Setting up DHCP Failover

Jonathan Labbé jlabbe at neonova.net
Tue Oct 28 14:50:05 UTC 2014


Holy smokes.  The second you say that, and I look at my config I see I
missed declaring peer port... wow, I have looked at this for almost a week
and for the life of me could not figure it out.  Consider hand slapped to
forehead, and that's what fixed it.

Thanks!

On Tue, Oct 28, 2014 at 10:46 AM, Gregory Sloop <gregs at sloop.net> wrote:

>
>
>
>
>  Hello,
>
> For the life of me, I am unable to figure out why my 2 dhcp servers will
> not talk to each other.  I have done multiple searches and poured through
> as much as the list archives as I could to see if anyone else has run into
> this.  Either I am poor at searching or I'm just unlucky in trying to find
> anything.
>
> None of this is production yet, I have set up an internal test to see how
> exactly dhcp failover will work and will it work with a physical server
> onsite and a virtual server as its backup.  I have checked IP routing and
> firewalls and have seen nothing to stop them.  Both machines are running
> Centos 6.5.
>
> Everything starts up, everything seems to be going OK, and my servers will
> just set at
>
> Oct 28 10:09:55  dhcpd: failover peer dhcp: I move from recover to startup
> Oct 28 10:10:10  dhcpd: failover peer dhcp: I move from startup to recover
>
> And nothing more.  I have let this sit for a couple of days as well to see
> if the states will change, however, that has done nothing either.  I have
> for the life me cannot figure out why this is.  I know the boxes can reach
> other, I can ssh into either from either box, I can reach either server
> through omshell just fine as well.  Which through omshell forcing the state
> change seems to do nothing for me as well.
>
> Here is how my Primary and Secondary are set up.  If I have missed
> anything, please let me know.  Thanks in advance for advice and guidance.
>
>
>
>
>
> ***** Primary Server **** dhcpd.conf *authoritative;
> default-lease-time 3600;
> max-lease-time 3600;
>
> # OMAPI Setup
>
> omapi-port 7911;
> omapi-key omapi_key;
>
> key omapi_key {
>        algorithm hmac-md5;
>        secret hey a key;
>        }
>
> # Failover Configuration
>
> failover peer "dhcp" {
>        primary;
>        address dhcp.example.net;
>        port 647;
>        peer address dhcp2.example.net;
>        port 647;
>        max-response-delay 60;
>        max-unacked-updates 10;
>        mclt 3600;
>        split 128;
>        load balance max seconds 3;
> }
>
> # Stub to make DHCP to start
>
> subnet xxx.xxx.xxx.xxx netmask 255.255.255.0 {}
>
> # DHCP Declarations
>
> subnet  172.16.101.0 netmask 255.255.255.0 {
>        option routers 172.16.101.1;
>        option subnet-mask 255.255.255.0;
>        pool {
>                failover peer "dhcp";
>                range 172.16.101.2 172.16.101.254;
>                deny dynamic bootp clients;
>        }
> }
>
>
>
> */etc/shorewall/rules *#DHCP Failover
> ACCEPT          net             fw              tcp     647
> ACCEPT          net             fw              tcp     67,68,69
> ACCEPT          net             fw              udp     67,68,69
>
>
>
> */var/log/messages *Oct 28 10:09:55  dhcpd: Internet Systems Consortium
> DHCP Server 4.1.1-P1
> Oct 28 10:09:55  dhcpd: Copyright 2004-2010 Internet Systems Consortium.
> Oct 28 10:09:55  dhcpd: All rights reserved.
> Oct 28 10:09:55  dhcpd: For info, please visit
> https://www.isc.org/software/dhcp/
> Oct 28 10:09:55  dhcpd: Not searching LDAP since ldap-server, ldap-port
> and ldap-base-dn were not specified in the config file
> Oct 28 10:09:55  dhcpd: Wrote 0 leases to leases file.
> Oct 28 10:09:55  dhcpd: Listening on LPF/eth0/00:25:90:6c:cf:90/
> 137.118.48.0/24
> Oct 28 10:09:55  dhcpd: Sending on   LPF/eth0/00:25:90:6c:cf:90/
> 137.118.48.0/24
> Oct 28 10:09:55  dhcpd: Sending on   Socket/fallback/fallback-net
> Oct 28 10:09:55  dhcpd: failover peer dhcp: I move from recover to startup
> Oct 28 10:10:10  dhcpd: failover peer dhcp: I move from startup to recover
>
>
>
> */var/lib/dhcpd/dhcpd.leases *# The format of this file is documented in
