3

As the title implies, May look like a silly question, But what i'm trying to do, Is to have 2 DHCP servers in one network. One only leases IPs to Bootp clients (And if the client re-requests immediately after leases again) And one DHCP server, which is builtin with my PFsense router, that leases the non-bootp clients so they can access the internet and other network resources. I know by chance that PFsense uses ISC-DHCPd. Maybe they have a delay option?

All i need to do to make sure the bootp/PXE boot clients get the proper address, is slow down the DHCP server in the PFsense box. Question is how. Anyone ideas? Thanks in advance

EDIT:

The reason i have TWO DHCP servers, is because one is being configured and run by Clonezilla, Which configures the dhcp server to ONLY lease to bootp clients (and clients with bootp-registered macs that request a dhcp address). The PFsense DHCP server runs to provide addressing for a different Vlan, which doesn't allow contact with the image server's services.

The reason i'm not putting both configurations in one DHCP server is simply convenience. Clonezilla auto-tweaks the image client's leases automatically so that they boot up correctly with PXE.

Since clonezilla's DHCP doesn't provide IPs to the computers that haven't used bootp, i don't see why it should conflict with the PFsense DHCP server.

The PFsense box IS configured not to lease to bootp clients, However, once the bootp client has loaded a minimal image from the clonezilla server, it'll do a DHCP request instead of bootp, which gives it the wrong IP and therefore it can't access the appropriate network resources. The clonezilla server ONLY gives out IPs to clients that downloaded an image in the past ~2 minutes, so it should not conflict with the other DHCP server.

The easy solution for therefore, would be to delay the DHCP offers from the PFsense server.

Thank you all for the input, though. Suggestions welcome.

Ced
  • 31
  • 1
  • 3
  • 2
    slowing down DHCP hmmm. If your proposed solution to a problem involves re-writing or crippling a major standard then you need to re-think and re-define the problem, the solution or both. – Rob Moir Jan 28 '11 at 23:28
  • I think there was a configuration command to make a server wait a few seconds before leasing. Like in the case of a failover DHCP server, where you'd want the secondary dhcp server to wait a few seconds before leasing. Also, i assumed bootp was the way PXE clients get their IPs initially, right? like a seperate DHCP-like request just for PXE/lanboot clients. – Ced Jan 28 '11 at 23:34
  • I see your edit, but I am still not sure you are using the correct terminology here. BOOTP is an ancient protocol that predates DHCP. BOOTP is not used at all by Clonezilla. – Zoredache Jan 28 '11 at 23:59
  • It isn't? Huh. Weird, cause the funny thing is, the image clients boot up till they loaded the minimal image, and then suddenly complain about getting a wrong IP. .. oh well, i guess i'll have to just tweak both configs a lot then. – Ced Jan 29 '11 at 00:02
  • Oh, and for the record this request isn't entirely insane, Windows 2008r2, now has a per-scope delay feature. – Zoredache Jan 29 '11 at 00:07
  • I'm unfamiliar with the per-scope delay, but your wording implies you still have one server with one database from which to work so it can delay what scope to hand out at what time, or is it working from two independent DHCP servers @Zoredache? (I still stick to the traditional answer since you're saying that Win2008r2 is just implementing this, and I've not heard of it on standard implementations...but I'm not a DHCP/BootP expert) – Bart Silverstrim Jan 29 '11 at 03:08
  • If those hosts located on different vlans, how DHCP server can recieve requests from BOOTP clients? – gelraen Jan 29 '11 at 08:05
  • Kind of wondering that too... – Bart Silverstrim Jan 29 '11 at 14:03
  • You are speaking of different VLANs. So how is this a problem at all? – Hagen von Eitzen Jul 01 '15 at 05:05
  • I had the same problem once: Our main DHCP server was maintained by another team, by I needed a local boot server which served a pool of 5 IP addresses from a separate address range. Luckily, the main DHCP server was bridged over multiple network components and thus had slower response times. Today, I have a similar problem but also need to slow down the server. The answers for this question are not typical because they all say why it's not good and nobody cares about a real answer – Daniel Alder Jan 26 '16 at 16:16
  • I just wanted to add that this is not 'crazy' and this is a supported configuration for DHCP failover. One server is 'primary' and responds first, replicating it's scopes and leases to the second which has a nominal delay. If the primary goes down the secondary will naturally take over with no action as it will simply begin assigning addresses. – mhouston100 Mar 21 '17 at 06:54

7 Answers7

6

This is kind of an old post, but it still comes up in search results, so I'm going to add to it.

