DHCP Failover and duplicate responses

Wed Sep 5 23:39:57 UTC 2007

Setting dhcp-server-identifier to the gateway is wrong. The ip-helpers
on the gateway are only used when the client broadcasts the
DHCPDISCOVER. After that the client will send a normal unicast packet
to the dhcp server for renewal. The renewal is done when the IP stack
is fully configured, so it can route to the dhcp server if necessary.

In other respects the servers are behaving correctly. Each is receiving
the request and responding with an ack, as they are supposed to.

regards,
-glenn

>Date: Wed, 5 Sep 2007 16:27:26 -0500
>From: "Cory Meyer" <cory.meyer at gmail.com>
>Subject: DHCP Failover and duplicate responses
>
>With DHCP failover configured correctly should both servers be responding to
>the same dhcp request?
>
>I know that the leases db is staying synced as they will both ACK with the
>same IP.   I'm running into the issue with both 3.0.5 and 3.0.6 on Debian
>3.1.  Just to be sure that it wasn't issues with my dhcpd.leases file dhcpd
>was stopped on both servers, emptied and started again with the same
>issue.   Running omshell to get the failover state is showing both servers
>in normal mode once the recovery + MCLT has passed.
>
>The reason as to why this might be an issue is that in our production
>enviroment our routers are setup with 2 ip helper-address statements.  One
>to the primary and one to the secondary server.  Option
>dhcp-server-identifier is set to the local GW for that network.   This means
>that DHCREQUEST packets will be sent to both servers.    Normally with both
>servers sending an identical ACK it should be an issue though I seem to
>remember Windows Me and 98 clients that would fail an IP renewal due to the
>almost identical ACK.
>
>
>Any ideas or suggestions?   So far the DHCP Handbook has been a great help
>though I think I might have missed something.
>
>
>
>dhcp-01 is the primary.   dhcp-02 is the secondary.
>
>Here is what I'm seeing in the logs with a Windows XP SP2 client:
>
>Sep  5 11:13:20 dhcp-01 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0: load balance to peer dhcp
>Sep  5 11:13:20 dhcp-01 dhcpd: DHCPREQUEST for 10.2.1.128 ( 10.2.1.203) from
>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0
>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0
>Sep  5 11:13:20 dhcp-01 dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0
>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPOFFER on 10.2.1.128 to 52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0
>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPREQUEST for 10.2.1.128 (10.2.1.203) from
>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0
>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
>(noctest-jjmiw1z) via eth0
>
>
>Here is my configuration:
>### dhcpd.conf   #This is mirrored on both servers.
>ddns-update-style none;
>one-lease-per-client true;
>authoritative;
>ping-check true;
>#use-host-decl-names on;
>omapi-port 7911;
>key "omapi_key" {
>        algorithm hmac-md5;
>        secret "******";
>};
>omapi-key omapi_key;
>
>log-facility local7;
>
>stash-agent-options on;
>include "/etc/dhcpd.failover.conf";
>include "/etc/dhcpd.pools.conf";
>## End dhcpd.conf
>
>## PRIMARY dhcpd.failover.conf ##
>failover peer "dhcp" {
>  primary;
>  address 10.2.1.202;
>  port 847;
>  peer address 10.2.1.203;
>  peer port 647;
>  max-response-delay 60;
>  max-unacked-updates 10;
>  load balance max seconds 3;
>  mclt 180;
>  split 128;
>}
>## End PRIMARY dhcpd.failover.conf ##
>
>## Secondary dhcpd.failover.conf ##
>failover peer "dhcp" {
>  secondary;
>  address 10.2.1.203;
>  port 647;
>  peer address 10.2.1.202;
>  peer port 847;
>  max-response-delay 180;
>  load balance max seconds 3;
>  max-unacked-updates 10;
>}
>## End Secondary dhcpd.failover.conf
>
>## dhcpd.pools.conf   ## Mirrored on both servers.
>shared-network testing1 {
>  subnet 10.2.1.0 netmask 255.255.255.0 {
>    pool {
>      failover peer "dhcp";
>      option routers 10.2.1.254;
>      option broadcast-address 10.2.1.255;
>      option subnet-mask 255.255.255.0;
>      deny dynamic bootp clients;
>      range 10.2.1.0 10.2.1.253;
>      option domain-name-servers 10.2.1.254 ;
>      default-lease-time 7200;
>      max-lease-time 14400;
>    }
>  }
>} ## End Shared-Network testing1
>##  End dhcpd.pools.conf