failover issue?
Christian Bösch
boesch at fhv.at
Tue Apr 7 07:28:44 UTC 2015
> On 03 Apr 2015, at 14:30 , Bob Harold <rharolde at umich.edu> wrote:
>
>
> On Fri, Apr 3, 2015 at 2:46 AM, Christian Bösch <boesch at fhv.at <mailto:boesch at fhv.at>> wrote:
> sure below are the config snippets:
> thanks for investigation,
> chris
>
> —
> server1:
>
> failover peer "dhcp-failover" {
> primary;
> address 10.10.40.21;
> port 647;
> peer address 10.10.40.22;
> peer port 647;
> max-response-delay 30;
> max-unacked-updates 10;
> load balance max seconds 3;
> mclt 1800;
> split 128;
> }
>
> group {
> if exists agent.circuit-id
> {
> log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
> cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
> }
> if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
> ddns-updates off;
> default-lease-time 60;
> max-lease-time 120;
> }
> option domain-name-servers dns1.abc.net <http://dns1.abc.net/>, dns2.abc.net <http://dns2.abc.net/>;
> option subnet-mask 255.255.255.0;
> ddns-domainname "lan.abc.net <http://lan.abc.net/>";
> ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
> option domain-name "lan.abc.net <http://lan.abc.net/>";
> subnet 172.21.166.0 netmask 255.255.255.0 {
> option routers 172.21.166.1;
> pool {
> failover peer "dhcp-failover";
> deny dynamic bootp clients;
> allow unknown-clients;
> default-lease-time 300;
> max-lease-time 600;
> range 172.21.166.5 172.21.166.254;
> }
> }
> }
>
>
> server2:
>
> failover peer "dhcp-failover" {
> secondary;
> address 10.10.40.22;
> port 647;
> peer address 10.10.40.21;
> peer port 647;
> max-response-delay 30;
> max-unacked-updates 10;
> load balance max seconds 3;
> }
>
> group {
> if exists agent.circuit-id
> {
> log ( info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " is connected to interface ", binary-to-ascii(10, 8, "/", suffix ( option agent.cir
> cuit-id, 2)), " , VLAN ", binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2))));
> }
> if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
> ddns-updates off;
> default-lease-time 60;
> max-lease-time 120;
> }
> option domain-name-servers dns1.abc.net <http://dns1.abc.net/>, dns2.abc.net <http://dns2.abc.net/>;
> option subnet-mask 255.255.255.0;
> ddns-domainname "lan.abc.net <http://lan.abc.net/>";
> ddns-rev-domainname "128-191.21.172.in-addr.arpa.";
> option domain-name "lan.abc.net <http://lan.abc.net/>";
> subnet 172.21.166.0 netmask 255.255.255.0 {
> option routers 172.21.166.1;
> pool {
> failover peer "dhcp-failover";
> deny dynamic bootp clients;
> allow unknown-clients;
> default-lease-time 300;
> max-lease-time 600;
> range 172.21.166.5 172.21.166.254;
> }
> }
> }
>
>
> Check for the MAC address (3c:97:0e:b8:6d:40) being defined anywhere in the dhcpd.conf file. If it has "host" declaration, it is a "known" client and will fail the "allow unknown-clients" test. Because you have an "allow" line, the default changes to "deny all others". If you remove the "allow unknown-clients" line, the default will be "allow everyone" - please try that, at least temporarily, to see if it fixes the "peer holds all free leases" message.
The MAC was known through a subclass declaration. So it was exactly the case you mentioned above.
>
> As an aside, perhaps "peer holds all free leases" should be reworded like "I don't have a lease that I am allowed to give you, but you could check with my peer in case it has different rules". But in a failover setup it would seem odd for a peer to have a different set of rules.
Yes, a clearer error message would be nice…
Thanks,
Chris
>
>> On 02 Apr 2015, at 16:33 , Patrick Trapp <ptrapp at nex-tech.com <mailto:ptrapp at nex-tech.com>> wrote:
>>
>> Can you share the config? You should generalize anything sensitive - whatever you post will be on the list forever...
>>
>> From: dhcp-users-bounces at lists.isc.org <mailto:dhcp-users-bounces at lists.isc.org> [dhcp-users-bounces at lists.isc.org <mailto:dhcp-users-bounces at lists.isc.org>] on behalf of Christian Bösch [boesch at fhv.at <mailto:boesch at fhv.at>]
>> Sent: Thursday, April 02, 2015 5:52 AM
>> To: dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>> Subject: failover issue?
>>
>> Hi,
>>
>> I have a pair of failover dhcp servers (4.2.4) which work fine for a long time.
>> Now I added some subnets (same config like the old working one) and in that
>> subnets I get on both servers:
>>
>> Apr 2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr 2 12:44:52 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr 2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr 2 12:44:56 dns1 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>>
>>
>> Apr 2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr 2 12:44:52 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr 2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>> Apr 2 12:44:56 dns2 dhcpd: DHCPDISCOVER from 3c:97:0e:b8:6d:40 via 172.21.166.1 <http://172.21.166.1/>: peer holds all free leases
>>
>> But the pool seems to be well balanced:
>>
>> Apr 2 12:43:56 dns1 dhcpd: balancing pool 8019f8880 172.21.166.0/24 <http://172.21.166.0/24> total 250 free 125 backup 125 lts 0 max-own (+/-)25
>> Apr 2 12:43:56 dns1 dhcpd: balanced pool 8019f8880 172.21.166.0/24 <http://172.21.166.0/24> total 250 free 125 backup 125 lts 0 max-misbal 38
>>
>> Apr 2 12:43:56 dns2 dhcpd: balancing pool 8019ef880 172.21.166.0/24 <http://172.21.166.0/24> total 250 free 125 backup 125 lts 0 max-own (+/-)25
>> Apr 2 12:43:56 dns2 dhcpd: balanced pool 8019ef880 172.21.166.0/24 <http://172.21.166.0/24> total 250 free 125 backup 125 lts 0 max-misbal 38
>>
>> Does anyone have an idea what could be the reason for that?
>> Thanks,
>> Chris
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150407/c9ee7a1d/attachment-0001.html>
More information about the dhcp-users
mailing list