Conflicts and network boot

Mon Mar 20 15:24:40 UTC 2006

Bruno Gola wrote:

>I've already look this "authoritative" issue, but the problem is not here. I
>wanna my dhcpd to be able to boot the machine before the other dhcp server (
>172.16.0.1) send its information.

BAD BAD BAD idea !

You really should NOT ever have more than one DHCP server (or set of 
servers in a true redundant setup) serving a network. You most 
definitely should not have two servers, acting independently, able to 
offer different leases to one client.

Ignore this and you will have strange, random, and non-reproducable 
problems appearing at random times.

If you MUST have two different servers servicing the same network, 
then you should make sure that they will only respond to mutually 
exclusive sets of clients. Ie, so any client, one server should be 
set to service it, the other server should be set to ignore it. This 
is harder said than done !

Probably the easiest way to do it is to have one server that responds 
only to a set list of hosts (by MAC address) - eg :

   ignore unknown clients ;
   subnet a.b.c.0 ... {
     ...
   }
   host a { hardware aa:bb:cc:dd:ee:ff ; }
   host ...

And at the same time, set the other server to ignore those clients - eg :

   subnet a.b.c.0 ... {
     ...
   }
   group {
     ignore booting ;
     host a { hardware aa:bb:cc:dd:ee:ff ; }
     host ...
   }

What you absolutely CANNOT do is rely on "getting your reply back 
first" as a means of getting one offer accepted in place of another. 
Firstly you cannot guarantee this (at least, not without sufficient 
control of the "other" server in which case you could configure it to 
ignore the client). Secondly, even if you do contrive that you offer 
gets to the client first, the client won't automatically accept it - 
the spec specifically allows for multiple offers to be received and 
for the client to select one (perhaps by selecting the offer that 
satisfies the largest number of requested options).

Finally, please correct me if I'm wrong, but it sounds like you are 
trying to use DCHP on the network without the permission (or 
assistance) of the network administrators. IF this is the case, then 
I strongly advise against it, as a network admin it's the sort of 
thing I take very seriously and would have no hesitation in removing 
(by unorthodox means* if neccessary) such offending equipment and 
users.

Simon

* "unorthodox means" would at one extreme simply mean going round and 
physically unplugging equipment. Repeat offenders may find equipment 
rendered permanently inoperative (eg by wire cutters, hammer, or even 
the crusher !), or in extreme cases may find themselves having their 
exit interview with HR.