[pfSense] Question about DHCP failover
Hi, We're running 2.1BETA1 on a two-nodes failover pfSense cluster. Each node is in a separate physical location, and connected to a different switch. We've got around 15 interfaces, 8 of which have an active DHCP server served by pfSense We encounter synchronization problems between the two nodes but only for DHCP and, it seems, only for some of the 8 DHCP server enabled interfaces. Status/DHCP Leases always report normal / normal for dhcp0, but things like recover / unknown state or communication interrupted / recover done, or even recover / recover for all the other interfaces. I know for sure it used to work with normal / normal for all interfaces, but between pfSense upgrades and configuration changes, something made it break. Now I'm wondering something, because when looking at the generated dhcpd.conf file it's not very clear for me : On the master node, for each interface onto which we've enabled the DHCP server, we've added in the Failover peer IP input box the address the slave node has on the very same interface. Is this really needed for each interface, or is it sufficient to put it only once ? If we set it multiple times I believe the synchronization is done multiple times too, and doing a simple modification and applying changes takes ages. Also, if it's needed for all interfaces, should we specify each time the IP address matching the other node on the same interface, or should we use, for all interfaces, the IP address of the other node has on the pfsync interface ? Please could someone enlighten me wrt the best way to achieve such configuration ? Thanks in advance -- Jérôme Alet - jerome.a...@univ-nc.nc - Direction du Système d'Information Université de la Nouvelle-Calédonie - BPR4 - 98851 NOUMEA CEDEX Tél : +687 290081 Fax : +687 254829 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Question about DHCP failover
On 2/26/2013 3:23 PM, Jerome Alet wrote: On the master node, for each interface onto which we've enabled the DHCP server, we've added in the Failover peer IP input box the address the slave node has on the very same interface. Is this really needed for each interface, or is it sufficient to put it only once ? If we set it multiple times I believe the synchronization is done multiple times too, and doing a simple modification and applying changes takes ages. It is really needed for each interface. Also, if it's needed for all interfaces, should we specify each time the IP address matching the other node on the same interface, or should we use, for all interfaces, the IP address of the other node has on the pfsync interface ? You must use the IP for the other node in the subnet being served on that interface. So each interface will have a different IP address. There was an issue with the way the dhcp server config was being synced but a commit was made in the last week or so to fix it. Last I heard it was working better. Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Question about DHCP failover
On 2/26/2013 3:56 PM, Jerome Alet wrote: What I find very strange is that even when removing the failover IP address for one of the interfaces, the synchronization still takes place, that's why I wondered if defining it on each interface was really needed. That field doesn't control synchronization, the sync happens based on the XML-RPC settings for DHCP in System High Avail Sync That field only sets the dhcp failover peer, which, when you want to sync DHCP, is required. BTW our upgrades with full backup take a very very long time because the full backup script includes Squid's cache. Yesterday I've tried to modify it to add --exclude var/squid/cache on tar's command line and launch the full backup manually, but the cache is still included in the full backup. Any idea why ? Shouldn't the full backup script, if the squid package is installed, ignore squid's cache directories ? That full backup script has no knowledge of packages. It tries to tar up the whole system so it could be restored in full to the previous state. Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
