I'd like to consolidate the services from several old servers onto 2 CentOS7 VMs that are currently running dhcpd in a balanced/failover configuration. It will simplify things to add the IPs from the old servers as aliases, at least temporarily so everything will continue to connect without changes.
However, after adding the first one, I see in the logs that DHCPD is sending its DHCPACKs alternating between ens192 and ens192:0 every other time, but oddly it is always using the non-alias IP as the source every time according to tcpdump -n. Is this configuration likely to confuse anything?
Yes confusion will abound. There should only ever be one and only one DHCP server on any network. With two you will sooner of later have multiple DHCP client hosts with the same IP addresses.
On 04/22/2015 03:36 PM, Les Mikesell wrote:
I'd like to consolidate the services from several old servers onto 2 CentOS7 VMs that are currently running dhcpd in a balanced/failover configuration. It will simplify things to add the IPs from the old servers as aliases, at least temporarily so everything will continue to connect without changes.
However, after adding the first one, I see in the logs that DHCPD is sending its DHCPACKs alternating between ens192 and ens192:0 every other time, but oddly it is always using the non-alias IP as the source every time according to tcpdump -n. Is this configuration likely to confuse anything?
--
David P. Both, RHCE Millennium Technology Consulting LLC Raleigh, NC, USA 919-389-8678
dboth@millennium-technology.com
www.millennium-technology.com www.databook.bz - Home of the DataBook for Linux DataBook is a Registered Trademark of David Both
This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately.
On Wed, Apr 22, 2015 at 2:49 PM, David Both dboth@millennium-technology.com wrote:
Yes confusion will abound. There should only ever be one and only one DHCP server on any network. With two you will sooner of later have multiple DHCP client hosts with the same IP addresses.
No, it's not going to give out duplicate IPs. The dual servers are configured as primary/secondary and know about each other with some protocol to track what leases are already out. https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Fail... My question is just about multiple IPs as aliases on the server side. So far it looks like it is always sending with the same source IP even though it logs that it used the alias interface name. I'm just wondering if it would confuse clients if it gets an IP from one source and subsequent ACKs from another. But, I guess that has been happening for a long time already with the dual server setup.
On 2015-04-22 3:57 pm, Les Mikesell wrote:
On Wed, Apr 22, 2015 at 2:49 PM, David Both dboth@millennium-technology.com wrote:
Yes confusion will abound. There should only ever be one and only one DHCP server on any network. With two you will sooner of later have multiple DHCP client hosts with the same IP addresses.
No, it's not going to give out duplicate IPs. The dual servers are configured as primary/secondary and know about each other with some protocol to track what leases are already out. https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Fail... My question is just about multiple IPs as aliases on the server side. So far it looks like it is always sending with the same source IP even though it logs that it used the alias interface name. I'm just wondering if it would confuse clients if it gets an IP from one source and subsequent ACKs from another. But, I guess that has been happening for a long time already with the dual server setup.
This is normal behavior. When you have multiple IPs aliased on a system, they all answer for inbound, but the outbound traffic always shows the primary system IP as the source.
You might be able to finagle some sort of firewall SNAT rules to fake it, but I've never tried that, so I can't vouch for the viability of such a notion.
-
David Both -
Les Mikesell -
Mike Burger