On 03 Apr 2015, at 14:30 , Bob Harold <[hidden email]> wrote:

On Fri, Apr 3, 2015 at 2:46 AM, Christian Bösch <[hidden email]> wrote:

sure below are the config snippets:

thanks for investigation,

chris

—

server1:

failover peer "dhcp-failover" {

  primary;

  address 10.10.40.21;

  port 647;

  peer address 10.10.40.22;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

  mclt 1800;

  split 128;

}

group {

  if exists agent.circuit-id

  {

    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir

cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));

  }

  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {

    ddns-updates off;

    default-lease-time 60;

    max-lease-time 120;

  }

  option domain-name-servers dns1.abc.net, dns2.abc.net;

  option subnet-mask 255.255.255.0;

  ddns-domainname "lan.abc.net";

  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";

  option domain-name "lan.abc.net";

  subnet 172.21.166.0 netmask 255.255.255.0 {

    option routers 172.21.166.1;

    pool {

      failover peer "dhcp-failover";

      deny dynamic bootp clients;

      allow unknown-clients;

      default-lease-time 300;

      max-lease-time     600;

      range 172.21.166.5 172.21.166.254;

    }

  }

}

server2:

failover peer "dhcp-failover" {

  secondary;

  address 10.10.40.22;

  port 647;

  peer address 10.10.40.21;

  peer port 647;

  max-response-delay 30;

  max-unacked-updates 10;

  load balance max seconds 3;

}

group {

  if exists agent.circuit-id

  {

    log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir

cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));

  }

  if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {

    ddns-updates off;

    default-lease-time 60;

    max-lease-time 120;

  }

  option domain-name-servers dns1.abc.net, dns2.abc.net;

  option subnet-mask 255.255.255.0;

  ddns-domainname "lan.abc.net";

  ddns-rev-domainname "128-191.21.172.in-addr.arpa.";

  option domain-name "lan.abc.net";

  subnet 172.21.166.0 netmask 255.255.255.0 {

    option routers 172.21.166.1;

    pool {

      failover peer "dhcp-failover";

      deny dynamic bootp clients;

      allow unknown-clients;

      default-lease-time 300;

      max-lease-time     600;

      range 172.21.166.5 172.21.166.254;

    }

  }

}

 

Check for the MAC address (3c:97:0e:b8:6d:40) being defined anywhere in the dhcpd.conf file.  If it has  "host" declaration, it is a "known" client and will fail the "allow unknown-clients" test.  Because you have an "allow" line, the default changes to "deny all others".  If you remove the "allow unknown-clients" line, the default will be "allow everyone" - please try that, at least temporarily, to see if it fixes the "peer holds all free leases" message.

The MAC was known through a subclass declaration. So it was exactly the case you mentioned above.

As an aside, perhaps "peer holds all free leases" should be reworded like "I don't have a lease that I am allowed to give you, but you could check with my peer in case it has different rules".   But in a failover setup it would seem odd for a peer to have a different set of rules.

Yes, a clearer error message would be nice…

Thanks,

Chris

 

On 02 Apr 2015, at 16:33 , Patrick Trapp <[hidden email]> wrote:

Can you share the config? You should generalize anything sensitive - whatever you post will be on the list forever...

---

From: [hidden email] [[hidden email]] on behalf of Christian Bösch [[hidden email]]
Sent: Thursday, April 02, 2015 5:52 AM
To: [hidden email]
Subject: failover issue?

Hi,

I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.

Now I added some subnets (same config like the old working one) and in that

subnets I get on both servers:

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1: peer holds all free leases

But the pool seems to be well balanced:

Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25

Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-own (+/-)25

Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24  total 250  free 125  backup 125  lts 0  max-misbal 38

Does anyone have an idea what could be the reason for that?

Thanks,

Chris

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!"