[CentOS] DHCP server failover: advise is needed

Fri Nov 22 17:23:08 UTC 2019
Valeri Galtsev <galtsev at kicp.uchicago.edu>


On 2019-11-22 11:19, Jason Pyeron wrote:
>> -----Original Message-----
>> From: Valeri Galtsev
>> Sent: Friday, November 22, 2019 12:10 PM
>>
>> Dear Experts,
>>
>> I was running ISC DHCP server for longer than I would care to remember.
>> Now I decided to climb out of the cave and configure failover set
>> (primary-secondary), and I seem to hit brick wall, which I need help
>> with. I only need IP v4, no v6, which may simplify things.
>>
>> Could someone point to a description of working DHCP failover configuration?
>>
>> I do not want to make two independent DHCP servers handling half of the
>> pool each. We are not that rich as far as IP space is concerned.
>>
>> I am not married to ISC DHCP server, so any one I will do, because:
> 
> I searched for this last weekend, and added it to my to do list for holiday downtime coming up...
> 
> Quoting https://kb.isc.org/docs/aa-00502
>

Yes, this is one of the pieces of documentation I followed (adding what 
is missing here from other sources).

Thanks anyway!

Valeri

> A Basic Guide to Configuring DHCP Failover
> 
> Setting Up DHCP Failover: A Basic Overview
> 
> Many of the syntax options presented here are explained in more detail in the dhcpd.conf man page distributed with dhcp. It is recommended that you consult that document for specifics once you have grasped the basic steps involved.
> 
> 1. Select your servers.  Choose one to be primary, the other to be secondary.  Different versions of ISC dhcpd may implement failover differently.  To avoid problems, use the same version (or as close as possible) on both machines of a failover pair.
> 2. Ensure that clocks are closely synchronized.  DHCP is a time-sensitive protocol and clock skew can cause problems.
> 3. Identify the networks and address pools that will be served.
> 4. Identify other network elements that will have to be aware of both servers.  Configure DHCP relays to relay forwarded discovers and requests to both servers.  Ensure that firewalls and filters allow DHCP traffic, OMAPI control channel traffic, and failover protocol messages to reach your servers.
> 5. Add declaration blocks for the failover peers to the configuration files on the primary:
> ...
> 
> 
>>
>> <rant>
>> My current configuration is something that was gradually migrated and/or
>> adjusted through several generations of systems, and server versions
>> over the years. It works. When I tried to incorporate what I need for
>> failover following ISC documentation, and some people's guides, I
>> discovered, I need more sophisticated structure of sections and
>> subsections, which I figured out finally. But the annoying part was: in
>> ISC documentation I failed to find general stricture of which section
>> can appear inside which; like:
>>
>> a {
>>    b {
>>     c {
>>
>>     }
>>    }
>> }
>>
>> You can create each of sections/subsections following documentation, but
>> to put them together making consistent config file you (I at least) have
>> to figure on your own which section goes inside of which.
>> </rant>
>>
>> So, I am not married to ISC DHCP server, we didn't get along now as far
>> as my use of documentation is concerned. Anything that works - with
>> failover! I am going to have it set up on FreeBSD, but if something
>> works on Linux, I likely will be able to reproduce it on FreeBSD.
>>
>>
>> Thanks in advance for all your answers!
>>
>> Valeri
>> --
>> ++++++++++++++++++++++++++++++++++++++++
>> Valeri Galtsev
>> Sr System Administrator
>> Department of Astronomy and Astrophysics
>> Kavli Institute for Cosmological Physics
>> University of Chicago
>> Phone: 773-702-4247
>> ++++++++++++++++++++++++++++++++++++++++
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++