DHCP handing out 2 IP addresses when PXE booting

  • Document ID:7002606
  • Creation Date:10-Feb-2009
  • Modified Date:31-Mar-2014
    • Micro Focus Products:
      Open Enterprise Server

Environment

Novell Open Enterprise Server 11 (OES 11)
Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server (Linux based)

Situation

The DHCP server hands out an IP address during the PXE boot process and then an additional IP address when the OS boots up.  This causes two leases per PXE boot machine. 
 
As the original lease is not returned to the pool for 3 days (the default lease time), the subnet runs out of available IP addresses with: 
ERROR:  dhcpd: DHCPDISCOVER from xx:xx:xx:xx:xx:xx  via ethx: network x.x.x/24: no free leases


Resolution

Depending on the version of OES being utilized, there may be plugins found under iManager that will allow the following solutions to be accomplished; however, the supported utility for all versions of DHCP is the DNS/DHCP Java Management Console.  Due to the age of this document, Solution 2 (below) has been outlined with steps from iManager.  However, the same steps can be accomplished under the Java Management Console.
 
Solution 1 (utilizing one pool):
Launch the DNS/DHCP Java Management Console
    1. Select the DHCP (OES Linux)tab from the top of the screen
    2. Select the Service object you wish to modify
    3. With the Service object selected, press the create object button (cube) at the top of the screen.
    4. Select Class from the menu and press OK
    5. Select the newly created class to modify it.
    6. Under the Conditional Expression section add the following string:

         match if substring(option vendor-class-identifier,0,3) = "PXE";
         default-lease-time 1200;
         max-lease-time 1200;

    7. Restart the dhcp service and test.  Please see the Additional Information below should the above-listed vendor-class-identifier not work for you.

      NOTE:  It is possible to add this class directly to the dhcpd.conf too; however, the Java Management Console will not be able to see or modify it if done this way.
 
Solution 2 (utilizing multiple pools): 
Open iManager and under the Roles and Tasks button (default screen)
  1. Select DHCP (OES Linux) from the left-hand menu
  2. Select Class from the sub-menu > Create a Class> OK
  3. Assign the class a name, such as "PXE", and select the service it is to be associated with.
  4. Select Class again > View/Modify Class> OK> select the appropriate service and class
  5. Write the following in the "conditional expression" field:
    • match if option dhcp-client-identifier = null
  6. Create a subnet if not already done.
  7. Create two DHCP Pools (i.e.  PXE-POOL, MAIN-POOL) under the subnet
    • This can be done by selecting Pool> Create Pool> Select a Service and a Subnet, then give a pool name and range.  Complete this for both pools.
  8. Select PXE-POOL and set the default-least-time to double the time it takes for the client to boot to the non PXE OS (The DHCP server renews the leases after half of the default-least-time).
    • This is done by selecting Pool>  View/Modify Pool> Select the pool > Select the Settings tab > Click the Add Link > Select default-lease-time > set the value > Click OK
  9. Select MAIN-POOL and add the class "PXE' in the denied classes section of the pool
    • This is done by selecting PoolView/Modify Pool> select the appropriate Service, Subnet, and MAIN-POOL, then select the PXE class and add it to the Denied DHCP Class(es) field.
 
 
Note:  After saving the changes made in the steps listed above, make sure you restart the DHCP server service so that the changes will take place. The console command to restart the DHCP server is rcnovell-dhcpd restart.  If DHCP is clustered, either migrate the service, or offline and online the service.
 
With the above configuration, the 'MAIN-POOL' will not lease any IP addresses, during PXE boot, because of the 'dhcp-client-identifier = null' class that was setup.  This means that 'MAIN-POOL' remains available to server the normal client dhcp requests.  On the other hand, the 'PXE-POOL' will lease IP Addresses during the PXE boot and the lease will expire soon after the client boots up.  The IP addresses will be returned to the pool more quickly.  Therefore, since the IP Addresses are returned quickly to the 'PXE-POOL', it can be configured with a smaller amount or smaller range of addresses.
  
If an error similar to the following is encountered when trying to configure the above scenario, it is possible you are denying leases from the subnet the DHCPDISCOVER was received from:
ERROR: dhcpd: DHCPDISCOVER from xx:xx:xx:xx:xx:xx  via eth1: network x.x.x/24: no free leases
For example, if SubnetA is configured with a pool that allows PXE clients to obtain an address, and SubnetB is configured with a pool that denies PXE clients from obtaining an address, and a DHCPDISCOVER from a PXE client comes from SubnetB, you will encounter the above error.  If the PXE client were to come from SubnetA, then it would obtain an address.  In this instance, we have two subnets with one pool each.  Each pool has a rule designed to allow or deny PXE clients from obtaining an address.  PXE clients coming in from SubnetB have only one pool with one rule denying a lease.  The allowed pool with available leases is in a totally different subnet.
 
Combining separate subnets into a shared network will cause the dhcp server to see both subnets as one single subnet.  When combined there are now two pools with one rule each allowing or denying leases.

Additional Information

The PXE boot is not sending a client identifier and the OS boot is -- that makes the two requests appear unique.
 
In solution 2 listed above,  PXE clients didn't send a client identifier, so we keyed off of null.  If your PXE client does send a client identifier, a new value to "key off of" must be found.  This can be done by reviewing the PXE DHCP requests in a LAN trace, or can be determined from the dhcpd.leases file by setting the following in the dhcpd.conf and restarting the service:
set vendor-string = option vendor-class-identifier;
For example, the following have been known to work:
  • match if option vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001"
  • match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"
  • match if substring(option vendor-class-identifier,0,3) = "PXE"
Depending on the match statement used, the logic (to allow or deny the class under each pool) may need to be adjusted.