4. DHCP in HA by CARP move from startup to recover

DHCP in HA by CARP move from startup to recover

  • P

    Hi Guys,
    I have two pfsense 2.2.4 stable in CARP HA cluster, they are working fine until I want to turn on DHCP in HA config.
    All the time master is in recover mode and it couldn't check his peer state. Those servers are virtualized, but that is no problem, I have set Net.ReversePathFwdCheckPromisc to Enabled, Promiscuous Mode Accept, Mac Address Changes Accept nad Forged Transmissions Accept.

    I read a few similar topics but those were described problems with version 1.2.3 and should be fixed by update. Now I have no idea and it might be bug or something!

    Master:
    IP:10.10.115.126/26
    VIP: 10.10.115.124 (active)

    Master VIP config: <virtualip><vip><mode>carp</mode>
    <interface>lan</interface>
    <vhid>1</vhid>
    <advskew>1</advskew>
    <advbase>1</advbase>
    <password>—secret–-</password>

    <type>single</type>
    <subnet_bits>26</subnet_bits>
    <subnet>10.10.115.124</subnet></vip>

    Slave:
    IP: 10.10.115.125/26
    VIP: 10.10.115.124 (backup)

    Slave VIP config:
    <virtualip><vip><mode>carp</mode>
    <interface>lan</interface>
    <vhid>1</vhid>
    <advskew>101</advskew>
    <advbase>1</advbase>
    <password>—secret–-</password>

    <type>single</type>
    <subnet_bits>26</subnet_bits>
    <subnet>10.10.115.124</subnet></vip>

    Master DHCP config:

    <dhcpd><lan><range><from>10.10.115.71</from>
    <to>10.10.115.123</to></range>
    <enable><failover_peerip>10.10.115.125</failover_peerip>
    <dhcpleaseinlocaltime><defaultleasetime>600</defaultleasetime>
    <maxleasetime>900</maxleasetime>
    <netmask><gateway>10.10.115.124</gateway>
    <domain>domain/domain>
    <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dnsserver>10.10.115.124</dnsserver></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></domain></netmask></dhcpleaseinlocaltime></enable></lan></dhcpd>

    Slave DHCP config:
    <dhcpd><lan><range><from>10.10.115.71</from>
    <to>10.10.115.123</to></range>
    <enable><failover_peerip>10.10.115.126</failover_peerip>
    <dhcpleaseinlocaltime><defaultleasetime>600</defaultleasetime>
    <maxleasetime>900</maxleasetime>
    <netmask><gateway>10.10.115.124</gateway>
    <domain>domain</domain>
    <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dnsserver>10.10.115.124</dnsserver></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></netmask></dhcpleaseinlocaltime></enable></lan></dhcpd>

    Master DHCP log:
    Jul 25 02:11:09 dhcpd: Internet Systems Consortium DHCP Server 4.2.8
    Jul 25 02:11:09 dhcpd: All rights reserved.
    Jul 25 02:11:09 dhcpd: Copyright 2004-2015 Internet Systems Consortium.
    Jul 25 02:11:09 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Jul 25 02:11:09 dhcpd: All rights reserved.
    Jul 25 02:11:09 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Jul 25 02:11:09 dhcpd: Wrote 0 leases to leases file.
    Jul 25 02:11:09 dhcpd: Listening on BPF/em0/00:50:56:dd:dd:39/10.10.115.64/26
    Jul 25 02:11:09 dhcpd: Sending on BPF/em0/00:50:56:dd:dd:39/10.10.115.64/26
    Jul 25 02:11:09 dhcpd: Sending on Socket/fallback/fallback-net
    Jul 25 02:11:09 dhcpd: failover peer dhcp_lan: I move from recover to startup
    Jul 25 02:11:24 dhcpd: failover peer dhcp_lan: I move from startup to recover
    Jul 25 02:11:24 dhcpd: failover: link startup timeout

    Slave DHCP log:
    Jul 25 02:22:35 dhcpd: Internet Systems Consortium DHCP Server 4.2.8
    Jul 25 02:22:35 dhcpd: All rights reserved.
    Jul 25 02:22:35 dhcpd: Copyright 2004-2015 Internet Systems Consortium.
    Jul 25 02:22:35 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Jul 25 02:22:35 dhcpd: All rights reserved.
    Jul 25 02:22:35 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Jul 25 02:22:35 dhcpd: Wrote 0 leases to leases file.
    Jul 25 02:22:35 dhcpd: Listening on BPF/em0/00:50:56:ff:ff:ea/10.10.115.64/26
    Jul 25 02:22:35 dhcpd: Sending on BPF/em0/00:50:56:ff:ff:ea/10.10.115.64/26
    Jul 25 02:22:35 dhcpd: Sending on Socket/fallback/fallback-net
    Jul 25 02:22:35 dhcpd: failover peer dhcp_lan: I move from recover to startup
    Jul 25 02:22:48 dhcpd: failover: listener: no matching state
    Jul 25 02:22:50 dhcpd: failover peer dhcp_lan: I move from startup to recover
    Jul 25 02:22:53 dhcpd: failover: listener: no matching state</virtualip></virtualip>

    0

  • Did you wait 10 minutes before starting the slave or is the time off between the boxes? The time must match on the two boxes, although it usually logs something telling you as much.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy