ISC DHCP Users

ISC-dhcp subnet limit?

classic Classic list List threaded Threaded
23 messages Options
12
Rob Morin
Reply | Threaded
Open this post in threaded view
|

ISC-dhcp subnet limit?

Rob Morin

Hello all, my first post here, so please be gentle J

 

I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)

 

We are having a few issues, and I cannot seem to figure out whats going on. I have a few questions, maybe someone can help me with.

 

Is there a max limit to how many subnets can be used in the pools? As currently we are using just over 6000 subnets

Currently our secondary dhcp-server is always in recovery mode, not sure why?

Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?

 

My primary server /etc/dhcpd.conf file

 

authoritative;

log-facility local7;

option domain-name "dyn";

option domain-name-servers 172.30.64.210, 172.30.64.220;

default-lease-time 1200;

max-lease-time 3600; # 1h

include "/etc/dhcp/dhcpd_pools.conf";

# Include the primary configuration

include "/etc/dhcp/dhcpd_primary.conf";

 

 

/etc/dhcp/dhcpd_primary has the following

                              ## PRIMARY

failover peer "tdl-dhcp-failover" {

  primary; # declare this to be the primary server

               address 172.30.128.9;

               port 647;

  peer address 172.30.128.10;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}

 

Exert from dhcpd_pools file, starts like this….

                             

subnet 10.32.0.0 netmask 255.255.255.0 {

  option routers 10.32.0.1;

  pool {

        failover peer "dhcp-failover";

        range 10.32.0.5 10.32.0.254;

  }

}

 

And finishes like this, with all the subnets in between…

 

subnet 10.57.255.0 netmask 255.255.255.0 {

  option routers 10.57.255.1;

  pool {

        failover peer "dhcp-failover";

        range 10.57.255.5 10.57.255.254;

  }

}

 

 

Example Exert from logs on both serves of a client that could not get an IP


from dhcp-1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 

from dhcp-2 
Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 
Jan 27 18:54:04 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 

 

Never see the ACK.

 

Any suggestion would be greatly appreciated.. :

 

Thanks…

 

Rob

Montreal Canada

 


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
dave c
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

dave c
Curious why your network seems to have 6,000 subnets all living in a single vlan...

But, in order to diagnose the partner issue, we'd need to see the partner config segments as well.

To answer whether it matters if requests arrive on eth1 and answers go out on eth0, the real
question is what are the differences between them. Does one go out to a firewall while the
second is a direct connection? I don't see a statement in your config telling dhcpd which IP
address/port to listen and respond on. You can force it to use eth1 if you feel it should be
doing so.

I'm also wondering why your lease time is so short. That would seem to generate a lot of traffic
to the dhcp server that otherwise wouldn't be needed. How many users are there in these 6,000
subnets?

Dave

On 1/27/16 19:12, Rob Morin wrote:

> Hello all, my first post here, so please be gentle J
>
> I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running
> isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)
>
> We are having a few issues, and I cannot seem to figure out whats going on. I have a few
> questions, maybe someone can help me with.
>
> Is there a max limit to how many subnets can be used in the pools? As currently we are using
> just over 6000 subnets
>
> Currently our secondary dhcp-server is always in recovery mode, not sure why?
>
> Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?
>
> My primary server /etc/dhcpd.conf file
>
> authoritative;
>
> log-facility local7;
>
> option domain-name "dyn";
>
> option domain-name-servers 172.30.64.210, 172.30.64.220;
>
> default-lease-time 1200;
>
> max-lease-time 3600; # 1h
>
> include "/etc/dhcp/dhcpd_pools.conf";
>
> # Include the primary configuration
>
> include "/etc/dhcp/dhcpd_primary.conf";
>
> /etc/dhcp/dhcpd_primary has the following
>
>                                ## PRIMARY
>
> failover peer "tdl-dhcp-failover" {
>
>    primary; # declare this to be the primary server
>
>                 address 172.30.128.9;
>
>                 port 647;
>
>    peer address 172.30.128.10;
>
>    peer port 647;
>
>    max-response-delay 30;
>
>    max-unacked-updates 10;
>
>    load balance max seconds 3;
>
>    mclt 1800;
>
>    split 128;
>
> }
>
> Exert from dhcpd_pools file, starts like this….
>
> subnet 10.32.0.0 netmask 255.255.255.0 {
>
>    option routers 10.32.0.1;
>
>    pool {
>
>          failover peer "dhcp-failover";
>
>          range 10.32.0.5 10.32.0.254;
>
>    }
>
> }
>
> And finishes like this, with all the subnets in between…
>
> subnet 10.57.255.0 netmask 255.255.255.0 {
>
>    option routers 10.57.255.1;
>
>    pool {
>
>          failover peer "dhcp-failover";
>
>          range 10.57.255.5 10.57.255.254;
>
>    }
>
> }
>
> Example Exert from logs on both serves of a client that could not get an IP
>
>
> from dhcp-1
> Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1
> Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via
> 10.50.170.1
>
> from dhcp-2
> Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds
> all free leases
> Jan 27 18:54:04 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds
> all free leases
>
> Never see the ACK.
>
> Any suggestion would be greatly appreciated.. :
>
> Thanks…
>
> Rob
>
> Montreal Canada
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

--
Dave Calafrancesco
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Morin
Reply | Threaded
Open this post in threaded view
|

RE: ISC-dhcp subnet limit?

Rob Morin
Thanks for the quick reply Dave, on each of the servers there are 2 vlans, one is internal/admin(VLAN01) and one is dmz(VLAN02), where the requests/discovers come in. From my testing so far it seems that a discover comes in on vlan02, and the offer and ack go out on vlan01. I do not think this is an issue as per our network guys, but I thought I would mention it.

Discover comes in via vlan02 through a firewall, but when it goes out on vlan01 there is no firewall.

Here is /etc/dhcp/dhcpd.conf of secondary

        authoritative;
        log-facility local7;
        option domain-name "dyn";
default-lease-time 1200; # 20 minutes to match the default clients session duration
max-lease-time 3600; # 1h
include "/etc/dhcp/dhcpd_secondary.conf";
include "/etc/dhcp/dhcpd_pools.conf";

Here is the "/etc/dhcp/dhcpd_secondary.conf file

        ## SECONDARY
failover peer "dhcp-failover" {
 secondary; # declare this to be the secondary server
 address 172.30.128.10;
 port 647;
 peer address 172.30.128.9;
 peer port 647;
 max-response-delay 30;
 max-unacked-updates 10;
 load balance max seconds 3;
# mclt 1800;
 #No "split" statement on secondary
}

Our lease time is short as per client request, we cannot alter it, its in the contract.
As for users, there are 10's of thousands of users at any given time...

Here is a very recent log exert on secondary..
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 68:d9:3c:56:a6:bb via 10.49.66.1: not responding (recovering)
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 10:a5:d0:17:34:96 via 10.37.5.1: peer holds all free leases
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.37.104.252 (172.30.129.9) from 5c:8d:4e:a2:06:ff via 10.37.104.1: not responding (recovering)
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.50.33.204 (172.30.129.9) from 90:e7:c4:d3:7d:51 via 10.50.33.1: not responding (recovering)

Here are some misc log entries that you might find useful...

Jan 27 14:45:03 dhcp-1 dhcpd: Wrote 1169142 leases to leases file.
Jan 27 15:29:21 dhcp-1 dhcpd: Wrote 1169401 leases to leases file.
Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
Jan 27 15:50:25 dhcp-1 dhcpd: peer dhcp-failover: disconnected
Jan 27 16:19:38 dhcp-1 dhcpd: peer dhcp-failover: disconnected

Jan 27 16:16:39 dhcp-2 dhcpd: peer dhcp-failover: disconnected
Jan 27 16:18:55 dhcp-2 dhcpd: peer dhcp-failover: disconnected
Jan 27 14:15:51 dhcp-2 dhcpd: Wrote 0 leases to leases file.
Jan 27 15:28:38 dhcp-2 dhcpd: Wrote 29890 leases to leases file.
Jan 27 15:35:41 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
Jan 27 15:50:28 dhcp-2 dhcpd: Wrote 29920 leases to leases file.

Any help appreciated...

Rob
Montreal, Canada

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of dave c
Sent: Wednesday, January 27, 2016 9:02 PM
To: Users of ISC DHCP <[hidden email]>
Subject: Re: ISC-dhcp subnet limit?

Curious why your network seems to have 6,000 subnets all living in a single vlan...

But, in order to diagnose the partner issue, we'd need to see the partner config segments as well.

To answer whether it matters if requests arrive on eth1 and answers go out on eth0, the real question is what are the differences between them. Does one go out to a firewall while the second is a direct connection? I don't see a statement in your config telling dhcpd which IP address/port to listen and respond on. You can force it to use eth1 if you feel it should be doing so.

I'm also wondering why your lease time is so short. That would seem to generate a lot of traffic to the dhcp server that otherwise wouldn't be needed. How many users are there in these 6,000 subnets?

Dave

On 1/27/16 19:12, Rob Morin wrote:

> Hello all, my first post here, so please be gentle J
>
> I have inherited 2 dhcp servers, one primary(dhcp-1) & one
> secondary(dhcp-2) running
> isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)
>
> We are having a few issues, and I cannot seem to figure out whats
> going on. I have a few questions, maybe someone can help me with.
>
> Is there a max limit to how many subnets can be used in the pools? As
> currently we are using just over 6000 subnets
>
> Currently our secondary dhcp-server is always in recovery mode, not sure why?
>
> Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?
>
> My primary server /etc/dhcpd.conf file
>
> authoritative;
>
> log-facility local7;
>
> option domain-name "dyn";
>
> option domain-name-servers 172.30.64.210, 172.30.64.220;
>
> default-lease-time 1200;
>
> max-lease-time 3600; # 1h
>
> include "/etc/dhcp/dhcpd_pools.conf";
>
> # Include the primary configuration
>
> include "/etc/dhcp/dhcpd_primary.conf";
>
> /etc/dhcp/dhcpd_primary has the following
>
>                                ## PRIMARY
>
> failover peer "tdl-dhcp-failover" {
>
>    primary; # declare this to be the primary server
>
>                 address 172.30.128.9;
>
>                 port 647;
>
>    peer address 172.30.128.10;
>
>    peer port 647;
>
>    max-response-delay 30;
>
>    max-unacked-updates 10;
>
>    load balance max seconds 3;
>
>    mclt 1800;
>
>    split 128;
>
> }
>
> Exert from dhcpd_pools file, starts like this....
>
> subnet 10.32.0.0 netmask 255.255.255.0 {
>
>    option routers 10.32.0.1;
>
>    pool {
>
>          failover peer "dhcp-failover";
>
>          range 10.32.0.5 10.32.0.254;
>
>    }
>
> }
>
> And finishes like this, with all the subnets in between...
>
> subnet 10.57.255.0 netmask 255.255.255.0 {
>
>    option routers 10.57.255.1;
>
>    pool {
>
>          failover peer "dhcp-failover";
>
>          range 10.57.255.5 10.57.255.254;
>
>    }
>
> }
>
> Example Exert from logs on both serves of a client that could not get
> an IP
>
>
> from dhcp-1
> Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b
> (iPhone) via 10.50.170.1 Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on
> 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via
> 10.50.170.1
>
> from dhcp-2
> Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via
> 10.50.170.1: peer holds all free leases Jan 27 18:54:04 dhcp-2 dhcpd:
> DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all
> free leases
>
> Never see the ACK.
>
> Any suggestion would be greatly appreciated.. :
>
> Thanks...
>
> Rob
>
> Montreal Canada
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

--
Dave Calafrancesco
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Morin
Reply | Threaded
Open this post in threaded view
|

RE: ISC-dhcp subnet limit?

Rob Morin
Fyi, each server is a quad core xeon with 8 gigs of ram, one server will have its disk replaced as its not a raid and it has a high wait time of 95% all the time, secondary server has a raid1 same specs as first server and wait time is under 5% most of the time.

Both servers have bonded(lacp) nics so total bandwidth is 2 gigs(2x1gig ports)

Rob Morin
Gestionnaire des systèmes | Senior System administrator
 
T 514 385-4448 #174                 DATAVALET.COM
 
5275, chemin Queen-Mary, Montréal (Québec) H3W 1Y3 Canada
 
CE COURRIEL AINSI QUE CES DOCUMENTS JOINTS peuvent contenir des renseignements confidentiels et privilégiés. Si vous n'êtes pas le destinataire désigné, veuillez nous en informer immédiatement et effacer toute copie. Merci.
THIS EMAIL AND THE DOCUMENTS ATTACHED may contain privileged or confidential information. If the reader of this message is not the intended recipient, please notify the sender immediately and delete the original message. Thank you.


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Rob Morin
Sent: Wednesday, January 27, 2016 9:18 PM
To: Users of ISC DHCP <[hidden email]>
Subject: RE: ISC-dhcp subnet limit?

Thanks for the quick reply Dave, on each of the servers there are 2 vlans, one is internal/admin(VLAN01) and one is dmz(VLAN02), where the requests/discovers come in. From my testing so far it seems that a discover comes in on vlan02, and the offer and ack go out on vlan01. I do not think this is an issue as per our network guys, but I thought I would mention it.

Discover comes in via vlan02 through a firewall, but when it goes out on vlan01 there is no firewall.

Here is /etc/dhcp/dhcpd.conf of secondary

        authoritative;
        log-facility local7;
        option domain-name "dyn";
default-lease-time 1200; # 20 minutes to match the default clients session duration max-lease-time 3600; # 1h include "/etc/dhcp/dhcpd_secondary.conf"; include "/etc/dhcp/dhcpd_pools.conf";

Here is the "/etc/dhcp/dhcpd_secondary.conf file

        ## SECONDARY
failover peer "dhcp-failover" {
 secondary; # declare this to be the secondary server  address 172.30.128.10;  port 647;  peer address 172.30.128.9;  peer port 647;  max-response-delay 30;  max-unacked-updates 10;  load balance max seconds 3; # mclt 1800;  #No "split" statement on secondary }

Our lease time is short as per client request, we cannot alter it, its in the contract.
As for users, there are 10's of thousands of users at any given time...

Here is a very recent log exert on secondary..
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 68:d9:3c:56:a6:bb via 10.49.66.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 10:a5:d0:17:34:96 via 10.37.5.1: peer holds all free leases Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.37.104.252 (172.30.129.9) from 5c:8d:4e:a2:06:ff via 10.37.104.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.50.33.204 (172.30.129.9) from 90:e7:c4:d3:7d:51 via 10.50.33.1: not responding (recovering)

Here are some misc log entries that you might find useful...

