failover issue?

Christian Bösch boesch at fhv.at
Tue Apr 7 07:28:44 UTC 2015 

> On 03 Apr 2015, at 14:30 , Bob Harold <rharolde at umich.edu> wrote:
> 
> 
> On Fri, Apr 3, 2015 at 2:46 AM, Christian Bösch <boesch at fhv.at <mailto:boesch at fhv.at>> wrote:
> sure below are the config snippets:
> thanks for investigation,
> chris
> 
>> server1:
> 
> failover peer "dhcp-failover" {
>   primary;
>   address 10.10.40.21;
>   port 647;
>   peer address 10.10.40.22;
>   peer port 647;
>   max-response-delay 30;
>   max-unacked-updates 10;
>   load balance max seconds 3;
>   mclt 1800;
>   split 128;
> }
> 
> group {
>   if exists agent.circuit-id
>   {
>     log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
> cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
>   }
>   if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
>     ddns-updates off;
>     default-lease-time 60;
>     max-lease-time 120;
>   }
>   option domain-name-servers dns1.abc.net <http://dns1.abc.net/>, dns2.abc.net <http://dns2.abc.net/>;
>   option subnet-mask 255.255.255.0;
>   ddns-domainname "lan.abc.net <http://lan.abc.net/>";
>   ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
>   option domain-name "lan.abc.net <http://lan.abc.net/>";
>   subnet 172.21.166.0 netmask 255.255.255.0 {
>     option routers 172.21.166.1;
>     pool {
>       failover peer "dhcp-failover";
>       deny dynamic bootp clients;
>       allow unknown-clients;
>       default-lease-time 300;
>       max-lease-time     600;
>       range 172.21.166.5 172.21.166.254;
>     }
>   }
> }
> 
> 
> server2:
> 
> failover peer "dhcp-failover" {
>   secondary;
>   address 10.10.40.22;
>   port 647;
>   peer address 10.10.40.21;
>   peer port 647;
>   max-response-delay 30;
>   max-unacked-updates 10;
>   load balance max seconds 3;
> }
> 
> group {
>   if exists agent.circuit-id
>   {
>     log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
> cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
>   }
>   if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
>     ddns-updates off;
>     default-lease-time 60;
>     max-lease-time 120;
>   }
>   option domain-name-servers dns1.abc.net <http://dns1.abc.net/>, dns2.abc.net <http://dns2.abc.net/>;
>   option subnet-mask 255.255.255.0;
>   ddns-domainname "lan.abc.net <http://lan.abc.net/>";
>   ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
>   option domain-name "lan.abc.net <http://lan.abc.net/>";
>   subnet 172.21.166.0 netmask 255.255.255.0 {
>     option routers 172.21.166.1;
>     pool {
>       failover peer "dhcp-failover";
>       deny dynamic bootp clients;
>       allow unknown-clients;
>       default-lease-time 300;
>       max-lease-time     600;
>       range 172.21.166.5 172.21.166.254;
>     }
>   }
> }
> 
>  
> Check for the MAC address (3c:97:0e:b8:6d:40) being defined anywhere in the dhcpd.conf file.  If it has  "host" declaration, it is a "known" client and will fail the "allow unknown-clients" test.  Because you have an "allow" line, the default changes to "deny all others".  If you remove the "allow unknown-clients" line, the default will be "allow everyone" - please try that, at least temporarily, to see if it fixes the "peer holds all free leases" message.

The MAC was known through a subclass declaration. So it was exactly the case you mentioned above.

> 
> As an aside, perhaps "peer holds all free leases" should be reworded like "I don't have a lease that I am allowed to give you, but you could check with my peer in case it has different rules".   But in a failover setup it would seem odd for a peer to have a different set of rules.

Yes, a clearer error message would be nice…

Thanks,
Chris


>  
>> On 02 Apr 2015, at 16:33 , Patrick Trapp <ptrapp at nex-tech.com <mailto:ptrapp at nex-tech.com>> wrote:
>> 
>> Can you share the config? You should generalize anything sensitive - whatever you post will be on the list forever...
>> 
>> From: dhcp-users-bounces at lists.isc.org <mailto:dhcp-users-bounces at lists.isc.org> [dhcp-users-bounces at lists.isc.org <mailto:dhcp-users-bounces at lists.isc.org>] on behalf of Christian Bösch [boesch at fhv.at <mailto:boesch at fhv.at>]
>> Sent: Thursday, April 02, 2015 5:52 AM
>> To: dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>> Subject: failover issue?
>> 
>> Hi,
>> 
>> I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
>> Now I added some subnets (same config like the old working one) and in that
>> subnets I get on both servers:
>> 
>> Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr  2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr  2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> 
>> 
>> Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr  2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr  2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> 
>> But the pool seems to be well balanced:
>> 
>> Apr  2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24 <http://172.21.166.0/24>  total 250  free 125  backup 125  lts 0  max-own (+/-)25
>> Apr  2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24 <http://172.21.166.0/24>  total 250  free 125  backup 125  lts 0  max-misbal 38
>> 
>> Apr  2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24 <http://172.21.166.0/24>  total 250  free 125  backup 125  lts 0  max-own (+/-)25
>> Apr  2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24 <http://172.21.166.0/24>  total 250  free 125  backup 125  lts 0  max-misbal 38
>> 
>> Does anyone have an idea what could be the reason for that?
>> Thanks,
>> Chris
> 
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150407/c9ee7a1d/attachment-0001.html>

More information about the dhcp-users mailing list