Send dhcp-users mailing list submissions to
[email protected]
Advertising
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. RE: ISC-dhcp subnet limit? (Rob Morin)
2. RE: ISC-dhcp subnet limit? (Rob Morin)
3. dhclient - DHCPv6 - background after timeout? (Scott Talbert)
----------------------------------------------------------------------
Message: 1
Date: Thu, 28 Jan 2016 02:21:48 +0000
From: Rob Morin <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: RE: ISC-dhcp subnet limit?
Message-ID:
<by2pr01mb1703e0b8246968bdd1ad4324ca...@by2pr01mb1703.prod.exchangelabs.com>
Content-Type: text/plain; charset="iso-8859-1"
Fyi, each server is a quad core xeon with 8 gigs of ram, one server will have
its disk replaced as its not a raid and it has a high wait time of 95% all the
time, secondary server has a raid1 same specs as first server and wait time is
under 5% most of the time.
Both servers have bonded(lacp) nics so total bandwidth is 2 gigs(2x1gig ports)
Rob Morin
Gestionnaire des syst?mes | Senior System administrator
T 514 385-4448 #174 DATAVALET.COM
5275, chemin Queen-Mary, Montr?al (Qu?bec) H3W 1Y3 Canada
CE COURRIEL AINSI QUE CES DOCUMENTS JOINTS peuvent contenir des renseignements
confidentiels et privil?gi?s. Si vous n'?tes pas le destinataire d?sign?,
veuillez nous en informer imm?diatement et effacer toute copie. Merci.
THIS EMAIL AND THE DOCUMENTS ATTACHED may contain privileged or confidential
information. If the reader of this message is not the intended recipient,
please notify the sender immediately and delete the original message. Thank you.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Rob Morin
Sent: Wednesday, January 27, 2016 9:18 PM
To: Users of ISC DHCP <[email protected]>
Subject: RE: ISC-dhcp subnet limit?
Thanks for the quick reply Dave, on each of the servers there are 2 vlans, one
is internal/admin(VLAN01) and one is dmz(VLAN02), where the requests/discovers
come in. From my testing so far it seems that a discover comes in on vlan02,
and the offer and ack go out on vlan01. I do not think this is an issue as per
our network guys, but I thought I would mention it.
Discover comes in via vlan02 through a firewall, but when it goes out on vlan01
there is no firewall.
Here is /etc/dhcp/dhcpd.conf of secondary
authoritative;
log-facility local7;
option domain-name "dyn";
default-lease-time 1200; # 20 minutes to match the default clients session
duration max-lease-time 3600; # 1h include "/etc/dhcp/dhcpd_secondary.conf";
include "/etc/dhcp/dhcpd_pools.conf";
Here is the "/etc/dhcp/dhcpd_secondary.conf file
## SECONDARY
failover peer "dhcp-failover" {
secondary; # declare this to be the secondary server address 172.30.128.10;
port 647; peer address 172.30.128.9; peer port 647; max-response-delay 30;
max-unacked-updates 10; load balance max seconds 3; # mclt 1800; #No "split"
statement on secondary }
Our lease time is short as per client request, we cannot alter it, its in the
contract.
As for users, there are 10's of thousands of users at any given time...
Here is a very recent log exert on secondary..
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 68:d9:3c:56:a6:bb via
10.49.66.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd:
DHCPDISCOVER from 10:a5:d0:17:34:96 via 10.37.5.1: peer holds all free leases
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.37.104.252 (172.30.129.9) from
5c:8d:4e:a2:06:ff via 10.37.104.1: not responding (recovering) Jan 27 21:10:29
dhcp-2 dhcpd: DHCPREQUEST for 10.50.33.204 (172.30.129.9) from
90:e7:c4:d3:7d:51 via 10.50.33.1: not responding (recovering)
Here are some misc log entries that you might find useful...
Jan 27 14:45:03 dhcp-1 dhcpd: Wrote 1169142 leases to leases file.
