CARP sync renders both DHCPs enabled



  • 2.3.1-RELEASE-p5 (amd64), on ESXi

    I'm using limiters, so I had to disable "Synchronize states".

    I've checked to sync "DHCP Server settings", and it does sync, but the problem is CARP enables DHCP on both servers, and I'm not sure that's the good idea. I thought the correct way would be only for master to have enabled DHCP. Is slave aware of the DHCP leases handed out by master so he hands out different IPs?

    I'm worried that even if I enter "static" gateway and DNS in DHCP, I might still get some conflicts if both DHCPs are enabled.

    TIA



  • @marama:

    Is slave aware of the DHCP leases handed out by master so he hands out different IPs?

    Yes, if you have configured the option "Failover peer IP" at the master DHCP server. If you've done this the 2 boxes work as a "Failover Group". This shouldn't depend on state syncing.
    Check that in Status > DHCP Leases.



  • That's the expected and desired result, they're configured as a failover group. Not a problem, that's what you want.



  • @viragomann:

    @marama:

    Is slave aware of the DHCP leases handed out by master so he hands out different IPs?

    Yes, if you have configured the option "Failover peer IP" at the master DHCP server. If you've done this the 2 boxes work as a "Failover Group". This shouldn't depend on state syncing.
    Check that in Status > DHCP Leases.

    You're right, "Failover peer IP" is currently disabled (on master and slave). What confuses me is this:
    https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)

    "Enter the IP address of the secondary node in Failover peer IP. This will be automatically adjusted during synchronization."

    It wasn't filled during synchrinization in my case I believe.
    Anyway, I've filled in the LAN IP of the slave, now the slave has the LAN IP of the master in the same box, so I guess it's working fine.
    DHCP status on slave show this though:

    Pool Status
    Failover Group My State Since Peer State Since
    dhcp_lan (LAN) communications-interrupted 2016/07/25 17:58:03 normal 2016/07/25 17:57:32

    so I'm not sure if "communications-interrupte" sounds safe ;(



  • "communications-interrupted" is shown if the DHCP server is disabled on master.



  • @viragomann:

    "communications-interrupted" is shown if the DHCP server is disabled on master.

    Hmm, how can I debug that?
    I have DHCP on 5 interfaces, and on slave 4 of them are in state "recover", and the LAN one is in "communications-interrupted".
    On master, all 5 DHCP interfaces are "enabled".
    Any idea what could be wrong here?
    TIA



  • @marama:

    @viragomann:

    "communications-interrupted" is shown if the DHCP server is disabled on master.

    Hmm, how can I debug that?
    I have DHCP on 5 interfaces, and on slave 4 of them are in state "recover", and the LAN one is in "communications-interrupted".
    On master, all 5 DHCP interfaces are "enabled".
    Any idea what could be wrong here?
    TIA

    OK, this is the log output:

    
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: /etc/dhcpd.conf line 37: secondary may not define load balance settings.
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:   split 128;
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:          ^
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: /etc/dhcpd.conf line 51: secondary may not define load balance settings.
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:   split 128;
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:          ^
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: /etc/dhcpd.conf line 65: secondary may not define load balance settings.
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:   split 128;
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:          ^
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: /etc/dhcpd.conf line 79: secondary may not define load balance settings.
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:   split 128;
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:          ^
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: Configuration file errors encountered -- exiting
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: If you think you have received this message due to a bug rather
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: than a configuration issue please read the section on submitting
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: bugs on either our web page at www.isc.org or in the README file
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: before submitting a bug.  These pages explain the proper
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: process and the information we find helpful for debugging..
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd:
    2016-07-26T09:22:16+02:00 10.0.0.1 dhcpd: exiting.
    2016-07-26T07:22:16+02:00 10.0.0.1 php-fpm[48524]: /status_services.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid vmx0 vmx2_vlan21 vmx2_vlan22 vmx2_vlan23 vmx2_vlan100' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.3.3-P1 Copyright 2004-2016 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpd.conf line 37: secondary may not define load balance settings.   split 128;          ^ /etc/dhcpd.conf line 51: secondary may not define load balance settings.   split 128;          ^ /etc/dhcpd.conf line 65: secondary may not define load balance settings.   split 128;          ^ /etc/dhcpd.conf line 79: secondary may not define load balance settings.   split 128;          ^ Configuration file errors encountered -- exiting  If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs
    
    

    with:

    
    ...
    failover peer "dhcp_lan" {
      primary;
      address 172.16.1.16;
      port 519;
      peer address 172.16.0.3;
      peer port 520;
      max-response-delay 10;
      max-unacked-updates 10;
      split 128;
      mclt 600;
    
      load balance max seconds 3;
    }
    ...
    
    

    so how do I get rid of the "split 128"?



  • To get rid of that split error, just get rid of that line in the Secondary config file.
    It works for me ;D ;)