failover issue?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

failover issue?

Christian Bösch
Hi,

I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
Now I added some subnets (same config like the old working one) and in that
subnets I get on both servers:

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases


Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

But the pool seems to be well balanced:

Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Does anyone have an idea what could be the reason for that?
Thanks,
Chris



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

RE: failover issue?

Patrick Trapp
Can you share the config? You should generalize anything sensitive - whatever you post will be on the list forever...


From: [hidden email] [[hidden email]] on behalf of Christian Bösch [[hidden email]]
Sent: Thursday, April 02, 2015 5:52 AM
To: [hidden email]
Subject: failover issue?

Hi,

I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
Now I added some subnets (same config like the old working one) and in that
subnets I get on both servers:

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases


Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

But the pool seems to be well balanced:

Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Does anyone have an idea what could be the reason for that?
Thanks,
Chris



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: failover issue?

Bob Harold
In reply to this post by Christian Bösch
I have found that the "peer holds all free leases" is a catch-all that can also mean "it did not match the allow members of ... or some other restriction on the dhcp range".



--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
[hidden email]
734-647-6524 desk

On Thu, Apr 2, 2015 at 6:52 AM, Christian Bösch <[hidden email]> wrote:
Hi,

I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
Now I added some subnets (same config like the old working one) and in that
subnets I get on both servers:

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases


Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

But the pool seems to be well balanced:

Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Does anyone have an idea what could be the reason for that?
Thanks,
Chris



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: failover issue?

Christian Bösch
In reply to this post by Patrick Trapp
sure below are the config snippets:
thanks for investigation,
chris

server1:

failover peer "dhcp-failover" {
  primary;
  address 10.10.40.21;
  port 647;
  peer address 10.10.40.22;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 1800;
  split 128;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}


server2:

failover peer "dhcp-failover" {
  secondary;
  address 10.10.40.22;
  port 647;
  peer address 10.10.40.21;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}


On 02 Apr 2015, at 16:33 , Patrick Trapp <[hidden email]> wrote:

Can you share the config? You should generalize anything sensitive - whatever you post will be on the list forever...


From: [hidden email] [[hidden email]] on behalf of Christian Bösch [[hidden email]]
Sent: Thursday, April 02, 2015 5:52 AM
To: [hidden email]
Subject: failover issue?

Hi,

I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
Now I added some subnets (same config like the old working one) and in that
subnets I get on both servers:

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases


Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

But the pool seems to be well balanced:

Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Does anyone have an idea what could be the reason for that?
Thanks,
Chris


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users






_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: failover issue?

Bob Harold

On Fri, Apr 3, 2015 at 2:46 AM, Christian Bösch <[hidden email]> wrote:
sure below are the config snippets:
thanks for investigation,
chris

server1:

failover peer "dhcp-failover" {
  primary;
  address 10.10.40.21;
  port 647;
  peer address 10.10.40.22;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 1800;
  split 128;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}


server2:

failover peer "dhcp-failover" {
  secondary;
  address 10.10.40.22;
  port 647;
  peer address 10.10.40.21;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}

 
Check for the MAC address (3c:97:0e:b8:6d:40) being defined anywhere in the dhcpd.conf file.  If it has  "host" declaration, it is a "known" client and will fail the "allow unknown-clients" test.  Because you have an "allow" line, the default changes to "deny all others".  If you remove the "allow unknown-clients" line, the default will be "allow everyone" - please try that, at least temporarily, to see if it fixes the "peer holds all free leases" message.

As an aside, perhaps "peer holds all free leases" should be reworded like "I don't have a lease that I am allowed to give you, but you could check with my peer in case it has different rules".   But in a failover setup it would seem odd for a peer to have a different set of rules.
 
On 02 Apr 2015, at 16:33 , Patrick Trapp <[hidden email]> wrote:

Can you share the config? You should generalize anything sensitive - whatever you post will be on the list forever...


From: [hidden email] [[hidden email]] on behalf of Christian Bösch [[hidden email]]
Sent: Thursday, April 02, 2015 5:52 AM
To: [hidden email]
Subject: failover issue?

Hi,

I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
Now I added some subnets (same config like the old working one) and in that
subnets I get on both servers:

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases


Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

But the pool seems to be well balanced:

Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Does anyone have an idea what could be the reason for that?
Thanks,
Chris


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: failover issue?

Christian Bösch

On 03 Apr 2015, at 14:30 , Bob Harold <[hidden email]> wrote:


On Fri, Apr 3, 2015 at 2:46 AM, Christian Bösch <[hidden email]> wrote:
sure below are the config snippets:
thanks for investigation,
chris

server1:

failover peer "dhcp-failover" {
  primary;
  address 10.10.40.21;
  port 647;
  peer address 10.10.40.22;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 1800;
  split 128;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}


server2:

failover peer "dhcp-failover" {
  secondary;
  address 10.10.40.22;
  port 647;
  peer address 10.10.40.21;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}

 
Check for the MAC address (3c:97:0e:b8:6d:40) being defined anywhere in the dhcpd.conf file.  If it has  "host" declaration, it is a "known" client and will fail the "allow unknown-clients" test.  Because you have an "allow" line, the default changes to "deny all others".  If you remove the "allow unknown-clients" line, the default will be "allow everyone" - please try that, at least temporarily, to see if it fixes the "peer holds all free leases" message.

The MAC was known through a subclass declaration. So it was exactly the case you mentioned above.


As an aside, perhaps "peer holds all free leases" should be reworded like "I don't have a lease that I am allowed to give you, but you could check with my peer in case it has different rules".   But in a failover setup it would seem odd for a peer to have a different set of rules.

Yes, a clearer error message would be nice…

Thanks,
Chris


 
On 02 Apr 2015, at 16:33 , Patrick Trapp <[hidden email]> wrote:

Can you share the config? You should generalize anything sensitive - whatever you post will be on the list forever...


From: [hidden email] [[hidden email]] on behalf of Christian Bösch [[hidden email]]
Sent: Thursday, April 02, 2015 5:52 AM
To: [hidden email]
Subject: failover issue?

Hi,

I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
Now I added some subnets (same config like the old working one) and in that
subnets I get on both servers:

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases


Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

But the pool seems to be well balanced:

Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Does anyone have an idea what could be the reason for that?
Thanks,
Chris

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users






_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: failover issue?

Sten Carlsen


On 07/04/15 09.28, Christian Bösch wrote:

On 03 Apr 2015, at 14:30 , Bob Harold <[hidden email]> wrote:


On Fri, Apr 3, 2015 at 2:46 AM, Christian Bösch <[hidden email]> wrote:
sure below are the config snippets:
thanks for investigation,
chris

server1:

failover peer "dhcp-failover" {
  primary;
  address 10.10.40.21;
  port 647;
  peer address 10.10.40.22;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 1800;
  split 128;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}


server2:

failover peer "dhcp-failover" {
  secondary;
  address 10.10.40.22;
  port 647;
  peer address 10.10.40.21;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}

 
Check for the MAC address (3c:97:0e:b8:6d:40) being defined anywhere in the dhcpd.conf file.  If it has  "host" declaration, it is a "known" client and will fail the "allow unknown-clients" test.  Because you have an "allow" line, the default changes to "deny all others".  If you remove the "allow unknown-clients" line, the default will be "allow everyone" - please try that, at least temporarily, to see if it fixes the "peer holds all free leases" message.

The MAC was known through a subclass declaration. So it was exactly the case you mentioned above.
A subclass declaration does NOT make it a "known host" in that sense, it makes it a member of a class. It will still match unknown hosts, I have been bitten by that.


As an aside, perhaps "peer holds all free leases" should be reworded like "I don't have a lease that I am allowed to give you, but you could check with my peer in case it has different rules".   But in a failover setup it would seem odd for a peer to have a different set of rules.

Yes, a clearer error message would be nice…

Thanks,
Chris


 
On 02 Apr 2015, at 16:33 , Patrick Trapp <[hidden email]> wrote:

Can you share the config? You should generalize anything sensitive - whatever you post will be on the list forever...


From: [hidden email] [[hidden email]] on behalf of Christian Bösch [[hidden email]]
Sent: Thursday, April 02, 2015 5:52 AM
To: [hidden email]
Subject: failover issue?

Hi,

I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
Now I added some subnets (same config like the old working one) and in that
subnets I get on both servers:

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases


Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

But the pool seems to be well balanced:

Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Does anyone have an idea what could be the reason for that?
Thanks,
Chris

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users







_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users