DHCPv4 with KEA in Cluster - duplicate server responses (pfSense Version 24.11)

thomas.hohm · Apr 3, 2025, 9:29 AM

Hi,

we have a pfSense HA Cluster with 2 members.
We have configured KEA as DHCP service.
We have configured HA in DHCP/KEA.

We did some package capture on the LAN interface where dhcp service is active and found out, that each dhcp discover and each dhcp request from the client gets 2 responses from the active dhcp service.

According to everything I could investigate regarding dhcp standard behaviour, each discover and request should only be answered with 1 reply (from the same server) instead of 2 replies from the same server.

Is there something wrong in our setup, in my understanding of dhcp or in the behaviour of KEA in pfSense 24.11?

KEA config in pfsense cluster member 1:

KEA config in pfsense cluster member 2:

KEA cluster status in pfsense cluster member 1:

KEA cluster status in pfsense cluster member 2:

Finding in packet capture:

thomas.hohm · Apr 3, 2025, 9:47 AM

To add some more information: this is our dhcp setting for the LAN interface:

in total we have multiple LAN interfaces and some more have dhcp enabled.
I checked and can confirm that none of the IP address pool ranges are overlapping.

JKnott · Apr 3, 2025, 1:49 PM

DHCP supports multiple servers. When they receive a discover all can offer an address. The client then takes the first one it receives and requests an address. So, seeing multiple offers is not a problem. I don't know if a HA cluster would affect that.

thomas.hohm · Apr 7, 2025, 12:15 AM

@JKnott Thanks. I am aware of that. My question is: why is the same KEA HA cluster member (the active member) send two offers with 2 different IP addresses? For me that does not make sense if one dhcp server offers two different IP addresses from the same subnet.

thomas.hohm · Apr 7, 2025, 9:37 AM

To add some more information:

I only used configuration settings which are available via GUI.
in the dhcp log: I get warnings when kea dhcp service starts:

Apr 7 11:33:47	kea-dhcp4	48639	WARN [kea-dhcp4.dhcp4.0xdea3b812000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 16, queue size: 64
Apr 7 11:33:47	kea-dhcp4	48639	WARN [kea-dhcp4.dhcpsrv.0xdea3b812000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated
Apr 7 11:33:47	kea-dhcp4	48639	WARN [kea-dhcp4.dhcp4.0xdea3b812000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
Apr 7 11:33:47	kea-dhcp4	48639	WARN [kea-dhcp4.dhcpsrv.0xdea3b812000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.