[Kea-users] Hosts refusing lease offers?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kea-users] Hosts refusing lease offers?

Klaus Steden

Hi there,

I've got a bit of a puzzler on my hands. We've racked some new gear and are preparing to provision it.

Scope definitions have been added to Kea, and are active.

Hosts are on the network, and are generating DHCP requests.

Kea is responding as expected and offering leases, but none of these machines (6 racks worth) are accepting the offers, leaving them stranded.

The hardware is Dell, so it's actually the iDRAC that's not leasing, but a different batch of similar hardware in other racks (installed two weeks ago) had no such issues.

We're reasonably confident that it's not something on the switches, but for the life of me I can't identify why these aren't accepting leases.

I've attached a sample of the debug output in the log (cranked up to 99) with only DNS info redacted.

Again, the most confusing thing here is that a comparable platform in the same data center in different racks had no issues, and the only change is additional DHCP scopes.

thanks,
Klaus

_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users

dhcp_debug_transcript.txt (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] Hosts refusing lease offers?

Joelson Vendramin
Hi Klaus,

I remember a similar tricky situation. Some clients complaining about leases offers.

Then I find a strange solution: configuring KEA to send "renew-timer" and "rebind-timer" optional parameters together with "valid-lifetime" (mandatory).

This way:
  "valid-lifetime": X,
  "renew-timer": 50% * X,
  "rebind-timer": 87,5% * X,

Hope this clue helps you someway.

Regards,
--
Joelson Vendramin


Em quinta-feira, 14 de fevereiro de 2019 22:36:38 BRST, Klaus Steden <[hidden email]> escreveu:



Hi there,

I've got a bit of a puzzler on my hands. We've racked some new gear and are preparing to provision it.

Scope definitions have been added to Kea, and are active.

Hosts are on the network, and are generating DHCP requests.

Kea is responding as expected and offering leases, but none of these machines (6 racks worth) are accepting the offers, leaving them stranded.

The hardware is Dell, so it's actually the iDRAC that's not leasing, but a different batch of similar hardware in other racks (installed two weeks ago) had no such issues.

We're reasonably confident that it's not something on the switches, but for the life of me I can't identify why these aren't accepting leases.

I've attached a sample of the debug output in the log (cranked up to 99) with only DNS info redacted.

Again, the most confusing thing here is that a comparable platform in the same data center in different racks had no issues, and the only change is additional DHCP scopes.

thanks,
Klaus
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users

_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] Hosts refusing lease offers?

Thomas Andersen

Hi,

 

Another suggestion:

Have you checked with wireshark what the request and offer is?

 

We have had the same issue when it came to unicast and broadcast offers.

If the host had broadcast flag set in discover, it would reject any offers sent as unicast.

Most clients do not differ on this, but PXE, UEFI, iDRAC and some specific windows 7 installations CAN filter them if there is the slightest mismatch.

 

Kea 0.9 and 1.0 had default unicast response even though client asked for broadcast. Was changed in 1.1 I think.

 

Br,

Thomas

 

From: Kea-users <[hidden email]> on behalf of Joelson Vendramin <[hidden email]>
Date: Friday, 15 February 2019 at 12.05
To: "KEA-Users ([hidden email])" <[hidden email]>, Klaus Steden <[hidden email]>
Subject: Re: [Kea-users] Hosts refusing lease offers?

 

Hi Klaus,

 

I remember a similar tricky situation. Some clients complaining about leases offers.

 

Then I find a strange solution: configuring KEA to send "renew-timer" and "rebind-timer" optional parameters together with "valid-lifetime" (mandatory).

 

This way:

  "valid-lifetime": X,
  "renew-timer": 50% * X,
  "rebind-timer": 87,5% * X,

Hope this clue helps you someway.

 

Regards,

--

Joelson Vendramin

 

 

Em quinta-feira, 14 de fevereiro de 2019 22:36:38 BRST, Klaus Steden <[hidden email]> escreveu:

 

 

 

Hi there,

 

I've got a bit of a puzzler on my hands. We've racked some new gear and are preparing to provision it.

 

Scope definitions have been added to Kea, and are active.

 

Hosts are on the network, and are generating DHCP requests.

 

Kea is responding as expected and offering leases, but none of these machines (6 racks worth) are accepting the offers, leaving them stranded.

 

The hardware is Dell, so it's actually the iDRAC that's not leasing, but a different batch of similar hardware in other racks (installed two weeks ago) had no such issues.

 

We're reasonably confident that it's not something on the switches, but for the life of me I can't identify why these aren't accepting leases.

 

I've attached a sample of the debug output in the log (cranked up to 99) with only DNS info redacted.

 

Again, the most confusing thing here is that a comparable platform in the same data center in different racks had no issues, and the only change is additional DHCP scopes.

 

thanks,

Klaus

_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users


_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] Hosts refusing lease offers?

Klaus Steden

Thanks for the suggestions, I checked both of those, and it looks like we're already using valid-lifetime, renew-timer, and rebind-timer attributes already (12H, 4H, and 6H, respectively), and based on the flags I'm seeing in the bootp section of packet capture traffic, both client and server are talking unicast to each other (the client is actually being relayed by a switch, so the server wouldn't see any broadcast traffic from the client anyway).

We're going to try a full power cycle next, as this hardware has been sitting in the data center for several weeks already trying to initialize, so maybe there's some weird state issue in play that we're not aware of.

Still looking.

cheers,
Klaus 

On Fri, Feb 15, 2019 at 4:24 AM Thomas Andersen <[hidden email]> wrote:

Hi,

 

Another suggestion:

Have you checked with wireshark what the request and offer is?

