[prev in list] [next in list] [prev in thread] [next in thread]
List: dhcp-users
Subject: Re: DHCP server, duplicate forwards from VRRP'd relays
From: Bob Harold <rharolde () umich ! edu>
Date: 2017-10-31 20:32:28
Message-ID: CA+nkc8AJYREuG0euPO33u8JKK1PMuaiSEOOhaF-_jwGpyYNLNw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Tue, Oct 31, 2017 at 1:07 PM, Tim DeNike <tim@denike.us> wrote:
> Normally you want both to actively forward requests and receive
> responses. In the case that you might have ARP inspection or something of
> the sort enabled on the routers. Both routers need to know the servers
> response.
>
>
>
> On Tue, Oct 31, 2017 at 1:00 PM, Brennan,Andrew <andrew.brennan@drexel.edu
> > wrote:
>
>> Ok, so I've looked for what I think I'm looking for in the dhcpd.conf man
>> page and can't find it. But, I might have something in mind that doesn't
>> exist - not sure.
>>
>> I have two NAT appliances forwarding my client DHCP discover/requests to
>> the server and the server - having no configuration otherwise - replies to
>> both with corresponding offer packets, etc. Seems like overkill to me and
>> I've opened a case with the vendor to see if I can't configure only the
>> active router do the relaying -- but I had a thought that my server *could*
>> be configured to know that both relays are doing the same job and that it
>> only needs to respond to one of those requests (or prefer one over the
>> other, etc.).
>>
>> Is there a corresponding configuration that I haven't figured out yet?
>> Or is this something that doesn't exist (yet) in the realm of the ISC
>> DHCPD? And, lastly ... if it doesn't exist as an option, would this be a
>> useful option/feature for the server?
>>
>> Thanks!
>>
>> andrew.
>>
>>
I think that is the way it is expected to work. That has the least
complications for servers or routers "remembering" and "detecting" when
other things respond or fail to respond. We have two routers on each
subnet (HSRP) and two DHCP servers in failover, so the clients get four
responses to a discover, and the client chooses which one it wants (usually
just takes the first). Its a lot of traffic and logs (hitting Splunk) but
that's the way it is.
You might look at KEA to see if it will act differently.
--
Bob Harold
[Attachment #5 (text/html)]
<div dir="ltr"><div class="gmail_extra"><div><div class="gmail_signature" \
data-smartmail="gmail_signature"><br></div></div><div class="gmail_quote">On Tue, Oct \
31, 2017 at 1:07 PM, Tim DeNike <span dir="ltr"><<a href="mailto:tim@denike.us" \
target="_blank">tim@denike.us</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Normally you want both to actively forward \
requests and receive responses. In the case that you might have ARP inspection or \
something of the sort enabled on the routers. Both routers need to know the servers \
response.<div><br></div><div><br></div></div><div class="gmail_extra"><br><div \
class="gmail_quote"><div><div class="h5">On Tue, Oct 31, 2017 at 1:00 PM, \
Brennan,Andrew <span dir="ltr"><<a href="mailto:andrew.brennan@drexel.edu" \
target="_blank">andrew.brennan@drexel.edu</a>></span> \
wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div style="word-wrap:break-word">
<div style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helvetica,sans-serif;font-size:16px">
Ok, so I've looked for what I think I'm looking for in the dhcpd.conf man \
page and can't find it. But, I might have something in mind that doesn't \
exist - not sure.</div> <div \
style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helvetica,sans-serif;font-size:16px">
<br>
</div>
<div style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helvetica,sans-serif;font-size:16px">
I have two NAT appliances forwarding my client DHCP discover/requests to the server \
and the server - having no configuration otherwise - replies to both with \
corresponding offer packets, etc. Seems like overkill to me and I've opened a \
case with the vendor to see if I can't configure only the active router do the \
relaying -- but I had a thought that my server *could* be configured to know that \
both relays are doing the same job and that it only needs to respond to one of those \
requests (or prefer one over the other, etc.).</div>
<div style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helvetica,sans-serif;font-size:16px">
<br>
</div>
<div style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helvetica,sans-serif;font-size:16px">
Is there a corresponding configuration that I haven't figured out yet? Or is \
this something that doesn't exist (yet) in the realm of the ISC DHCPD? And, \
lastly ... if it doesn't exist as an option, would this be a useful \
option/feature for the server?</div> <div \
style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helvetica,sans-serif;font-size:16px">
<br>
</div>
<div style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helvetica,sans-serif;font-size:16px">
Thanks!</div><span class="m_1949152524998775173HOEnZb"><font color="#888888">
<div style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helvetica,sans-serif;font-size:16px">
<br>
</div>
<div style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helvetica,sans-serif;font-size:16px">
andrew.</div><div style="margin-top:0px;margin-bottom:0px;font-family:Calibri,Helveti \
ca,sans-serif;font-size:16px"><br></div></font></span></div></div></div></blockquote></div></div></blockquote><div><br></div><div>I \
think that is the way it is expected to work. That has the least complications for \
servers or routers "remembering" and "detecting" when other \
things respond or fail to respond. We have two routers on each subnet (HSRP) and \
two DHCP servers in failover, so the clients get four responses to a discover, and \
the client chooses which one it wants (usually just takes the first). Its a lot of \
traffic and logs (hitting Splunk) but that's the way it is.</div><div>You might \
look at KEA to see if it will act differently.</div><div> </div><div>-- \
</div><div>Bob Harold</div><div><br></div></div><br></div></div>
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic