failover peer dhcp: address not available

Chris Buxton clists at buxtonfamily.us
Mon Jun 3 21:17:39 UTC 2013 

Could there be a kernel security feature blocking this? Something like SELinux?

Chris Buxton

On Jun 3, 2013, at 1:26 PM, Oscar Ricardo Silva <osilva at scuff.cc.utexas.edu> wrote:

> This is getting strange (or at least I think it is).  When I have this configuration on the primary:
> 
> 
> failover peer "dhcp" {
> 	primary;
> 	address 192.168.200.2;
> 	port 647;
> 	peer port 847;
> 	peer address 192.168.201.2;
> 	max-response-delay 60;
> 	max-unacked-updates 10;
> 	mclt 300;
> 	split 128;
> 	load balance max seconds 5;
> }
> 
> and bring up dhcpd, I notice that it's only listening on the omapi-port 7911
> 
> # lsof -n | grep LISTEN
> dhcpd  24025  root  8u  IPv4   1254862   0t0     TCP *:7911 (LISTEN)
> 
> 
> and I can't telnet from the secondary to the primary (for obvious reasons).
> 
> 
> 
> When I change the port to 520 (what was previously being used) then dhcpd begins listening on both 520 and 7911:
> 
> 
> failover peer "dhcp" {
> 	primary;
> 	address 192.168.200.2;
> 	port 520;
> 	peer port 847;
> 	peer address 192.168.201.2;
> 	max-response-delay 60;
> 	max-unacked-updates 10;
> 	mclt 300;
> 	split 128;
> 	load balance max seconds 5;
> }
> 
> # lsof -n | egrep LISTEN
> dhcpd   24049  root  8u   IPv4  1255172  0t0   TCP *:7911 (LISTEN)
> dhcpd   24049  root  0u   IPv4  1255174  0t0   TCP 172.16.200.2:efs (LISTEN)
> 
> 
> 
> There's nothing else listening on 647.
> 
> 
> 
> On 06/03/2013 03:04 PM, Oscar Ricardo Silva wrote:
>> I hang my head in shame for overlooking a basic troubleshooting
>> technique:  telnet to a port.
>> 
>> From the primary I can telnet to port 847 of the secondary but from the
>> secondary I can't telnet to port 647 of the primary.  I've tried
>> disabling iptables and router ACLs but so far I can't telnet from the
>> secondary to the primary on the primary's port.  I'll keep digging.
>> 
>> Thanks for the suggestion.
>> 
>> 
>> Oscar
>> 
>> 
>> 
>> On 06/01/2013 09:12 AM, Glenn Satchell wrote:
>>> A quick look at the source shows this message is only defined in the
>>> function isc_result_totext(). It's only called a couple of times with
>>> "failover peer %s". In these situations it is setting up the failover
>>> link.
>>> 
>>> As you mention there is traffic between to the failover port, then I
>>> would
>>> check that there is only one instance of dhcpd running, and it is the one
>>> you expect. The new OS may have pulled in a default dhcp server for you
>>> during installation.
>>> 
>>> Also test that on the primary you can telnet to port 847 on the
>>> secondary.
>>> 
>>> As a side note, in the subnet definition include file you have
>>> 
>>>     option broadcast-address 255.255.255.255;
>>> 
>>> This needs to be set to the correct broadcast address for the subnet, or
>>> left out. dhppd will calculate subnet mask and brocadcast address from
>>> the
>>> subnet definition and netmask, so in general it is better to leave them
>>> out to avoid incompatible settings.
>>> 
>>> regards,
>>> -gkenn
>>> 
>>> On Sat, June 1, 2013 3:09 am, Oscar Ricardo Silva wrote:
>>>> I recently reinstalled the operating system on our two dhcp servers and
>>>> we're now seeing this message on the primary:
>>>> 
>>>> 
>>>> 
>>>> May 31 11:38:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>> available
>>>> May 31 11:39:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>> available
>>>> May 31 11:41:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>> available
>>>> May 31 11:42:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>> available
>>>> May 31 11:44:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>> available
>>>> May 31 11:45:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>> available
