ISC DHCP Users

Re: failover issue?

Posted by Christian Bösch on
URL: http://isc-dhcp-users.193.s1.nabble.com/failover-issue-tp24p33.html


On 03 Apr 2015, at 14:30 , Bob Harold <[hidden email]> wrote:


On Fri, Apr 3, 2015 at 2:46 AM, Christian Bösch <[hidden email]> wrote:
sure below are the config snippets:
thanks for investigation,
chris

server1:

failover peer "dhcp-failover" {
  primary;
  address 10.10.40.21;
  port 647;
  peer address 10.10.40.22;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 1800;
  split 128;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}


server2:

failover peer "dhcp-failover" {
  secondary;
  address 10.10.40.22;
  port 647;
  peer address 10.10.40.21;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}

group {
  if exists agent.circuit-id
  {
    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
  }
  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
    ddns-updates off;
    default-lease-time 60;
    max-lease-time 120;
  }
  option domain-name-servers dns1.abc.net, dns2.abc.net;
  option subnet-mask 255.255.255.0;
  ddns-domainname "lan.abc.net";
  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
  option domain-name "lan.abc.net";
  subnet 172.21.166.0 netmask 255.255.255.0 {
    option routers 172.21.166.1;
    pool {
      failover peer "dhcp-failover";
      deny dynamic bootp clients;
      allow unknown-clients;
      default-lease-time 300;
      max-lease-time     600;
      range 172.21.166.5 172.21.166.254;
    }
  }
}

 
Check for the MAC address (3c:97:0e:b8:6d:40) being defined anywhere in the dhcpd.conf file.  If it has  "host" declaration, it is a "known" client and will fail the "allow unknown-clients" test.  Because you have an "allow" line, the default changes to "deny all others".  If you remove the "allow unknown-clients" line, the default will be "allow everyone" - please try that, at least temporarily, to see if it fixes the "peer holds all free leases" message.

The MAC was known through a subclass declaration. So it was exactly the case you mentioned above.


As an aside, perhaps "peer holds all free leases" should be reworded like "I don't have a lease that I am allowed to give you, but you could check with my peer in case it has different rules".   But in a failover setup it would seem odd for a peer to have a different set of rules.

Yes, a clearer error message would be nice…

Thanks,
Chris


 
On 02 Apr 2015, at 16:33 , Patrick Trapp <[hidden email]> wrote:

Can you share the config? You should generalize anything sensitive - whatever you post will be on the list forever...

From: [hidden email] [[hidden email]] on behalf of Christian Bösch [[hidden email]]
Sent: Thursday, April 02, 2015 5:52 AM
To: [hidden email]
Subject: failover issue?

Hi,

I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
Now I added some subnets (same config like the old working one) and in that
subnets I get on both servers:

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases


Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases
Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

But the pool seems to be well balanced:

Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25
Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Does anyone have an idea what could be the reason for that?
Thanks,
Chris

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users






_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Free forum by Nabble Edit this page