How do I set up DHCP failover?

There are lots of ways to design and run your dhcp server and environment.  Over the years, I’ve kinda’ fallen in-and-out of love with DHCP clustering;  I’ve just come to the conclusion that it is more trouble than it’s worth.  I stumbled on this “peering” or “fail-over” method of running dhcpd when I was preparing for a Novell Practicum (believe it or not) and have recommended doing it this way from then on.  So on with the show then;  here’s my dhcpd failover cheat sheet.

Note that although the following examples were all done on a Suse machine, they should work with some alterations on most Linux Distros, basically wherever the standard dhcpd package is installed and running.

The logic behind this is this:  You have two Linux servers.  Both have the dhcpd software installed.  You want to run dhcpd on both of them simultaneously, but you understand that without some special configuration modification, this will cause havoc on your network.

In order to accomplish that, you basically move the traditional dhcpd.conf to a secondary file dhcpd.conf.master, and “include” that file from a “new” dhcpd.conf that will include the failover instructions.  This is because the failover stuff must come first in sequence, and is unique to each of the two machines.  And the old, standard stuff is the same on both machines and can come second.

Also, the dhcpd.conf.master file must be copied into the chroot environment in order to work. You can do this manually, or on Suse, set the DHCPD_CONF_INCLUDE_FILES="/etc/dhcpd.conf.master" variable in /etc/sysconfig/dhcpd.  Don’t forget to run SuSEconfig when done making changes, to have the files copied over for you.

Of course, you could just cram all this stuff into one file, but with the separate files it is easier to maintain the static content (and copy it across as needed).  But I don’t like to do this.  I like to keep them separate for ease of copying, tracking, etc.

Anyway, here are examples of the conf files:

———————————————
Primary server dhcp.conf:
———————————————
failover peer "yourlinuxguy"
{
primary;
address 192.168.1.5;
port 847;
peer address 192.168.1.6;
peer port 647;
max-response-delay 180;
mclt 1800;
split 128;
load balance max seconds 3;
}
# Now include the master config file from both machines
# Don't forget to copy it into the chroot section!
include "/etc/dhcpd.conf.master";

———————————————

Secondary server dhcpd.conf:
———————————————
failover peer "yourlinuxguy"
{
secondary;
address 192.168.1.6;
port 647;
peer address 192.168.1.5;
peer port 847;
max-response-delay 180;
load balance max seconds 3;
}
# Now include the master config file from both machines
# Don't forget to copy it into the chroot section!
include "/etc/dhcpd.conf.master";

———————————————

The dhcpd.conf.master on both hosts:
———————————————
ddns-update-style none;
default-lease-time 86400;
max-lease-time 86400;
option domain-name "yourlinuxguy.com";
option domain-name-servers 192.168.1.3, 192.168.1.4;
option routers 192.168.1.1;
subnet 192.168.1.0 netmask 255.255.255.0
{
pool
{
failover peer "yourlinuxguy";
deny dynamic bootp clients;
range 192.168.1.50 192.168.1.100;
}
}

———————————————

And that’s it!  Now, you’ve got dhcp running on both servers, splitting hte work, sharing the running leases database, so that if one fails, the other takes over.  When the failed one comes back, they re-share all the changed information and pick up where they left off.  Big props to the man pages, and please see them for further explanation of any of the options in my examples above.  This is just a cheat sheet folks!

Brilliant!

🙂

5 Comments

  1. ABC

    hello,I have a bored issue for failover,when my DHCP servers run a few days,my client can’t get ip address,I look over the log on dhcp server,the log appears a note what the peer holds all free leases,I use the latest version of ISC-DHCP,I don’t know why does the phenomena happen.

  2. Jeremy Pavlov

    @ABC

    Remember that in this design, the servers *share* the range of addresses. Is it possible that you have actually consumed all the available addresses? Maybe try decreasing the lease time as well? Good luck…

  3. ganesh

    Hi, I have DHCP server running with mac address reserved. Lets say a host foo has to get IP 192.168.1.6 under reservation having mac address 00:11:22:33:44:55, dhclient eth0 works fine and get 192.168.1.6 IP. But, lets say another host was manually assigned 192.168.1.6 and see the host gets IP conflict. Please let me know how to avoid the manually assigning IP OR only this machine must be out of network and not the dhcp assigned client.

  4. Jeremy Pavlov

    @Ganesh –
    If I understand correctly, you want to be able to check which addresses are reserved before manually assigning an address to a system, correct?
    If so, you should be able to look into the config file on the DHCP server and see which are reserved. If it were me though, I’d try and use a different “range” of addresses in each subnet for those that are to be reserved and/or static. So perhaps the static addresses go from 192.168.1.2-20, the reservations are 31-50, and the DHCP range goes from 61-upward. This method leaves a little headroom around each range, just in case.
    -Jeremy

  5. ganesh

    Thanks, Jeremy. I have a NAT server and a Proxy server.IP addresses authenticated in NAT servers cannot go to only facebook.com, whereas IP addresses authenticated in Proxy server cannot go to facebook.com, youtube.com, hotmail.com, orkut.com etc. Hence user having only Proxy server access get to know the IP authenticated in NAT, disable dhcp and add that static IP, there by conflicting IP. For this reason I want to control the static IP, pls help me.
    -Ganesh

Leave a Comment

Your email address will not be published. Required fields are marked *