Setting up DHCP Failover
Jonathan Labbé
jlabbe at neonova.net
Tue Oct 28 14:50:05 UTC 2014
Holy smokes. The second you say that, and I look at my config I see I
missed declaring peer port... wow, I have looked at this for almost a week
and for the life of me could not figure it out. Consider hand slapped to
forehead, and that's what fixed it.
Thanks!
On Tue, Oct 28, 2014 at 10:46 AM, Gregory Sloop <gregs at sloop.net> wrote:
>
>
>
>
> Hello,
>
> For the life of me, I am unable to figure out why my 2 dhcp servers will
> not talk to each other. I have done multiple searches and poured through
> as much as the list archives as I could to see if anyone else has run into
> this. Either I am poor at searching or I'm just unlucky in trying to find
> anything.
>
> None of this is production yet, I have set up an internal test to see how
> exactly dhcp failover will work and will it work with a physical server
> onsite and a virtual server as its backup. I have checked IP routing and
> firewalls and have seen nothing to stop them. Both machines are running
> Centos 6.5.
>
> Everything starts up, everything seems to be going OK, and my servers will
> just set at
>
> Oct 28 10:09:55 dhcpd: failover peer dhcp: I move from recover to startup
> Oct 28 10:10:10 dhcpd: failover peer dhcp: I move from startup to recover
>
> And nothing more. I have let this sit for a couple of days as well to see
> if the states will change, however, that has done nothing either. I have
> for the life me cannot figure out why this is. I know the boxes can reach
> other, I can ssh into either from either box, I can reach either server
> through omshell just fine as well. Which through omshell forcing the state
> change seems to do nothing for me as well.
>
> Here is how my Primary and Secondary are set up. If I have missed
> anything, please let me know. Thanks in advance for advice and guidance.
>
>
>
>
>
> ***** Primary Server **** dhcpd.conf *authoritative;
> default-lease-time 3600;
> max-lease-time 3600;
>
> # OMAPI Setup
>
> omapi-port 7911;
> omapi-key omapi_key;
>
> key omapi_key {
> algorithm hmac-md5;
> secret hey a key;
> }
>
> # Failover Configuration
>
> failover peer "dhcp" {
> primary;
> address dhcp.example.net;
> port 647;
> peer address dhcp2.example.net;
> port 647;
> max-response-delay 60;
> max-unacked-updates 10;
> mclt 3600;
> split 128;
> load balance max seconds 3;
> }
>
> # Stub to make DHCP to start
>
> subnet xxx.xxx.xxx.xxx netmask 255.255.255.0 {}
>
> # DHCP Declarations
>
> subnet 172.16.101.0 netmask 255.255.255.0 {
> option routers 172.16.101.1;
> option subnet-mask 255.255.255.0;
> pool {
> failover peer "dhcp";
> range 172.16.101.2 172.16.101.254;
> deny dynamic bootp clients;
> }
> }
>
>
>
> */etc/shorewall/rules *#DHCP Failover
> ACCEPT net fw tcp 647
> ACCEPT net fw tcp 67,68,69
> ACCEPT net fw udp 67,68,69
>
>
>
> */var/log/messages *Oct 28 10:09:55 dhcpd: Internet Systems Consortium
> DHCP Server 4.1.1-P1
> Oct 28 10:09:55 dhcpd: Copyright 2004-2010 Internet Systems Consortium.
> Oct 28 10:09:55 dhcpd: All rights reserved.
> Oct 28 10:09:55 dhcpd: For info, please visit
> https://www.isc.org/software/dhcp/
> Oct 28 10:09:55 dhcpd: Not searching LDAP since ldap-server, ldap-port
> and ldap-base-dn were not specified in the config file
> Oct 28 10:09:55 dhcpd: Wrote 0 leases to leases file.
> Oct 28 10:09:55 dhcpd: Listening on LPF/eth0/00:25:90:6c:cf:90/
> 137.118.48.0/24
> Oct 28 10:09:55 dhcpd: Sending on LPF/eth0/00:25:90:6c:cf:90/
> 137.118.48.0/24
> Oct 28 10:09:55 dhcpd: Sending on Socket/fallback/fallback-net
> Oct 28 10:09:55 dhcpd: failover peer dhcp: I move from recover to startup
> Oct 28 10:10:10 dhcpd: failover peer dhcp: I move from startup to recover
>
>
>
> */var/lib/dhcpd/dhcpd.leases *# The format of this file is documented in
> the dhcpd.leases(5) manual page.