Jan 27 14:45:03 dhcp-1 dhcpd: Wrote 1169142 leases to leases file.
Jan 27 15:29:21 dhcp-1 dhcpd: Wrote 1169401 leases to leases file.
Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
Jan 27 15:50:25 dhcp-1 dhcpd: peer dhcp-failover: disconnected Jan 27 16:19:38 dhcp-1 dhcpd: peer dhcp-failover: disconnected

Jan 27 16:16:39 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 16:18:55 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 14:15:51 dhcp-2 dhcpd: Wrote 0 leases to leases file.
Jan 27 15:28:38 dhcp-2 dhcpd: Wrote 29890 leases to leases file.
Jan 27 15:35:41 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
Jan 27 15:50:28 dhcp-2 dhcpd: Wrote 29920 leases to leases file.

Any help appreciated...

Rob
Montreal, Canada

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of dave c
Sent: Wednesday, January 27, 2016 9:02 PM
To: Users of ISC DHCP <[hidden email]>
Subject: Re: ISC-dhcp subnet limit?

Curious why your network seems to have 6,000 subnets all living in a single vlan...

But, in order to diagnose the partner issue, we'd need to see the partner config segments as well.

To answer whether it matters if requests arrive on eth1 and answers go out on eth0, the real question is what are the differences between them. Does one go out to a firewall while the second is a direct connection? I don't see a statement in your config telling dhcpd which IP address/port to listen and respond on. You can force it to use eth1 if you feel it should be doing so.

I'm also wondering why your lease time is so short. That would seem to generate a lot of traffic to the dhcp server that otherwise wouldn't be needed. How many users are there in these 6,000 subnets?

Dave

On 1/27/16 19:12, Rob Morin wrote:

> Hello all, my first post here, so please be gentle J
>
> I have inherited 2 dhcp servers, one primary(dhcp-1) & one
> secondary(dhcp-2) running
> isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)
>
> We are having a few issues, and I cannot seem to figure out whats
> going on. I have a few questions, maybe someone can help me with.
>
> Is there a max limit to how many subnets can be used in the pools? As
> currently we are using just over 6000 subnets
>
> Currently our secondary dhcp-server is always in recovery mode, not sure why?
>
> Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?
>
> My primary server /etc/dhcpd.conf file
>
> authoritative;
>
> log-facility local7;
>
> option domain-name "dyn";
>
> option domain-name-servers 172.30.64.210, 172.30.64.220;
>
> default-lease-time 1200;
>
> max-lease-time 3600; # 1h
>
> include "/etc/dhcp/dhcpd_pools.conf";
>
> # Include the primary configuration
>
> include "/etc/dhcp/dhcpd_primary.conf";
>
> /etc/dhcp/dhcpd_primary has the following
>
>                                ## PRIMARY
>
> failover peer "tdl-dhcp-failover" {
>
>    primary; # declare this to be the primary server
>
>                 address 172.30.128.9;
>
>                 port 647;
>
>    peer address 172.30.128.10;
>
>    peer port 647;
>
>    max-response-delay 30;
>
>    max-unacked-updates 10;
>
>    load balance max seconds 3;
>
>    mclt 1800;
>
>    split 128;
>
> }
>
> Exert from dhcpd_pools file, starts like this....
>
> subnet 10.32.0.0 netmask 255.255.255.0 {
>
>    option routers 10.32.0.1;
>
>    pool {
>
>          failover peer "dhcp-failover";
>
>          range 10.32.0.5 10.32.0.254;
>
>    }
>
> }
>
> And finishes like this, with all the subnets in between...
>
> subnet 10.57.255.0 netmask 255.255.255.0 {
>
>    option routers 10.57.255.1;
>
>    pool {
>
>          failover peer "dhcp-failover";
>
>          range 10.57.255.5 10.57.255.254;
>
>    }
>
> }
>
> Example Exert from logs on both serves of a client that could not get
> an IP
>
>
> from dhcp-1
> Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b
> (iPhone) via 10.50.170.1 Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on
> 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via
> 10.50.170.1
>
> from dhcp-2
> Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via
> 10.50.170.1: peer holds all free leases Jan 27 18:54:04 dhcp-2 dhcpd:
> DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all
> free leases
>
> Never see the ACK.
>
> Any suggestion would be greatly appreciated.. :
>
> Thanks...
>
> Rob
>
> Montreal Canada
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

--
Dave Calafrancesco
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Morin
Reply | Threaded
Open this post in threaded view
|

RE: ISC-dhcp subnet limit?

Rob Morin
In reply to this post by Rob Morin
We use 2 vlans that dhcpd binds to, vlan01 & vlan02

Just fyi again here is exert from dhcp-1
Jan 27 16:17:24 dhcp-1 kernel: [491611.485812] init: isc-dhcp-server main process (15116) killed by PIPE signal
Jan 27 16:17:24 dhcp-1 kernel: [491611.485837] init: isc-dhcp-server main process ended, respawning
Jan 27 16:17:25 dhcp-1 dhcpd: Copyright 2004-2012 Internet Systems Consortium.
Jan 27 16:17:25 dhcp-1 dhcpd: All rights reserved.
Jan 27 16:17:25 dhcp-1 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jan 27 16:17:26 dhcp-1 dhcpd: Copyright 2004-2012 Internet Systems Consortium.
Jan 27 16:17:26 dhcp-1 dhcpd: All rights reserved.
Jan 27 16:17:26 dhcp-1 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd: No subnet declaration for bond0 (9.0.0.1).
Jan 27 16:17:37 dhcp-1 dhcpd: ** Ignoring requests on bond0.  If this is not what
Jan 27 16:17:37 dhcp-1 dhcpd:    you want, please write a subnet declaration
Jan 27 16:17:37 dhcp-1 dhcpd:    in your dhcpd.conf file for the network segment
Jan 27 16:17:37 dhcp-1 dhcpd:    to which interface bond0 is attached. **
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd: No subnet declaration for eth4 (no IPv4 addresses).
Jan 27 16:17:37 dhcp-1 dhcpd: ** Ignoring requests on eth4.  If this is not what
Jan 27 16:17:37 dhcp-1 dhcpd:    you want, please write a subnet declaration
Jan 27 16:17:37 dhcp-1 dhcpd:    in your dhcpd.conf file for the network segment
Jan 27 16:17:37 dhcp-1 dhcpd:    to which interface eth4 is attached. **
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd: No subnet declaration for eth0 (no IPv4 addresses).
Jan 27 16:17:37 dhcp-1 dhcpd: ** Ignoring requests on eth0.  If this is not what
Jan 27 16:17:37 dhcp-1 dhcpd:    you want, please write a subnet declaration
Jan 27 16:17:37 dhcp-1 dhcpd:    in your dhcpd.conf file for the network segment
Jan 27 16:17:37 dhcp-1 dhcpd:    to which interface eth0 is attached. **
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from partner-down to startup
Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup to partner-down
Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from partner-down to startup
Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup to partner-down

And now from dhcp-2
Jan 27 16:17:19 dhcp-2 dhcpd: failover: link startup timeout
Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
Jan 27 16:28:41 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down


Thanks....

Rob
Montreal, Canada

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Rob Morin
Sent: Wednesday, January 27, 2016 9:18 PM
To: Users of ISC DHCP <[hidden email]>
Subject: RE: ISC-dhcp subnet limit?

Thanks for the quick reply Dave, on each of the servers there are 2 vlans, one is internal/admin(VLAN01) and one is dmz(VLAN02), where the requests/discovers come in. From my testing so far it seems that a discover comes in on vlan02, and the offer and ack go out on vlan01. I do not think this is an issue as per our network guys, but I thought I would mention it.

Discover comes in via vlan02 through a firewall, but when it goes out on vlan01 there is no firewall.

Here is /etc/dhcp/dhcpd.conf of secondary

        authoritative;
        log-facility local7;
        option domain-name "dyn";
default-lease-time 1200; # 20 minutes to match the default clients session duration max-lease-time 3600; # 1h include "/etc/dhcp/dhcpd_secondary.conf"; include "/etc/dhcp/dhcpd_pools.conf";

Here is the "/etc/dhcp/dhcpd_secondary.conf file

        ## SECONDARY
failover peer "dhcp-failover" {
 secondary; # declare this to be the secondary server  address 172.30.128.10;  port 647;  peer address 172.30.128.9;  peer port 647;  max-response-delay 30;  max-unacked-updates 10;  load balance max seconds 3; # mclt 1800;  #No "split" statement on secondary }

Our lease time is short as per client request, we cannot alter it, its in the contract.
As for users, there are 10's of thousands of users at any given time...

Here is a very recent log exert on secondary..
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 68:d9:3c:56:a6:bb via 10.49.66.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 10:a5:d0:17:34:96 via 10.37.5.1: peer holds all free leases Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.37.104.252 (172.30.129.9) from 5c:8d:4e:a2:06:ff via 10.37.104.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.50.33.204 (172.30.129.9) from 90:e7:c4:d3:7d:51 via 10.50.33.1: not responding (recovering)

Here are some misc log entries that you might find useful...

Jan 27 14:45:03 dhcp-1 dhcpd: Wrote 1169142 leases to leases file.
Jan 27 15:29:21 dhcp-1 dhcpd: Wrote 1169401 leases to leases file.
Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
Jan 27 15:50:25 dhcp-1 dhcpd: peer dhcp-failover: disconnected Jan 27 16:19:38 dhcp-1 dhcpd: peer dhcp-failover: disconnected

Jan 27 16:16:39 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 16:18:55 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 14:15:51 dhcp-2 dhcpd: Wrote 0 leases to leases file.
Jan 27 15:28:38 dhcp-2 dhcpd: Wrote 29890 leases to leases file.
Jan 27 15:35:41 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
Jan 27 15:50:28 dhcp-2 dhcpd: Wrote 29920 leases to leases file.

Any help appreciated...

Rob
Montreal, Canada

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of dave c
Sent: Wednesday, January 27, 2016 9:02 PM
To: Users of ISC DHCP <[hidden email]>
Subject: Re: ISC-dhcp subnet limit?

Curious why your network seems to have 6,000 subnets all living in a single vlan...

But, in order to diagnose the partner issue, we'd need to see the partner config segments as well.

To answer whether it matters if requests arrive on eth1 and answers go out on eth0, the real question is what are the differences between them. Does one go out to a firewall while the second is a direct connection? I don't see a statement in your config telling dhcpd which IP address/port to listen and respond on. You can force it to use eth1 if you feel it should be doing so.

I'm also wondering why your lease time is so short. That would seem to generate a lot of traffic to the dhcp server that otherwise wouldn't be needed. How many users are there in these 6,000 subnets?

Dave

On 1/27/16 19:12, Rob Morin wrote:

> Hello all, my first post here, so please be gentle J
>
> I have inherited 2 dhcp servers, one primary(dhcp-1) & one
> secondary(dhcp-2) running
> isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)
>
> We are having a few issues, and I cannot seem to figure out whats
> going on. I have a few questions, maybe someone can help me with.
>
> Is there a max limit to how many subnets can be used in the pools? As
> currently we are using just over 6000 subnets
>
> Currently our secondary dhcp-server is always in recovery mode, not sure why?
>
> Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?
>
> My primary server /etc/dhcpd.conf file
>
> authoritative;
>
> log-facility local7;
>
> option domain-name "dyn";
>
> option domain-name-servers 172.30.64.210, 172.30.64.220;
>
> default-lease-time 1200;
>
> max-lease-time 3600; # 1h
>
> include "/etc/dhcp/dhcpd_pools.conf";
>
> # Include the primary configuration
>
> include "/etc/dhcp/dhcpd_primary.conf";
>
> /etc/dhcp/dhcpd_primary has the following
>
>                                ## PRIMARY
>
> failover peer "tdl-dhcp-failover" {
>
>    primary; # declare this to be the primary server
>
>                 address 172.30.128.9;
>
>                 port 647;
>
>    peer address 172.30.128.10;
>
>    peer port 647;
>
>    max-response-delay 30;
>
>    max-unacked-updates 10;
>
>    load balance max seconds 3;
>
>    mclt 1800;
>
>    split 128;
>
> }
>
> Exert from dhcpd_pools file, starts like this....
>
> subnet 10.32.0.0 netmask 255.255.255.0 {
>
>    option routers 10.32.0.1;
>
>    pool {
>
>          failover peer "dhcp-failover";
>
>          range 10.32.0.5 10.32.0.254;
>
>    }
>
> }
>
> And finishes like this, with all the subnets in between...
>
> subnet 10.57.255.0 netmask 255.255.255.0 {
>
>    option routers 10.57.255.1;
>
>    pool {
>
>          failover peer "dhcp-failover";
>
>          range 10.57.255.5 10.57.255.254;
>
>    }
>
> }
>
> Example Exert from logs on both serves of a client that could not get
> an IP
>
>
> from dhcp-1
> Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b
> (iPhone) via 10.50.170.1 Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on
> 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via
> 10.50.170.1
>
> from dhcp-2
> Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via
> 10.50.170.1: peer holds all free leases Jan 27 18:54:04 dhcp-2 dhcpd:
> DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all
> free leases
>
> Never see the ACK.
>
> Any suggestion would be greatly appreciated.. :
>
> Thanks...
>
> Rob
>
> Montreal Canada
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

--
Dave Calafrancesco
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Anderson, Charles R
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Anderson, Charles R
"partner-down" state must NEVER be entered unless the failover peer
server is really down.  Typically, partner-down is only entered
manually by server administrator action (via OMAPI or by carefully
editing the lease file while the server is stopped) or automatically
if you specifically enabled the dangerous "auto-partner-down" option
in the config (don't do that).

Given that I don't see the "auto-partner-down" statement configured in
the bits you have posted, is it possible that someone at some point in
the past put the server into partner-down manually?  It should come out
of that state automatically once contact is re-established with the
failover peer.  Is there a firewall or iptables rules blocking port
647 communication between the two servers, preventing failover from
working correctly?

> Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from partner-down to startup
> Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup to partner-down
> Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from partner-down to startup
> Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup to partner-down
>
> And now from dhcp-2
> Jan 27 16:17:19 dhcp-2 dhcpd: failover: link startup timeout
> Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
> Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
> Jan 27 16:28:41 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
>
>
> Thanks....
>
> Rob
> Montreal, Canada
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Rob Morin
> Sent: Wednesday, January 27, 2016 9:18 PM
> To: Users of ISC DHCP <[hidden email]>
> Subject: RE: ISC-dhcp subnet limit?
>
> Thanks for the quick reply Dave, on each of the servers there are 2 vlans, one is internal/admin(VLAN01) and one is dmz(VLAN02), where the requests/discovers come in. From my testing so far it seems that a discover comes in on vlan02, and the offer and ack go out on vlan01. I do not think this is an issue as per our network guys, but I thought I would mention it.
>
> Discover comes in via vlan02 through a firewall, but when it goes out on vlan01 there is no firewall.
>
> Here is /etc/dhcp/dhcpd.conf of secondary
>
> authoritative;
> log-facility local7;
> option domain-name "dyn";
> default-lease-time 1200; # 20 minutes to match the default clients session duration max-lease-time 3600; # 1h include "/etc/dhcp/dhcpd_secondary.conf"; include "/etc/dhcp/dhcpd_pools.conf";
>
> Here is the "/etc/dhcp/dhcpd_secondary.conf file
>
> ## SECONDARY
> failover peer "dhcp-failover" {
>  secondary; # declare this to be the secondary server  address 172.30.128.10;  port 647;  peer address 172.30.128.9;  peer port 647;  max-response-delay 30;  max-unacked-updates 10;  load balance max seconds 3; # mclt 1800;  #No "split" statement on secondary }
>
> Our lease time is short as per client request, we cannot alter it, its in the contract.
> As for users, there are 10's of thousands of users at any given time...
>
> Here is a very recent log exert on secondary..
> Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 68:d9:3c:56:a6:bb via 10.49.66.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 10:a5:d0:17:34:96 via 10.37.5.1: peer holds all free leases Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.37.104.252 (172.30.129.9) from 5c:8d:4e:a2:06:ff via 10.37.104.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.50.33.204 (172.30.129.9) from 90:e7:c4:d3:7d:51 via 10.50.33.1: not responding (recovering)
>
> Here are some misc log entries that you might find useful...
>
> Jan 27 14:45:03 dhcp-1 dhcpd: Wrote 1169142 leases to leases file.
> Jan 27 15:29:21 dhcp-1 dhcpd: Wrote 1169401 leases to leases file.
> Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
> Jan 27 15:50:25 dhcp-1 dhcpd: peer dhcp-failover: disconnected Jan 27 16:19:38 dhcp-1 dhcpd: peer dhcp-failover: disconnected
>
> Jan 27 16:16:39 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 16:18:55 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 14:15:51 dhcp-2 dhcpd: Wrote 0 leases to leases file.
> Jan 27 15:28:38 dhcp-2 dhcpd: Wrote 29890 leases to leases file.
> Jan 27 15:35:41 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
> Jan 27 15:50:28 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
>
> Any help appreciated...
>
> Rob
> Montreal, Canada
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of dave c
> Sent: Wednesday, January 27, 2016 9:02 PM
> To: Users of ISC DHCP <[hidden email]>
> Subject: Re: ISC-dhcp subnet limit?
>
> Curious why your network seems to have 6,000 subnets all living in a single vlan...
>
> But, in order to diagnose the partner issue, we'd need to see the partner config segments as well.
>
> To answer whether it matters if requests arrive on eth1 and answers go out on eth0, the real question is what are the differences between them. Does one go out to a firewall while the second is a direct connection? I don't see a statement in your config telling dhcpd which IP address/port to listen and respond on. You can force it to use eth1 if you feel it should be doing so.
>
> I'm also wondering why your lease time is so short. That would seem to generate a lot of traffic to the dhcp server that otherwise wouldn't be needed. How many users are there in these 6,000 subnets?
>
> Dave
>
> On 1/27/16 19:12, Rob Morin wrote:
> > Hello all, my first post here, so please be gentle J
> >
> > I have inherited 2 dhcp servers, one primary(dhcp-1) & one
> > secondary(dhcp-2) running
> > isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)
> >
> > We are having a few issues, and I cannot seem to figure out whats
> > going on. I have a few questions, maybe someone can help me with.
> >
> > Is there a max limit to how many subnets can be used in the pools? As
> > currently we are using just over 6000 subnets
> >
> > Currently our secondary dhcp-server is always in recovery mode, not sure why?
> >
> > Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?
> >
> > My primary server /etc/dhcpd.conf file
> >
> > authoritative;
> >
> > log-facility local7;
> >
> > option domain-name "dyn";
> >
> > option domain-name-servers 172.30.64.210, 172.30.64.220;
> >
> > default-lease-time 1200;
> >
> > max-lease-time 3600; # 1h
> >
> > include "/etc/dhcp/dhcpd_pools.conf";
> >
> > # Include the primary configuration
> >
> > include "/etc/dhcp/dhcpd_primary.conf";
> >
> > /etc/dhcp/dhcpd_primary has the following
> >
> >                                ## PRIMARY
> >
> > failover peer "tdl-dhcp-failover" {
> >
> >    primary; # declare this to be the primary server
> >
> >                 address 172.30.128.9;
> >
> >                 port 647;
> >
> >    peer address 172.30.128.10;
> >
> >    peer port 647;
> >
> >    max-response-delay 30;
> >
> >    max-unacked-updates 10;
> >
> >    load balance max seconds 3;
> >
> >    mclt 1800;
> >
> >    split 128;
> >
> > }
> >
> > Exert from dhcpd_pools file, starts like this....
> >
> > subnet 10.32.0.0 netmask 255.255.255.0 {
> >
> >    option routers 10.32.0.1;
> >
> >    pool {
> >
> >          failover peer "dhcp-failover";
> >
> >          range 10.32.0.5 10.32.0.254;
> >
> >    }
> >
> > }
> >
> > And finishes like this, with all the subnets in between...
> >
> > subnet 10.57.255.0 netmask 255.255.255.0 {
> >
> >    option routers 10.57.255.1;
> >
> >    pool {
> >
> >          failover peer "dhcp-failover";
> >
> >          range 10.57.255.5 10.57.255.254;
> >
> >    }
> >
> > }
> >
> > Example Exert from logs on both serves of a client that could not get
> > an IP
> >
> >
> > from dhcp-1
> > Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b
> > (iPhone) via 10.50.170.1 Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on
> > 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via
> > 10.50.170.1
> >
> > from dhcp-2
> > Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via
> > 10.50.170.1: peer holds all free leases Jan 27 18:54:04 dhcp-2 dhcpd:
> > DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all
> > free leases
> >
> > Never see the ACK.
> >
> > Any suggestion would be greatly appreciated.. :
> >
> > Thanks...
> >
> > Rob
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Morin
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Rob Morin
Hey Chuck, sorry for late reply, i fell asleep, lol

No body works on these servers other than myself, so no one put the peer
in partner down mode...

i tested the 647 ports in both directions with a simple telnet command
and both respond in both directions...

As of this morning(est time) the secondary shows the following still

Jan 27 23:50:37 dhcp-2 dhcpd: Wrote 661863 leases to leases file.
Jan 28 00:03:53 dhcp-2 dhcpd: dhcp-failover: ignored (recovering)
Jan 28 00:15:51 dhcp-2 dhcpd: dhcp-failover: ignored (recovering)
Jan 28 00:16:37 dhcp-2 dhcpd: dhcp-failover: ignored (recovering)
Jan 28 07:34:44 dhcp-2 dhcpd: DHCPREQUEST for 10.39.175.168
(172.30.129.9) from f4:f1:e1:e5:14:1f via 10.39.175.1: not responding
(recovering)
100's of the below
Jan 28 07:43:08 dhcp-2 dhcpd: uid lease 10.35.166.59 for client
a4:b8:05:8a:c3:82 is duplicate on 10.35.166.0/24


Primary has this..
i do not think this is a big issue for the moment as we do not care
about resolution for the moment, should i explicitly indicate this in
the conf file?
100's of the below...
dhcp-1 dhcpd: bind update on 10.40.44.115 got ack from dhcp-failover:
xid mismatch.
Jan 28 07:41:35 dhcp-1 dhcpd: uid lease 10.38.115.215 for client
98:fe:94:85:75:3d is duplicate on 10.38.115.0/24

Thanks for your help s far...


Rob
Montreal Canada

On 2016-01-28 1:46 AM, Chuck Anderson wrote:

> "partner-down" state must NEVER be entered unless the failover peer
> server is really down.  Typically, partner-down is only entered
> manually by server administrator action (via OMAPI or by carefully
> editing the lease file while the server is stopped) or automatically
> if you specifically enabled the dangerous "auto-partner-down" option
> in the config (don't do that).
>
> Given that I don't see the "auto-partner-down" statement configured in
> the bits you have posted, is it possible that someone at some point in
> the past put the server into partner-down manually?  It should come out
> of that state automatically once contact is re-established with the
> failover peer.  Is there a firewall or iptables rules blocking port
> 647 communication between the two servers, preventing failover from
> working correctly?
>
>> Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from partner-down to startup
>> Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup to partner-down
>> Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from partner-down to startup
>> Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup to partner-down
>>
>> And now from dhcp-2
>> Jan 27 16:17:19 dhcp-2 dhcpd: failover: link startup timeout
>> Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
>> Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
>> Jan 27 16:28:41 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
>>
>>
>> Thanks....
>>
>> Rob
>> Montreal, Canada
>>
>> -----Original Message-----
>> From: [hidden email] [mailto:[hidden email]] On Behalf Of Rob Morin
>> Sent: Wednesday, January 27, 2016 9:18 PM
>> To: Users of ISC DHCP <[hidden email]>
>> Subject: RE: ISC-dhcp subnet limit?
>>
>> Thanks for the quick reply Dave, on each of the servers there are 2 vlans, one is internal/admin(VLAN01) and one is dmz(VLAN02), where the requests/discovers come in. From my testing so far it seems that a discover comes in on vlan02, and the offer and ack go out on vlan01. I do not think this is an issue as per our network guys, but I thought I would mention it.
>>
>> Discover comes in via vlan02 through a firewall, but when it goes out on vlan01 there is no firewall.
>>
>> Here is /etc/dhcp/dhcpd.conf of secondary
>>
>> authoritative;
>> log-facility local7;
>> option domain-name "dyn";
>> default-lease-time 1200; # 20 minutes to match the default clients session duration max-lease-time 3600; # 1h include "/etc/dhcp/dhcpd_secondary.conf"; include "/etc/dhcp/dhcpd_pools.conf";
>>
>> Here is the "/etc/dhcp/dhcpd_secondary.conf file
>>
>> ## SECONDARY
>> failover peer "dhcp-failover" {
>>   secondary; # declare this to be the secondary server  address 172.30.128.10;  port 647;  peer address 172.30.128.9;  peer port 647;  max-response-delay 30;  max-unacked-updates 10;  load balance max seconds 3; # mclt 1800;  #No "split" statement on secondary }
>>
>> Our lease time is short as per client request, we cannot alter it, its in the contract.
>> As for users, there are 10's of thousands of users at any given time...
>>
>> Here is a very recent log exert on secondary..
>> Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 68:d9:3c:56:a6:bb via 10.49.66.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 10:a5:d0:17:34:96 via 10.37.5.1: peer holds all free leases Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.37.104.252 (172.30.129.9) from 5c:8d:4e:a2:06:ff via 10.37.104.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.50.33.204 (172.30.129.9) from 90:e7:c4:d3:7d:51 via 10.50.33.1: not responding (recovering)
>>
>> Here are some misc log entries that you might find useful...
>>
>> Jan 27 14:45:03 dhcp-1 dhcpd: Wrote 1169142 leases to leases file.
>> Jan 27 15:29:21 dhcp-1 dhcpd: Wrote 1169401 leases to leases file.
>> Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
>> Jan 27 15:50:25 dhcp-1 dhcpd: peer dhcp-failover: disconnected Jan 27 16:19:38 dhcp-1 dhcpd: peer dhcp-failover: disconnected
>>
>> Jan 27 16:16:39 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 16:18:55 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 14:15:51 dhcp-2 dhcpd: Wrote 0 leases to leases file.
>> Jan 27 15:28:38 dhcp-2 dhcpd: Wrote 29890 leases to leases file.
>> Jan 27 15:35:41 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
>> Jan 27 15:50:28 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
>>
>> Any help appreciated...
>>
>> Rob
>> Montreal, Canada
>>
>> -----Original Message-----
>> From: [hidden email] [mailto:[hidden email]] On Behalf Of dave c
>> Sent: Wednesday, January 27, 2016 9:02 PM
>> To: Users of ISC DHCP <[hidden email]>
>> Subject: Re: ISC-dhcp subnet limit?
>>
>> Curious why your network seems to have 6,000 subnets all living in a single vlan...
>>
>> But, in order to diagnose the partner issue, we'd need to see the partner config segments as well.
>>
>> To answer whether it matters if requests arrive on eth1 and answers go out on eth0, the real question is what are the differences between them. Does one go out to a firewall while the second is a direct connection? I don't see a statement in your config telling dhcpd which IP address/port to listen and respond on. You can force it to use eth1 if you feel it should be doing so.
>>
>> I'm also wondering why your lease time is so short. That would seem to generate a lot of traffic to the dhcp server that otherwise wouldn't be needed. How many users are there in these 6,000 subnets?
>>
>> Dave
>>
>> On 1/27/16 19:12, Rob Morin wrote:
>>> Hello all, my first post here, so please be gentle J
>>>
>>> I have inherited 2 dhcp servers, one primary(dhcp-1) & one
>>> secondary(dhcp-2) running
>>> isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)
>>>
>>> We are having a few issues, and I cannot seem to figure out whats
>>> going on. I have a few questions, maybe someone can help me with.
>>>
>>> Is there a max limit to how many subnets can be used in the pools? As
>>> currently we are using just over 6000 subnets
>>>
>>> Currently our secondary dhcp-server is always in recovery mode, not sure why?
>>>
>>> Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?
>>>
>>> My primary server /etc/dhcpd.conf file
>>>
>>> authoritative;
>>>
>>> log-facility local7;
>>>
>>> option domain-name "dyn";
>>>
>>> option domain-name-servers 172.30.64.210, 172.30.64.220;
>>>
>>> default-lease-time 1200;
>>>
>>> max-lease-time 3600; # 1h
>>>
>>> include "/etc/dhcp/dhcpd_pools.conf";
>>>
>>> # Include the primary configuration
>>>
>>> include "/etc/dhcp/dhcpd_primary.conf";
>>>
>>> /etc/dhcp/dhcpd_primary has the following
>>>
>>>                                 ## PRIMARY
>>>
>>> failover peer "tdl-dhcp-failover" {
>>>
>>>     primary; # declare this to be the primary server
>>>
>>>                  address 172.30.128.9;
>>>
>>>                  port 647;
>>>
>>>     peer address 172.30.128.10;
>>>
>>>     peer port 647;
>>>
>>>     max-response-delay 30;
>>>
>>>     max-unacked-updates 10;
>>>
>>>     load balance max seconds 3;
>>>
>>>     mclt 1800;
>>>
>>>     split 128;
>>>
>>> }
>>>
>>> Exert from dhcpd_pools file, starts like this....
>>>
>>> subnet 10.32.0.0 netmask 255.255.255.0 {
>>>
>>>     option routers 10.32.0.1;
>>>
>>>     pool {
>>>
>>>           failover peer "dhcp-failover";
>>>
>>>           range 10.32.0.5 10.32.0.254;
>>>
>>>     }
>>>
>>> }
>>>
>>> And finishes like this, with all the subnets in between...
>>>
>>> subnet 10.57.255.0 netmask 255.255.255.0 {
>>>
>>>     option routers 10.57.255.1;
>>>
>>>     pool {
>>>
>>>           failover peer "dhcp-failover";
>>>
>>>           range 10.57.255.5 10.57.255.254;
>>>
>>>     }
>>>
>>> }
>>>
>>> Example Exert from logs on both serves of a client that could not get
>>> an IP
>>>
>>>
>>> from dhcp-1
>>> Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b
>>> (iPhone) via 10.50.170.1 Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on
>>> 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via
>>> 10.50.170.1
>>>
>>> from dhcp-2
>>> Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via
>>> 10.50.170.1: peer holds all free leases Jan 27 18:54:04 dhcp-2 dhcpd:
>>> DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all
>>> free leases
>>>
>>> Never see the ACK.
>>>
>>> Any suggestion would be greatly appreciated.. :
>>>
>>> Thanks...
>>>
>>> Rob
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Bob Harold
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Bob Harold
On Thu, Jan 28, 2016 at 7:46 AM, Rob Morin <[hidden email]> wrote:

