How to sync a Linux secondary DHCP server?

Sandra Schlichting littlesandra88 at gmail.com
Tue Jul 31 09:16:10 UTC 2018 

> config - no, there's no official way
> leases and reservations are handled automagically by the failover protocol

Excellent!

> In both cases, they are configuring the failover protocol (the "failover-peer" definitions and statements in the relevant pools), but I agree do not say how it works.
> It's not as simple as this, but in effect, the two servers communicate with each other so that each has a list of leases given out by the other. When a new lease is issued by one server, it tells the other so that both leases files can be updated.

Ok, that is cool!

> If there's a failure, then once the remaining server is put into partner down mode (which is not automatic by default because there are failure modes where it could go wrong) then it will take over the entire set of pools.

At https://www.isc.org/wp-content/uploads/2017/08/dhcp43.html#DHCP%20FAILOVER
they mention

"
It is possible to get into a dangerous situation: if you put one
server into the PARTNER-DOWN state, and then *that* server goes down,
and the other server comes back up, the other server will not know
that the first server was in the PARTNER-DOWN state, and may issue
addresses previously issued by the other server to different clients,
resulting in IP address conflicts. Before putting a server into
PARTNER-DOWN state, therefore, make sure that the other server will
not restart automatically.
"

Are there other cases that an admin should be aware of?

> By default, both servers are active, so it's not really master & slave, and they will automatically rebalance things so that both have roughly half the free addresses in each pool.

Is it possible/likely that one server gets broken/corrupt in a way
that it doesn't trigger a fail over? This is the worst case I can
think of =)

> You should find better descriptions in the list archives.
>
> The two config files need to be identical apart from the failover-peer declaration. This can be in a separate file which is pulled in wioth an include statement in the main config file. That way, you can keep the two config files in sync by editing one and copying it to the other machine (either manually or automagically) or machine generate both copies of the config file by some configuration management system.

Super. I will then probably go with rsync or scp.

More information about the dhcp-users mailing list