> # This lease file was written by isc-dhcp-4.1.1-P1
>
>
> failover peer "dhcp" state {
> my state recover at 4 2014/10/23 19:51:14;
> partner state unknown-state at 4 2014/10/23 19:51:14;
> }
> server-duid "\000\001\000\001\033\334\030\262\000%\220l\317\220";
>
>
> failover peer "dhcp" state {
> my state recover at 4 2014/10/23 19:51:14;
> partner state unknown-state at 4 2014/10/23 19:51:14;
> }
>
> failover peer "dhcp" state {
> my state recover at 4 2014/10/23 19:51:14;
> partner state unknown-state at 4 2014/10/23 19:51:14;
> }
>
>
>
>
>
> ***** Secondary Server **** dhcpd.conf *authoritative;
> default-lease-time 3600;
> max-lease-time 3600;
>
> # OMAPI Setup
>
> omapi-port 7911;
> omapi-key omapi_key;
>
> key omapi_key {
> algorithm hmac-md5;
> secret hey a key;
> }
>
> # Failover Configuration
>
> failover peer "dhcp" {
> secondary;
> address dhcp2.example.net;
> port 647;
> peer address dhcp.example.net;
> port 647;
> max-response-delay 60;
> max-unacked-updates 10;
> mclt 3600;
> load balance max seconds 3;
> }
>
> # DHCP Declarations
>
> #stub to make DHCP start
> subnet xxx.xxx.xxx.xxx netmask 255.255.255.0 {}
>
> subnet 172.16.101.0 netmask 255.255.255.0 {
> option routers 172.16.101.1;
> option subnet-mask 255.255.255.0;
> pool {
> failover peer "dhcp";
> range 172.16.101.2 172.16.101.254;
> deny dynamic bootp clients;
> }
> }
>
>
>
> */etc/shorewall/rules *#DHCP Failover
> ACCEPT net fw tcp 647
> ACCEPT net fw tcp 67,68,69
> ACCEPT net fw udp 67,68,69
>
>
>
> */var/log/messages *Oct 28 10:09:57 dhcpd: Internet Systems Consortium
> DHCP Server 4.1.1-P1
> Oct 28 10:09:57 dhcpd: Copyright 2004-2010 Internet Systems Consortium.
> Oct 28 10:09:57 dhcpd: All rights reserved.
> Oct 28 10:09:57 dhcpd: For info, please visit
> https://www.isc.org/software/dhcp/
> Oct 28 10:09:57 dhcpd: Not searching LDAP since ldap-server, ldap-port and
> ldap-base-dn were not specified in the config file
> Oct 28 10:09:57 dhcpd: Wrote 0 leases to leases file.
> Oct 28 10:09:57 dhcpd: Listening on LPF/eth0/00:50:56:02:08:00/
> 137.118.42.0/24
> Oct 28 10:09:57 dhcpd: Sending on LPF/eth0/00:50:56:02:08:00/
> 137.118.42.0/24
> Oct 28 10:09:57 dhcpd: Sending on Socket/fallback/fallback-net
> Oct 28 10:09:57 dhcpd: failover peer dhcp: I move from recover to startup
> Oct 28 10:10:12 dhcpd: failover peer dhcp: I move from startup to recover
>
>
>
> */var/lib/dhcpd/dhcpd.leases *# The format of this file is documented in
> the dhcpd.leases(5) manual page.
> # This lease file was written by isc-dhcp-4.1.1-P1
>
>
> failover peer "dhcp" state {
> my state recover at 4 2014/10/23 19:51:14;
> partner state unknown-state at 4 2014/10/23 19:51:14;
> mclt 3600;
> }
> server-duid "\000\001\000\001\033\334\030\262\000PV\002\010\000";
>
>
> failover peer "dhcp" state {
> my state recover at 4 2014/10/23 19:51:14;
> partner state unknown-state at 4 2014/10/23 19:51:14;
> mclt 3600;
> }
>
> failover peer "dhcp" state {
> my state recover at 4 2014/10/23 19:51:14;
> partner state unknown-state at 4 2014/10/23 19:51:14;
> mclt 3600;
> }
>
> --
> Jonathan Labbé
>
> You need a "port" which is the port this DHCP server uses to listen for
> peer updates, AND [missing] a
> "peer port" which is what the other peer will use to listen.
>
> See:
> https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Failover.html
>
> My guess is, they won't talk because you haven't configured the port/peer
> port directives properly.
> [At least that's what jumps out at me.]
>
> HTH
>
> -Greg
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
Jonathan Labbé
Systems Engineer
NeoNova Network Services
jlabbe at neonova.net
919-460-3330
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20141028/86a295d9/attachment.html>
More information about the dhcp-users
mailing list