> Hey Chuck, sorry for late reply, i fell asleep, lol
>
> No body works on these servers other than myself, so no one put the peer in
> partner down mode...
>
> i tested the 647 ports in both directions with a simple telnet command and
> both respond in both directions...
>
> As of this morning(est time) the secondary shows the following still
>
> Jan 27 23:50:37 dhcp-2 dhcpd: Wrote 661863 leases to leases file.
> Jan 28 00:03:53 dhcp-2 dhcpd: dhcp-failover: ignored (recovering)
> Jan 28 00:15:51 dhcp-2 dhcpd: dhcp-failover: ignored (recovering)
> Jan 28 00:16:37 dhcp-2 dhcpd: dhcp-failover: ignored (recovering)
> Jan 28 07:34:44 dhcp-2 dhcpd: DHCPREQUEST for 10.39.175.168 (172.30.129.9)
> from f4:f1:e1:e5:14:1f via 10.39.175.1: not responding (recovering)
> 100's of the below
> Jan 28 07:43:08 dhcp-2 dhcpd: uid lease 10.35.166.59 for client
> a4:b8:05:8a:c3:82 is duplicate on 10.35.166.0/24
>
>
> Primary has this..
> i do not think this is a big issue for the moment as we do not care about
> resolution for the moment, should i explicitly indicate this in the conf
> file?
> 100's of the below...
> dhcp-1 dhcpd: bind update on 10.40.44.115 got ack from dhcp-failover: xid
> mismatch.
> Jan 28 07:41:35 dhcp-1 dhcpd: uid lease 10.38.115.215 for client
> 98:fe:94:85:75:3d is duplicate on 10.38.115.0/24
>
> Thanks for your help s far...
>
>
> Rob
> Montreal Canada
>
>
> On 2016-01-28 1:46 AM, Chuck Anderson wrote:
>>
>> "partner-down" state must NEVER be entered unless the failover peer
>> server is really down.  Typically, partner-down is only entered
>> manually by server administrator action (via OMAPI or by carefully
>> editing the lease file while the server is stopped) or automatically
>> if you specifically enabled the dangerous "auto-partner-down" option
>> in the config (don't do that).
>>
>> Given that I don't see the "auto-partner-down" statement configured in
>> the bits you have posted, is it possible that someone at some point in
>> the past put the server into partner-down manually?  It should come out
>> of that state automatically once contact is re-established with the
>> failover peer.  Is there a firewall or iptables rules blocking port
>> 647 communication between the two servers, preventing failover from
>> working correctly?
>>
>>> Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from
>>> partner-down to startup
>>> Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from
>>> startup to partner-down
>>> Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from
>>> partner-down to startup
>>> Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from
>>> startup to partner-down
>>>
>>> And now from dhcp-2
>>> Jan 27 16:17:19 dhcp-2 dhcpd: failover: link startup timeout
>>> Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves
>>> from partner-down to partner-down
>>> Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves
>>> from partner-down to partner-down
>>> Jan 27 16:28:41 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves
>>> from partner-down to partner-down
>>>
>>>
>>> Thanks....
>>>
>>> Rob
>>> Montreal, Canada
>>>
>>> -----Original Message-----
>>> From: [hidden email]
>>> [mailto:[hidden email]] On Behalf Of Rob Morin
>>> Sent: Wednesday, January 27, 2016 9:18 PM
>>> To: Users of ISC DHCP <[hidden email]>
>>> Subject: RE: ISC-dhcp subnet limit?
>>>
>>> Thanks for the quick reply Dave, on each of the servers there are 2
>>> vlans, one is internal/admin(VLAN01) and one is dmz(VLAN02), where the
>>> requests/discovers come in. From my testing so far it seems that a discover
>>> comes in on vlan02, and the offer and ack go out on vlan01. I do not think
>>> this is an issue as per our network guys, but I thought I would mention it.
>>>
>>> Discover comes in via vlan02 through a firewall, but when it goes out on
>>> vlan01 there is no firewall.
>>>
>>> Here is /etc/dhcp/dhcpd.conf of secondary
>>>
>>>         authoritative;
>>>         log-facility local7;
>>>         option domain-name "dyn";
>>> default-lease-time 1200; # 20 minutes to match the default clients
>>> session duration max-lease-time 3600; # 1h include
>>> "/etc/dhcp/dhcpd_secondary.conf"; include "/etc/dhcp/dhcpd_pools.conf";
>>>
>>> Here is the "/etc/dhcp/dhcpd_secondary.conf file
>>>
>>>         ## SECONDARY
>>> failover peer "dhcp-failover" {
>>>   secondary; # declare this to be the secondary server  address
>>> 172.30.128.10;  port 647;  peer address 172.30.128.9;  peer port 647;
>>> max-response-delay 30;  max-unacked-updates 10;  load balance max seconds 3;
>>> # mclt 1800;  #No "split" statement on secondary }
>>>
>>> Our lease time is short as per client request, we cannot alter it, its in
>>> the contract.
>>> As for users, there are 10's of thousands of users at any given time...
>>>
>>> Here is a very recent log exert on secondary..
>>> Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 68:d9:3c:56:a6:bb via
>>> 10.49.66.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd:
>>> DHCPDISCOVER from 10:a5:d0:17:34:96 via 10.37.5.1: peer holds all free
>>> leases Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.37.104.252
>>> (172.30.129.9) from 5c:8d:4e:a2:06:ff via 10.37.104.1: not responding
>>> (recovering) Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.50.33.204
>>> (172.30.129.9) from 90:e7:c4:d3:7d:51 via 10.50.33.1: not responding
>>> (recovering)
>>>
>>> Here are some misc log entries that you might find useful...
>>>
>>> Jan 27 14:45:03 dhcp-1 dhcpd: Wrote 1169142 leases to leases file.
>>> Jan 27 15:29:21 dhcp-1 dhcpd: Wrote 1169401 leases to leases file.
>>> Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
>>> Jan 27 15:50:25 dhcp-1 dhcpd: peer dhcp-failover: disconnected Jan 27
>>> 16:19:38 dhcp-1 dhcpd: peer dhcp-failover: disconnected
>>>
>>> Jan 27 16:16:39 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27
>>> 16:18:55 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 14:15:51
>>> dhcp-2 dhcpd: Wrote 0 leases to leases file.
>>> Jan 27 15:28:38 dhcp-2 dhcpd: Wrote 29890 leases to leases file.
>>> Jan 27 15:35:41 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
>>> Jan 27 15:50:28 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
>>>
>>> Any help appreciated...
>>>
>>> Rob
>>> Montreal, Canada
>>>
>>> -----Original Message-----
>>> From: [hidden email]
>>> [mailto:[hidden email]] On Behalf Of dave c
>>> Sent: Wednesday, January 27, 2016 9:02 PM
>>> To: Users of ISC DHCP <[hidden email]>
>>> Subject: Re: ISC-dhcp subnet limit?
>>>
>>> Curious why your network seems to have 6,000 subnets all living in a
>>> single vlan...
>>>
>>> But, in order to diagnose the partner issue, we'd need to see the partner
>>> config segments as well.
>>>
>>> To answer whether it matters if requests arrive on eth1 and answers go
>>> out on eth0, the real question is what are the differences between them.
>>> Does one go out to a firewall while the second is a direct connection? I
>>> don't see a statement in your config telling dhcpd which IP address/port to
>>> listen and respond on. You can force it to use eth1 if you feel it should be
>>> doing so.
>>>
>>> I'm also wondering why your lease time is so short. That would seem to
>>> generate a lot of traffic to the dhcp server that otherwise wouldn't be
>>> needed. How many users are there in these 6,000 subnets?
>>>
>>> Dave
>>>
>>> On 1/27/16 19:12, Rob Morin wrote:
>>>>
>>>> Hello all, my first post here, so please be gentle J
>>>>
>>>> I have inherited 2 dhcp servers, one primary(dhcp-1) & one
>>>> secondary(dhcp-2) running
>>>> isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)
>>>>
>>>> We are having a few issues, and I cannot seem to figure out whats
>>>> going on. I have a few questions, maybe someone can help me with.
>>>>
>>>> Is there a max limit to how many subnets can be used in the pools? As
>>>> currently we are using just over 6000 subnets
>>>>
>>>> Currently our secondary dhcp-server is always in recovery mode, not sure
>>>> why?
>>>>
>>>> Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on
>>>> eth0?
>>>>
>>>> My primary server /etc/dhcpd.conf file
>>>>
>>>> authoritative;
>>>>
>>>> log-facility local7;
>>>>
>>>> option domain-name "dyn";
>>>>
>>>> option domain-name-servers 172.30.64.210, 172.30.64.220;
>>>>
>>>> default-lease-time 1200;
>>>>
>>>> max-lease-time 3600; # 1h
>>>>
>>>> include "/etc/dhcp/dhcpd_pools.conf";
>>>>
>>>> # Include the primary configuration
>>>>
>>>> include "/etc/dhcp/dhcpd_primary.conf";
>>>>
>>>> /etc/dhcp/dhcpd_primary has the following
>>>>
>>>>                                 ## PRIMARY
>>>>
>>>> failover peer "tdl-dhcp-failover" {
>>>>
>>>>     primary; # declare this to be the primary server
>>>>
>>>>                  address 172.30.128.9;
>>>>
>>>>                  port 647;
>>>>
>>>>     peer address 172.30.128.10;
>>>>
>>>>     peer port 647;
>>>>
>>>>     max-response-delay 30;
>>>>
>>>>     max-unacked-updates 10;
>>>>
>>>>     load balance max seconds 3;
>>>>
>>>>     mclt 1800;
>>>>
>>>>     split 128;
>>>>
>>>> }
>>>>
>>>> Exert from dhcpd_pools file, starts like this....
>>>>
>>>> subnet 10.32.0.0 netmask 255.255.255.0 {
>>>>
>>>>     option routers 10.32.0.1;
>>>>
>>>>     pool {
>>>>
>>>>           failover peer "dhcp-failover";
>>>>
>>>>           range 10.32.0.5 10.32.0.254;
>>>>
>>>>     }
>>>>
>>>> }
>>>>
>>>> And finishes like this, with all the subnets in between...
>>>>
>>>> subnet 10.57.255.0 netmask 255.255.255.0 {
>>>>
>>>>     option routers 10.57.255.1;
>>>>
>>>>     pool {
>>>>
>>>>           failover peer "dhcp-failover";
>>>>
>>>>           range 10.57.255.5 10.57.255.254;
>>>>
>>>>     }
>>>>
>>>> }
>>>>
>>>> Example Exert from logs on both serves of a client that could not get
>>>> an IP
>>>>
>>>>
>>>> from dhcp-1
>>>> Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b
>>>> (iPhone) via 10.50.170.1 Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on
>>>> 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via
>>>> 10.50.170.1
>>>>
>>>> from dhcp-2
>>>> Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via
>>>> 10.50.170.1: peer holds all free leases Jan 27 18:54:04 dhcp-2 dhcpd:
>>>> DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all
>>>> free leases
>>>>
>>>> Never see the ACK.
>>>>
>>>> Any suggestion would be greatly appreciated.. :
>>>>
>>>> Thanks...
>>>>
>>>> Rob
>>

Looks like you get the DHCPDISCOVER from the client, and send the
DHCPOFFER, but never see a DHCPREQUEST or DHCPACK.  So either the
client is not receiving the DHCPOFFER, or the DHCPREQUEST is not
getting back to the server.  I would suspect that sending on a
different port is a likely problem - either the remote dhcp forwarder
or the client is not receiving or not accepting the packet.  Several
things you could try:
- tell DHCP to use one interface
- change routing on the server so the interface you want is used for outgoing
- change the dhcp forwarders to forward to the port that is used for
outgoing, so it will also be the incoming port
(only one of those is needed, your choice)

If you define the subnets that the DHCP server is directly connected
to, but without a "range" statement, that will silence the complaints
in the log, but is not a big deal.

Also, you should trace the failover packets between the two servers to
figure out why that is not working.

Since it is not working, try configuring it with one subnet and get
that working, then try 6000+.

--
Bob Harold
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
José Queiroz
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

José Queiroz
In reply to this post by Rob Morin


2016-01-27 23:12 GMT-02:00 Rob Morin <[hidden email]>:

Hello all, my first post here, so please be gentle J

 

I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)

 

We are having a few issues, and I cannot seem to figure out whats going on. I have a few questions, maybe someone can help me with.

 

Is there a max limit to how many subnets can be used in the pools? As currently we are using just over 6000 subnets

Currently our secondary dhcp-server is always in recovery mode, not sure why?

Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?


Hi Rob, I saw from other messages that you're using bonded interfaces. I understand that, as far as you start using bonded interfaces, you must attach your DHCP server to the logical interfaces (bond0, bond1, etc), not the physical ones. When you do that, the system will direct the packets to one of the physical interfaces in a suitable way.

You've also said on other messages that you have two VLANs, and I understand that your servers are capable of sending do1q labeled frames. If so, you must have at least two logical interfaces ontop your bonded interface; if so, you must attach your DHCP server to the vlan interfaces (vlan1, vlan2, etc.). Keep in mind, also, that your L3 Switch (or whatever equipment is doing your inter-vlan routing) may act as a "dhcp relay", so you don't need that your DHCP server talks to all of the vlans, as far as it haves connectivity with the dhcp relay.

