DHCP Failover and duplicate responses

[Cory Meyer]

With DHCP failover configured correctly should both servers be responding to
the same dhcp request?

I know that the leases db is staying synced as they will both ACK with the
same IP.   I'm running into the issue with both 3.0.5 and 3.0.6 on Debian
3.1.  Just to be sure that it wasn't issues with my dhcpd.leases file dhcpd
was stopped on both servers, emptied and started again with the same
issue.   Running omshell to get the failover state is showing both servers
in normal mode once the recovery + MCLT has passed.

The reason as to why this might be an issue is that in our production
enviroment our routers are setup with 2 ip helper-address statements.  One
to the primary and one to the secondary server.  Option
dhcp-server-identifier is set to the local GW for that network.   This means
that DHCREQUEST packets will be sent to both servers.    Normally with both
servers sending an identical ACK it should be an issue though I seem to
remember Windows Me and 98 clients that would fail an IP renewal due to the
almost identical ACK.


Any ideas or suggestions?   So far the DHCP Handbook has been a great help
though I think I might have missed something.



dhcp-01 is the primary.   dhcp-02 is the secondary.

Here is what I'm seeing in the logs with a Windows XP SP2 client:

Sep  5 11:13:20 dhcp-01 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
(noctest-jjmiw1z) via eth0: load balance to peer dhcp
Sep  5 11:13:20 dhcp-01 dhcpd: DHCPREQUEST for 10.2.1.128 ( 10.2.1.203) from
52:54:00:12:34:56 (noctest-jjmiw1z) via eth0
Sep  5 11:13:20 dhcp-02 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
(noctest-jjmiw1z) via eth0
Sep  5 11:13:20 dhcp-01 dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
(noctest-jjmiw1z) via eth0
Sep  5 11:13:20 dhcp-02 dhcpd: DHCPOFFER on 10.2.1.128 to 52:54:00:12:34:56
(noctest-jjmiw1z) via eth0
Sep  5 11:13:20 dhcp-02 dhcpd: DHCPREQUEST for 10.2.1.128 (10.2.1.203) from
52:54:00:12:34:56 (noctest-jjmiw1z) via eth0
Sep  5 11:13:20 dhcp-02 dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
(noctest-jjmiw1z) via eth0


Here is my configuration:
### dhcpd.conf   #This is mirrored on both servers.
ddns-update-style none;
one-lease-per-client true;
authoritative;
ping-check true;
#use-host-decl-names on;
omapi-port 7911;
key "omapi_key" {
        algorithm hmac-md5;
        secret "******";
};
omapi-key omapi_key;

log-facility local7;

stash-agent-options on;
include "/etc/dhcpd.failover.conf";
include "/etc/dhcpd.pools.conf";
## End dhcpd.conf

## PRIMARY dhcpd.failover.conf ##
failover peer "dhcp" {
  primary;
  address 10.2.1.202;
  port 847;
  peer address 10.2.1.203;
  peer port 647;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 180;
  split 128;
}
## End PRIMARY dhcpd.failover.conf ##

## Secondary dhcpd.failover.conf ##
failover peer "dhcp" {
  secondary;
  address 10.2.1.203;
  port 647;
  peer address 10.2.1.202;
  peer port 847;
  max-response-delay 180;
  load balance max seconds 3;
  max-unacked-updates 10;
}
## End Secondary dhcpd.failover.conf

## dhcpd.pools.conf   ## Mirrored on both servers.
shared-network testing1 {
  subnet 10.2.1.0 netmask 255.255.255.0 {
    pool {
      failover peer "dhcp";
      option routers 10.2.1.254;
      option broadcast-address 10.2.1.255;
      option subnet-mask 255.255.255.0;
      deny dynamic bootp clients;
      range 10.2.1.0 10.2.1.253;
      option domain-name-servers 10.2.1.254 ;
      default-lease-time 7200;
      max-lease-time 14400;
    }
  }
} ## End Shared-Network testing1
##  End dhcpd.pools.conf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20070905/b6d65606/attachment.html>