Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DHCP in HA by CARP move from startup to recover

    DHCP and DNS
    2
    2
    1049
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pkaroluk last edited by

      Hi Guys,
      I have two pfsense 2.2.4 stable in CARP HA cluster, they are working fine until I want to turn on DHCP in HA config.
      All the time master is in recover mode and it couldn't check his peer state. Those servers are virtualized, but that is no problem, I have set Net.ReversePathFwdCheckPromisc to Enabled, Promiscuous Mode Accept, Mac Address Changes Accept nad Forged Transmissions Accept.

      I read a few similar topics but those were described problems with version 1.2.3 and should be fixed by update. Now I have no idea and it might be bug or something!

      Master:
      IP:10.10.115.126/26
      VIP: 10.10.115.124 (active)

      Master VIP config: <virtualip><vip><mode>carp</mode>
      <interface>lan</interface>
      <vhid>1</vhid>
      <advskew>1</advskew>
      <advbase>1</advbase>
      <password>—secret–-</password>

      <type>single</type>
      <subnet_bits>26</subnet_bits>
      <subnet>10.10.115.124</subnet></vip>

      Slave:
      IP: 10.10.115.125/26
      VIP: 10.10.115.124 (backup)

      Slave VIP config:
      <virtualip><vip><mode>carp</mode>
      <interface>lan</interface>
      <vhid>1</vhid>
      <advskew>101</advskew>
      <advbase>1</advbase>
      <password>—secret–-</password>

      <type>single</type>
      <subnet_bits>26</subnet_bits>
      <subnet>10.10.115.124</subnet></vip>

      Master DHCP config:

      <dhcpd><lan><range><from>10.10.115.71</from>
      <to>10.10.115.123</to></range>
      <enable><failover_peerip>10.10.115.125</failover_peerip>
      <dhcpleaseinlocaltime><defaultleasetime>600</defaultleasetime>
      <maxleasetime>900</maxleasetime>
      <netmask><gateway>10.10.115.124</gateway>
      <domain>domain/domain>
      <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dnsserver>10.10.115.124</dnsserver></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></domain></netmask></dhcpleaseinlocaltime></enable></lan></dhcpd>

      Slave DHCP config:
      <dhcpd><lan><range><from>10.10.115.71</from>
      <to>10.10.115.123</to></range>
      <enable><failover_peerip>10.10.115.126</failover_peerip>
      <dhcpleaseinlocaltime><defaultleasetime>600</defaultleasetime>
      <maxleasetime>900</maxleasetime>
      <netmask><gateway>10.10.115.124</gateway>
      <domain>domain</domain>
      <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dnsserver>10.10.115.124</dnsserver></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></netmask></dhcpleaseinlocaltime></enable></lan></dhcpd>

      Master DHCP log:
      Jul 25 02:11:09 dhcpd: Internet Systems Consortium DHCP Server 4.2.8
      Jul 25 02:11:09 dhcpd: All rights reserved.
      Jul 25 02:11:09 dhcpd: Copyright 2004-2015 Internet Systems Consortium.
      Jul 25 02:11:09 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
      Jul 25 02:11:09 dhcpd: All rights reserved.
      Jul 25 02:11:09 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
      Jul 25 02:11:09 dhcpd: Wrote 0 leases to leases file.
      Jul 25 02:11:09 dhcpd: Listening on BPF/em0/00:50:56:dd:dd:39/10.10.115.64/26
      Jul 25 02:11:09 dhcpd: Sending on BPF/em0/00:50:56:dd:dd:39/10.10.115.64/26
      Jul 25 02:11:09 dhcpd: Sending on Socket/fallback/fallback-net
      Jul 25 02:11:09 dhcpd: failover peer dhcp_lan: I move from recover to startup
      Jul 25 02:11:24 dhcpd: failover peer dhcp_lan: I move from startup to recover
      Jul 25 02:11:24 dhcpd: failover: link startup timeout

      Slave DHCP log:
      Jul 25 02:22:35 dhcpd: Internet Systems Consortium DHCP Server 4.2.8
      Jul 25 02:22:35 dhcpd: All rights reserved.
      Jul 25 02:22:35 dhcpd: Copyright 2004-2015 Internet Systems Consortium.
      Jul 25 02:22:35 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
      Jul 25 02:22:35 dhcpd: All rights reserved.
      Jul 25 02:22:35 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
      Jul 25 02:22:35 dhcpd: Wrote 0 leases to leases file.
      Jul 25 02:22:35 dhcpd: Listening on BPF/em0/00:50:56:ff:ff:ea/10.10.115.64/26
      Jul 25 02:22:35 dhcpd: Sending on BPF/em0/00:50:56:ff:ff:ea/10.10.115.64/26
      Jul 25 02:22:35 dhcpd: Sending on Socket/fallback/fallback-net
      Jul 25 02:22:35 dhcpd: failover peer dhcp_lan: I move from recover to startup
      Jul 25 02:22:48 dhcpd: failover: listener: no matching state
      Jul 25 02:22:50 dhcpd: failover peer dhcp_lan: I move from startup to recover
      Jul 25 02:22:53 dhcpd: failover: listener: no matching state</virtualip></virtualip>

      1 Reply Last reply Reply Quote 0
      • dotdash
        dotdash last edited by

        Did you wait 10 minutes before starting the slave or is the time off between the boxes? The time must match on the two boxes, although it usually logs something telling you as much.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post