DHCP w/ FHRP and duplicate requests

[Phil Mayers]

All,

I haven't had the chance to try FR DHCP yet, but I ran into a problem 
with ISC yesterday and I thought I'd mention something worth considering.

If you have something like VRRP/HSRP for first-hop resilience, both 
routers will forward the DHCP packet, and you'll get two copies that 
differ only in giaddr, very close together in time.

For fixed IPs this isn't usually a problem, but if you're allocating a 
lease by DB lookup, I guess it would be possible for 2 DISCOVERs to get 
2 different OFFERs, particularly if you're threaded.

I'm wondering if the radius "duplicate packet detection" code could be 
re-used here?

It seems like rlm_cache would probably run "too late"?

Note that you do have to respond to both packets; if you don't, the one 
you do respond to might fail uRPF check because it might be routed by 
router A, but directed to router B, and will thus arrive at router B 
with an invalid source for the ingress interface.

ISC sort-of does the right thing here unless you've got ping-check 
enabled and it's an initial lease allocation *or* you've got delayed-ack 
enabled for fsync performance. In that case it drops the 2nd duplicate 
and you run into uRPF problems.

Anyway, just a thought.