CARP + Redundant DHCP Server



  • Running the latest snapshot (have been upgrading).

    Relevant portion of config file:

    <virtualip><vip><mode>carp</mode>
                            <interface>wan</interface>
                            <vhid>1</vhid>
                            <advskew>100</advskew>
                            <password>xpert007</password>

    <type>single</type>
                            <subnet_bits>24</subnet_bits>
                            <subnet>192.168.4.150</subnet></vip>
                    <vip><===== Problem</vip></virtualip>

    Not sure where it came from, but extra <vip>was killing the logic that generates dhcpd.conf for the secondary server.  Removing this tag made secondary DHCP work.

    Found strangeness here:

    /etc/inc/services.inc around line 160

    foreach ($a_vip as $vipent) {
          if($int == $real_dhcpif) {
                  /* this is the interface! */
                  $dhcpdconf .= "have an interface, ip = ".$vipent['ip']." advskew = ".$vipent['advskew']."\n";
                  if($vipent['advskew'] < "20")
                                      $skew = 0;
                  }
            }

    Seems to loop through all virtual IPs, but if statement has no effect because variables are defined before the loop and do no change.
    Shouldn't this evaluate once for applicatable virtual IP?  Strange (blank?) VIP with no parameters was always setting the skew to 0.

    Would be nice to document that advskew for CARP on peer must be >= 20 for secondary DHCP server to work correctly as well.

    Thanks again for making pfSense the great platform it is today  ;D</vip>



  • Can you please file an issue on redmine.pfsense.org?


  • Rebel Alliance Developer Netgate

    I have seen this happen before, usually when someone incorrectly used proxy arp VIPs on the master which sync'd to the slave as empty entries.

    The DHCP server code needs a little better logic though in that regard, though. I thought I committed a fix for this when I found the issue, I don't see it now.


Log in to reply