DHCP lease logging between peers

Mon Jul 15 14:12:50 UTC 2019

Nate Collins <ncollins at xes-inc.com> wrote:

> I'm looking to inquire about the logging behavior of isc-dhcp-server when running with a peer, and whether or not our environment is configured correctly to allow the DHCP transaction logs to be shared between the two.
> 
> Our network has two servers running isc-dhcpd-4.3.3 configured as failover peers (configuration below). Both of these servers are logging to /var/log/syslog, and both servers log the transactions of the other server: 
> 
> server1:
> 
> # cat /var/log/syslog | grep -i b8:27:eb:00:11:22
> Jul 15 08:51:31 server1 dhcpd[1303]: DHCPREQUEST for 10.0.7.143 from b8:27:eb:00:11:22 via bond0
> Jul 15 08:51:31 server1 dhcpd[1303]: DHCPACK on 10.0.7.143 to b8:27:eb:00:11:22 via bond0
> 
> server2:
> 
> # cat /var/log/syslog | grep -i b8:27:eb:00:11:22
> Jul 15 08:51:31 server2 dhcpd[19642]: DHCPREQUEST for 10.0.7.143 from b8:27:eb:00:11:22 via bond0
> Jul 15 08:51:31 server2 dhcpd[19642]: DHCPACK on 10.0.7.143 to b8:27:eb:00:11:22 via bond0
> 
> Occasionally, however, we will see it where a static DHCP lease is handed out by one server, but the lease is not logged in the syslog file of the other server, despite being in both dhcpd.leases files:
> 
> server1:
> 
> # cat /var/log/syslog | grep -i b8:27:eb:ab:cd:ef
> ...
> Jul 12 07:33:03 server1 dhcpd[2094]: DHCPREQUEST for 10.0.7.243 from b8:27:eb:ab:cd:ef via bond0
> Jul 12 07:33:03 server1 dhcpd[2094]: DHCPACK on 10.0.7.243 to b8:27:eb:ab:cd:ef via bond0
> 
> server2:
> 
> # cat /var/log/syslog | grep -i b8:27:eb:ab:cd:ef
> #

You would need to see what the clients are doing - eg packet capture on the network.
I would hazard a guess that in example 1, the client broadcast the request and so it was picked up by both servers - this is likely when the client connects to the network and without further tests (which some clients do) cannot know before doing the DHCP request whether it is still on the same network where it got it's lease from. Since both servers have a copy of the lease, I guess both are replying - I don't know if that's correct behaviour as I'm not familiar enough with failover.
In example 2, I suspect the client has unicast it's request to the server it got it's lease from. This is normal where the client already has a working network connection and just wants to renew it's currently active lease. The other server will never see the unicast packet, so it will neither respond to the client nor log anything.

> Note that the logs haven't been rotated. We notice this going both ways (primary -> secondary, secondary -> primary), for both static leases and for the dynamic address pool.

As above, I think this is normal behaviour.

> Ultimately we'd like it so that all DHCP transactions from one server is logged by the other server

I don't think this is possible since each server will not see requests unicast to the other server.