dhcpd sporadically ignoring one of two "copies" of a DHCP request
Phil Mayers
p.mayers at imperial.ac.uk
Tue Mar 11 15:10:24 UTC 2014
We run RHEL6 with the stock version of dhcpd from the distro,
4.1.1-34.P1.el6. I'm aware this is somewhat old, but it's been
relatively trouble free for us.
Our network is a mix of Cisco/Juniper, and most subnets have resilient
routing, which means that each DHCP request is seen, and forwarded, by
two router DHCP relays.
This means we'll often see:
DHCPDISCOVER via router1
DHCPDISCOVER via router2
DHCPOFFER via router1
DHCPOFFER via router2
...or, depending on timing:
DHCPDISCOVER via router1
DHCPOFFER via router1
DHCPDISCOVER via router2
DHCPOFFER via router2
The DISCOVER messages are identical aside from source IP and giaddr.
They do of course arrive very close together in time - within a couple
of milliseconds, usually.
The vast majority of the time, this seems to work OK; whichever DISCOVER
arrives first triggers lease allocation, and the 2nd DISCOVER just hands
out the same lease.
However, I am seeing odd cases where the 2nd DISCOVER is apparently
ignored. dhcpd does not log having received it, and does not respond to
it. The packet is definitely arriving at the machine, as confirmed by
local tcpdump, but no reply goes out.
For the subnet in question there is no obvious config difference from
other working subnets, and no wider issue with connectivity to/from them.
Unfortunately this is a real problem, because in many cases, one of the
two replies will be dropped by uRPF check at the far end. A working
reply might have:
ip src=dhcpsrv dst=router1
path: routerA -> routerB -> router1
...but a failing reply might have:
ip src=dhcpsrv dst=router2
path: routerA -> routerB -> router1 -> (subnet at layer2) -> router2
i.e. path to "router2" giaddr is via router1 from that position in the
network. When the packet arrives at router2, it has an invalid source
and fails the uRPF check.
If the packet dhcpd ignores is the one from giaddr==router1, the client
can't get a lease.
So: why would dhcpd sporadically ignore a 2nd DISCOVER? How can I debug
this?
More information about the dhcp-users
mailing list