<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    It looks like the last response/inquiry was not sent to the list. 
    I'm sending it back through in hopes of getting additional feedback
    on my issue.  I'm still looking for info as to whether this is
    expected behaviour.<br>
    <br>
    - Joey D.<br>
    <br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 04/04/2014 01:50 PM, Joey D. wrote:<br>
    </div>
    <blockquote cite="mid:533EFED8.5000603@gmail.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      <font face="monospace">    I have tested this with numerous packet
        captures.  In every Packet capture, there are 2 DISCOVERs, 1
        OFFER (from 'Server B', indicating the load-balancing algorithm
        is doing it's job), 2 REQUESTs (from the client, with option 54
        noting Server B), 2 ACKS with each server sending their own
        option 54 address.<br>
        <br>
        This scenario does not occur if I wipe the lease data for that
        client from both servers' lease tables;  this results in only 1
        ACK from the server listed in option 54 in the REQUEST (Server
        B).  Once that works, if I reboot the client, we are back in the
        state of ACKS being sent from both servers.  I can submit more
        data in a bug report if necessary, but I'm not sure if this is a
        bug just yet...<br>
        <br>
        In the event of T2 timer, there is no option 54 info as
        mentioned.<br>
        <br>
        I included the email thread including additional data below (we
        use split 128).<br>
        <br>
        Regards,<br>
        <br>
        - Joey D.</font><br>
      <div class="moz-cite-prefix"><br>
        <br>
        On 04/04/2014 01:24 PM, Bruce Hudson wrote:<br>
      </div>
      <blockquote cite="mid:20140404182433.GB32316@KIL-BAH-1.ITS.Dal.Ca"
        type="cite">
        <pre wrap="">    My DHCP is a bit rusty these days but I would definitely not expect
multiple ACKs during a regular DORA. The request from the client should
include the server identifier of the offer it is accepting; and only
that server should process the request. That is part of the protocol.

    If you are seeing multiple ACKs, either (1) the client is broken
and is not including a server identifier, (2) the servers are somehow
set to use the same identifier, or (3) the DHCP server is broken and
ignoring the identifier in the request. In the absence of packet traces,
I am inclined to assume one of the first two. Can you see a server
ACKing a client request that includes a different identifier?

    A client can definitely broadcast a request without an identifier,
either during a reboot or at T2 as you suggest. In those cases I would
expect any server that sees the request to respond. You will see 
multiple ACKs. 

    You did not say (or I missed) whether or not these two servers are
part of a redundancy pair or not. If they are, that might be the code
path that leads to ignoring the server identifier. On the other hand,
in that case I would expect the "split" statement to prevent both
servers from responding. Do you set the split to 255? 
--
Bruce A. Hudson                         | <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Bruce.Hudson@Dal.CA">Bruce.Hudson@Dal.CA</a>
ITS, Networks and Systems               |
Dalhousie University                    |
Halifax, Nova Scotia, Canada            | (902) 494-3405
</pre>
      </blockquote>
      <br>
      <br>
      <br>
      <div class="moz-cite-prefix">On 04/04/2014 12:04 PM, Joey D.
        wrote:<br>
      </div>
      <blockquote cite="mid:533EE63A.9000001@gmail.com" type="cite"> <font
          face="monospace">    I apologize if it's not proper etiquette
          to post the same issue to both mailing lists, but I'm looking
          for a bit of feedback as to whether what I'm experiencing is
          'expected' behaviour from the isc dhcp software.  It looks as
          though myself and Leigh are both observing the same 'multiple
          ack' scenario, but it's a bit of a "muddy" explanation in the
          RFC as to whether both ACKs should present themself during a
          reboot/DORA (although I'd expect it to happen at a T2 timer).<br>
          <br>
          - Joey D.<br>
        </font><br>
        <br>
        <div class="moz-cite-prefix">On 04/02/2014 12:48 PM, jobewan
          wrote:<br>
        </div>
        <blockquote cite="mid:533C4D7D.208@gmail.com" type="cite">    
          In our environment, multiple ACKs are causing an issue.  We
          have our servers setup in 2 different geographic regions, and
          there is a DHCP proxy in-line near the client site.  The issue
          is that the anti-spoofing mechanism in the dhcp-proxy always
          picks up on the 1st ack to make it back, which is always going
          to be 'Server A' (due to the latency b/t the regions);
          although 'Server B' is sending the offer.  This in turn causes
          issues for the client that is wanting an IP address from
          Server B.<br>
          <br>
          Is the double ACK an expected behavior on a reboot?  The RFC
          on 3.1 says "If the client already knows its address, some
          steps may be omitted", which indicates that this should
          potentially follow the process noted in 3.2 (showing both
          servers sending an ACK).  Although, during a reboot, the
          client doesn't know it's ip address and follows a simple DORA
          which would indicate it would use the process in 3.1 (meaning
          only 1 server sends an ACK)<br>
          <br>
          (also, sorry for the double post, It appeared that my initial
          mail was caught by a spamfilter).<br>
          <br>
          - Joey D.<br>
          <br>
          <br>
          <div class="moz-cite-prefix">On 04/02/2014 11:16 AM, Leigh
            Porter wrote:<br>
          </div>
          <blockquote
cite="mid:D181DDABABE57E4DB72FEE0033147864010D12C9@EALPO1.ukbroadband.com"
            type="cite">
            <div class="WordSection1">
              <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
              <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
                  see a similar issue with a similar config, however the
                  duplicate ACK is not on the initial request but for
                  lease renewals.<o:p></o:p></span></p>
              <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
              <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ve



