Setting up DHCP Failover

Gregory Sloop gregs at sloop.net
Tue Oct 28 14:46:17 UTC 2014




Hello,

For the life of me, I am unable to figure out why my 2 dhcp servers will not talk to each other.  I have done multiple searches and poured through as much as the list archives as I could to see if anyone else has run into this.  Either I am poor at searching or I'm just unlucky in trying to find anything.

None of this is production yet, I have set up an internal test to see how exactly dhcp failover will work and will it work with a physical server onsite and a virtual server as its backup.  I have checked IP routing and firewalls and have seen nothing to stop them.  Both machines are running Centos 6.5.

Everything starts up, everything seems to be going OK, and my servers will just set at

Oct 28 10:09:55  dhcpd: failover peer dhcp: I move from recover to startup
Oct 28 10:10:10  dhcpd: failover peer dhcp: I move from startup to recover

And nothing more.  I have let this sit for a couple of days as well to see if the states will change, however, that has done nothing either.  I have for the life me cannot figure out why this is.  I know the boxes can reach other, I can ssh into either from either box, I can reach either server through omshell just fine as well.  Which through omshell forcing the state change seems to do nothing for me as well.

Here is how my Primary and Secondary are set up.  If I have missed anything, please let me know.  Thanks in advance for advice and guidance.

**** Primary Server ****

dhcpd.conf

authoritative;
default-lease-time 3600;
max-lease-time 3600;

# OMAPI Setup

omapi-port 7911;
omapi-key omapi_key;

key omapi_key {
        algorithm hmac-md5;
        secret hey a key;
        }

# Failover Configuration

failover peer "dhcp" {
        primary;
        address dhcp.example.net;
        port 647;
        peer address dhcp2.example.net;
        port 647;
        max-response-delay 60;
        max-unacked-updates 10;
        mclt 3600;
        split 128;
        load balance max seconds 3;
}

# Stub to make DHCP to start

subnet xxx.xxx.xxx.xxx netmask 255.255.255.0 {}

# DHCP Declarations

subnet  172.16.101.0 netmask 255.255.255.0 {
        option routers 172.16.101.1;
        option subnet-mask 255.255.255.0;
        pool {
                failover peer "dhcp";
                range 172.16.101.2 172.16.101.254;
                deny dynamic bootp clients;
        }
}

/etc/shorewall/rules

#DHCP Failover
ACCEPT          net             fw              tcp     647
ACCEPT          net             fw              tcp     67,68,69
ACCEPT          net             fw              udp     67,68,69

/var/log/messages

Oct 28 10:09:55  dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Oct 28 10:09:55  dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Oct 28 10:09:55  dhcpd: All rights reserved.
Oct 28 10:09:55  dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Oct 28 10:09:55  dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Oct 28 10:09:55  dhcpd: Wrote 0 leases to leases file.
Oct 28 10:09:55  dhcpd: Listening on LPF/eth0/00:25:90:6c:cf:90/137.118.48.0/24
Oct 28 10:09:55  dhcpd: Sending on   LPF/eth0/00:25:90:6c:cf:90/137.118.48.0/24
Oct 28 10:09:55  dhcpd: Sending on   Socket/fallback/fallback-net
Oct 28 10:09:55  dhcpd: failover peer dhcp: I move from recover to startup
Oct 28 10:10:10  dhcpd: failover peer dhcp: I move from startup to recover

/var/lib/dhcpd/dhcpd.leases

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1


failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
}
server-duid "\000\001\000\001\033\334\030\262\000%\220l\317\220";


failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
}

failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
}

**** Secondary Server ****

dhcpd.conf

authoritative;
default-lease-time 3600;
max-lease-time 3600;

# OMAPI Setup

omapi-port 7911;
omapi-key omapi_key;

key omapi_key {
        algorithm hmac-md5;
        secret hey a key;
        }

# Failover Configuration

failover peer "dhcp" {
        secondary;
        address dhcp2.example.net;
        port 647;
        peer address dhcp.example.net;
        port 647;
        max-response-delay 60;
        max-unacked-updates 10;
        mclt 3600;
        load balance max seconds 3;
}

# DHCP Declarations

#stub to make DHCP start
subnet xxx.xxx.xxx.xxx netmask 255.255.255.0 {}

subnet 172.16.101.0 netmask 255.255.255.0 {
        option routers 172.16.101.1;
        option subnet-mask 255.255.255.0;
        pool {
                failover peer "dhcp";
                range 172.16.101.2 172.16.101.254;
                deny dynamic bootp clients;
        }
}

/etc/shorewall/rules

#DHCP Failover
ACCEPT          net             fw              tcp     647
ACCEPT          net             fw              tcp     67,68,69
ACCEPT          net             fw              udp     67,68,69

/var/log/messages

Oct 28 10:09:57 dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Oct 28 10:09:57 dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Oct 28 10:09:57 dhcpd: All rights reserved.
Oct 28 10:09:57 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Oct 28 10:09:57 dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Oct 28 10:09:57 dhcpd: Wrote 0 leases to leases file.
Oct 28 10:09:57 dhcpd: Listening on LPF/eth0/00:50:56:02:08:00/137.118.42.0/24
Oct 28 10:09:57 dhcpd: Sending on   LPF/eth0/00:50:56:02:08:00/137.118.42.0/24
Oct 28 10:09:57 dhcpd: Sending on   Socket/fallback/fallback-net
Oct 28 10:09:57 dhcpd: failover peer dhcp: I move from recover to startup
Oct 28 10:10:12 dhcpd: failover peer dhcp: I move from startup to recover

/var/lib/dhcpd/dhcpd.leases

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1


failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
  mclt 3600;
}
server-duid "\000\001\000\001\033\334\030\262\000PV\002\010\000";


failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
  mclt 3600;
}

failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
  mclt 3600;
}

-- 
Jonathan Labbé


You need a "port" which is the port this DHCP server uses to listen for peer updates, AND [missing] a 
"peer port" which is what the other peer will use to listen.

See: https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Failover.html 

My guess is, they won't talk because you haven't configured the port/peer port directives properly.
[At least that's what jumps out at me.]

HTH

-Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20141028/e4771640/attachment-0001.html>


More information about the dhcp-users mailing list