 

My primary server /etc/dhcpd.conf file

 

authoritative;

log-facility local7;

option domain-name "dyn";

option domain-name-servers 172.30.64.210, 172.30.64.220;

default-lease-time 1200;

max-lease-time 3600; # 1h

include "/etc/dhcp/dhcpd_pools.conf";

# Include the primary configuration

include "/etc/dhcp/dhcpd_primary.conf";

 

 

/etc/dhcp/dhcpd_primary has the following

                              ## PRIMARY

failover peer "tdl-dhcp-failover" {

  primary; # declare this to be the primary server

               address 172.30.128.9;

               port 647;

  peer address 172.30.128.10;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}


Could you please show the configuration of your secondary DHCP server? Just the "failover peer section" may be enough.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Anderson, Charles R
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Anderson, Charles R
In reply to this post by Rob Morin
You said "I have inherited 2 dhcp servers" so I thought whomever you
inherited them from may have put server into partner-down.  It /was/
in that state, so something or someone must have done it.  Are you
sure you didn't do it?  Are you sure you don't have
"auto-partner-down" set somewhere in your config files?  Does Ubuntu
do something silly and turn that on by default in their build of ISC
DHCP?  It looks like they may have:

https://bugs.launchpad.net/precise-backports/+bug/1072354

The reason this is so dangerous, is that you MUST be sure the partner
is really DOWN and unable to hear DHCP traffic from clients, and not
just isolated from the other failover peer, BEFORE putting a server
into "partner-down" state.  If both servers end up in state where they
can both hear DHCP traffic from clients but cannot communicate between
themselves over the failover TCP channel AND you force one/both of
them into "partner-down" (or rely on "auto-partner-down" to do this
for you), then you will have duplicate leases and other badness.

If this scenario had happened in the past, that could explain all the
duplicate lease messages you see.  It may also have caused the lease
files to get in a funny state that they cannot recover from
automatically, although this is just speculation on my part because
that code path probably isn't as well exercised since no one should
really every let that happen.

"dhcp-failover: ignored (recovering)" means the secondary is
reconciling lease data to/from the primary and will not answer clients
until this is completed.  Maybe with the over 1,000,000 leases you
have, this will take awhile.  Maybe it is stuck due to lease file
corruption.  Who knows.  Try waiting a while to see if it fully
recovers, or capture the traffic on the failover TCP stream to see
what is actually going on.

A simple way to get out of this mess may be to cut your losses on the
lease data on dhcp-2 and start with a blank slate there, letting the
recovery process rebuild dhcp-2's lease file from the primary.  To do
that, stop the dhcp-2 dhcpd service, delete dhcp-2's lease file, then
restart.  Make sure dhcp-1 is still running and answering first.

I still don't know how long you should expect 1,000,000 leases to take
to sync, so syncing from scratch may cause this process to start over
and take a long time...  Or maybe a million leases isn't really a
problem and it will be okay.  But it does seem like a lot to me:

Jan 27 14:45:03 dhcp-1 dhcpd: Wrote 1169142 leases to leases file.
Jan 27 15:29:21 dhcp-1 dhcpd: Wrote 1169401 leases to leases file.
Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
Jan 27 15:50:25 dhcp-1 dhcpd: peer dhcp-failover: disconnected
Jan 27 16:19:38 dhcp-1 dhcpd: peer dhcp-failover: disconnected

Jan 27 16:16:39 dhcp-2 dhcpd: peer dhcp-failover: disconnected
Jan 27 16:18:55 dhcp-2 dhcpd: peer dhcp-failover: disconnected
Jan 27 14:15:51 dhcp-2 dhcpd: Wrote 0 leases to leases file.
Jan 27 15:28:38 dhcp-2 dhcpd: Wrote 29890 leases to leases file.
Jan 27 15:35:41 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
Jan 27 15:50:28 dhcp-2 dhcpd: Wrote 29920 leases to leases file.


On Thu, Jan 28, 2016 at 07:46:17AM -0500, Rob Morin wrote:

> Hey Chuck, sorry for late reply, i fell asleep, lol
>
> No body works on these servers other than myself, so no one put the
> peer in partner down mode...
>
> i tested the 647 ports in both directions with a simple telnet
> command and both respond in both directions...
>
> As of this morning(est time) the secondary shows the following still
>
> Jan 27 23:50:37 dhcp-2 dhcpd: Wrote 661863 leases to leases file.
> Jan 28 00:03:53 dhcp-2 dhcpd: dhcp-failover: ignored (recovering)
> Jan 28 00:15:51 dhcp-2 dhcpd: dhcp-failover: ignored (recovering)
> Jan 28 00:16:37 dhcp-2 dhcpd: dhcp-failover: ignored (recovering)
> Jan 28 07:34:44 dhcp-2 dhcpd: DHCPREQUEST for 10.39.175.168
> (172.30.129.9) from f4:f1:e1:e5:14:1f via 10.39.175.1: not
> responding (recovering)
> 100's of the below
> Jan 28 07:43:08 dhcp-2 dhcpd: uid lease 10.35.166.59 for client
> a4:b8:05:8a:c3:82 is duplicate on 10.35.166.0/24
>
>
> Primary has this..
> i do not think this is a big issue for the moment as we do not care
> about resolution for the moment, should i explicitly indicate this
> in the conf file?
> 100's of the below...
> dhcp-1 dhcpd: bind update on 10.40.44.115 got ack from
> dhcp-failover: xid mismatch.
> Jan 28 07:41:35 dhcp-1 dhcpd: uid lease 10.38.115.215 for client
> 98:fe:94:85:75:3d is duplicate on 10.38.115.0/24
>
> Thanks for your help s far...
>
>
> Rob
> Montreal Canada
>
> On 2016-01-28 1:46 AM, Chuck Anderson wrote:
> >"partner-down" state must NEVER be entered unless the failover peer
> >server is really down.  Typically, partner-down is only entered
> >manually by server administrator action (via OMAPI or by carefully
> >editing the lease file while the server is stopped) or automatically
> >if you specifically enabled the dangerous "auto-partner-down" option
> >in the config (don't do that).
> >
> >Given that I don't see the "auto-partner-down" statement configured in
> >the bits you have posted, is it possible that someone at some point in
> >the past put the server into partner-down manually?  It should come out
> >of that state automatically once contact is re-established with the
> >failover peer.  Is there a firewall or iptables rules blocking port
> >647 communication between the two servers, preventing failover from
> >working correctly?
> >
> >>Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from partner-down to startup
> >>Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup to partner-down
> >>Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from partner-down to startup
> >>Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup to partner-down
> >>
> >>And now from dhcp-2
> >>Jan 27 16:17:19 dhcp-2 dhcpd: failover: link startup timeout
> >>Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
> >>Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
> >>Jan 27 16:28:41 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from partner-down to partner-down
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Denis Laventure
Reply | Threaded
Open this post in threaded view
|

RE: ISC-dhcp subnet limit?

Denis Laventure
In reply to this post by Rob Morin

Hi Rob,

 

I can't help for issue on your interface problem but I think I can help with the performance.

 

I used to have performance problem with my failover setup and someone at ISC told me to change some value in the code to get debug information about memory usage.

 

Add this to the file "includes/dhcpd.h"

#if !defined (REPORT_HASH_PERFORMANCE)

# define REPORT_HASH_PERFORMANCE 1

#endif

 

Compile and start the daemon and you should get something like this on screen and in the log:

 

dhcpd: DHCP name hash: Contents/Size (%): 106/401 (26%). Min/max: 0/2

dhcpd: DHCP code hash: Contents/Size (%): 106/254 (41%). Min/max: 0/1

dhcpd: NWIP name hash: Contents/Size (%): 11/17 (64%). Min/max: 0/2

dhcpd: NWIP code hash: Contents/Size (%): 11/17 (64%). Min/max: 0/1

dhcpd: FQDN name hash: Contents/Size (%): 8/13 (61%). Min/max: 0/2

dhcpd: FQDN code hash: Contents/Size (%): 8/13 (61%). Min/max: 0/1

dhcpd: VIVCO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVCO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: ISC name hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: ISC code hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: Relay Agent name hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Relay Agent code hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Server-Config Option name hash: Contents/Size (%): 67/136 (49%). Min/max: 0/4

dhcpd: Server-Config Option code hash: Contents/Size (%): 67/136 (49%). Min/max: 0/1

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: Config file: /dhcpd/dhcpd.conf

dhcpd: Database file: /dhcpd/dhcpd.leases

dhcpd: PID file: /var/run/dhcpd.pid

dhcpd: Wrote 0 class decls to leases file.

dhcpd: Wrote 0 deleted host decls to leases file.

dhcpd: Wrote 0 new dynamic host decls to leases file.

dhcpd: Wrote 48578 leases to leases file.

dhcpd: Host HW hash:   Contents/Size (%): 1420/22501 (6%). Min/max: 0/4

dhcpd: Host UID hash:  No table.

dhcpd: Lease IP hash:  Contents/Size (%): 70324/100003 (70%). Min/max: 0/5

dhcpd: Lease UID hash: Contents/Size (%): 8708/100003 (8%). Min/max: 0/3

dhcpd: Lease HW hash:  Contents/Size (%): 9036/100003 (9%). Min/max: 0/3

 

"Lease IP hash" is where you should look.

 

By default the server use a lease hash size value of 100003. I had over 350000 leases so I was exceeding that value and the server was very slow to start.

 

To change the size you must edit the file "includes/dhcpd.h" and find LEASE_HASH_SIZE and replace the value. This value must be a prime number (I used 400009).

 

-# define LEASE_HASH_SIZE       100003

+# define LEASE_HASH_SIZE       400009

 

Compile and start again. That was the answer for me.

 

One other thing with the failover setup, the peer will always be in recover state when starting for the duration of the "MCLT" (time in second) in your failover definition (1800 in your case), so it will be in recover start for 30 minutes. I use 300 (5 minutes).

 

Le texte aurait été plus facile à écrire en français mais comme la liste est en anglais et que ça peut aider d'autres personnes alors je me suis forcé. En espérant que ce soit clair pour toi !

 

Denis Laventure

Université du Québec à Chicoutimi

 

 

 

De : [hidden email] [mailto:[hidden email]] De la part de Rob Morin
Envoyé : 27 janvier 2016 20:12
À : [hidden email]
Objet : ISC-dhcp subnet limit?

 

Hello all, my first post here, so please be gentle J

 

I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)

 

We are having a few issues, and I cannot seem to figure out whats going on. I have a few questions, maybe someone can help me with.

 

Is there a max limit to how many subnets can be used in the pools? As currently we are using just over 6000 subnets

Currently our secondary dhcp-server is always in recovery mode, not sure why?

Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?

 

My primary server /etc/dhcpd.conf file

 

authoritative;

log-facility local7;

option domain-name "dyn";

option domain-name-servers 172.30.64.210, 172.30.64.220;

default-lease-time 1200;

max-lease-time 3600; # 1h

include "/etc/dhcp/dhcpd_pools.conf";

# Include the primary configuration

include "/etc/dhcp/dhcpd_primary.conf";

 

 

/etc/dhcp/dhcpd_primary has the following

                              ## PRIMARY

failover peer "tdl-dhcp-failover" {

  primary; # declare this to be the primary server

               address 172.30.128.9;

               port 647;

  peer address 172.30.128.10;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}

 

Exert from dhcpd_pools file, starts like this….

                             

subnet 10.32.0.0 netmask 255.255.255.0 {

  option routers 10.32.0.1;

  pool {

        failover peer "dhcp-failover";

        range 10.32.0.5 10.32.0.254;

  }

}

 

And finishes like this, with all the subnets in between…

 

subnet 10.57.255.0 netmask 255.255.255.0 {

  option routers 10.57.255.1;

  pool {

        failover peer "dhcp-failover";

        range 10.57.255.5 10.57.255.254;

  }

}

 

 

Example Exert from logs on both serves of a client that could not get an IP


from dhcp-1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 

from dhcp-2 
Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 
Jan 27 18:54:04 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 

 

Never see the ACK.

 

Any suggestion would be greatly appreciated.. :

 

Thanks…

 

Rob

Montreal Canada

 


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Morin
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Rob Morin
Hey Denis, thanks for the response...

I was just using apt to install isc-dchp server on ubuntu 14.04
Server is quad core xeon with 8 gigs of ram with a software raid 1 disks

But maybe i should consider your way...

I was just doing some testing using a ramdisk for the /var/lib/dhcp/dchpd.leases files

Our leases are short for special reasons... 20 minutes

so on a dev machine i created a ramdisk of 2 gigs, and backup the leases files to  a hard disk each 5 mins, and on restart the /etc/init/isc-dhcp-server.conf will  copy the files from backup to /ramdisk  then start dhcp

on dev it works fine... but i may consider your way now...

we tend to shy away from compiling stuff.. :(

Even after 24 hours after start of  the peer never came out of recovery mode, not sure why..

Currently we made dhcp-2 a standalone server and it currently has 217335 leases in it, but i will need to double that at least in coming weeks..

Server is currently ....

top - 10:55:08 up 22:55,  2 users,  load average: 2.00, 1.99, 1.93
Tasks: 116 total,   1 running, 115 sleeping,   0 stopped,   0 zombie
%Cpu0  :  0.9 us,  0.5 sy,  0.0 ni, 25.8 id, 72.8 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu1  :  1.4 us,  0.5 sy,  0.0 ni, 74.3 id, 23.4 wa,  0.0 hi,  0.5 si,  0.0 st
%Cpu2  :  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu3  :  0.5 us,  0.0 sy,  0.0 ni, 99.5 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:   8092320 total,  5007076 used,  3085244 free,   164496 buffers
KiB Swap:  7810044 total,        0 used,  7810044 free.  4129916 cached Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                                                                                                 
12979 root      20   0  565060 559220   2524 D   2.3  6.9  15:08.17 dhcpd                                                                                                                                                                   
 1713 syslog    20   0  255848   2924   2428 S   0.9  0.0   3:16.05 rsyslogd                                                                                                                                                                
  215 root      20   0       0      0      0 S   0.5  0.0   2:00.89 jbd2/md2-8                                                                                                                                                              
  412 root       0 -20       0      0      0 S   0.5  0.0   1:13.95 kworker/0:1H                                                                                                                                                            
14300 root      20   0       0      0      0 S   0.5  0.0   0:41.33 kworker/0:2                                                                                                                                                             
    1 root      20   0   33620   4284   2824 S   0.0  0.1   0:01.19 init      

I will try your suggestion on dev machine
Do you use or know of a tool that i can use to simulate dhcp request for testing on my dev machine?

Thanks for your help!
Rob Morin
Montreal, Canada
 
CE COURRIEL AINSI QUE CES DOCUMENTS JOINTS peuvent contenir des renseignements confidentiels et privilégiés. Si vous n’êtes pas le destinataire désigné, veuillez nous en informer immédiatement et effacer toute copie. Merci.
THIS EMAIL AND THE DOCUMENTS ATTACHED may contain privileged or confidential information. If the reader of this message is not the intended recipient, please notify the sender immediately and delete the original message. Thank you.
On 2016-01-29 9:58 AM, Denis Laventure wrote:

Hi Rob,

 

I can't help for issue on your interface problem but I think I can help with the performance.

