<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
It looks like the last response/inquiry was not sent to the list.
I'm sending it back through in hopes of getting additional feedback
on my issue. I'm still looking for info as to whether this is
expected behaviour.<br>
<br>
- Joey D.<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 04/04/2014 01:50 PM, Joey D. wrote:<br>
</div>
<blockquote cite="mid:533EFED8.5000603@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<font face="monospace"> I have tested this with numerous packet
captures. In every Packet capture, there are 2 DISCOVERs, 1
OFFER (from 'Server B', indicating the load-balancing algorithm
is doing it's job), 2 REQUESTs (from the client, with option 54
noting Server B), 2 ACKS with each server sending their own
option 54 address.<br>
<br>
This scenario does not occur if I wipe the lease data for that
client from both servers' lease tables; this results in only 1
ACK from the server listed in option 54 in the REQUEST (Server
B). Once that works, if I reboot the client, we are back in the
state of ACKS being sent from both servers. I can submit more
data in a bug report if necessary, but I'm not sure if this is a
bug just yet...<br>
<br>
In the event of T2 timer, there is no option 54 info as
mentioned.<br>
<br>
I included the email thread including additional data below (we
use split 128).<br>
<br>
Regards,<br>
<br>
- Joey D.</font><br>
<div class="moz-cite-prefix"><br>
<br>
On 04/04/2014 01:24 PM, Bruce Hudson wrote:<br>
</div>
<blockquote cite="mid:20140404182433.GB32316@KIL-BAH-1.ITS.Dal.Ca"
type="cite">
<pre wrap=""> My DHCP is a bit rusty these days but I would definitely not expect
multiple ACKs during a regular DORA. The request from the client should
include the server identifier of the offer it is accepting; and only
that server should process the request. That is part of the protocol.
If you are seeing multiple ACKs, either (1) the client is broken
and is not including a server identifier, (2) the servers are somehow
set to use the same identifier, or (3) the DHCP server is broken and
ignoring the identifier in the request. In the absence of packet traces,
I am inclined to assume one of the first two. Can you see a server
ACKing a client request that includes a different identifier?
A client can definitely broadcast a request without an identifier,
either during a reboot or at T2 as you suggest. In those cases I would
expect any server that sees the request to respond. You will see
multiple ACKs.
You did not say (or I missed) whether or not these two servers are
part of a redundancy pair or not. If they are, that might be the code
path that leads to ignoring the server identifier. On the other hand,
in that case I would expect the "split" statement to prevent both
servers from responding. Do you set the split to 255?
--
Bruce A. Hudson | <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Bruce.Hudson@Dal.CA">Bruce.Hudson@Dal.CA</a>
ITS, Networks and Systems |
Dalhousie University |
Halifax, Nova Scotia, Canada | (902) 494-3405
</pre>
</blockquote>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 04/04/2014 12:04 PM, Joey D.