Jan 27 15:29:21 dhcp-1 dhcpd: Wrote 1169401 leases to leases file.
Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
Jan 27 15:50:25 dhcp-1 dhcpd: peer dhcp-failover: disconnected Jan 27 16:19:38
dhcp-1 dhcpd: peer dhcp-failover: disconnected
Jan 27 16:16:39 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 16:18:55
dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 14:15:51 dhcp-2 dhcpd:
Wrote 0 leases to leases file.
Jan 27 15:28:38 dhcp-2 dhcpd: Wrote 29890 leases to leases file.
Jan 27 15:35:41 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
Jan 27 15:50:28 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
Any help appreciated...
Rob
Montreal, Canada
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of dave c
Sent: Wednesday, January 27, 2016 9:02 PM
To: Users of ISC DHCP <[email protected]>
Subject: Re: ISC-dhcp subnet limit?
Curious why your network seems to have 6,000 subnets all living in a single
vlan...
But, in order to diagnose the partner issue, we'd need to see the partner
config segments as well.
To answer whether it matters if requests arrive on eth1 and answers go out on
eth0, the real question is what are the differences between them. Does one go
out to a firewall while the second is a direct connection? I don't see a
statement in your config telling dhcpd which IP address/port to listen and
respond on. You can force it to use eth1 if you feel it should be doing so.
I'm also wondering why your lease time is so short. That would seem to generate
a lot of traffic to the dhcp server that otherwise wouldn't be needed. How many
users are there in these 6,000 subnets?
Dave
On 1/27/16 19:12, Rob Morin wrote:
> Hello all, my first post here, so please be gentle J
>
> I have inherited 2 dhcp servers, one primary(dhcp-1) & one
> secondary(dhcp-2) running
> isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)
>
> We are having a few issues, and I cannot seem to figure out whats
> going on. I have a few questions, maybe someone can help me with.
>
> Is there a max limit to how many subnets can be used in the pools? As
> currently we are using just over 6000 subnets
>
> Currently our secondary dhcp-server is always in recovery mode, not sure why?
>
> Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?
>
> My primary server /etc/dhcpd.conf file
>
> authoritative;
>
> log-facility local7;
>
> option domain-name "dyn";
>
> option domain-name-servers 172.30.64.210, 172.30.64.220;
>
> default-lease-time 1200;
>
> max-lease-time 3600; # 1h
>
> include "/etc/dhcp/dhcpd_pools.conf";
>
> # Include the primary configuration
>
> include "/etc/dhcp/dhcpd_primary.conf";
>
> /etc/dhcp/dhcpd_primary has the following
>
> ## PRIMARY
>
> failover peer "tdl-dhcp-failover" {
>
> primary; # declare this to be the primary server
>
> address 172.30.128.9;
>
> port 647;
>
> peer address 172.30.128.10;
>
> peer port 647;
>
> max-response-delay 30;
>
> max-unacked-updates 10;
>
> load balance max seconds 3;
>
> mclt 1800;
>
> split 128;
>
> }
>
> Exert from dhcpd_pools file, starts like this....
>
> subnet 10.32.0.0 netmask 255.255.255.0 {
>
> option routers 10.32.0.1;
>
> pool {
>
> failover peer "dhcp-failover";
>
> range 10.32.0.5 10.32.0.254;
>
> }
>
> }
>
> And finishes like this, with all the subnets in between...
>
> subnet 10.57.255.0 netmask 255.255.255.0 {
>
> option routers 10.57.255.1;
>
> pool {
>
> failover peer "dhcp-failover";
>
> range 10.57.255.5 10.57.255.254;
>
> }
>
> }
>
> Example Exert from logs on both serves of a client that could not get
> an IP
>
>
> from dhcp-1
> Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b
> (iPhone) via 10.50.170.1 Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on
> 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via
> 10.50.170.1
>
> from dhcp-2
> Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via
> 10.50.170.1: peer holds all free leases Jan 27 18:54:04 dhcp-2 dhcpd:
> DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all
> free leases
>
> Never see the ACK.
>
> Any suggestion would be greatly appreciated.. :
>
> Thanks...
>
> Rob
>
> Montreal Canada
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
Dave Calafrancesco
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 2
Date: Thu, 28 Jan 2016 03:49:17 +0000
From: Rob Morin <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: RE: ISC-dhcp subnet limit?
Message-ID:
<by2pr01mb1703c76a0326db63a63a10beca...@by2pr01mb1703.prod.exchangelabs.com>
Content-Type: text/plain; charset="us-ascii"
We use 2 vlans that dhcpd binds to, vlan01 & vlan02
Just fyi again here is exert from dhcp-1
Jan 27 16:17:24 dhcp-1 kernel: [491611.485812] init: isc-dhcp-server main
process (15116) killed by PIPE signal
Jan 27 16:17:24 dhcp-1 kernel: [491611.485837] init: isc-dhcp-server main
process ended, respawning
Jan 27 16:17:25 dhcp-1 dhcpd: Copyright 2004-2012 Internet Systems Consortium.
Jan 27 16:17:25 dhcp-1 dhcpd: All rights reserved.
Jan 27 16:17:25 dhcp-1 dhcpd: For info, please visit
https://www.isc.org/software/dhcp/
Jan 27 16:17:26 dhcp-1 dhcpd: Copyright 2004-2012 Internet Systems Consortium.
Jan 27 16:17:26 dhcp-1 dhcpd: All rights reserved.
Jan 27 16:17:26 dhcp-1 dhcpd: For info, please visit
https://www.isc.org/software/dhcp/
Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd: No subnet declaration for bond0 (9.0.0.1).
Jan 27 16:17:37 dhcp-1 dhcpd: ** Ignoring requests on bond0. If this is not
what
Jan 27 16:17:37 dhcp-1 dhcpd: you want, please write a subnet declaration
Jan 27 16:17:37 dhcp-1 dhcpd: in your dhcpd.conf file for the network segment
Jan 27 16:17:37 dhcp-1 dhcpd: to which interface bond0 is attached. **
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd: No subnet declaration for eth4 (no IPv4
addresses).
Jan 27 16:17:37 dhcp-1 dhcpd: ** Ignoring requests on eth4. If this is not what
Jan 27 16:17:37 dhcp-1 dhcpd: you want, please write a subnet declaration
Jan 27 16:17:37 dhcp-1 dhcpd: in your dhcpd.conf file for the network segment
Jan 27 16:17:37 dhcp-1 dhcpd: to which interface eth4 is attached. **
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd: No subnet declaration for eth0 (no IPv4
addresses).
Jan 27 16:17:37 dhcp-1 dhcpd: ** Ignoring requests on eth0. If this is not what
Jan 27 16:17:37 dhcp-1 dhcpd: you want, please write a subnet declaration
Jan 27 16:17:37 dhcp-1 dhcpd: in your dhcpd.conf file for the network segment
Jan 27 16:17:37 dhcp-1 dhcpd: to which interface eth0 is attached. **
Jan 27 16:17:37 dhcp-1 dhcpd:
Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from
partner-down to startup
Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup
to partner-down
Jan 27 16:17:37 dhcp-1 dhcpd: failover peer dhcp-failover: I move from
partner-down to startup
Jan 27 16:17:46 dhcp-1 dhcpd: failover peer dhcp-failover: I move from startup
to partner-down
And now from dhcp-2
Jan 27 16:17:19 dhcp-2 dhcpd: failover: link startup timeout
Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from
partner-down to partner-down
Jan 27 16:17:56 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from
partner-down to partner-down
Jan 27 16:28:41 dhcp-2 dhcpd: failover peer dhcp-failover: peer moves from
partner-down to partner-down
Thanks....
Rob
Montreal, Canada
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Rob Morin
Sent: Wednesday, January 27, 2016 9:18 PM
To: Users of ISC DHCP <[email protected]>
Subject: RE: ISC-dhcp subnet limit?
