHCP proxy in-line near the client site. The issue is that the
anti-spoofing mechanism in the dhcp-proxy always picks up on the 1st
ack to make it back, which is always going to be 'Server A' (due to
the latency b/t the regions); although 'Server B' is sending the
offer. This in turn causes issues for the client that is wanting an
IP address from Server B.<br>
<br>
Is the double ACK an expected behavior on a reboot? The RFC on 3.1
says "If the client already knows its address, some steps may be
omitted", which indicates that this should potentially follow the
process noted in 3.2 (showing both servers sending an ACK).
Although, during a reboot, the client doesn't know it's ip address
and follows a simple DORA which would indicate it would use the
process in 3.1 (meaning only 1 server sends an ACK)<br>
<br>
(also, sorry for the double post, It appeared that my initial mail
was caught by a spamfilter).<br>
<br>
- Joey D.<br>
<br>
<br>
<div class="moz-cite-prefix">On 04/02/2014 11:16 AM, Leigh Porter
wrote:<br>
</div>
<blockquote
cite="mid:D181DDABABE57E4DB72FEE0033147864010D12C9@EALPO1.ukbroadband.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
see a similar issue with a similar config, however the
duplicate ACK is not on the initial request but for lease
renewals.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ve
not bothered investigating so far as it seemed to do no harm
for now..<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">--<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Leigh<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org">dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org</a>
[<a class="moz-txt-link-freetext" href="mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org">mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org</a>]
<b>On Behalf Of
</b>Joey D.<br>
<b>Sent:</b> 02 April 2014 17:04<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
<b>Subject:</b> Multiple ACK Issue<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> Below
is a diagram of what we witness is happening in the event
of a device reboot of a previously connected device
(meaning the device is already established in the leases
db on both servers), as well as our failover config. Is
there a configuration directive that can be used which
mandates that only the server sending the offer can send
the ACK? (much like what is done when allocating a fresh
lease like in sec 3.2 in the rfc). I can detail a bit
more as to the environment layout if necessary, but I'm
hoping there is an option I'm simply overlooking. <br>
<br>
<br>
</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
Server A Client Server B<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
v v v<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| Begins initialization |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| _____________/|\____________ |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|/DHCPDISCOVER | DHCPDISCOVER\|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | ___________/|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | /DHCPOFFER |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| |/ |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| Selects configuration |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| _____________/|\____________ |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|/ DHCPREQUEST | DHCPREQUEST\|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|\_____________ | ____________/|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| DHCPACK \|/ DHCPACK |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| Initialization complete | <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
<br>
<br>
SERVER A: <br>
stash-agent-options true; <br>
<br>
failover peer "iah-kcm" { <br>
primary; <br>
address x.x.1.248; <br>
port 647; <br>
peer address x.x.2.248; <br>
peer port 647; <br>
auto-partner-down 121; <br>
max-response-delay 120; <br>
max-unacked-updates 10; <br>
load balance max seconds 5; <br>
mclt 3600; <br>
split 128; <br>
<br>
} <br>
server-identifier x.x.1.248; <br>
ping-check false; <br>
<br>
<br>
SERVER B: <br>
stash-agent-options true; <br>
<br>
failover peer "iah-kcm" { <br>
<br>
secondary; <br>
address x.x.2.248; <br>
port 647; <br>
peer address x.x.1.248; <br>
peer port 647; <br>
auto-partner-down 121; <br>
max-response-delay 120; <br>
max-unacked-updates 10; <br>
load balance max seconds 5; <br>
} <br>
server-identifier x.x.2.248; <br>
ping-check false; <br>
<br>
<br>
- Joey D. </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
______________________________________________________________________<br>
This email has been scanned by the Symantec Email
Security.cloud service.<br>
For more information please visit <a moz-do-not-send="true"
href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>
______________________________________________________________________<o:p></o:p></p>
</div>
<br clear="all">
______________________________________________________________________<br>
This email has been scanned by the Symantec Email Security.cloud
service.<br>
For more information please visit <a class="moz-txt-link-freetext" href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>
______________________________________________________________________<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dhcp-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
</blockquote>
</body>
</html>