DHCP Redundancy

Simon Hobson dhcp1 at thehobsons.co.uk
Tue Nov 30 10:21:53 UTC 2010 

Matt Jenkins wrote:
>So is it possible to maintain a central or distributed leases file 
>for multiple (unknown quantity) of servers?
>
>I ask because I am working on a design to change over all of my 
>wireless clients to dhcp. With the wide spread nature of the 
>network, ALL services are distributed so that any single point can 
>fail and everything else stays active. This assumes that the point 
>of failure will never recover. The system MUST be able to handle 
>this automatically. I definitely do not have 2x the address space as 
>others suggested. I kind of assumed that the dhcp servers maintained 
>synchronised information regarding leases.
>
>I estimate the need for 17 dhcp servers (right now) distributed 
>across the system handling multiple /18's (in total) of address 
>space. Can this be handled?

Failover is only supported between two servers, but you can have 
different pairings for different subnets. Eg, you can have A&B for 
one subnet, A&C for another, A&D for another, C&E for another - 
whatever you want.
I think you can do this by pools, but that sounds like a recipe for 
confusion myself !

In your situation, a hub and spoke arrangement might make sense (it 
depends to a certain extent on your network topology). Have one 
central DHCP server that serves all networks, and a partner for each 
network.

Obviously the central server will need to be big enough to handle all 
the traffic, but each satellite system can be much smaller.

There was an interesting idea put up a while ago (that was in the 
context of an ISP setup). In that suggestion, the remotes could keep 
their lease database in a ram disk - good for performance on a low 
spec machine. Should the remote site have a power failure, then on 
startup, the DHCP server can load it's lease database from the 
central server. Obviously, since the central machine is the only one 
with non-volatile storage, then it will need to be reasonably 
reliable (not too hard with server grade hardware).


As already said, if you wish to do so, then you can script your own 
checks to detect a partner failure, and automatically put the 
remaining server into partner down state. What checks you do is up to 
you - it's your network and only you will have the knowledge to 
differentiate between failure modes and determine if "can't talk to 
remote server" really means that it is either down or at least unable 
to communicate with clients.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

More information about the dhcp-users mailing list