Failover communication
Chuck Anderson
cra at WPI.EDU
Sun Mar 18 15:05:52 UTC 2012
On Sun, Mar 18, 2012 at 04:58:08PM +1100, Glenn Satchell wrote:
> On 03/18/12 12:44, Loren M. Lang wrote:
> > failover peer "peer" {
> > primary;
> > address 192.168.1.7;
> > port 7110;
> > peer address 192.168.1.5;
> > peer port 7111;
>
>> failover peer "peer" {
>> secondary;
>> address 192.168.1.5;
>> port 7111;
>> peer address 192.168.1.7;
>> peer port 7110;
>
>
> Verify you have the hostnames or IP addresses of this host and the peer
> correct, same for ports. If you use different port numbers make sure
> that on each host in dhcpd.conf it's address and port match the peer
> address and peer port on the primary.
You didn't say what version you are running, nor what operating system
you are running it on.
If you are using Linux, and a distribution that uses SELinux (such as
Red Hat Enterprise Linux, CentOS, Scientific Linux, or Fedora), it
might be better to stick with the standardized (well-known) TCP port
number for DHCP Failover, 647. You can use 647 for both the port and
peer port. If you use the standard port numbers, SELinux will handle
it automatically. Otherwise, you might be experiencing SELinux AVCs
(denials). You can check /var/log/audit/audit.log or
/var/log/messages for AVC messages to be sure:
#grep AVC /var/log/{audit/audit.log,messages} | grep dhcpd
If you really want to use different ports than 647, you can add the
correct port to the SELinux policy configuration so it is allowed:
#semanage port -a -t dhcpd_port_t -p tcp 7110-7111
These appear to be the ports allowed by default on EL6:
#semanage port -l|grep dhcpd
dhcpd_port_t tcp 547, 548, 647, 847, 7911
dhcpd_port_t udp 67, 547, 548, 647, 847
and on EL5:
#semanage port -l|grep dhcpd
dhcpd_port_t tcp 647, 847, 7911
dhcpd_port_t udp 67, 647, 847
So 647, 847, and 7911 will work by default for failover ports with
SELinux.
More information about the dhcp-users
mailing list