Multi-subnet/vlan and failover

Gregory Sloop gregs at sloop.net
Fri May 10 07:19:12 UTC 2013 

As a follow-up, because it may well impact the answer to my duplicate
DHCPOFFER issue, let me describe how the DHCP servers are connected in
relation to VLANS etc.

The DHCP Servers are on VLAN1, say 10.1.1.11/10.1.1.12 [master/peer]

The L3 switch is configured to forward dhcp sessions to 10.1.1.11 and
10.1.1.12

---
The duplicate messages are seen on DHCP negotiations from VLAN3 [and, I assume VLAN2]

But I have not tested VLAN1 or VLAN2 attached clients to see what
happens on those VLANs.

TIA for any assistance!

-Greg

GS> @Kyle
GS> Yes, that's it exactly. Thanks!

GS> ---
GS> I did find a post about putting it in a pool block after posting
GS> my query, just about the time you posted your response - but
GS> hadn't had a chance to test it - so that's great. It now works.

GS> BUT...
GS> When I run it, I see odd stuff [running dhcpd in -d -f
GS> debug/foreground mode]...

GS> ---
GS> I see a pair of DHCPDISCOVERs

GS> One from ETH0 and the other from the IP/DHCP helper on the L3 switch.
GS> i.e.
GS> DHCPDISCOVER from so:me:ma:ca:dd:rs on eth0
GS> DHCPDISCOVER from so:me:ma:ca:dd:rs on 10.1.2.1 
GS> [This second one is the layer 3 switch, which is forwarding the DHCP session to the DHCP server]

GS> Then dhcpd makes two offers - one on 10.1.1.X and one on 10.1.2.X
GS> Since the station isn't on the 10.1.1.X VLAN and *is* on the 10.1.2.X
GS> VLAN it "accepts" the 10.1.2.X address and it "works."

GS> But I'm sure it's not supposed to be this way.
GS> [And I'm pretty sure I'm doing something obvious and perhaps
GS> stupid, but I just don't know where to look or what to try.]

GS> How do I go about making it only see the forwarded DHCP session
GS> and not the one on eth0 [or some other option I'm simply not aware of...]

GS> ---

GS> -Greg


GS> Are you looking for something like this?

GS> subnet 172.21.27.0 netmask 255.255.255.0 {
GS>   option subnet-mask 255.255.255.0;
GS>   option broadcast-address 172.21.27.255;
GS>   option routers 172.21.27.1;
GS>   ddns-domainname "example.com.";
GS>   option domain-search "example.com";
GS>   pool {
GS>     failover peer "dhcp-failover";
GS>     range 172.21.27.5 172.21.27.254;
GS>   }
GS> }


GS> On Thu, May 9, 2013 at 8:08 PM, Gregory Sloop <gregs at sloop.net> wrote:
GS> So, I've done a fair bit of reading and searching - and this general
GS> template is what I thought would work, but it doesn't.

GS> Let me post the dhcp.conf file and then discuss what's wrong and ask
GS> for pointers.

GS> ---
GS> authoritative;
GS> #ddns-update-style interim;
GS> ignore client-updates;
GS> #option host-name = config-option server.ddns-hostname;

GS> #include "/etc/rndc.key";

GS> option domain-name              "somedom.local";
GS> option domain-name-servers      10.1.1.190,10.1.2.1,10.1.1.17;
GS> option time-offset              -18000; # Pacific Standard Time
GS> option ntp-servers              10.1.1.14
GS> one-lease-per-client off;

GS> #4 hour lease
GS> default-lease-time 14400;
GS> max-lease-time 14400;
GS> option ip-forwarding off;

GS> failover peer "dhcp-failover" {
GS>   primary; # declare this to be the primary server
GS>   # Address if THIS dhcp server, or what address to listen ON
GS>   address 10.1.1.1;
GS>   port 647;
GS>   # Address of the DHCP fail-over peer.
GS>   peer address 10.1.1.2;
GS>   peer port 647;
GS>   max-response-delay 60;
GS>   max-unacked-updates 10;
GS>   #load balance max seconds 3;
GS>   mclt 3600;
GS>   split 0;
GS> }

GS>     subnet 10.1.1.0 netmask 255.255.255.0 {
GS>         range 10.1.1.1 10.1.1.254;
GS>         option routers                  10.1.1.1;
GS>         option subnet-mask              255.255.255.0;
GS>         failover peer "dhcp-failover";
GS>     }

GS>     subnet 10.1.2.0 netmask 255.255.255.0 {
GS>         range 10.1.2.1 10.1.2.254;
GS>         option routers                  10.1.2.1;
GS>         option subnet-mask              255.255.255.0;
GS>         failover peer "dhcp-failover";
GS>     }

GS>     subnet 10.1.3.0 netmask 255.255.255.0 {
GS>         range 10.1.3.1 10.1.3.254;
GS>         option routers                  10.1.3.1;
GS>         option subnet-mask              255.255.255.0;
GS>         failover peer "dhcp-failover";
GS>     }

GS> ---
GS> Now, I've disabled DDNS updates for simplicity sake. Once I get the
GS> multi-subnet/VLAN setup and failover working I'll add that back.

GS> Perhaps that impacts things somehow, so if you'll keep that in mind,
GS> I'd appreciate it.

GS> So, when I try this config I get an error saying that a failover needs
GS> to be inside a shared network block.

GS> But if I do that, I've been told [read] that the DHCP server won't
GS> know how to assign the different subnets. [This would apply to a
GS> network where I wanted to share all the 10.1.1.1-10.1.3.254 as a
GS> single pool/block and assign any station any IP in the whole block.]

GS> But I have a L3 switch and I want these assigned to each VLAN.

GS> ---
GS> So, I setup the conf file without a shared-network and it works fine
GS> with the L3 DHCP helper/proxy. Clients on VLAN1 get 10.1.1.0 blocks
GS> and VLAN2 get 10.1.2.0 blocks etc.

GS> So, with the "failover" block commented out, it works charmingly! Very
GS> cool!

GS> ---
GS> But I *also* want to use failover.

GS> And when I put in a fail-over outside a shared-network, it complains
GS> that it must be inside a shared network.

GS> So, how to I use fail-over AND maintain the subnet grouping above?

GS> ---
GS> I'll keep reading, but I've tinkered with this quite a bit and for the
GS> life of me, I can't see how one would go about it.

GS> -Greg



-- 
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: gregs at sloop.net
http://www.sloop.net
---

More information about the dhcp-users mailing list