DHCP Failover cluster uses MCLT value as lease time

Gordon Grubert gordon.grubert+lists at uni-greifswald.de
Mon Feb 16 09:19:52 UTC 2015 

Hello,

we are using a common dhcp failover cluster like described on

https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Failover.html

on debian 7 and an ldap-based storage backend (dhcp server version
4.2.2).

We have configured a global lease time of 24h but our clients will got
a lease time of 30 minutes. Then, we traced the connection on the
client and the server side. We found, that both the servers send DHCP
OFFER packages where the lease time value is set with the MCLT value of
the failover cluster. We could reproduces this by setting arbitrary
MCLT values.

Sending DHCP RENEW requests one after another, the server beginns to
send the correct lease time of 24h. But every time, when the client
send the initial DISCOVER, he gets a lease time which is the MCLT value
of the cluster.

Is this is bug or a feature?


Here, the basic part of our configuration
=========================================

Primary
*******

authoritative;
max-lease-time 86400;
default-lease-time 86400;
failover peer "dhcp-failover" {
     primary;
     address IP-PRI;
     port 519;
     peer address IP-SEC;
     peer port 520;
     max-response-delay 30;
     max-unacked-updates 10;
     load balance max seconds 3;
     mclt 1800;
     split 128;
}
subnet x.y.z.0 netmask 255.255.255.0 {
     option subnet-mask 255.255.255.0;
     option domain-name "DOMAINNAME";
     option routers x.y.z.1;
     option broadcast-address x.y.z.255;
     pool {
         range x.y.z.50 x.y.z.109;
         deny dynamic bootp clients;
         failover peer "dhcp-failover";
     }
}


Secondary
*********

authoritative;
max-lease-time 86400;
default-lease-time 86400;
failover peer "dhcp-failover" {
     secondary;
     address IP-SEC;
     port 520;
     peer address IP-PRI;
     peer port 519;
     max-response-delay 30;
     max-unacked-updates 10;
     load balance max seconds 3;
}
subnet x.y.z.0 netmask 255.255.255.0 {
     option subnet-mask 255.255.255.0;
     option domain-name "DOMAINNAME";
     option routers x.y.z.1;
     option broadcast-address x.y.z.255;
     pool {
         range x.y.z.50 x.y.z.109;
         deny dynamic bootp clients;
         failover peer "dhcp-failover";
     }
}

Best regards,
Gordon

More information about the dhcp-users mailing list