Setting Up DHCP Failover

If you need to make sure your DHCP server is always available, you can use the DHCP internal failover feature. This feature allows you to set up two (and no more than that) DHCP servers to use a shared address pool. Of these address pools, if both servers are operational, both can use about half of the available addresses. If one of the servers fails, the other server can take over immediately.

In a failover configuration, one server is primary, and the other is secondary. You also need to make sure both servers have the same configuration, with the exception for the failover code. This code is included in the dhcpd.conf configuration file. Listing 24-4 shows what this failover configuration would look like on the primary server.

Listing 24-4. Configuring DHCP for Failover failover peer "mydomain" { primary;

address 192.168.1.10; port 847;

peer address 192.168.1.20; peer port 647;

max-response-delay 120; mclt 1800; split 128;

load balance max seconds 3;

This example configuration file uses the following parameters:

primary: This indicates that this server is the primary server in the pair. Use secondary on the other server.

address: This specifies the address on which this server should listen for the peer server.

port: Since DHCP failover doesn't have a fixed port assignment, you need this option to specify to which port it should listen. Usually, port 847 is used on the primary server, and port 647 is used on the secondary.

peer address: This indicates on what address the peer can be contacted. peer port: This is the port on which the peer listens.

max-response-delay: This is the amount of seconds that the server waits before it assumes that the peer has failed.

mclt: This is the maximum client lead time. It is the length of time that can be assigned to a lease on either host if the partner is down. It is recommended that you leave this at 1800 seconds.

split: This value is defined on the primary server only and specifies where the DHCP address pool needs to be split between both servers. It is reasonable to put in the number that refers to half of the available IP addresses.

load balance max seconds: Leave this at the value of three seconds to make sure the workload is equally distributed between the servers.

The secondary server is configured slightly differently. Listing 24-5 shows an example of its configuration.

Listing 24-5. Sample Failover Configuration for the Secondary Server failover peer "mydomain" { secondary; 192.168.1.20; port 647;

peer address 192.168.1.10; peer port 847; max-response-delay 120; load balance max seconds 3;

Next, further in the dhcpd.conf file,you must use a pool statement in which the failover configuration is included. This works in more or less the same way as a configuration in which a subnet statement is used. Listing 24-6 shows how you can modify the example file from Listing 24-1 earlier in this chapter to use a pool statement.

Listing 24-6. Rewriting the DHCP Configuration File to Include a pool Statement option domain-name "example.org";

option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600; max-lease-time 7200;

log-facility local7;

subnet 10.5.5.0 netmask 255.255.255.224 { pool {

failover peer "mydomain"; deny dynamic bootp clients; range 10.5.5.26 10.5.5.30;

option domain-name-servers ns1.internal.example.org;

option domain-name "internal.example.org";

option routers 10.5.5.1;

option broadcast-address 10.5.5.31;

default-lease-time 600;

max-lease-time 7200;

As you can see, it isn't that hard to include a pool definition; it just adds a layer to the configuration file. Next, you add two new lines to refer to the high-availability settings. First, this is the setting failover peer mydomain. This refers to the definition of the failover settings earlier in the configuration file. Next, you must include the setting deny dynamic bootp clients. This is to disallow dynamic bootp clients to communicate to the DHCP servers that are configured for failover; this simply isn't supported. Now, open both DHCP servers, and your DHCP configuration is ready for automatic failover if one server fails.

Note Configuring DHCP for automatic failover is useful in an environment where no high-availability cluster is configured. If, however, your network has high-availability clustering configured (as described in Chapter 29 of this book), I recommend including DHCP failover in the high-availability environment. The biggest advantage of doing it that way is that you don't need to split the IP addresses that are handed out by the servers; simply one server runs the DHCP service. The other server takes over the DHCP service when the primary server fails.

+1 0

Post a comment