 

I used to have performance problem with my failover setup and someone at ISC told me to change some value in the code to get debug information about memory usage.

 

Add this to the file "includes/dhcpd.h"

#if !defined (REPORT_HASH_PERFORMANCE)

# define REPORT_HASH_PERFORMANCE 1

#endif

 

Compile and start the daemon and you should get something like this on screen and in the log:

 

dhcpd: DHCP name hash: Contents/Size (%): 106/401 (26%). Min/max: 0/2

dhcpd: DHCP code hash: Contents/Size (%): 106/254 (41%). Min/max: 0/1

dhcpd: NWIP name hash: Contents/Size (%): 11/17 (64%). Min/max: 0/2

dhcpd: NWIP code hash: Contents/Size (%): 11/17 (64%). Min/max: 0/1

dhcpd: FQDN name hash: Contents/Size (%): 8/13 (61%). Min/max: 0/2

dhcpd: FQDN code hash: Contents/Size (%): 8/13 (61%). Min/max: 0/1

dhcpd: VIVCO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVCO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: ISC name hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: ISC code hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: Relay Agent name hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Relay Agent code hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Server-Config Option name hash: Contents/Size (%): 67/136 (49%). Min/max: 0/4

dhcpd: Server-Config Option code hash: Contents/Size (%): 67/136 (49%). Min/max: 0/1

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: Config file: /dhcpd/dhcpd.conf

dhcpd: Database file: /dhcpd/dhcpd.leases

dhcpd: PID file: /var/run/dhcpd.pid

dhcpd: Wrote 0 class decls to leases file.

dhcpd: Wrote 0 deleted host decls to leases file.

dhcpd: Wrote 0 new dynamic host decls to leases file.

dhcpd: Wrote 48578 leases to leases file.

dhcpd: Host HW hash:   Contents/Size (%): 1420/22501 (6%). Min/max: 0/4

dhcpd: Host UID hash:  No table.

dhcpd: Lease IP hash:  Contents/Size (%): 70324/100003 (70%). Min/max: 0/5

dhcpd: Lease UID hash: Contents/Size (%): 8708/100003 (8%). Min/max: 0/3

dhcpd: Lease HW hash:  Contents/Size (%): 9036/100003 (9%). Min/max: 0/3

 

"Lease IP hash" is where you should look.

 

By default the server use a lease hash size value of 100003. I had over 350000 leases so I was exceeding that value and the server was very slow to start.

 

To change the size you must edit the file "includes/dhcpd.h" and find LEASE_HASH_SIZE and replace the value. This value must be a prime number (I used 400009).

 

-# define LEASE_HASH_SIZE       100003

+# define LEASE_HASH_SIZE       400009

 

Compile and start again. That was the answer for me.

 

One other thing with the failover setup, the peer will always be in recover state when starting for the duration of the "MCLT" (time in second) in your failover definition (1800 in your case), so it will be in recover start for 30 minutes. I use 300 (5 minutes).

 

Le texte aurait été plus facile à écrire en français mais comme la liste est en anglais et que ça peut aider d'autres personnes alors je me suis forcé. En espérant que ce soit clair pour toi !

 

Denis Laventure

Université du Québec à Chicoutimi

 

 

 

De : [hidden email] [[hidden email]] De la part de Rob Morin
Envoyé : 27 janvier 2016 20:12
À : [hidden email]
Objet : ISC-dhcp subnet limit?

 

Hello all, my first post here, so please be gentle J

 

I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)

 

We are having a few issues, and I cannot seem to figure out whats going on. I have a few questions, maybe someone can help me with.

 

Is there a max limit to how many subnets can be used in the pools? As currently we are using just over 6000 subnets

Currently our secondary dhcp-server is always in recovery mode, not sure why?

Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?

 

My primary server /etc/dhcpd.conf file

 

authoritative;

log-facility local7;

option domain-name "dyn";

option domain-name-servers 172.30.64.210, 172.30.64.220;

default-lease-time 1200;

max-lease-time 3600; # 1h

include "/etc/dhcp/dhcpd_pools.conf";

# Include the primary configuration

include "/etc/dhcp/dhcpd_primary.conf";

 

 

/etc/dhcp/dhcpd_primary has the following

                              ## PRIMARY

failover peer "tdl-dhcp-failover" {

  primary; # declare this to be the primary server

               address 172.30.128.9;

               port 647;

  peer address 172.30.128.10;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}

 

Exert from dhcpd_pools file, starts like this….

                             

subnet 10.32.0.0 netmask 255.255.255.0 {

  option routers 10.32.0.1;

  pool {

        failover peer "dhcp-failover";

        range 10.32.0.5 10.32.0.254;

  }

}

 

And finishes like this, with all the subnets in between…

 

subnet 10.57.255.0 netmask 255.255.255.0 {

  option routers 10.57.255.1;

  pool {

        failover peer "dhcp-failover";

        range 10.57.255.5 10.57.255.254;

  }

}

 

 

Example Exert from logs on both serves of a client that could not get an IP


from dhcp-1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 

from dhcp-2 
Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 
Jan 27 18:54:04 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 

 

Never see the ACK.

 

Any suggestion would be greatly appreciated.. :

 

Thanks…

 

Rob

Montreal Canada

 



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Simon Hobson
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Simon Hobson
Rob Morin <[hidden email]> wrote:

> Currently we made dhcp-2 a standalone server ...

Did you also edit the ranges on both servers to be non-overlapping ?

One thing you must *NOT* do is have two independent servers with overlapping ranges - down that route lies the path to random strange problems.


Thinking about one bit of your original question. I'm assuming that all requests are coming via remote relay agents - is that correct ?
If so, then the routing doesn't really matter. The inbound interface will be determined by the route(s) available from the relay agent (or client *) to the address(es) it's configured to send the packets to. The outbound interface will be determined by the route(s) available from the server to the gateway interface address (GI-Addr) field in the request packet (or client address *). It doesn't matter (for the DHCP anyway) if there is triangular routing in place - but you need to ensure that any filtering/firewalls allows the packets through.

* When a client has an active lease, it will unicast a renewal request to the server that granted the lest in order to request an extension to it. So you need unicast traffic allowed between clients and server.


Something else to look at is logging. IIRC Syslog defaults to synchronous logging for a lot of things - and that means a lot of disk activity logging the DHCP activities. At the expense of losing some logging if the system crashes, you can configure async logging so there isn't a file sync on avery log message. This can significantly reduce disk activity and improve performance.



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
José Queiroz
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

José Queiroz
In reply to this post by Rob Morin


2016-01-29 13:58 GMT-02:00 Rob Morin <[hidden email]>:
I will try your suggestion on dev machine
Do you use or know of a tool that i can use to simulate dhcp request for testing on my dev machine?


A virtual machine with a Linux LiveCD may do what you need. If you're using Ubuntu, you may run it with VirtualBox from the dev machine, itself.
If you're used to GNS3 (www.gns3.net), you may create a tiny virtual host with VPCS that just requests DHCP, pings and traceroute to destinations.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Morin
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Rob Morin
Ya i setup 2 VMs in openstack to test.... settign up a 3rd for sending requests is not a bad idea.. :)

Thanks
:)
Rob Morin
Montreal, Canada
On 2016-01-29 12:22 PM, José Queiroz wrote:


2016-01-29 13:58 GMT-02:00 Rob Morin <[hidden email]>:
I will try your suggestion on dev machine
Do you use or know of a tool that i can use to simulate dhcp request for testing on my dev machine?


A virtual machine with a Linux LiveCD may do what you need. If you're using Ubuntu, you may run it with VirtualBox from the dev machine, itself.
If you're used to GNS3 (www.gns3.net), you may create a tiny virtual host with VPCS that just requests DHCP, pings and traceroute to destinations. 



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Chris Buxton
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Chris Buxton
In reply to this post by Rob Morin
If you should go back to using failover, you should increase max-unacked-updates from its default of 10 to a more sane value like 1000.

Regards,
Chris

Sent from my iPhone

On Jan 29, 2016, at 7:58 AM, Rob Morin <[hidden email]> wrote:

Hey Denis, thanks for the response...

I was just using apt to install isc-dchp server on ubuntu 14.04
Server is quad core xeon with 8 gigs of ram with a software raid 1 disks

But maybe i should consider your way...

I was just doing some testing using a ramdisk for the /var/lib/dhcp/dchpd.leases files

Our leases are short for special reasons... 20 minutes

so on a dev machine i created a ramdisk of 2 gigs, and backup the leases files to  a hard disk each 5 mins, and on restart the /etc/init/isc-dhcp-server.conf will  copy the files from backup to /ramdisk  then start dhcp

on dev it works fine... but i may consider your way now...

we tend to shy away from compiling stuff.. :(

Even after 24 hours after start of  the peer never came out of recovery mode, not sure why..

Currently we made dhcp-2 a standalone server and it currently has 217335 leases in it, but i will need to double that at least in coming weeks..

Server is currently ....

top - 10:55:08 up 22:55,  2 users,  load average: 2.00, 1.99, 1.93
Tasks: 116 total,   1 running, 115 sleeping,   0 stopped,   0 zombie
%Cpu0  :  0.9 us,  0.5 sy,  0.0 ni, 25.8 id, 72.8 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu1  :  1.4 us,  0.5 sy,  0.0 ni, 74.3 id, 23.4 wa,  0.0 hi,  0.5 si,  0.0 st
%Cpu2  :  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu3  :  0.5 us,  0.0 sy,  0.0 ni, 99.5 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:   8092320 total,  5007076 used,  3085244 free,   164496 buffers
KiB Swap:  7810044 total,        0 used,  7810044 free.  4129916 cached Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                                                                                                 
12979 root      20   0  565060 559220   2524 D   2.3  6.9  15:08.17 dhcpd                                                                                                                                                                   
 1713 syslog    20   0  255848   2924   2428 S   0.9  0.0   3:16.05 rsyslogd                                                                                                                                                                
  215 root      20   0       0      0      0 S   0.5  0.0   2:00.89 jbd2/md2-8                                                                                                                                                              
  412 root       0 -20       0      0      0 S   0.5  0.0   1:13.95 kworker/0:1H                                                                                                                                                            
14300 root      20   0       0      0      0 S   0.5  0.0   0:41.33 kworker/0:2                                                                                                                                                             
    1 root      20   0   33620   4284   2824 S   0.0  0.1   0:01.19 init      

I will try your suggestion on dev machine
Do you use or know of a tool that i can use to simulate dhcp request for testing on my dev machine?

Thanks for your help!
Rob Morin
Montreal, Canada
 
CE COURRIEL AINSI QUE CES DOCUMENTS JOINTS peuvent contenir des renseignements confidentiels et privilégiés. Si vous n’êtes pas le destinataire désigné, veuillez nous en informer immédiatement et effacer toute copie. Merci.
THIS EMAIL AND THE DOCUMENTS ATTACHED may contain privileged or confidential information. If the reader of this message is not the intended recipient, please notify the sender immediately and delete the original message. Thank you.
On 2016-01-29 9:58 AM, Denis Laventure wrote:

Hi Rob,

 

I can't help for issue on your interface problem but I think I can help with the performance.

 

I used to have performance problem with my failover setup and someone at ISC told me to change some value in the code to get debug information about memory usage.

 

Add this to the file "includes/dhcpd.h"

#if !defined (REPORT_HASH_PERFORMANCE)

# define REPORT_HASH_PERFORMANCE 1

#endif

 

Compile and start the daemon and you should get something like this on screen and in the log:

 

dhcpd: DHCP name hash: Contents/Size (%): 106/401 (26%). Min/max: 0/2

dhcpd: DHCP code hash: Contents/Size (%): 106/254 (41%). Min/max: 0/1

dhcpd: NWIP name hash: Contents/Size (%): 11/17 (64%). Min/max: 0/2

dhcpd: NWIP code hash: Contents/Size (%): 11/17 (64%). Min/max: 0/1

dhcpd: FQDN name hash: Contents/Size (%): 8/13 (61%). Min/max: 0/2

dhcpd: FQDN code hash: Contents/Size (%): 8/13 (61%). Min/max: 0/1

dhcpd: VIVCO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVCO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: ISC name hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: ISC code hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: Relay Agent name hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Relay Agent code hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Server-Config Option name hash: Contents/Size (%): 67/136 (49%). Min/max: 0/4

dhcpd: Server-Config Option code hash: Contents/Size (%): 67/136 (49%). Min/max: 0/1

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: Config file: /dhcpd/dhcpd.conf

dhcpd: Database file: /dhcpd/dhcpd.leases

dhcpd: PID file: /var/run/dhcpd.pid

dhcpd: Wrote 0 class decls to leases file.

dhcpd: Wrote 0 deleted host decls to leases file.

dhcpd: Wrote 0 new dynamic host decls to leases file.

dhcpd: Wrote 48578 leases to leases file.

dhcpd: Host HW hash:   Contents/Size (%): 1420/22501 (6%). Min/max: 0/4

dhcpd: Host UID hash:  No table.

dhcpd: Lease IP hash:  Contents/Size (%): 70324/100003 (70%). Min/max: 0/5

dhcpd: Lease UID hash: Contents/Size (%): 8708/100003 (8%). Min/max: 0/3

dhcpd: Lease HW hash:  Contents/Size (%): 9036/100003 (9%). Min/max: 0/3

 

"Lease IP hash" is where you should look.

 

By default the server use a lease hash size value of 100003. I had over 350000 leases so I was exceeding that value and the server was very slow to start.

 

To change the size you must edit the file "includes/dhcpd.h" and find LEASE_HASH_SIZE and replace the value. This value must be a prime number (I used 400009).

 

-# define LEASE_HASH_SIZE       100003

+# define LEASE_HASH_SIZE       400009

 

Compile and start again. That was the answer for me.

 

One other thing with the failover setup, the peer will always be in recover state when starting for the duration of the "MCLT" (time in second) in your failover definition (1800 in your case), so it will be in recover start for 30 minutes. I use 300 (5 minutes).

 

Le texte aurait été plus facile à écrire en français mais comme la liste est en anglais et que ça peut aider d'autres personnes alors je me suis forcé. En espérant que ce soit clair pour toi !

 

Denis Laventure

Université du Québec à Chicoutimi

 

 

 

De : [hidden email] [[hidden email]] De la part de Rob Morin
Envoyé : 27 janvier 2016 20:12
À : [hidden email]
Objet : ISC-dhcp subnet limit?

 

Hello all, my first post here, so please be gentle J

 

I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)

 

We are having a few issues, and I cannot seem to figure out whats going on. I have a few questions, maybe someone can help me with.

 

Is there a max limit to how many subnets can be used in the pools? As currently we are using just over 6000 subnets

Currently our secondary dhcp-server is always in recovery mode, not sure why?

Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?

