|
|
|
|
Hopefully a quick question. We migrated some sites from a few old DHCP servers running 4.1.1 to some not as old servers running 4.2.5. The users with laptops began complaining about sporadic loss of IP connectivity. They noticed they
were getting 20 minutes leases instead of 24 hour leases. I watched the traffic and it seems all initial leases to unknown MAC addresses get a 20 minute lease and on renewal get the 24 hour lease. This is not a complaint, I like the idea of a trial lease.
I just want to verify that the 4.1.1 version did not have this behavior without having to recreate that environment. I’d like to explain the behaviour to my users with a degree of confidence.
Don Friesen
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
"Friesen, Don MTIC:EX" < [hidden email]> wrote:
> I watched the traffic and it seems all initial leases to unknown MAC addresses get a 20 minute lease and on renewal get the 24 hour lease.
Are you running failover ? If so then this is normal operation.
With failover, on the first issue of a lease, it's for time MCLT - this allows for the servers to then synchronise the lease information before the client comes back to renew a short time later. On the next renew, the clients will get the full defined lease time.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
In reply to this post by Friesen, Don MTIC:EX
Re: 20 minute leases
This sounds like a fail-over setup, where clients get the MCLT time for the initial lease and then the full lease value after a renewal. This is so that the fail-over servers can communicate and properly handle the client.
[Glenn had a great post I found that explains more about fail-over, MCLT and initial lease times.]
https://lists.isc.org/pipermail/dhcp-users/2015-February/018578.html
HTH
-Greg
|
Hopefully a quick question. We migrated some sites from a few old DHCP servers running 4.1.1 to some not as old servers running 4.2.5. The users with laptops began complaining about sporadic loss of IP connectivity. They noticed they were getting 20 minutes leases instead of 24 hour leases. I watched the traffic and it seems all initial leases to unknown MAC addresses get a 20 minute lease and on renewal get the 24 hour lease. This is not a complaint, I like the idea of a trial lease. I just want to verify that the 4.1.1 version did not have this behavior without having to recreate that environment. I’d like to explain the behaviour to my users with a degree of confidence.
Don Friesen |
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Re: 20 minute leases
Thanks Greg and Simon. Things I didn’t find when searching.
Yes we run failover. My question was really: Was this added between 4.1.1 and 4.2.5 ?
I skimmed the release notes and couldn’t find it. My users noticed this after the migration from the 4.1.1 server to the 4.2.5 server, so I am thinking
the answer is yes. And I want to explain why it wasn’t happening before but is now.
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Gregory Sloop
Sent: Monday, October 26, 2015 7:22 AM
To: 'Users of ISC DHCP'
Subject: Re: 20 minute leases
This sounds like a fail-over setup, where clients get the MCLT time for the initial lease and then the full lease value after a renewal. This is so that
the fail-over servers can communicate and properly handle the client.
[Glenn had a great post I found that explains more about fail-over, MCLT and initial lease times.]
https://lists.isc.org/pipermail/dhcp-users/2015-February/018578.html
HTH
-Greg
|
|
Hopefully a quick question. We migrated some sites from a few old DHCP servers running 4.1.1 to some not as old servers running 4.2.5. The users with laptops began complaining about sporadic
loss of IP connectivity. They noticed they were getting 20 minutes leases instead of 24 hour leases. I watched the traffic and it seems all initial leases to unknown MAC addresses get a 20 minute lease and on renewal get the 24 hour lease. This is not a
complaint, I like the idea of a trial lease. I just want to verify that the 4.1.1 version did not have this behavior without having to recreate that environment. I’d like to explain the behaviour to my users with a degree of confidence.
Don Friesen
|
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Re: 20 minute leases
You're looking for something more definitive, it seems - which I don't have. I do believe that quite a lot of work went into fail-over since 4.1 - there are a couple more options that help a fail-over situation survive a peer down situation better [especially in a tight IP pool] and the like. So, I suspect this change also occurred in between.
But I certainly don't know that's the case, or exactly why. Perhaps someone else will chime in.
-Greg
|
Thanks Greg and Simon. Things I didn’t find when searching.
Yes we run failover. My question was really: Was this added between 4.1.1 and 4.2.5 ?
I skimmed the release notes and couldn’t find it. My users noticed this after the migration from the 4.1.1 server to the 4.2.5 server, so I am thinking the answer is yes. And I want to explain why it wasn’t happening before but is now.
