DHCP Failover and duplicate responses

Steve van der Burg steve.vanderburg at lhsc.on.ca
Mon Sep 10 12:54:33 UTC 2007 

On my servers, I test a new config (I generate configs centrally and then upload them to the servers) before running it, like this (from perl, but you could just as easily do it in a shell script):

   my $testres = `/usr/sbin/dhcpd -t -cf $extpath/dhcpd.conf 2>&1`;
   my $goodconf = 1;
   $goodconf = 0 if $testres =~ /Configuration file errors encountered/;

   if ( $goodconf ) {
      # restart server
       ...
   }

"Matt Cowger" <mcowger at salesforce.com> wrote:
> John,
> 
> We do this exact setup.  It works great for us.  Both servers hear and
> respond to each DHCPDISCOVER/REQUEST, and respond with the same
> response.  The client just picks the first one it gets back.  No
> problems encountered yet, except that if you put a bad config file in
> place, you mess up both servers :)....
> 
> --Matt
> 
> 
> 
> -----Original Message-----
> From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
> Behalf Of John Tabasz (jtabasz)
> Sent: Friday, September 07, 2007 3:24 PM
> To: dhcp-users at isc.org 
> Subject: RE: DHCP Failover and duplicate responses
> 
> I have a different sort of failover setup and have a question about it.
> Every lease I serve is static. There are no pools defined at all. 
> Rather than using failover, my idea is to use a duplicate server with
> the same exact config file on it. That way if one server fails for a
> reason unique to it, the other will still be there to server leases.  
> Can anyone out there comment on this? What will happen when two servers
> hear the DHCPDISCOVER requests from a client? I'm assuming there will be
> some difference in response time, due to network topology and hardware
> differences on the servers. Both servers have the same IP and netmask
> etc information for any particular MAC address. 
> 
> Comments?
> 
> John
> 
> -----Original Message-----
> From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
> Behalf Of Glenn Satchell
> Sent: Wednesday, September 05, 2007 4:40 PM
> To: dhcp-users at isc.org 
> Subject: Re: DHCP Failover and duplicate responses
> 
> Setting dhcp-server-identifier to the gateway is wrong. The ip-helpers
> on the gateway are only used when the client broadcasts the
> DHCPDISCOVER. After that the client will send a normal unicast packet to
> the dhcp server for renewal. The renewal is done when the IP stack is
> fully configured, so it can route to the dhcp server if necessary.
> 
> In other respects the servers are behaving correctly. Each is receiving
> the request and responding with an ack, as they are supposed to.
> 
> regards,
> -glenn
> 
>>Date: Wed, 5 Sep 2007 16:27:26 -0500
>>From: "Cory Meyer" <cory.meyer at gmail.com>
>>Subject: DHCP Failover and duplicate responses
>>
>>With DHCP failover configured correctly should both servers be 
>>responding to the same dhcp request?
>>
>>I know that the leases db is staying synced as they will both ACK with
> the
>>same IP.   I'm running into the issue with both 3.0.5 and 3.0.6 on
> Debian
>>3.1.  Just to be sure that it wasn't issues with my dhcpd.leases file 
>>dhcpd was stopped on both servers, emptied and started again with the
> same
>>issue.   Running omshell to get the failover state is showing both
> servers
>>in normal mode once the recovery + MCLT has passed.
>>
>>The reason as to why this might be an issue is that in our production 
>>enviroment our routers are setup with 2 ip helper-address statements.  
>>One to the primary and one to the secondary server.  Option
>>dhcp-server-identifier is set to the local GW for that network.   This
> means
>>that DHCREQUEST packets will be sent to both servers.    Normally with
> both
>>servers sending an identical ACK it should be an issue though I seem to
> 
>>remember Windows Me and 98 clients that would fail an IP renewal due to
> 
>>the almost identical ACK.
>>
>>
>>Any ideas or suggestions?   So far the DHCP Handbook has been a great
> help
>>though I think I might have missed something.
>>
>>
>>
>>dhcp-01 is the primary.   dhcp-02 is the secondary.
>>
>>Here is what I'm seeing in the logs with a Windows XP SP2 client:
>>
>>Sep  5 11:13:20 dhcp-01 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0: load balance to peer dhcp Sep  5 11:13:20 
>>dhcp-01 dhcpd: DHCPREQUEST for 10.2.1.128 ( 10.2.1.203) from
>>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep  5 11:13:20 dhcp-02 
>>dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>Sep  5 11:13:20 dhcp-01 dhcpd: DHCPACK on 10.2.1.128 to 
>>52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPOFFER on 10.2.1.128 to 
>>52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>Sep  5 11:13:20 dhcp-02 dhcpd: DHCPREQUEST for 10.2.1.128 (10.2.1.203) 
>>from
>>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep  5 11:13:20 dhcp-02 
>>dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>
>>
>>Here is my configuration:
>>### dhcpd.conf   #This is mirrored on both servers.
>>ddns-update-style none;
>>one-lease-per-client true;
>>authoritative;
>>ping-check true;
>>#use-host-decl-names on;
>>omapi-port 7911;
>>key "omapi_key" {
>>        algorithm hmac-md5;
>>        secret "******";
>>};
>>omapi-key omapi_key;
>>
>>log-facility local7;
>>
>>stash-agent-options on;
>>include "/etc/dhcpd.failover.conf";
>>include "/etc/dhcpd.pools.conf";
>>## End dhcpd.conf
>>
>>## PRIMARY dhcpd.failover.conf ##
>>failover peer "dhcp" {
>>  primary;
>>  address 10.2.1.202;
>>  port 847;
>>  peer address 10.2.1.203;
>>  peer port 647;
>>  max-response-delay 60;
>>  max-unacked-updates 10;
>>  load balance max seconds 3;
>>  mclt 180;
>>  split 128;
>>}
>>## End PRIMARY dhcpd.failover.conf ##
>>
>>## Secondary dhcpd.failover.conf ##
>>failover peer "dhcp" {
>>  secondary;
>>  address 10.2.1.203;
>>  port 647;
>>  peer address 10.2.1.202;
>>  peer port 847;
>>  max-response-delay 180;
>>  load balance max seconds 3;
>>  max-unacked-updates 10;
>>}
>>## End Secondary dhcpd.failover.conf
>>
>>## dhcpd.pools.conf   ## Mirrored on both servers.
>>shared-network testing1 {
>>  subnet 10.2.1.0 netmask 255.255.255.0 {
>>    pool {
>>      failover peer "dhcp";
>>      option routers 10.2.1.254;
>>      option broadcast-address 10.2.1.255;
>>      option subnet-mask 255.255.255.0;
>>      deny dynamic bootp clients;
>>      range 10.2.1.0 10.2.1.253;
>>      option domain-name-servers 10.2.1.254 ;
>>      default-lease-time 7200;
>>      max-lease-time 14400;
>>    }
>>  }
>>} ## End Shared-Network testing1
>>##  End dhcpd.pools.conf

More information about the dhcp-users mailing list