 

My primary server /etc/dhcpd.conf file

 

authoritative;

log-facility local7;

option domain-name "dyn";

option domain-name-servers 172.30.64.210, 172.30.64.220;

default-lease-time 1200;

max-lease-time 3600; # 1h

include "/etc/dhcp/dhcpd_pools.conf";

# Include the primary configuration

include "/etc/dhcp/dhcpd_primary.conf";

 

 

/etc/dhcp/dhcpd_primary has the following

                              ## PRIMARY

failover peer "tdl-dhcp-failover" {

  primary; # declare this to be the primary server

               address 172.30.128.9;

               port 647;

  peer address 172.30.128.10;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}

 

Exert from dhcpd_pools file, starts like this….

                             

subnet 10.32.0.0 netmask 255.255.255.0 {

  option routers 10.32.0.1;

  pool {

        failover peer "dhcp-failover";

        range 10.32.0.5 10.32.0.254;

  }

}

 

And finishes like this, with all the subnets in between…

 

subnet 10.57.255.0 netmask 255.255.255.0 {

  option routers 10.57.255.1;

  pool {

        failover peer "dhcp-failover";

        range 10.57.255.5 10.57.255.254;

  }

}

 

 

Example Exert from logs on both serves of a client that could not get an IP


from dhcp-1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 

from dhcp-2 
Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 
Jan 27 18:54:04 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 

 

Never see the ACK.

 

Any suggestion would be greatly appreciated.. :

 

Thanks…

 

Rob

Montreal Canada

 



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Morin
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Rob Morin
In reply to this post by Denis Laventure
SO i will try this tonight at 2am and see if it works...

Thanks again for the tip!
Rob Morin
Montreal, Canada
On 2016-01-29 9:58 AM, Denis Laventure wrote:

Hi Rob,

 

I can't help for issue on your interface problem but I think I can help with the performance.

 

I used to have performance problem with my failover setup and someone at ISC told me to change some value in the code to get debug information about memory usage.

 

Add this to the file "includes/dhcpd.h"

#if !defined (REPORT_HASH_PERFORMANCE)

# define REPORT_HASH_PERFORMANCE 1

#endif

 

Compile and start the daemon and you should get something like this on screen and in the log:

 

dhcpd: DHCP name hash: Contents/Size (%): 106/401 (26%). Min/max: 0/2

dhcpd: DHCP code hash: Contents/Size (%): 106/254 (41%). Min/max: 0/1

dhcpd: NWIP name hash: Contents/Size (%): 11/17 (64%). Min/max: 0/2

dhcpd: NWIP code hash: Contents/Size (%): 11/17 (64%). Min/max: 0/1

dhcpd: FQDN name hash: Contents/Size (%): 8/13 (61%). Min/max: 0/2

dhcpd: FQDN code hash: Contents/Size (%): 8/13 (61%). Min/max: 0/1

dhcpd: VIVCO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVCO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: ISC name hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: ISC code hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: Relay Agent name hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Relay Agent code hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Server-Config Option name hash: Contents/Size (%): 67/136 (49%). Min/max: 0/4

dhcpd: Server-Config Option code hash: Contents/Size (%): 67/136 (49%). Min/max: 0/1

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: Config file: /dhcpd/dhcpd.conf

dhcpd: Database file: /dhcpd/dhcpd.leases

dhcpd: PID file: /var/run/dhcpd.pid

dhcpd: Wrote 0 class decls to leases file.

dhcpd: Wrote 0 deleted host decls to leases file.

dhcpd: Wrote 0 new dynamic host decls to leases file.

dhcpd: Wrote 48578 leases to leases file.

dhcpd: Host HW hash:   Contents/Size (%): 1420/22501 (6%). Min/max: 0/4

dhcpd: Host UID hash:  No table.

dhcpd: Lease IP hash:  Contents/Size (%): 70324/100003 (70%). Min/max: 0/5

dhcpd: Lease UID hash: Contents/Size (%): 8708/100003 (8%). Min/max: 0/3

dhcpd: Lease HW hash:  Contents/Size (%): 9036/100003 (9%). Min/max: 0/3

 

"Lease IP hash" is where you should look.

 

By default the server use a lease hash size value of 100003. I had over 350000 leases so I was exceeding that value and the server was very slow to start.

 

To change the size you must edit the file "includes/dhcpd.h" and find LEASE_HASH_SIZE and replace the value. This value must be a prime number (I used 400009).

 

-# define LEASE_HASH_SIZE       100003

+# define LEASE_HASH_SIZE       400009

 

Compile and start again. That was the answer for me.

 

One other thing with the failover setup, the peer will always be in recover state when starting for the duration of the "MCLT" (time in second) in your failover definition (1800 in your case), so it will be in recover start for 30 minutes. I use 300 (5 minutes).

 

Le texte aurait été plus facile à écrire en français mais comme la liste est en anglais et que ça peut aider d'autres personnes alors je me suis forcé. En espérant que ce soit clair pour toi !

 

Denis Laventure

Université du Québec à Chicoutimi

 

 

 

De : [hidden email] [[hidden email]] De la part de Rob Morin
Envoyé : 27 janvier 2016 20:12
À : [hidden email]
Objet : ISC-dhcp subnet limit?

 

Hello all, my first post here, so please be gentle J

 

I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)

 

We are having a few issues, and I cannot seem to figure out whats going on. I have a few questions, maybe someone can help me with.

 

Is there a max limit to how many subnets can be used in the pools? As currently we are using just over 6000 subnets

Currently our secondary dhcp-server is always in recovery mode, not sure why?

Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?

 

My primary server /etc/dhcpd.conf file

 

authoritative;

log-facility local7;

option domain-name "dyn";

option domain-name-servers 172.30.64.210, 172.30.64.220;

default-lease-time 1200;

max-lease-time 3600; # 1h

include "/etc/dhcp/dhcpd_pools.conf";

# Include the primary configuration

include "/etc/dhcp/dhcpd_primary.conf";

 

 

/etc/dhcp/dhcpd_primary has the following

                              ## PRIMARY

failover peer "tdl-dhcp-failover" {

  primary; # declare this to be the primary server

               address 172.30.128.9;

               port 647;

  peer address 172.30.128.10;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}

 

Exert from dhcpd_pools file, starts like this….

                             

subnet 10.32.0.0 netmask 255.255.255.0 {

  option routers 10.32.0.1;

  pool {

        failover peer "dhcp-failover";

        range 10.32.0.5 10.32.0.254;

  }

}

 

And finishes like this, with all the subnets in between…

 

subnet 10.57.255.0 netmask 255.255.255.0 {

  option routers 10.57.255.1;

  pool {

        failover peer "dhcp-failover";

        range 10.57.255.5 10.57.255.254;

  }

}

 

 

Example Exert from logs on both serves of a client that could not get an IP


from dhcp-1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 

from dhcp-2 
Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 
Jan 27 18:54:04 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 

 

Never see the ACK.

 

Any suggestion would be greatly appreciated.. :

 

Thanks…

 

Rob

Montreal Canada

 



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Morin
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Rob Morin
In reply to this post by Denis Laventure
Would a too low lease_hash prevent users from getting a lease or IP at a certain point? I had this issue last night where i was running on stock apt-get install and after we moved one more controller to that server , people started not being able to get leases....

With the increase of lease_has after a restart i get this

Feb  4 13:41:49 localhost dhcpd: Lease IP hash:  Contents/Size (%): 1664250/400009 (416%). Min/max: 3/5
Feb  4 13:41:49 localhost dhcpd: Lease UID hash: Contents/Size (%): 0/400009 (0%). Min/max: 0/0
Feb  4 13:41:49 localhost dhcpd: Lease HW hash:  Contents/Size (%): 0/400009 (0%). Min/max: 0/0
Feb  4 13:41:49 localhost dhcpd: Server starting service.

So i should up it until i have space?? 
Rob Morin
Gestionnaire des systèmes | Senior Systems Administrator
Tel: 514 385-4448 #174                         
DATAVALET.COM
5275, chemin Queen-Mary, Montréal (Québec) H3W 1Y3 Canada
 
CE COURRIEL AINSI QUE CES DOCUMENTS JOINTS peuvent contenir des renseignements confidentiels et privilégiés. Si vous n’êtes pas le destinataire désigné, veuillez nous en informer immédiatement et effacer toute copie. Merci.
THIS EMAIL AND THE DOCUMENTS ATTACHED may contain privileged or confidential information. If the reader of this message is not the intended recipient, please notify the sender immediately and delete the original message. Thank you.
On 2016-01-29 9:58 AM, Denis Laventure wrote:

Hi Rob,

 

I can't help for issue on your interface problem but I think I can help with the performance.

 

I used to have performance problem with my failover setup and someone at ISC told me to change some value in the code to get debug information about memory usage.

 

Add this to the file "includes/dhcpd.h"

#if !defined (REPORT_HASH_PERFORMANCE)

# define REPORT_HASH_PERFORMANCE 1

#endif

 

Compile and start the daemon and you should get something like this on screen and in the log:

 

dhcpd: DHCP name hash: Contents/Size (%): 106/401 (26%). Min/max: 0/2

dhcpd: DHCP code hash: Contents/Size (%): 106/254 (41%). Min/max: 0/1

dhcpd: NWIP name hash: Contents/Size (%): 11/17 (64%). Min/max: 0/2

dhcpd: NWIP code hash: Contents/Size (%): 11/17 (64%). Min/max: 0/1

dhcpd: FQDN name hash: Contents/Size (%): 8/13 (61%). Min/max: 0/2

dhcpd: FQDN code hash: Contents/Size (%): 8/13 (61%). Min/max: 0/1

dhcpd: VIVCO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVCO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: ISC name hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: ISC code hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: Relay Agent name hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Relay Agent code hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Server-Config Option name hash: Contents/Size (%): 67/136 (49%). Min/max: 0/4

dhcpd: Server-Config Option code hash: Contents/Size (%): 67/136 (49%). Min/max: 0/1

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: Config file: /dhcpd/dhcpd.conf

dhcpd: Database file: /dhcpd/dhcpd.leases

dhcpd: PID file: /var/run/dhcpd.pid

dhcpd: Wrote 0 class decls to leases file.

dhcpd: Wrote 0 deleted host decls to leases file.

dhcpd: Wrote 0 new dynamic host decls to leases file.

dhcpd: Wrote 48578 leases to leases file.

dhcpd: Host HW hash:   Contents/Size (%): 1420/22501 (6%). Min/max: 0/4

dhcpd: Host UID hash:  No table.

dhcpd: Lease IP hash:  Contents/Size (%): 70324/100003 (70%). Min/max: 0/5

dhcpd: Lease UID hash: Contents/Size (%): 8708/100003 (8%). Min/max: 0/3

dhcpd: Lease HW hash:  Contents/Size (%): 9036/100003 (9%). Min/max: 0/3

 

"Lease IP hash" is where you should look.

 

By default the server use a lease hash size value of 100003. I had over 350000 leases so I was exceeding that value and the server was very slow to start.

 

To change the size you must edit the file "includes/dhcpd.h" and find LEASE_HASH_SIZE and replace the value. This value must be a prime number (I used 400009).

 

-# define LEASE_HASH_SIZE       100003

+# define LEASE_HASH_SIZE       400009

 

Compile and start again. That was the answer for me.

 

One other thing with the failover setup, the peer will always be in recover state when starting for the duration of the "MCLT" (time in second) in your failover definition (1800 in your case), so it will be in recover start for 30 minutes. I use 300 (5 minutes).

 

Le texte aurait été plus facile à écrire en français mais comme la liste est en anglais et que ça peut aider d'autres personnes alors je me suis forcé. En espérant que ce soit clair pour toi !

 

Denis Laventure

Université du Québec à Chicoutimi

 

 

 

De : [hidden email] [[hidden email]] De la part de Rob Morin
Envoyé : 27 janvier 2016 20:12
À : [hidden email]
Objet : ISC-dhcp subnet limit?

 

Hello all, my first post here, so please be gentle J

 

I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)

 

We are having a few issues, and I cannot seem to figure out whats going on. I have a few questions, maybe someone can help me with.

 

Is there a max limit to how many subnets can be used in the pools? As currently we are using just over 6000 subnets

Currently our secondary dhcp-server is always in recovery mode, not sure why?

Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?

 

My primary server /etc/dhcpd.conf file

 

authoritative;

log-facility local7;

option domain-name "dyn";

option domain-name-servers 172.30.64.210, 172.30.64.220;

default-lease-time 1200;

max-lease-time 3600; # 1h

include "/etc/dhcp/dhcpd_pools.conf";

# Include the primary configuration

include "/etc/dhcp/dhcpd_primary.conf";

 

 

/etc/dhcp/dhcpd_primary has the following

                              ## PRIMARY

failover peer "tdl-dhcp-failover" {

  primary; # declare this to be the primary server

               address 172.30.128.9;

               port 647;

  peer address 172.30.128.10;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}

 

Exert from dhcpd_pools file, starts like this….

                             

subnet 10.32.0.0 netmask 255.255.255.0 {

  option routers 10.32.0.1;

  pool {

        failover peer "dhcp-failover";

        range 10.32.0.5 10.32.0.254;

  }

}

 

And finishes like this, with all the subnets in between…

 

subnet 10.57.255.0 netmask 255.255.255.0 {

  option routers 10.57.255.1;

  pool {

        failover peer "dhcp-failover";

        range 10.57.255.5 10.57.255.254;

  }

}

 

 

Example Exert from logs on both serves of a client that could not get an IP


from dhcp-1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 

from dhcp-2 
Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 
Jan 27 18:54:04 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 

 

Never see the ACK.

 

Any suggestion would be greatly appreciated.. :

 

Thanks…

 

Rob

Montreal Canada

 



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Denis Laventure
Reply | Threaded
Open this post in threaded view
|

RE: ISC-dhcp subnet limit?

Denis Laventure

Hi Rob,

 

I don’t remember having any problem with someone not getting a lease. If that was the case, the stock apt-get version would have done the same thing with the default value anyway.

 

I think you should have a number under 100% so yeah I would up that number (find a prime number above 1664250). A value that high will probably impact the memory used by the daemon.

 

Denis

 

De : [hidden email] [mailto:[hidden email]] De la part de Rob Morin
Envoyé : 4 février 2016 13:44
À : Users of ISC DHCP <[hidden email]>
Objet : Re: ISC-dhcp subnet limit?

 

Would a too low lease_hash prevent users from getting a lease or IP at a certain point? I had this issue last night where i was running on stock apt-get install and after we moved one more controller to that server , people started not being able to get leases....

With the increase of lease_has after a restart i get this

Feb  4 13:41:49 localhost dhcpd: Lease IP hash:  Contents/Size (%): 1664250/400009 (416%). Min/max: 3/5
Feb  4 13:41:49 localhost dhcpd: Lease UID hash: Contents/Size (%): 0/400009 (0%). Min/max: 0/0
Feb  4 13:41:49 localhost dhcpd: Lease HW hash:  Contents/Size (%): 0/400009 (0%). Min/max: 0/0
Feb  4 13:41:49 localhost dhcpd: Server starting service.