Don Friesen
From: [hidden email] [mailto:[hidden email]] On Behalf Of Gregory Sloop
Sent: Monday, October 26, 2015 7:22 AM
To: 'Users of ISC DHCP'
Subject: Re: 20 minute leases
This sounds like a fail-over setup, where clients get the MCLT time for the initial lease and then the full lease value after a renewal. This is so that the fail-over servers can communicate and properly handle the client.
[Glenn had a great post I found that explains more about fail-over, MCLT and initial lease times.]
https://lists.isc.org/pipermail/dhcp-users/2015-February/018578.html
HTH
-Greg
|
Hopefully a quick question. We migrated some sites from a few old DHCP servers running 4.1.1 to some not as old servers running 4.2.5. The users with laptops began complaining about sporadic loss of IP connectivity. They noticed they were getting 20 minutes leases instead of 24 hour leases. I watched the traffic and it seems all initial leases to unknown MAC addresses get a 20 minute lease and on renewal get the 24 hour lease. This is not a complaint, I like the idea of a trial lease. I just want to verify that the 4.1.1 version did not have this behavior without having to recreate that environment. I’d like to explain the behaviour to my users with a degree of confidence.
Don Friesen |
|
--
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: [hidden email]
http://www.sloop.net
---
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Don,
the loss of connectivity issue should have nothing to do with the lease duration, as any sane dhcp client renews at the lease midway point, in any case.
This means that if your users had always been getting a 20-minute initial lease time, they might only have noticed that during the first 10 minutes of the lease -- after that, it would always be the 24-hour lease.
We had some users being losing network connectivity about an hour after docking their laptops on Monday morning; it turned out to be a complex interaction between the Cisco NAM Client, our DHCP failover peers, and the Cisco switches doing DHCP Snooping.
Mark S Re: 20 minute leases
You're looking for something more definitive, it seems - which I don't have. I do believe that quite a lot of work went into fail-over since 4.1 - there are a couple more options that help a fail-over situation survive a peer down situation better [especially in a tight IP pool] and the like. So, I suspect this change also occurred in between.
But I certainly don't know that's the case, or exactly why. Perhaps someone else will chime in.
-Greg
|
Thanks Greg and Simon. Things I didn’t find when searching.
Yes we run failover. My question was really: Was this added between 4.1.1 and 4.2.5 ?
I skimmed the release notes and couldn’t find it. My users noticed this after the migration from the 4.1.1 server to the 4.2.5 server, so I am thinking the answer is yes. And I want to explain why it wasn’t happening before but is now.
Don Friesen
From: [hidden email] [[hidden email]] On Behalf Of Gregory Sloop
Sent: Monday, October 26, 2015 7:22 AM
To: 'Users of ISC DHCP'
Subject: Re: 20 minute leases
This sounds like a fail-over setup, where clients get the MCLT time for the initial lease and then the full lease value after a renewal. This is so that the fail-over servers can communicate and properly handle the client.
[Glenn had a great post I found that explains more about fail-over, MCLT and initial lease times.]
https://lists.isc.org/pipermail/dhcp-users/2015-February/018578.html
HTH
-Greg
|
Hopefully a quick question. We migrated some sites from a few old DHCP servers running 4.1.1 to some not as old servers running 4.2.5. The users with laptops began complaining about sporadic loss of IP connectivity. They noticed they were getting 20 minutes leases instead of 24 hour leases. I watched the traffic and it seems all initial leases to unknown MAC addresses get a 20 minute lease and on renewal get the 24 hour lease. This is not a complaint, I like the idea of a trial lease. I just want to verify that the 4.1.1 version did not have this behavior without having to recreate that environment. I’d like to explain the behaviour to my users with a degree of confidence.
Don Friesen |
|
--
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: [hidden email]
http://www.sloop.net
---
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
In reply to this post by Friesen, Don MTIC:EX
> Yes we run failover. My question was really: Was this added between 4.1.1 and 4.2.5 ?
No, this is an integral part of the failover protocol, and has worked
that way for many years - certainly since we started using ISC DHCP
at version 3.<something>.