                  not bothered investigating so far as it seemed to do
                  no harm for now..<o:p></o:p></span></p>
              <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
              <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">--<o:p></o:p></span></p>
              <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Leigh<o:p></o:p></span></p>
              <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
              <p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
                    lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
                  lang="EN-US"> <a moz-do-not-send="true"
                    class="moz-txt-link-abbreviated"
href="mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org">dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org</a>
                  [<a moz-do-not-send="true"
                    class="moz-txt-link-freetext"
href="mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org">mailto:dhcp-users-bounces+leigh.porter=ukbroadband.com@lists.isc.org</a>]
                  <b>On Behalf Of </b>Joey D.<br>
                  <b>Sent:</b> 02 April 2014 17:04<br>
                  <b>To:</b> <a moz-do-not-send="true"
                    class="moz-txt-link-abbreviated"
                    href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
                  <b>Subject:</b> Multiple ACK Issue<o:p></o:p></span></p>
              <p class="MsoNormal"><o:p> </o:p></p>
              <div>
                <p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> Below



                    is a diagram of what we witness is happening in the
                    event of a device reboot of a previously connected
                    device (meaning the device is already established in
                    the leases db on both servers), as well as our
                    failover config.  Is there a configuration directive
                    that can be used which mandates that only the server
                    sending the offer can send the ACK? (much like what
                    is done when allocating a fresh lease like in sec
                    3.2 in the rfc).   I can detail a bit more as to the
                    environment layout if necessary, but I'm hoping
                    there is an option I'm simply overlooking. <br>
                    <br>
                    <br>
                  </span><o:p></o:p></p>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                    Server A        Client        
                       Server B<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> <o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      v               v              v<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |              |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |     Begins initialization    |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |              |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      | _____________/|\____________ |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |/DHCPDISCOVER  | DHCPDISCOVER\|<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |              |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |              |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |  ___________/|<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               | /DHCPOFFER   |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |/             |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |     Selects configuration    |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |              |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      | _____________/|\____________ |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |/ DHCPREQUEST  |  DHCPREQUEST\|<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |              |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |              |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |              |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |\_____________ | ____________/|<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |      DHCPACK \|/ DHCPACK     |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |               |              |<o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                                      |    Initialization complete   | <o:p></o:p></span></p>
                </div>
                <div>
                  <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
                </div>
                <p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""> 
                            <br>
                    <br>
                    SERVER A: <br>
                    stash-agent-options true; <br>
                    <br>
                    failover peer "iah-kcm" { <br>
                          primary; <br>
                          address x.x.1.248; <br>
                          port 647; <br>
                          peer address x.x.2.248; <br>
                          peer port 647; <br>
                          auto-partner-down 121; <br>
                          max-response-delay 120; <br>
                          max-unacked-updates 10; <br>
                          load balance max seconds 5; <br>
                          mclt 3600; <br>
                          split 128; <br>
                    <br>
                    } <br>
                    server-identifier x.x.1.248; <br>
                    ping-check false; <br>
                    <br>
                    <br>
                    SERVER B: <br>
                    stash-agent-options true; <br>
                    <br>
                    failover peer "iah-kcm" { <br>
                    <br>
                          secondary; <br>
                          address x.x.2.248; <br>
                          port 647; <br>
                          peer address x.x.1.248; <br>
                          peer port 647; <br>
                          auto-partner-down 121; <br>
                          max-response-delay 120; <br>
                          max-unacked-updates 10; <br>
                          load balance max seconds 5; <br>
                    } <br>
                    server-identifier x.x.2.248; <br>
                    ping-check false; <br>
                    <br>
                    <br>
                    - Joey D. </span><o:p></o:p></p>
              </div>
              <p class="MsoNormal"><br>
______________________________________________________________________<br>
                This email has been scanned by the Symantec Email
                Security.cloud service.<br>
                For more information please visit <a
                  moz-do-not-send="true"
                  href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>
______________________________________________________________________<o:p></o:p></p>
            </div>
            <br clear="all">
______________________________________________________________________<br>
            This email has been scanned by the Symantec Email
            Security.cloud service.<br>
            For more information please visit <a moz-do-not-send="true"
              class="moz-txt-link-freetext"
              href="http://www.symanteccloud.com">http://www.symanteccloud.com</a><br>
______________________________________________________________________<br>
            <br>
            <fieldset class="mimeAttachmentHeader"></fieldset>
            <br>
            <pre wrap="">_______________________________________________
dhcp-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
          </blockquote>
        </blockquote>
        <br>
      </blockquote>
      <br>
    </blockquote>
    <br>
  </body>
</html>