First: having two DHCP servers in a subnet is not going to cause problems no matter what, that's a very misleading statement. What will cause issues is two DHCP servers which are offering the same pool of addresses. You can have two servers offering different ranges of IP addresses (like 192.168.1.1-100 on one and .101-200 on a second) within the same subnet without causing any issues at all. In fact, if you want to have redundant DHCP in your network, this is a recommended/best practice way to do it.

Second, here's some instructions from Microsoft which may get someone a little closer if they happen to have a similar issue: http://technet.microsoft.com/en-us/library/ee405264(v=ws.10).aspx

Nick
  • 61
  • 1
  • 1
3

You wouldn't ordinarily have 2 DHCP servers on the same subnet. That's asking for big problems. You would have one DHCP server that handles both tasks.

Bart Silverstrim
  • 31,092
  • 9
  • 65
  • 87
  • The secondary DHCP server is configured to ONLY lease to clients that do bootp requests, and DHCP requests right after doing a bootp request. It's used for distributing images (using clonezilla) – Ced Jan 28 '11 at 23:32
  • You could simply configure first DHCP server to handle requests from bootp clients and say them to download images from second and leave there only tftp server. Another options: a) configure both servers as failover/load-balance b) drop requests from bootp clients with firewall – gelraen Jan 28 '11 at 23:46
  • You still will have issues, 2 DHCP servers on a subnet is like sodium and water, they don't work well with each other.. – Jacob Jan 28 '11 at 23:47
  • Why so? One DHCP is essentially a bootp-only server and the other is dhcp-only. They shouldn't conflict, except as they do right now, where the pfsense box is too fast. – Ced Jan 28 '11 at 23:54
  • 1
    Thing is I don't think you'd need it. From the Wiki article: The Dynamic Host Configuration Protocol (DHCP) is a more advanced protocol for the same purpose and has superseded the use of BOOTP. Most DHCP servers also function as BOOTP servers. – Bart Silverstrim Jan 29 '11 at 03:06
  • And for "failover", how would you do it without a centralized database? You can't have two independent DHCP servers or else server 2 will hand out IP's that server 1 handled, possibly duplicating IP's unless it interrogated existing systems. – Bart Silverstrim Jan 29 '11 at 03:06
  • isc-dhcpd supports 2 instances running as failover/load-balance servers. They communicate via TCP connection and exchanges information about clients. – gelraen Jan 29 '11 at 08:35
  • @gelraen: That still has a mechanism of synchronization (I hadn't known about it but that element is there.) The OP sounds like he has two independent services that he wants running separately, which I'm not so sure could be done without some problems. – Bart Silverstrim Jan 29 '11 at 14:02
1

Multiple DHCP servers are fine for failover. They are pretty common on enterprise networks. As long as they issue dynamic leases in different non-overlapping scopes, there is no problem.

povlhp
  • 21
  • 2
1

I've never done it, but you can have two DHCP servers that both make offers to a client. It is up to the client to pick one of the offers

I think the trick is that you need to add the "authoritative" command to the top of the DHCP configuration on the Clonezilla machine but not on the PFSense box. That way if Clonezilla offers the client a DHCP address the client will accept that one first, otherwise it will fail back to the PFSense offer. YMMV

The article makes mention of this issue near the bottom: http://www.corbacho.info/clonezilla/clonezilla.html

mfarver
  • 2,576
  • 13
  • 16
0

Regarding booting after downloading and launching the OS image:

can't access the appropriate network resources

Can't you make those resources available to your regular pfsense controlled network?

When you have more than one DHCP server on the same switch or network, they should be made to work together. Which might be a challenge between 2 different apps :-)

So in this case it might be easier to use the VLAN port management on your switch(es) ? I.e once an imaged machine is ready to face the pfsense environment, go into your switch settings, and change the VLAN for the machine's port.

DutchUncle
  • 1,265
  • 8
  • 16
0

When you are booting clonezilla, it's default configuration will only accept DHCP responses from the server that it booted from. Did you check to make sure that both your DHCP servers are configured with different names?

devicenull
  • 5,572
  • 1
  • 25
  • 31
-1

Why do you need 2 DHCP servers, why can you not use 1? Theres really no reason for 2 and they will cause issues no matter how many times you tweak it. I think you have a misconception about DHCP ,your issue, and solution...

Jacob
  • 9,114
  • 4
  • 44
  • 56
  • Running two servers is fine under certain circumstances. Only one of the servers should be actively issuing addresses for a given scope. The DHCP protocol allows a client to receive options from other servers. – Zoredache Jan 29 '11 at 00:21