Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCPv4 with KEA in Cluster - duplicate server responses (pfSense Version 24.11)

    DHCP and DNS
    2
    5
    70
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thomas.hohm
      last edited by

      Hi,

      we have a pfSense HA Cluster with 2 members.
      We have configured KEA as DHCP service.
      We have configured HA in DHCP/KEA.

      We did some package capture on the LAN interface where dhcp service is active and found out, that each dhcp discover and each dhcp request from the client gets 2 responses from the active dhcp service.

      According to everything I could investigate regarding dhcp standard behaviour, each discover and request should only be answered with 1 reply (from the same server) instead of 2 replies from the same server.

      Is there something wrong in our setup, in my understanding of dhcp or in the behaviour of KEA in pfSense 24.11?

      KEA config in pfsense cluster member 1:
      0e2b1dee-32b3-4da2-b2a3-852633aa8633-image.png

      KEA config in pfsense cluster member 2:
      27b33af7-d841-4244-b093-af09d60a5dfd-image.png

      KEA cluster status in pfsense cluster member 1:
      f7b95632-4579-4991-9228-34dc9b07b414-image.png

      KEA cluster status in pfsense cluster member 2:
      e8635c7c-28ba-4916-b19a-6980e5d976ea-image.png

      Finding in packet capture:
      3cacb2b7-0471-4e40-8d3b-30642290a42a-image.png

      T 1 Reply Last reply Reply Quote 0
      • T
        thomas.hohm @thomas.hohm
        last edited by

        To add some more information: this is our dhcp setting for the LAN interface:
        99fdf0dd-c9a2-4bfc-88f9-bf77f786db7d-image.png

        in total we have multiple LAN interfaces and some more have dhcp enabled.
        I checked and can confirm that none of the IP address pool ranges are overlapping.

        1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott
          last edited by

          DHCP supports multiple servers. When they receive a discover all can offer an address. The client then takes the first one it receives and requests an address. So, seeing multiple offers is not a problem. I don't know if a HA cluster would affect that.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          T 1 Reply Last reply Reply Quote 0
          • T
            thomas.hohm @JKnott
            last edited by

            @JKnott Thanks. I am aware of that. My question is: why is the same KEA HA cluster member (the active member) send two offers with 2 different IP addresses? For me that does not make sense if one dhcp server offers two different IP addresses from the same subnet.

            1 Reply Last reply Reply Quote 0
            • T
              thomas.hohm
              last edited by

              To add some more information:

              • I only used configuration settings which are available via GUI.
              • in the dhcp log: I get warnings when kea dhcp service starts:
              Apr 7 11:33:47	kea-dhcp4	48639	WARN [kea-dhcp4.dhcp4.0xdea3b812000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 16, queue size: 64
Apr 7 11:33:47	kea-dhcp4	48639	WARN [kea-dhcp4.dhcpsrv.0xdea3b812000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated
Apr 7 11:33:47	kea-dhcp4	48639	WARN [kea-dhcp4.dhcp4.0xdea3b812000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
Apr 7 11:33:47	kea-dhcp4	48639	WARN [kea-dhcp4.dhcpsrv.0xdea3b812000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.