Thanks for the quick reply Dave, on each of the servers there are 2 vlans, one
is internal/admin(VLAN01) and one is dmz(VLAN02), where the requests/discovers
come in. From my testing so far it seems that a discover comes in on vlan02,
and the offer and ack go out on vlan01. I do not think this is an issue as per
our network guys, but I thought I would mention it.
Discover comes in via vlan02 through a firewall, but when it goes out on vlan01
there is no firewall.
Here is /etc/dhcp/dhcpd.conf of secondary
authoritative;
log-facility local7;
option domain-name "dyn";
default-lease-time 1200; # 20 minutes to match the default clients session
duration max-lease-time 3600; # 1h include "/etc/dhcp/dhcpd_secondary.conf";
include "/etc/dhcp/dhcpd_pools.conf";
Here is the "/etc/dhcp/dhcpd_secondary.conf file
## SECONDARY
failover peer "dhcp-failover" {
secondary; # declare this to be the secondary server address 172.30.128.10;
port 647; peer address 172.30.128.9; peer port 647; max-response-delay 30;
max-unacked-updates 10; load balance max seconds 3; # mclt 1800; #No "split"
statement on secondary }
Our lease time is short as per client request, we cannot alter it, its in the
contract.
As for users, there are 10's of thousands of users at any given time...
Here is a very recent log exert on secondary..
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPDISCOVER from 68:d9:3c:56:a6:bb via
10.49.66.1: not responding (recovering) Jan 27 21:10:29 dhcp-2 dhcpd:
DHCPDISCOVER from 10:a5:d0:17:34:96 via 10.37.5.1: peer holds all free leases
Jan 27 21:10:29 dhcp-2 dhcpd: DHCPREQUEST for 10.37.104.252 (172.30.129.9) from
5c:8d:4e:a2:06:ff via 10.37.104.1: not responding (recovering) Jan 27 21:10:29
dhcp-2 dhcpd: DHCPREQUEST for 10.50.33.204 (172.30.129.9) from
90:e7:c4:d3:7d:51 via 10.50.33.1: not responding (recovering)
Here are some misc log entries that you might find useful...
Jan 27 14:45:03 dhcp-1 dhcpd: Wrote 1169142 leases to leases file.
Jan 27 15:29:21 dhcp-1 dhcpd: Wrote 1169401 leases to leases file.
Jan 27 16:17:35 dhcp-1 dhcpd: Wrote 1169721 leases to leases file.
Jan 27 15:50:25 dhcp-1 dhcpd: peer dhcp-failover: disconnected Jan 27 16:19:38
dhcp-1 dhcpd: peer dhcp-failover: disconnected
Jan 27 16:16:39 dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 16:18:55
dhcp-2 dhcpd: peer dhcp-failover: disconnected Jan 27 14:15:51 dhcp-2 dhcpd:
Wrote 0 leases to leases file.
Jan 27 15:28:38 dhcp-2 dhcpd: Wrote 29890 leases to leases file.
Jan 27 15:35:41 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
Jan 27 15:50:28 dhcp-2 dhcpd: Wrote 29920 leases to leases file.
Any help appreciated...
Rob
Montreal, Canada
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of dave c
Sent: Wednesday, January 27, 2016 9:02 PM
To: Users of ISC DHCP <[email protected]>
Subject: Re: ISC-dhcp subnet limit?
Curious why your network seems to have 6,000 subnets all living in a single
vlan...
But, in order to diagnose the partner issue, we'd need to see the partner
config segments as well.
To answer whether it matters if requests arrive on eth1 and answers go out on
eth0, the real question is what are the differences between them. Does one go
out to a firewall while the second is a direct connection? I don't see a
statement in your config telling dhcpd which IP address/port to listen and
respond on. You can force it to use eth1 if you feel it should be doing so.
I'm also wondering why your lease time is so short. That would seem to generate
a lot of traffic to the dhcp server that otherwise wouldn't be needed. How many
users are there in these 6,000 subnets?