> the dhcpd.leases(5) manual page.
> # This lease file was written by isc-dhcp-4.1.1-P1
>
>
> failover peer "dhcp" state {
>  my state recover at 4 2014/10/23 19:51:14;
>  partner state unknown-state at 4 2014/10/23 19:51:14;
> }
> server-duid "\000\001\000\001\033\334\030\262\000%\220l\317\220";
>
>
> failover peer "dhcp" state {
>  my state recover at 4 2014/10/23 19:51:14;
>  partner state unknown-state at 4 2014/10/23 19:51:14;
> }
>
> failover peer "dhcp" state {
>  my state recover at 4 2014/10/23 19:51:14;
>  partner state unknown-state at 4 2014/10/23 19:51:14;
> }
>
>
>
>
>
> ***** Secondary Server **** dhcpd.conf *authoritative;
> default-lease-time 3600;
> max-lease-time 3600;
>
> # OMAPI Setup
>
> omapi-port 7911;
> omapi-key omapi_key;
>
> key omapi_key {
>        algorithm hmac-md5;
>        secret hey a key;
>        }
>
> # Failover Configuration
>
> failover peer "dhcp" {
>        secondary;
>        address dhcp2.example.net;
>        port 647;
>        peer address dhcp.example.net;
>        port 647;
>        max-response-delay 60;
>        max-unacked-updates 10;
>        mclt 3600;
>        load balance max seconds 3;
> }
>
> # DHCP Declarations
>
> #stub to make DHCP start
> subnet xxx.xxx.xxx.xxx netmask 255.255.255.0 {}
>
> subnet 172.16.101.0 netmask 255.255.255.0 {
>        option routers 172.16.101.1;
>        option subnet-mask 255.255.255.0;
>        pool {
>                failover peer "dhcp";
>                range 172.16.101.2 172.16.101.254;
>                deny dynamic bootp clients;
>        }
> }
>
>
>
> */etc/shorewall/rules *#DHCP Failover
> ACCEPT          net             fw              tcp     647
> ACCEPT          net             fw              tcp     67,68,69
> ACCEPT          net             fw              udp     67,68,69
>
>
>
> */var/log/messages *Oct 28 10:09:57 dhcpd: Internet Systems Consortium
> DHCP Server 4.1.1-P1
> Oct 28 10:09:57 dhcpd: Copyright 2004-2010 Internet Systems Consortium.
> Oct 28 10:09:57 dhcpd: All rights reserved.
> Oct 28 10:09:57 dhcpd: For info, please visit
> https://www.isc.org/software/dhcp/
> Oct 28 10:09:57 dhcpd: Not searching LDAP since ldap-server, ldap-port and
> ldap-base-dn were not specified in the config file
> Oct 28 10:09:57 dhcpd: Wrote 0 leases to leases file.
> Oct 28 10:09:57 dhcpd: Listening on LPF/eth0/00:50:56:02:08:00/
> 137.118.42.0/24
> Oct 28 10:09:57 dhcpd: Sending on   LPF/eth0/00:50:56:02:08:00/
> 137.118.42.0/24
> Oct 28 10:09:57 dhcpd: Sending on   Socket/fallback/fallback-net
> Oct 28 10:09:57 dhcpd: failover peer dhcp: I move from recover to startup
> Oct 28 10:10:12 dhcpd: failover peer dhcp: I move from startup to recover
>
>
>
> */var/lib/dhcpd/dhcpd.leases *# The format of this file is documented in
> the dhcpd.leases(5) manual page.
> # This lease file was written by isc-dhcp-4.1.1-P1
>
>
> failover peer "dhcp" state {
>  my state recover at 4 2014/10/23 19:51:14;
>  partner state unknown-state at 4 2014/10/23 19:51:14;
>  mclt 3600;
> }
> server-duid "\000\001\000\001\033\334\030\262\000PV\002\010\000";
>
>
> failover peer "dhcp" state {
>  my state recover at 4 2014/10/23 19:51:14;
>  partner state unknown-state at 4 2014/10/23 19:51:14;
>  mclt 3600;
> }
>
> failover peer "dhcp" state {
>  my state recover at 4 2014/10/23 19:51:14;
>  partner state unknown-state at 4 2014/10/23 19:51:14;
>  mclt 3600;
> }
>
> --
> Jonathan Labbé
>
>   You need a "port" which is the port this DHCP server uses to listen for
> peer updates, AND [missing] a
> "peer port" which is what the other peer will use to listen.
>
> See:
> https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Failover.html
>
> My guess is, they won't talk because you haven't configured the port/peer
> port directives properly.
> [At least that's what jumps out at me.]
>
> HTH
>
> -Greg
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>



-- 
Jonathan Labbé
Systems Engineer
NeoNova Network Services
jlabbe at neonova.net
919-460-3330
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20141028/86a295d9/attachment.html>


More information about the dhcp-users mailing list