Home » Debian, Featured, Headline, Linux, Recovery, Shell, Ubuntu

Linux ISC DHCP Server failover under Debian and Ubuntu

7 April 2009 8 Comments

Not really ... we have a failover server.

Not really ... we have a failover server.

We discussed in our early article “Linux ISC DHCP Server under Debian and Ubuntu” how to configure a plain standard ISC DHCP server. In today article we will discuss about ISC DHCP failover. In small networks haveing 1 single DHCP server is a common thing, but in a medium or large computer network 1 single DHCP server is a single point of failure. When the DHCP server goes offline your workstation, or any other network device, lose their network connectivity and this can transform in a big problem for your if the downtime cannot be handled as soon as possible.
ISC DHCP implements failover in their server from version 3.0

To start a working failover configuration we will assume the following:

1. we have a class C IP network 10.1.0.0/24 where we want to server DHCP requests
2. our DNS server 10.1.0.12
3. our gateway address is 10.1.0.1
4. first 16 IP addresses are reserved only for servers and our DHCP pool need to be from 10.1.0.16 to 10.1.0.254
5. our network 10.1.0.0/24 is on eth1
6. our primary DHCP server is 10.1.0.1
7. our failover server is 10.1.0.2

We will start from the last simple DHCP configuration

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
authoritative;
 
ddns-update-style none;
 
option domain-name "domain.com";
option broadcast-address 10.1.0.255;
 
default-lease-time 86400;
max-lease-time 86400;
 
log-facility local7;
 
subnet 10.1.0.0 netmask 255.255.255.0 {
  option domain-name-servers 10.1.0.12;
  range 10.1.0.16 10.1.0.254;       
  option routers 10.1.0.1;             
 
    host hostname {
      hardware ethernet 00:01:13:e1:d1:11;
      fixed-address 10.1.0.17;         
    }
 
    host print_server {
      hardware ethernet 00:01:23:e2:d1:22;
      fixed-address 10.1.0.18;         
    }                  
 
}

Is very important to configure ntpd on both machines to synchronize between them. To do that in Debian / Ubuntu just run on both machines:

[root@randombugs]# apt-get install openntpd
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed
openntpd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 45.6kB of archives.
After this operation, 193kB of additional disk space will be used.
Get: 1 http://ftp.xx.debian.org lenny/main openntpd 3.9p1-7 [45.6kB]
Fetched 45.6kB in 0s (116kB/s)
Selecting previously deselected package openntpd.
(Reading database … 30985 files and directories currently installed.)
Unpacking openntpd (from …/openntpd_3.9p1-7_amd64.deb) …
Processing triggers for man-db …
Setting up openntpd (3.9p1-7) …
Starting openntpd: ntpd.

Now deploy the following configuration on the primary DHCP server.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
authoritative;
 
ddns-update-style none;
 
option domain-name "domain.com";
option broadcast-address 10.1.0.255;
 
default-lease-time 86400;
max-lease-time 86400;
 
log-facility local7;
 
failover peer "dhcp-failover" {
  primary; 
  address 10.1.0.1;
  port 647;
  peer address 10.1.0.2;
  peer port 847;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 3600;
  split 128;
}
 
subnet 10.1.0.0 netmask 255.255.255.0 {
option domain-name-servers 10.1.0.12;
option routers 10.1.0.1;             
pool{
  failover peer "dhcp-failover";
  range 10.1.0.16 10.1.0.254;       
 
    host hostname {
      hardware ethernet 00:01:13:e1:d1:11;
      fixed-address 10.1.0.17;         
    }
 
    host print_server {
      hardware ethernet 00:01:23:e2:d1:22;
      fixed-address 10.1.0.18;         
    }                  
  }
}

First we will declare a failover peer “dhcp-failover” and a peer reference in each pool configuration. You need to do failover for each pool independently.

