Discussion:
"rejected: incoming update is less critical than outgoing update"
Martin McCormick
2013-09-10 18:16:23 UTC
Permalink
We have a failover pair of dhcp servers which are about
as alike as they can be. Both are virtual machines running on
two SANS. The message quoted in the subject line of this posting
is said to be normal but why are there many, many more of these
messages on the secondary server than we see on the primary DHCP
server?

I ran the following test on first the primary and then
the secondary and counted the number of update rejection
messages from Midnight to about 12:50 the next day.

ssh primary cat /var/log/syslog \
|grep "rejected: incoming update is less critical than outgoing update" \
|wc -l

I immediately ran the same script on the secondary DHCP server
to count those messages and got:

server 1 795
server 2 316200

They both seem to be working and communicating with each
other. If one does an uptime command, both are about as busy.

primary 1:09PM up 18 days, 15:04, 2 users, load averages: 0.10, 0.09, 0.11
secondary 1:09PM up 18 days, 15:03, 2 users, load averages: 0.08, 0.07, 0.07

Both servers appear to be communicating. The secondary
is usually always slightly less busy than the primary and
neither one seems to be in distress.

Any ideas are appreciated.

Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
Cathy Almond
2013-09-12 07:18:43 UTC
Permalink
Post by Martin McCormick
We have a failover pair of dhcp servers which are about
as alike as they can be. Both are virtual machines running on
two SANS. The message quoted in the subject line of this posting
is said to be normal but why are there many, many more of these
messages on the secondary server than we see on the primary DHCP
server?
I ran the following test on first the primary and then
the secondary and counted the number of update rejection
messages from Midnight to about 12:50 the next day.
ssh primary cat /var/log/syslog \
|grep "rejected: incoming update is less critical than outgoing update" \
|wc -l
I immediately ran the same script on the secondary DHCP server
server 1 795
server 2 316200
They both seem to be working and communicating with each
other. If one does an uptime command, both are about as busy.
primary 1:09PM up 18 days, 15:04, 2 users, load averages: 0.10, 0.09, 0.11
secondary 1:09PM up 18 days, 15:03, 2 users, load averages: 0.08, 0.07, 0.07
Both servers appear to be communicating. The secondary
is usually always slightly less busy than the primary and
neither one seems to be in distress.
The explanation of what the message means is here:

https://kb.isc.org/article/AA-00362/ (you'll need to self-register to
view it as well as other documents), but what it says is:

"What's happening is the local server is sending a binding update, and
has received a binding update before receiving an ack on its own update
(so it is still pending).

In this situation, the server doesn't want to ack the peer's update
because then the peer will receive that ack after the local server's
update - so it has to reject or nak the binding update to clear it from
the peer's queue.

If dhcpd gets a rejected update, it always logs the reason, but these
particular error reports can be ignored.

If you're seeing this on every single binding update, then it's likely
that they're being caused by an odd or incorrect configuration. "

You'll most likely need to share your failover configuration with the
list for anyone to be able to suggest specifically why you're seeing
these messages so frequently.

Cathy

Loading...