Steinar Haug, Nethelp consulting, [hidden email]
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
In reply to this post by Friesen, Don MTIC:EX
hi there,
we define hosts with dedicated ip-adresses based on the mac.
and we have pools where known-clients are allowed.
to have them online, when tehy are in an other of our nets.
what i would like to do, is define classes that are allowed/denyed for
some pools. but not baesd on mac, but on a regex of the hostname (or a
tag or so)
has someone done such things or has a hint, how to make that?
regards
andreas
--
________________________________________________
Andreas Burger
Eidgenoessische Technische Hochschule Zuerich
Departement Hest ISG
LFV E31 8092 Zuerich +41 44 632 68 54
[hidden email]
_________________________________________________
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
On Tue, October 27, 2015 9:01 pm, Andreas Burger wrote:
> hi there,
>
> we define hosts with dedicated ip-adresses based on the mac.
>
> and we have pools where known-clients are allowed.
> to have them online, when tehy are in an other of our nets.
>
> what i would like to do, is define classes that are allowed/denyed for
> some pools. but not baesd on mac, but on a regex of the hostname (or a
> tag or so)
> has someone done such things or has a hint, how to make that?
>
> regards
> andreas
See the dhcp-eval man page:
data-expression-1 ~= data-expression-2
data-expression-1 ~~ data-expression-2
The ~= and ~~ operators (not available on all systems)
perform extended regex(7) matching of the values of two
data expressions, returning true if data-expression-1
matches against the regular expression evaluated by data-
expression-2, or false if it does not match or encounters
some error. If either the left-hand side or the right-
hand side are null or empty strings, the result is also
false. The ~~ operator differs from the ~= operator in
that it is case-insensitive.
So putting this with a class statement:
class "hostmatch" {
match if option host-name ~~ "foo.*";
....
}
Note that I haven't tested this, so the syntax might not be 100% but it
should be close. The hostname might be fully qualified, so allow for that
in the regex.
regards,
-glenn
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
On Tue, 27 Oct 2015 12:57:52 +0000,
Glenn Satchell wrote:
>
> On Tue, October 27, 2015 9:01 pm, Andreas Burger wrote:
> > hi there,
> >
> > we define hosts with dedicated ip-adresses based on the mac.
> >
> > and we have pools where known-clients are allowed.
> > to have them online, when tehy are in an other of our nets.
> >
> > what i would like to do, is define classes that are allowed/denyed for
> > some pools. but not baesd on mac, but on a regex of the hostname (or a
> > tag or so)
> > has someone done such things or has a hint, how to make that?
> >
> > regards
> > andreas
>
> See the dhcp-eval man page:
But read it carefully, as it also contains this:
option option-name
The option operator returns the contents of the specified option in
the packet to which the server is responding.
IIUC, this means that only option data which the client or relay has
placed in the incoming packet can be used by the server to perform
class matching, and that options specified in the configuration
aren't available for this purpose. Unless the client can be
depended on to set the host-name option, I expect that class
matching depending on this option will either not be triggered, or
at best triggered sporadically.
Best regards,
Niall O'Reilly
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
In reply to this post by Friesen, Don MTIC:EX
On Oct 26, 2015, at 10:08 AM, Friesen, Don MTIC:EX < [hidden email]> wrote:
> Hopefully a quick question. We migrated some sites from a few old DHCP servers running 4.1.1 to some not as old servers running 4.2.5. The users with laptops began complaining about sporadic loss of IP connectivity. They noticed they were getting 20 minutes leases instead of 24 hour leases. I watched the traffic and it seems all initial leases to unknown MAC addresses get a 20 minute lease and on renewal get the 24 hour lease. This is not a complaint, I like the idea of a trial lease. I just want to verify that the 4.1.1 version did not have this behavior without having to recreate that environment. I’d like to explain the behaviour to my users with a degree of confidence.
>
> Don Friesen
As others have pointed out, this is a feature of failover,
and I’ve been observing that for at least a decade.
The actual interval is configured (“mclt"), so a configuration
change could have changed the behavior.
In our own case, we saw sporadic renewal-failures when our
DHCP servers became overloaded. If that is the case
or packets are being lost for other reasons, IP addresses
can be lost. Correct client behavior tries renewals
multiple times so the underlying problem can grow a
while and remain unnoticed.
DHCP service is disk-bound so a new server setup lacking
previous disk performance (e.g. previous tuning or performance
features) could affect the DHCP service reliability. As could
disk contention such as using syncing syslog for the DHCP log.
John Wobus
Cornell U IT
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
Locked
smime.p7s (5K)