In “dhcp-failover” failover declarations we need to declare the following:

1. if the DHCP server is primary or secondary (primary, secondary),
2. address of the server and of the peer (address, peer adress),
3. communication ports between primary and secondary(port, peer port),
4. timeout until dhcp servers are switched (max-reponse-delay, max-unacked-updated)
5. maximum client lead time only on primary (mclt)
6. split between primary and secondary for purpose of load balancing (split)
7. load balance max seconds is switching the primary server if a server doesn’t respond on DHCP requests.

Configuring the secondary is most exactly as primary with 2 minor changes

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
authoritative;
 
ddns-update-style none;
 
option domain-name "domain.com";
option broadcast-address 10.1.0.255;
 
default-lease-time 86400;
max-lease-time 86400;
 
log-facility local7;
 
failover peer "dhcp-failover" {
  secondary; 
  address 10.1.0.2;
  port 847;
  peer address 10.1.0.1;
  peer port 647;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
}
 
subnet 10.1.0.0 netmask 255.255.255.0 {
option domain-name-servers 10.1.0.12;
option routers 10.1.0.1;             
pool{
  failover peer "dhcp-failover";
  range 10.1.0.16 10.1.0.254;       
 
    host hostname {
      hardware ethernet 00:01:13:e1:d1:11;
      fixed-address 10.1.0.17;         
    }
 
    host print_server {
      hardware ethernet 00:01:23:e2:d1:22;
      fixed-address 10.1.0.18;         
    }                  
  }
}

First we need declare this server as secondary.
Second we don’t need mclt and split options. This are only for primary.

Now,as root, just restart your servers.

[root@randombugs]# /etc/init.d/dhcp3-server restart

To test your have 2 possibilities:

1. Stop and Start the primary DHCP server.
2. Use omapi commands to change the state of the DHCP server.

Starting and stoping the primary/secondary server I think is not a problem for nobody. Using omapi is a little bit different. You need to add

1
2
3
4
5
6
key key_name {
algorithm hmac-md5;
secret "secret";
};
omapi-key key_name;
omapi-port 7911;

To your global section of your dhcpd.conf file. Now you need to generate the “secret”

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST key_name

This will create 2 files: public key and the private key. And you can take the “secret” from the *.key (is the string finish with ==) file and copy it in dhcpd.conf file (over the secret word).

After that restart you can connect to this port with omapishell and run the following commands to shutdown the current DHCP server.

[root@randombugs]# omshell
> server 10.1.0.1
> port 7911
> key rtlomapi “secret”
> connect
> new control
obj: control
> open
obj: control
state = 00:00:00:00
> set state=2
obj: control
state = 2
> update
obj: control
state = 2

Now your secondary server should take control.

Good Luck!


8 Comments »

  • Budiwijaya said:

    Hello,

    If I’m have more than one subnets. How can I accomplish together with failover?

    Thank you.

  • admin (author) said:

    zJust configure multiple subnets on DHCP and take care to have both servers on the same subnets. In rest should be the same.

    Regards

  • Muhammad Younas said:

    Hi,
    Is it recommended to load balance between the two servers since they are also working in failover.

  • pisti said:

    is a must that both dhcp servers to be in the same subnet?

    i’ve started dhcp failover, they sync lease everything its ok except they dont serve the gateway t the clients.

    any ideea?

  • go to my blog said:

    First of all I want to say awesome blog! I had a quick question
    which I’d like to ask if you do not mind. I was interested to know how you center yourself and clear your head prior to writing. I’ve had a tough
    time clearing my thoughts in getting my thoughts out.
    I truly do enjoy writing but it just seems like the first 10 to
    15 minutes are usually lost simply just trying to figure out how to begin.
    Any recommendations or tips? Thanks!

  • pablo said:

    hello!
    great guide.

    should I copy the host settings in both dhcpd.conf files? is there a way to use something like an include directive and use a single file with the host settings?

  • admin (author) said:

    yes in both … you can include with

    source /etc/hosts.conf; for example.

  • vivek said:

    I wanted to ask what if the dhcp versions were different on both servers can you still have failover working

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.