>>>> May 31 11:47:25 primary-dhcp dhcpd: failover peer dhcp: address not
>>>> available
>>>> May 31 11:48:55 primary-dhcp dhcpd: failover peer dhcp: address not
>>>> available
>>>> 
>>>> 
>>>> 
>>>>  From looking at past messages to the list, it's been suggested there
>>>> was a mismatch in dhcpd versions but I'm using the same configurations
>>>> and version as I was before the OS replacement.  Here are the version
>>>> numbers and configurations:
>>>> 
>>>> 
>>>> Primary:
>>>> 
>>>> # dhcpd -v
>>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>>> Copyright 2004-2012 Internet Systems Consortium.
>>>> 
>>>> 
>>>> option domain-name-servers 192.168.185.41, 192.168.185.40 ;
>>>> option ntp-servers 192.168.185.40, 192.168.185.41;
>>>> default-lease-time 172800;
>>>> max-lease-time 172800;
>>>> one-lease-per-client true;
>>>> ddns-update-style ad-hoc;
>>>> ddns-updates off;
>>>> authoritative;
>>>> key-off-mac-address true;
>>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>>>          deny booting;
>>>> }
>>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>>> set vendor-string = option vendor-class-identifier;
>>>> failover peer "dhcp" {
>>>>           primary;
>>>>           address 192.168.200.2;
>>>>           port 647;
>>>>           peer port 847;
>>>>           peer address 192.168.201.2;
>>>>           max-response-delay 60;
>>>>           max-unacked-updates 10;
>>>>           mclt 300;
>>>>     split 128;
>>>>           load balance max seconds 5;
>>>>         }
>>>> subnet 192.168.200.0 netmask 255.255.255.224 {
>>>>    }
>>>> include "/dhcpd/dhcpd.networks.conf";
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Secondary:
>>>> 
>>>> dhcpd -v
>>>> Internet Systems Consortium DHCP Server 4.1-ESV-R7
>>>> Copyright 2004-2012 Internet Systems Consortium.
>>>> 
>>>> 
>>>> option domain-name-servers 192.168.185.40, 192.168.185.41 ;
>>>> option ntp-servers 192.168.185.41, 192.168.185.40;
>>>> default-lease-time 172800;
>>>> max-lease-time 172800;
>>>> one-lease-per-client true;
>>>> ddns-update-style ad-hoc;
>>>> ddns-updates off;
>>>> authoritative;
>>>> key-off-mac-address true;
>>>> if substring (option dhcp-client-identifier, 0, 5) = 01:52:41:53:20 {
>>>>          deny booting;
>>>> }
>>>> option voip-tftp-server-address code 150 = array of ip-address ;
>>>> set vendor-string = option vendor-class-identifier;
>>>> failover peer "dhcp" {
>>>>           secondary;
>>>>           address 192.168.201.2;
>>>>           port 847;
>>>>           peer port 647;
>>>>           peer address 192.168.200.2;
>>>>           max-response-delay 60;
>>>>           max-unacked-updates 10;
>>>>           load balance max seconds 5;
>>>>         }
>>>> subnet 192.168.201.0 netmask 255.255.255.224 {
>>>>    }
>>>> include "/dhcpd/dhcpd.networks.conf";
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> All the network definitions are in "/dhcpd/dhcpd.networks.conf" and the
>>>> file looks like this:
>>>> 
>>>> subnet 192.168.235.0 netmask 255.255.255.128 {
>>>>                  pool {
>>>>                          range 192.168.235.13 192.168.235.126;
>>>>                          deny dynamic bootp clients ;
>>>>                          failover peer "dhcp" ;
>>>>                  }
>>>>          option subnet-mask 255.255.255.128;
>>>>          option broadcast-address 255.255.255.255;
>>>>          option routers 192.168.235.1;
>>>> }
>>>> 
>>>> 
>>>> 
>>>> There are router ACLs between the two servers and iptables running on
>>>> each but the entire /24 network for each server is allowed through. I
>>>> can see traffic being exchanged between the two servers on ports 647 and
>>>> 847.
>>>> 
>>>> Any idea what's causing this error?
>>>> 
>>>> 
>>>> 
>>>> Oscar
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

More information about the dhcp-users mailing list