So i should up it until i have space?? 

Rob Morin
Gestionnaire des systèmes | Senior Systems Administrator
Tel: 514 385-4448 #174                         
DATAVALET.COM
5275, chemin Queen-Mary, Montréal (Québec) H3W 1Y3 Canada
 
CE COURRIEL AINSI QUE CES DOCUMENTS JOINTS peuvent contenir des renseignements confidentiels et privilégiés. Si vous n’êtes pas le destinataire désigné, veuillez nous en informer immédiatement et effacer toute copie. Merci.
THIS EMAIL AND THE DOCUMENTS ATTACHED may contain privileged or confidential information. If the reader of this message is not the intended recipient, please notify the sender immediately and delete the original message. Thank you.
 

On 2016-01-29 9:58 AM, Denis Laventure wrote:

Hi Rob,

 

I can't help for issue on your interface problem but I think I can help with the performance.

 

I used to have performance problem with my failover setup and someone at ISC told me to change some value in the code to get debug information about memory usage.

 

Add this to the file "includes/dhcpd.h"

#if !defined (REPORT_HASH_PERFORMANCE)

# define REPORT_HASH_PERFORMANCE 1

#endif

 

Compile and start the daemon and you should get something like this on screen and in the log:

 

dhcpd: DHCP name hash: Contents/Size (%): 106/401 (26%). Min/max: 0/2

dhcpd: DHCP code hash: Contents/Size (%): 106/254 (41%). Min/max: 0/1

dhcpd: NWIP name hash: Contents/Size (%): 11/17 (64%). Min/max: 0/2

dhcpd: NWIP code hash: Contents/Size (%): 11/17 (64%). Min/max: 0/1

dhcpd: FQDN name hash: Contents/Size (%): 8/13 (61%). Min/max: 0/2

dhcpd: FQDN code hash: Contents/Size (%): 8/13 (61%). Min/max: 0/1

dhcpd: VIVCO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVCO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: ISC name hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: ISC code hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: Relay Agent name hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Relay Agent code hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Server-Config Option name hash: Contents/Size (%): 67/136 (49%). Min/max: 0/4

dhcpd: Server-Config Option code hash: Contents/Size (%): 67/136 (49%). Min/max: 0/1

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: Config file: /dhcpd/dhcpd.conf

dhcpd: Database file: /dhcpd/dhcpd.leases

dhcpd: PID file: /var/run/dhcpd.pid

dhcpd: Wrote 0 class decls to leases file.

dhcpd: Wrote 0 deleted host decls to leases file.

dhcpd: Wrote 0 new dynamic host decls to leases file.

dhcpd: Wrote 48578 leases to leases file.

dhcpd: Host HW hash:   Contents/Size (%): 1420/22501 (6%). Min/max: 0/4

dhcpd: Host UID hash:  No table.

dhcpd: Lease IP hash:  Contents/Size (%): 70324/100003 (70%). Min/max: 0/5

dhcpd: Lease UID hash: Contents/Size (%): 8708/100003 (8%). Min/max: 0/3

dhcpd: Lease HW hash:  Contents/Size (%): 9036/100003 (9%). Min/max: 0/3

 

"Lease IP hash" is where you should look.

 

By default the server use a lease hash size value of 100003. I had over 350000 leases so I was exceeding that value and the server was very slow to start.

 

To change the size you must edit the file "includes/dhcpd.h" and find LEASE_HASH_SIZE and replace the value. This value must be a prime number (I used 400009).

 

-# define LEASE_HASH_SIZE       100003

+# define LEASE_HASH_SIZE       400009

 

Compile and start again. That was the answer for me.

 

One other thing with the failover setup, the peer will always be in recover state when starting for the duration of the "MCLT" (time in second) in your failover definition (1800 in your case), so it will be in recover start for 30 minutes. I use 300 (5 minutes).

 

Le texte aurait été plus facile à écrire en français mais comme la liste est en anglais et que ça peut aider d'autres personnes alors je me suis forcé. En espérant que ce soit clair pour toi !

 

Denis Laventure

Université du Québec à Chicoutimi

 

 

 

De : [hidden email] [[hidden email]] De la part de Rob Morin
Envoyé : 27 janvier 2016 20:12
À : [hidden email]
Objet : ISC-dhcp subnet limit?

 

Hello all, my first post here, so please be gentle J

 

I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)

 

We are having a few issues, and I cannot seem to figure out whats going on. I have a few questions, maybe someone can help me with.

 

Is there a max limit to how many subnets can be used in the pools? As currently we are using just over 6000 subnets

Currently our secondary dhcp-server is always in recovery mode, not sure why?

Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?

 

My primary server /etc/dhcpd.conf file

 

authoritative;

log-facility local7;

option domain-name "dyn";

option domain-name-servers 172.30.64.210, 172.30.64.220;

default-lease-time 1200;

max-lease-time 3600; # 1h

include "/etc/dhcp/dhcpd_pools.conf";

# Include the primary configuration

include "/etc/dhcp/dhcpd_primary.conf";

 

 

/etc/dhcp/dhcpd_primary has the following

                              ## PRIMARY

failover peer "tdl-dhcp-failover" {

  primary; # declare this to be the primary server

               address 172.30.128.9;

               port 647;

  peer address 172.30.128.10;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}

 

Exert from dhcpd_pools file, starts like this….

                             

subnet 10.32.0.0 netmask 255.255.255.0 {

  option routers 10.32.0.1;

  pool {

        failover peer "dhcp-failover";

        range 10.32.0.5 10.32.0.254;

  }

}

 

And finishes like this, with all the subnets in between…

 

subnet 10.57.255.0 netmask 255.255.255.0 {

  option routers 10.57.255.1;

  pool {

        failover peer "dhcp-failover";

        range 10.57.255.5 10.57.255.254;

  }

}

 

 

Example Exert from logs on both serves of a client that could not get an IP


from dhcp-1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 

from dhcp-2 
Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 
Jan 27 18:54:04 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 

 

Never see the ACK.

 

Any suggestion would be greatly appreciated.. :

 

Thanks…

 

Rob

Montreal Canada

 

 


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Morin
Reply | Threaded
Open this post in threaded view
|

Re: ISC-dhcp subnet limit?

Rob Morin
Thanks for the quick reply Denis..

So i found a number which seems to be ok, I have 8 gigs of ram on that dhcp server... at its current full tilt it uses 4

Feb  4 13:59:05 localhost dhcpd: Lease IP hash:  Contents/Size (%): 1664250/1800017 (92%). Min/max: 0/2
Feb  4 13:59:05 localhost dhcpd: Lease UID hash: Contents/Size (%): 0/1800017 (0%). Min/max: 0/0
Feb  4 13:59:05 localhost dhcpd: Lease HW hash:  Contents/Size (%): 0/1800017 (0%). Min/max: 0/0

What do you think?

Rob Morin
Montreal, Canada
On 2016-02-04 1:50 PM, Denis Laventure wrote:

Hi Rob,

 

I don’t remember having any problem with someone not getting a lease. If that was the case, the stock apt-get version would have done the same thing with the default value anyway.

 

I think you should have a number under 100% so yeah I would up that number (find a prime number above 1664250). A value that high will probably impact the memory used by the daemon.

 

Denis

 

De : [hidden email] [[hidden email]] De la part de Rob Morin
Envoyé : 4 février 2016 13:44
À : Users of ISC DHCP [hidden email]
Objet : Re: ISC-dhcp subnet limit?

 

Would a too low lease_hash prevent users from getting a lease or IP at a certain point? I had this issue last night where i was running on stock apt-get install and after we moved one more controller to that server , people started not being able to get leases....

With the increase of lease_has after a restart i get this

Feb  4 13:41:49 localhost dhcpd: Lease IP hash:  Contents/Size (%): 1664250/400009 (416%). Min/max: 3/5
Feb  4 13:41:49 localhost dhcpd: Lease UID hash: Contents/Size (%): 0/400009 (0%). Min/max: 0/0
Feb  4 13:41:49 localhost dhcpd: Lease HW hash:  Contents/Size (%): 0/400009 (0%). Min/max: 0/0
Feb  4 13:41:49 localhost dhcpd: Server starting service.

So i should up it until i have space?? 

Rob Morin
Gestionnaire des systèmes | Senior Systems Administrator
Tel: 514 385-4448 #174                         
DATAVALET.COM
5275, chemin Queen-Mary, Montréal (Québec) H3W 1Y3 Canada
 
CE COURRIEL AINSI QUE CES DOCUMENTS JOINTS peuvent contenir des renseignements confidentiels et privilégiés. Si vous n’êtes pas le destinataire désigné, veuillez nous en informer immédiatement et effacer toute copie. Merci.
THIS EMAIL AND THE DOCUMENTS ATTACHED may contain privileged or confidential information. If the reader of this message is not the intended recipient, please notify the sender immediately and delete the original message. Thank you.
 

On 2016-01-29 9:58 AM, Denis Laventure wrote:

Hi Rob,

 

I can't help for issue on your interface problem but I think I can help with the performance.

 

I used to have performance problem with my failover setup and someone at ISC told me to change some value in the code to get debug information about memory usage.

 

Add this to the file "includes/dhcpd.h"

#if !defined (REPORT_HASH_PERFORMANCE)

# define REPORT_HASH_PERFORMANCE 1

#endif

 

Compile and start the daemon and you should get something like this on screen and in the log:

 

dhcpd: DHCP name hash: Contents/Size (%): 106/401 (26%). Min/max: 0/2

dhcpd: DHCP code hash: Contents/Size (%): 106/254 (41%). Min/max: 0/1

dhcpd: NWIP name hash: Contents/Size (%): 11/17 (64%). Min/max: 0/2

dhcpd: NWIP code hash: Contents/Size (%): 11/17 (64%). Min/max: 0/1

dhcpd: FQDN name hash: Contents/Size (%): 8/13 (61%). Min/max: 0/2

dhcpd: FQDN code hash: Contents/Size (%): 8/13 (61%). Min/max: 0/1

dhcpd: VIVCO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVCO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO name hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: VIVSO code hash: Contents/Size (%): 1/127 (0%). Min/max: 0/1

dhcpd: ISC name hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: ISC code hash: Contents/Size (%): 2/3 (66%). Min/max: 0/1

dhcpd: Relay Agent name hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Relay Agent code hash: Contents/Size (%): 5/11 (45%). Min/max: 0/1

dhcpd: Server-Config Option name hash: Contents/Size (%): 67/136 (49%). Min/max: 0/4

dhcpd: Server-Config Option code hash: Contents/Size (%): 67/136 (49%). Min/max: 0/1

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: data: hardware: no raw packet or lease is available

dhcpd: Config file: /dhcpd/dhcpd.conf

dhcpd: Database file: /dhcpd/dhcpd.leases

dhcpd: PID file: /var/run/dhcpd.pid

dhcpd: Wrote 0 class decls to leases file.

dhcpd: Wrote 0 deleted host decls to leases file.

dhcpd: Wrote 0 new dynamic host decls to leases file.

dhcpd: Wrote 48578 leases to leases file.

dhcpd: Host HW hash:   Contents/Size (%): 1420/22501 (6%). Min/max: 0/4

dhcpd: Host UID hash:  No table.

dhcpd: Lease IP hash:  Contents/Size (%): 70324/100003 (70%). Min/max: 0/5

dhcpd: Lease UID hash: Contents/Size (%): 8708/100003 (8%). Min/max: 0/3

dhcpd: Lease HW hash:  Contents/Size (%): 9036/100003 (9%). Min/max: 0/3

 

"Lease IP hash" is where you should look.

 

By default the server use a lease hash size value of 100003. I had over 350000 leases so I was exceeding that value and the server was very slow to start.

 

To change the size you must edit the file "includes/dhcpd.h" and find LEASE_HASH_SIZE and replace the value. This value must be a prime number (I used 400009).

 

-# define LEASE_HASH_SIZE       100003

+# define LEASE_HASH_SIZE       400009

 

Compile and start again. That was the answer for me.

 

One other thing with the failover setup, the peer will always be in recover state when starting for the duration of the "MCLT" (time in second) in your failover definition (1800 in your case), so it will be in recover start for 30 minutes. I use 300 (5 minutes).

 

Le texte aurait été plus facile à écrire en français mais comme la liste est en anglais et que ça peut aider d'autres personnes alors je me suis forcé. En espérant que ce soit clair pour toi !

 

Denis Laventure

Université du Québec à Chicoutimi

 

 

 

De : [hidden email] [[hidden email]] De la part de Rob Morin
Envoyé : 27 janvier 2016 20:12
À : [hidden email]
Objet : ISC-dhcp subnet limit?

 

Hello all, my first post here, so please be gentle J

 

I have inherited 2 dhcp servers, one primary(dhcp-1) & one secondary(dhcp-2) running isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)

 

We are having a few issues, and I cannot seem to figure out whats going on. I have a few questions, maybe someone can help me with.

 

Is there a max limit to how many subnets can be used in the pools? As currently we are using just over 6000 subnets

Currently our secondary dhcp-server is always in recovery mode, not sure why?

Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?

 

My primary server /etc/dhcpd.conf file

 

authoritative;

log-facility local7;

option domain-name "dyn";

option domain-name-servers 172.30.64.210, 172.30.64.220;

default-lease-time 1200;

max-lease-time 3600; # 1h

include "/etc/dhcp/dhcpd_pools.conf";

# Include the primary configuration

include "/etc/dhcp/dhcpd_primary.conf";

 

 

/etc/dhcp/dhcpd_primary has the following

                              ## PRIMARY

failover peer "tdl-dhcp-failover" {

  primary; # declare this to be the primary server

               address 172.30.128.9;

               port 647;

  peer address 172.30.128.10;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}

 

Exert from dhcpd_pools file, starts like this….

                             

subnet 10.32.0.0 netmask 255.255.255.0 {

  option routers 10.32.0.1;

  pool {

        failover peer "dhcp-failover";

        range 10.32.0.5 10.32.0.254;

  }

}

 

And finishes like this, with all the subnets in between…

 

subnet 10.57.255.0 netmask 255.255.255.0 {

  option routers 10.57.255.1;

  pool {

        failover peer "dhcp-failover";

        range 10.57.255.5 10.57.255.254;

  }

}

 

 

Example Exert from logs on both serves of a client that could not get an IP


from dhcp-1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 
Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via 10.50.170.1 

from dhcp-2 
Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 
Jan 27 18:54:04 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all free leases 

 

Never see the ACK.

 

Any suggestion would be greatly appreciated.. :

 

Thanks…

 

Rob

Montreal Canada

 

 



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
12
Free forum by Nabble Edit this page