 

We have had the same issue when it came to unicast and broadcast offers.

If the host had broadcast flag set in discover, it would reject any offers sent as unicast.

Most clients do not differ on this, but PXE, UEFI, iDRAC and some specific windows 7 installations CAN filter them if there is the slightest mismatch.

 

Kea 0.9 and 1.0 had default unicast response even though client asked for broadcast. Was changed in 1.1 I think.

 

Br,

Thomas

 

From: Kea-users <[hidden email]> on behalf of Joelson Vendramin <[hidden email]>
Date: Friday, 15 February 2019 at 12.05
To: "KEA-Users ([hidden email])" <[hidden email]>, Klaus Steden <[hidden email]>
Subject: Re: [Kea-users] Hosts refusing lease offers?

 

Hi Klaus,

 

I remember a similar tricky situation. Some clients complaining about leases offers.

 

Then I find a strange solution: configuring KEA to send "renew-timer" and "rebind-timer" optional parameters together with "valid-lifetime" (mandatory).

 

This way:

  "valid-lifetime": X,
  "renew-timer": 50% * X,
  "rebind-timer": 87,5% * X,

Hope this clue helps you someway.

 

Regards,

--

Joelson Vendramin

 

 

Em quinta-feira, 14 de fevereiro de 2019 22:36:38 BRST, Klaus Steden <[hidden email]> escreveu:

 

 

 

Hi there,

 

I've got a bit of a puzzler on my hands. We've racked some new gear and are preparing to provision it.

 

Scope definitions have been added to Kea, and are active.

 

Hosts are on the network, and are generating DHCP requests.

 

Kea is responding as expected and offering leases, but none of these machines (6 racks worth) are accepting the offers, leaving them stranded.

 

The hardware is Dell, so it's actually the iDRAC that's not leasing, but a different batch of similar hardware in other racks (installed two weeks ago) had no such issues.

 

We're reasonably confident that it's not something on the switches, but for the life of me I can't identify why these aren't accepting leases.

 

I've attached a sample of the debug output in the log (cranked up to 99) with only DNS info redacted.

 

Again, the most confusing thing here is that a comparable platform in the same data center in different racks had no issues, and the only change is additional DHCP scopes.

 

thanks,

Klaus

_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users


_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] Hosts refusing lease offers?

Klaus Steden

... aaaaand it turns out our system integrator had the iDRAC interfaces set to tag traffic, whereas our switches are configured for untagged traffic. I'll throw myself out. :-)

thanks,
Klaus

On Fri, Feb 15, 2019 at 8:55 AM Klaus Steden <[hidden email]> wrote:

Thanks for the suggestions, I checked both of those, and it looks like we're already using valid-lifetime, renew-timer, and rebind-timer attributes already (12H, 4H, and 6H, respectively), and based on the flags I'm seeing in the bootp section of packet capture traffic, both client and server are talking unicast to each other (the client is actually being relayed by a switch, so the server wouldn't see any broadcast traffic from the client anyway).

We're going to try a full power cycle next, as this hardware has been sitting in the data center for several weeks already trying to initialize, so maybe there's some weird state issue in play that we're not aware of.

Still looking.

cheers,
Klaus 

On Fri, Feb 15, 2019 at 4:24 AM Thomas Andersen <[hidden email]> wrote:

Hi,

 

Another suggestion:

Have you checked with wireshark what the request and offer is?

 

We have had the same issue when it came to unicast and broadcast offers.

If the host had broadcast flag set in discover, it would reject any offers sent as unicast.

Most clients do not differ on this, but PXE, UEFI, iDRAC and some specific windows 7 installations CAN filter them if there is the slightest mismatch.

 

Kea 0.9 and 1.0 had default unicast response even though client asked for broadcast. Was changed in 1.1 I think.

 

Br,

Thomas

 

From: Kea-users <[hidden email]> on behalf of Joelson Vendramin <[hidden email]>
Date: Friday, 15 February 2019 at 12.05
To: "KEA-Users ([hidden email])" <[hidden email]>, Klaus Steden <[hidden email]>
Subject: Re: [Kea-users] Hosts refusing lease offers?

 

Hi Klaus,

 

I remember a similar tricky situation. Some clients complaining about leases offers.

 

Then I find a strange solution: configuring KEA to send "renew-timer" and "rebind-timer" optional parameters together with "valid-lifetime" (mandatory).

 

This way:

  "valid-lifetime": X,
  "renew-timer": 50% * X,
  "rebind-timer": 87,5% * X,

Hope this clue helps you someway.

 

Regards,

--

Joelson Vendramin

 

 

Em quinta-feira, 14 de fevereiro de 2019 22:36:38 BRST, Klaus Steden <[hidden email]> escreveu:

 

 

 

Hi there,

 

I've got a bit of a puzzler on my hands. We've racked some new gear and are preparing to provision it.

 

Scope definitions have been added to Kea, and are active.

 

Hosts are on the network, and are generating DHCP requests.

 

Kea is responding as expected and offering leases, but none of these machines (6 racks worth) are accepting the offers, leaving them stranded.

 

The hardware is Dell, so it's actually the iDRAC that's not leasing, but a different batch of similar hardware in other racks (installed two weeks ago) had no such issues.

 

We're reasonably confident that it's not something on the switches, but for the life of me I can't identify why these aren't accepting leases.

 

I've attached a sample of the debug output in the log (cranked up to 99) with only DNS info redacted.

 

Again, the most confusing thing here is that a comparable platform in the same data center in different racks had no issues, and the only change is additional DHCP scopes.

 

thanks,

Klaus

_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users


_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users