wrote:<br>
</div>
<blockquote cite="mid:533EE63A.9000001@gmail.com" type="cite"> <font
face="monospace"> I apologize if it's not proper etiquette
to post the same issue to both mailing lists, but I'm looking
for a bit of feedback as to whether what I'm experiencing is
'expected' behaviour from the isc dhcp software. It looks as
though myself and Leigh are both observing the same 'multiple
ack' scenario, but it's a bit of a "muddy" explanation in the
RFC as to whether both ACKs should present themself during a
reboot/DORA (although I'd expect it to happen at a T2 timer).<br>
<br>
- Joey D.<br>
</font><br>
<br>
<div class="moz-cite-prefix">On 04/02/2014 12:48 PM, jobewan
wrote:<br>
</div>
<blockquote cite="mid:533C4D7D.208@gmail.com" type="cite">
In our environment, multiple ACKs are causing an issue. We
have our servers setup in 2 different geographic regions, and
there is a DHCP proxy in-line near the client site. The issue
is that the anti-spoofing mechanism in the dhcp-proxy always
picks up on the 1st ack to make it back, which is always going
to be 'Server A' (due to the latency b/t the regions);
although 'Server B' is sending the offer. This in turn causes
issues for the client that is wanting an IP address from
Server B.<br>
<br>
Is the double ACK an expected behavior on a reboot? The RFC
on 3.1 says "If the client already knows its address, some
steps may be omitted", which indicates that this should
potentially follow the process noted in 3.2 (showing both
servers sending an ACK). Although, during a reboot, the
client doesn't know it's ip address and follows a simple DORA
which would indicate it would use the process in 3.1 (meaning
only 1 server sends an ACK)<br>
<br>
(also, sorry for the double post, It appeared that my initial
mail was caught by a spamfilter).<br>
<br>
- Joey D.<br>
<br>
<br>
<div class="moz-cite-prefix">On 04/02/2014 11:16 AM, Leigh
Porter wrote:<br>
</div>
<blockquote
cite="mid:D181DDABABE57E4DB72FEE0033147864010D12C9@EALPO1.ukbroadband.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
see a similar issue with a similar config, however the
duplicate ACK is not on the initial request but for
lease renewals.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ve
not bothered investigating so far as it seemed to do
no harm for now..<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">--<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Leigh<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
lang="EN-US"> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org">dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org</a>
[<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org">mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org</a>]
<b>On Behalf Of </b>Joey D.<br>
<b>Sent:</b> 02 April 2014 17:04<br>
<b>To:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
<b>Subject:</b> Multiple ACK Issue<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> Below
is a diagram of what we witness is happening in the
event of a device reboot of a previously connected
device (meaning the device is already established in
the leases db on both servers), as well as our
failover config. Is there a configuration directive
that can be used which mandates that only the server
sending the offer can send the ACK? (much like what
is done when allocating a fresh lease like in sec
3.2 in the rfc). I can detail a bit more as to the
environment layout if necessary, but I'm hoping
there is an option I'm simply overlooking. <br>
<br>
<br>
</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
Server A Client
Server B<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
v v v<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| Begins initialization |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| _____________/|\____________ |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|/DHCPDISCOVER | DHCPDISCOVER\|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | ___________/|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | /DHCPOFFER |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| |/ |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| Selects configuration |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| _____________/|\____________ |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|/ DHCPREQUEST | DHCPREQUEST\|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
|\_____________ | ____________/|<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| DHCPACK \|/ DHCPACK |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| | |<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
| Initialization complete | <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif"">
<br>
<br>
SERVER A: <br>
stash-agent-options true; <br>
<br>
failover peer "iah-kcm" { <br>
primary; <br>
address x.x.1.248; <br>
port 647; <br>
peer address x.x.2.248; <br>
peer port 647; <br>
auto-partner-down 121; <br>
max-response-delay 120; <br>
max-unacked-updates 10; <br>
load balance max seconds 5; <br>
mclt 3600; <br>
split 128; <br>
<br>
} <br>
server-identifier x.x.1.248; <br>
ping-check false; <br>
<br>
<br>
SERVER B: <br>
stash-agent-options true; <br>
<br>
failover peer "iah-kcm" { <br>
<br>
secondary; <br>
address x.x.2.248; <br>
port 647; <br>
peer address x.x.1.248; <br>
peer port 647; <br>
auto-partner-down 121; <br>
max-response-delay 120; <br>
max-unacked-updates 10; <br>
load balance max seconds 5; <br>
} <br>
server-identifier x.x.2.248; <br>
ping-check false; <br>
<br>
<br>
- Joey D. </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
______________________________________________________________________<br>
This email has been scanned by the Symantec Email
Security.cloud service.<br>
For more information please visit <a
moz-do-not-send="true"
href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>
______________________________________________________________________<o:p></o:p></p>
</div>
<br clear="all">
______________________________________________________________________<br>
This email has been scanned by the Symantec Email
Security.cloud service.<br>
For more information please visit <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>
______________________________________________________________________<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dhcp-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
</blockquote>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>