OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: ypanier on June 04, 2017, 02:21:39 pm

Title: [DHCP FAILOVER] Hostnames not sync --> empty hostnames
Post by: ypanier on June 04, 2017, 02:21:39 pm

Hi,

This is my first post, so forgive me if i don't provide all the necessaries informations.

First, i would like to say i had the same behavior with pfsense and that's the reason i tried OPNSense.
The fact i have the same problem on both distribution let me thinking that my problem is maybe my configuration , but i have no clue....

The two instances run on a VM under VMware ESXI with the VMXNET3 instead of E1000 and use CARP FAILOVER

The problem is, that the leases are in sync , but the hostnames are missing on the other server.

This is how the problem occur :

If the lease is give by the slave server, the hostname will be empty on the master server
If the lease is give by the master server, the hostname will be empty on the slave server
But, sometimes, randomly and it is very very very rare, the hostname and the lease are in sync between master and slave (cf: screenshot)

This is my configuration on master :

Code: [Select]

ypanier@OPNsenseMaster:~ % cat /var/dhcpd/etc/dhcpd.conf
option domain-name "localdomain";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;
option arch code 93 = unsigned integer 16; # RFC4578

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;
failover peer "dhcp_lan" {
  primary;
  address 172.16.16.1;
  port 519;
  peer address 172.16.16.2;
  peer port 520;
  max-response-delay 10;
  max-unacked-updates 10;
  split 128;
  mclt 600;

  load balance max seconds 3;
}


subnet 172.16.16.0 netmask 255.255.240.0 {
  pool {
    option domain-name-servers 172.16.31.254;
    deny dynamic bootp clients;
    failover peer "dhcp_lan";
    range 172.16.16.10 172.16.31.253;
  }

  option routers 172.16.31.254;
  option domain-name-servers 172.16.31.254;
}

This is my configuration on slave :

Code: [Select]

ypanier@OPNsenseSlave:~ % cat /var/dhcpd/etc/dhcpd.conf
option domain-name "localdomain";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;
option arch code 93 = unsigned integer 16; # RFC4578

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;
failover peer "dhcp_lan" {
  secondary;
  address 172.16.16.2;
  port 520;
  peer address 172.16.16.1;
  peer port 519;
  max-response-delay 10;
  max-unacked-updates 10;
 
  load balance max seconds 3;
}


subnet 172.16.16.0 netmask 255.255.240.0 {
  pool {
    option domain-name-servers 172.16.31.254;
    deny dynamic bootp clients;
    failover peer "dhcp_lan";
    range 172.16.16.10 172.16.31.253;
  }

  option routers 172.16.31.254;
  option domain-name-servers 172.16.31.254;
}

The CARP interfaces seems to be ok in term of advskew.

On master:

Code: [Select]

    <vip>
      <type>single</type>
      <subnet_bits>20</subnet_bits>
      <mode>carp</mode>
      <interface>lan</interface>
      <descr>VIP TOOLS</descr>
      <subnet>172.16.31.254</subnet>
      <vhid>4</vhid>
      <advskew>0</advskew>
      <advbase>1</advbase>
      <password>172.16.31.254</password>
    </vip>

On slave :

Code: [Select]

    <vip>
      <type>single</type>
      <subnet_bits>20</subnet_bits>
      <mode>carp</mode>
      <interface>lan</interface>
      <descr>VIP TOOLS</descr>
      <subnet>172.16.31.254</subnet>
      <vhid>4</vhid>
      <advskew>100</advskew>
      <advbase>1</advbase>
      <password>172.16.31.254</password>
    </vip>

The only rules on lan is this one :

Code: [Select]

    <rule>
      <type>pass</type>
      <ipprotocol>inet</ipprotocol>
      <descr>Default allow LAN to any rule</descr>
      <interface>lan</interface>
      <source>
        <network>lan</network>
      </source>
      <destination>
        <any/>
      </destination>
    </rule>



Any insights ?

Best regards,

Title: Re: [DHCP FAILOVER] Hostnames not sync --> empty hostnames
Post by: greg124816 on June 05, 2017, 07:33:19 am

Hello,
This may be dhcpd itself.

Here is a bug fixed in 4.3.5:

Code: [Select]

- Leases are now scrubbed of certain prior use information when pool
  re-balancing reassigns them from one FO peer to the other.  This
  corrects an issue where leases that were offered but ignored retained
  the client hostname from the original client. Thanks to Pavel Polacek,
  Jan Evangelista Purkyne University for reporting the issue.
  [ISC-Bugs #42008]
https://lists.isc.org/pipermail/dhcp-users/2016-October/020331.html (https://lists.isc.org/pipermail/dhcp-users/2016-October/020331.html)

This Debian Bug report on the issue shows an old stale and incorrect hostname instead of an empty hostname, but it sure seems like it could be related to your issue.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810971 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810971)

Then again, OPNsense 17.1.7 has isc-dhcp43-server-4.3.5 , so... it would seem to have that fix but maybe the first bug fix did not completey fix the issue... or maybe you are not on 17.1.7 with 4.3.5.

Definitely looks like it could be related though.

greg

Title: Re: [DHCP FAILOVER] Hostnames not sync --> empty hostnames
Post by: ypanier on June 05, 2017, 09:39:11 am

Hi greg and thanks for your answer

Sorry, i didn't mention it, but i was aware of the bug present in isc-dhcp prior to the version 4.3.5.

The OPNsense version I installed is 17.1.4 and isc-dhcp is the right version :

Code: [Select]

ypanier@OPNsenseMaster:~ % /usr/local/sbin/dhcpd --version
isc-dhcpd-4.3.5

Thanks

Title: Re: [DHCP FAILOVER] Hostnames not sync --> empty hostnames
Post by: ypanier on July 01, 2017, 10:04:24 pm

No one else have encounter this behaviour ?