DHCP Failover and duplicate responses
Glenn Satchell
Glenn.Satchell at uniq.com.au
Sat Sep 8 00:19:45 UTC 2007
If you think about it, if you only do static clients, then you don't
need failover at all, *and* you can have as many dhcp servers as you
like. Most clients don't care if they get 2, 3 or 10 responses...
regards,
-glenn
>Subject: RE: DHCP Failover and duplicate responses
>Date: Fri, 7 Sep 2007 15:29:44 -0700
>From: "Matt Cowger" <mcowger at salesforce.com>
>
>John,
>
>We do this exact setup. It works great for us. Both servers hear and
>respond to each DHCPDISCOVER/REQUEST, and respond with the same
>response. The client just picks the first one it gets back. No
>problems encountered yet, except that if you put a bad config file in
>place, you mess up both servers :)....
>
>--Matt
>
>
>
>-----Original Message-----
>From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
>Behalf Of John Tabasz (jtabasz)
>Sent: Friday, September 07, 2007 3:24 PM
>To: dhcp-users at isc.org
>Subject: RE: DHCP Failover and duplicate responses
>
>I have a different sort of failover setup and have a question about it.
>Every lease I serve is static. There are no pools defined at all.
>Rather than using failover, my idea is to use a duplicate server with
>the same exact config file on it. That way if one server fails for a
>reason unique to it, the other will still be there to server leases.
>Can anyone out there comment on this? What will happen when two servers
>hear the DHCPDISCOVER requests from a client? I'm assuming there will be
>some difference in response time, due to network topology and hardware
>differences on the servers. Both servers have the same IP and netmask
>etc information for any particular MAC address.
>
>Comments?
>
>John
>
>-----Original Message-----
>From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
>Behalf Of Glenn Satchell
>Sent: Wednesday, September 05, 2007 4:40 PM
>To: dhcp-users at isc.org
>Subject: Re: DHCP Failover and duplicate responses
>
>Setting dhcp-server-identifier to the gateway is wrong. The ip-helpers
>on the gateway are only used when the client broadcasts the
>DHCPDISCOVER. After that the client will send a normal unicast packet to
>the dhcp server for renewal. The renewal is done when the IP stack is
>fully configured, so it can route to the dhcp server if necessary.
>
>In other respects the servers are behaving correctly. Each is receiving
>the request and responding with an ack, as they are supposed to.
>
>regards,
>-glenn
>
>>Date: Wed, 5 Sep 2007 16:27:26 -0500
>>From: "Cory Meyer" <cory.meyer at gmail.com>
>>Subject: DHCP Failover and duplicate responses
>>
>>With DHCP failover configured correctly should both servers be
>>responding to the same dhcp request?
>>
>>I know that the leases db is staying synced as they will both ACK with
>the
>>same IP. I'm running into the issue with both 3.0.5 and 3.0.6 on
>Debian
>>3.1. Just to be sure that it wasn't issues with my dhcpd.leases file
>>dhcpd was stopped on both servers, emptied and started again with the
>same
>>issue. Running omshell to get the failover state is showing both
>servers
>>in normal mode once the recovery + MCLT has passed.
>>
>>The reason as to why this might be an issue is that in our production
>>enviroment our routers are setup with 2 ip helper-address statements.
>>One to the primary and one to the secondary server. Option
>>dhcp-server-identifier is set to the local GW for that network. This
>means
>>that DHCREQUEST packets will be sent to both servers. Normally with
>both
>>servers sending an identical ACK it should be an issue though I seem to
>
>>remember Windows Me and 98 clients that would fail an IP renewal due to
>
>>the almost identical ACK.
>>
>>
>>Any ideas or suggestions? So far the DHCP Handbook has been a great
>help
>>though I think I might have missed something.
>>
>>
>>
>>dhcp-01 is the primary. dhcp-02 is the secondary.
>>
>>Here is what I'm seeing in the logs with a Windows XP SP2 client:
>>
>>Sep 5 11:13:20 dhcp-01 dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0: load balance to peer dhcp Sep 5 11:13:20
>>dhcp-01 dhcpd: DHCPREQUEST for 10.2.1.128 ( 10.2.1.203) from
>>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep 5 11:13:20 dhcp-02
>>dhcpd: DHCPDISCOVER from 52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>Sep 5 11:13:20 dhcp-01 dhcpd: DHCPACK on 10.2.1.128 to
>>52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>Sep 5 11:13:20 dhcp-02 dhcpd: DHCPOFFER on 10.2.1.128 to
>>52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>Sep 5 11:13:20 dhcp-02 dhcpd: DHCPREQUEST for 10.2.1.128 (10.2.1.203)
>>from
>>52:54:00:12:34:56 (noctest-jjmiw1z) via eth0 Sep 5 11:13:20 dhcp-02
>>dhcpd: DHCPACK on 10.2.1.128 to 52:54:00:12:34:56
>>(noctest-jjmiw1z) via eth0
>>
>>
>>Here is my configuration:
>>### dhcpd.conf #This is mirrored on both servers.
>>ddns-update-style none;
>>one-lease-per-client true;
>>authoritative;
>>ping-check true;
>>#use-host-decl-names on;
>>omapi-port 7911;
>>key "omapi_key" {
>> algorithm hmac-md5;
>> secret "******";
>>};
>>omapi-key omapi_key;
>>
>>log-facility local7;
>>
>>stash-agent-options on;
>>include "/etc/dhcpd.failover.conf";
>>include "/etc/dhcpd.pools.conf";
>>## End dhcpd.conf
>>
>>## PRIMARY dhcpd.failover.conf ##
>>failover peer "dhcp" {
>> primary;
>> address 10.2.1.202;
>> port 847;
>> peer address 10.2.1.203;
>> peer port 647;
>> max-response-delay 60;
>> max-unacked-updates 10;
>> load balance max seconds 3;
>> mclt 180;
>> split 128;
>>}
>>## End PRIMARY dhcpd.failover.conf ##
>>
>>## Secondary dhcpd.failover.conf ##
>>failover peer "dhcp" {
>> secondary;
>> address 10.2.1.203;
>> port 647;
>> peer address 10.2.1.202;
>> peer port 847;
>> max-response-delay 180;
>> load balance max seconds 3;
>> max-unacked-updates 10;
>>}
>>## End Secondary dhcpd.failover.conf
>>
>>## dhcpd.pools.conf ## Mirrored on both servers.
>>shared-network testing1 {
>> subnet 10.2.1.0 netmask 255.255.255.0 {
>> pool {
>> failover peer "dhcp";
>> option routers 10.2.1.254;
>> option broadcast-address 10.2.1.255;
>> option subnet-mask 255.255.255.0;
>> deny dynamic bootp clients;
>> range 10.2.1.0 10.2.1.253;
>> option domain-name-servers 10.2.1.254 ;
>> default-lease-time 7200;
>> max-lease-time 14400;
>> }
>> }
>>} ## End Shared-Network testing1
>>## End dhcpd.pools.conf
>
>
More information about the dhcp-users
mailing list