Dave
On 1/27/16 19:12, Rob Morin wrote:
> Hello all, my first post here, so please be gentle J
>
> I have inherited 2 dhcp servers, one primary(dhcp-1) & one
> secondary(dhcp-2) running
> isc-dhcpd-4.2.4 on Ubuntu 14.0(Trusty)
>
> We are having a few issues, and I cannot seem to figure out whats
> going on. I have a few questions, maybe someone can help me with.
>
> Is there a max limit to how many subnets can be used in the pools? As
> currently we are using just over 6000 subnets
>
> Currently our secondary dhcp-server is always in recovery mode, not sure why?
>
> Does it matter if a DISCOVER comes in on eth1 but OFFER goes out on eth0?
>
> My primary server /etc/dhcpd.conf file
>
> authoritative;
>
> log-facility local7;
>
> option domain-name "dyn";
>
> option domain-name-servers 172.30.64.210, 172.30.64.220;
>
> default-lease-time 1200;
>
> max-lease-time 3600; # 1h
>
> include "/etc/dhcp/dhcpd_pools.conf";
>
> # Include the primary configuration
>
> include "/etc/dhcp/dhcpd_primary.conf";
>
> /etc/dhcp/dhcpd_primary has the following
>
> ## PRIMARY
>
> failover peer "tdl-dhcp-failover" {
>
> primary; # declare this to be the primary server
>
> address 172.30.128.9;
>
> port 647;
>
> peer address 172.30.128.10;
>
> peer port 647;
>
> max-response-delay 30;
>
> max-unacked-updates 10;
>
> load balance max seconds 3;
>
> mclt 1800;
>
> split 128;
>
> }
>
> Exert from dhcpd_pools file, starts like this....
>
> subnet 10.32.0.0 netmask 255.255.255.0 {
>
> option routers 10.32.0.1;
>
> pool {
>
> failover peer "dhcp-failover";
>
> range 10.32.0.5 10.32.0.254;
>
> }
>
> }
>
> And finishes like this, with all the subnets in between...
>
> subnet 10.57.255.0 netmask 255.255.255.0 {
>
> option routers 10.57.255.1;
>
> pool {
>
> failover peer "dhcp-failover";
>
> range 10.57.255.5 10.57.255.254;
>
> }
>
> }
>
> Example Exert from logs on both serves of a client that could not get
> an IP
>
>
> from dhcp-1
> Jan 27 18:30:31 dhcp-1 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b
> (iPhone) via 10.50.170.1 Jan 27 18:30:31 dhcp-1 dhcpd: DHCPOFFER on
> 10.50.170.93 to fc:e9:98:bc:a8:7b (iPhone) via
> 10.50.170.1
>
> from dhcp-2
> Jan 27 18:53:55 dhcp-2 dhcpd: DHCPDISCOVER from fc:e9:98:bc:a8:7b via
> 10.50.170.1: peer holds all free leases Jan 27 18:54:04 dhcp-2 dhcpd:
> DHCPDISCOVER from fc:e9:98:bc:a8:7b via 10.50.170.1: peer holds all
> free leases
>
> Never see the ACK.
>
> Any suggestion would be greatly appreciated.. :
>
> Thanks...
>
> Rob
>
> Montreal Canada
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
Dave Calafrancesco
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 3
Date: Wed, 27 Jan 2016 23:00:57 -0500 (EST)
From: Scott Talbert <[email protected]>
To: [email protected]
Subject: dhclient - DHCPv6 - background after timeout?
Message-ID: <[email protected]>
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Hello,
When running dhclient in DHCPv4 mode, it seems the default behavior is to
background itself if a timeout occurs (ie, if no response is received
within 60 seconds). In DHCPv6 mode, it seems the default behavior is to
wait forever in the event of a non-response. Is there a way to get the
background after timeout behavior with DHCPv6? As best I can tell, there
is not, but I could be overlooking something.
Thanks,
Scott
------------------------------
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
End of dhcp-users Digest, Vol 87, Issue 15
******************************************
