Failover communication

Chuck Anderson cra at WPI.EDU
Sun Mar 18 15:05:52 UTC 2012

On Sun, Mar 18, 2012 at 04:58:08PM +1100, Glenn Satchell wrote:
> On 03/18/12 12:44, Loren M. Lang wrote:
> > failover peer "peer" {
> >          primary;
> >          address;
> >          port 7110;
> >          peer address;
> >          peer port 7111;
>> failover peer "peer" {
>>          secondary;
>>          address;
>>          port 7111;
>>          peer address;
>>          peer port 7110;
> Verify you have the hostnames or IP addresses of this host and the peer  
> correct, same for ports. If you use different port numbers make sure  
> that on each host in dhcpd.conf it's address and port match the peer  
> address and peer port on the primary.

You didn't say what version you are running, nor what operating system
you are running it on.

If you are using Linux, and a distribution that uses SELinux (such as
Red Hat Enterprise Linux, CentOS, Scientific Linux, or Fedora), it
might be better to stick with the standardized (well-known) TCP port
number for DHCP Failover, 647.  You can use 647 for both the port and
peer port.  If you use the standard port numbers, SELinux will handle
it automatically.  Otherwise, you might be experiencing SELinux AVCs
(denials).  You can check /var/log/audit/audit.log or
/var/log/messages for AVC messages to be sure:

#grep AVC /var/log/{audit/audit.log,messages} | grep dhcpd

If you really want to use different ports than 647, you can add the
correct port to the SELinux policy configuration so it is allowed:

#semanage port -a -t dhcpd_port_t -p tcp 7110-7111

These appear to be the ports allowed by default on EL6:

#semanage port -l|grep dhcpd
dhcpd_port_t                   tcp      547, 548, 647, 847, 7911
dhcpd_port_t                   udp      67, 547, 548, 647, 847

and on EL5:

#semanage port -l|grep dhcpd
dhcpd_port_t                   tcp      647, 847, 7911
dhcpd_port_t                   udp      67, 647, 847

So 647, 847, and 7911 will work by default for failover ports with

More information about the dhcp-users mailing list