Setting up DHCP Failover

Jonathan Labbé jlabbe at neonova.net
Tue Oct 28 14:39:15 UTC 2014 

Hello,

For the life of me, I am unable to figure out why my 2 dhcp servers will
not talk to each other.  I have done multiple searches and poured through
as much as the list archives as I could to see if anyone else has run into
this.  Either I am poor at searching or I'm just unlucky in trying to find
anything.

None of this is production yet, I have set up an internal test to see how
exactly dhcp failover will work and will it work with a physical server
onsite and a virtual server as its backup.  I have checked IP routing and
firewalls and have seen nothing to stop them.  Both machines are running
Centos 6.5.

Everything starts up, everything seems to be going OK, and my servers will
just set at

Oct 28 10:09:55  dhcpd: failover peer dhcp: I move from recover to startup
Oct 28 10:10:10  dhcpd: failover peer dhcp: I move from startup to recover

And nothing more.  I have let this sit for a couple of days as well to see
if the states will change, however, that has done nothing either.  I have
for the life me cannot figure out why this is.  I know the boxes can reach
other, I can ssh into either from either box, I can reach either server
through omshell just fine as well.  Which through omshell forcing the state
change seems to do nothing for me as well.

Here is how my Primary and Secondary are set up.  If I have missed
anything, please let me know.  Thanks in advance for advice and guidance.

***** Primary Server *****

*dhcpd.conf*

authoritative;
default-lease-time 3600;
max-lease-time 3600;

# OMAPI Setup

omapi-port 7911;
omapi-key omapi_key;

key omapi_key {
        algorithm hmac-md5;
        secret hey a key;
        }

# Failover Configuration

failover peer "dhcp" {
        primary;
        address dhcp.example.net;
        port 647;
        peer address dhcp2.example.net;
        port 647;
        max-response-delay 60;
        max-unacked-updates 10;
        mclt 3600;
        split 128;
        load balance max seconds 3;
}

# Stub to make DHCP to start

subnet xxx.xxx.xxx.xxx netmask 255.255.255.0 {}

# DHCP Declarations

subnet  172.16.101.0 netmask 255.255.255.0 {
        option routers 172.16.101.1;
        option subnet-mask 255.255.255.0;
        pool {
                failover peer "dhcp";
                range 172.16.101.2 172.16.101.254;
                deny dynamic bootp clients;
        }
}

*/etc/shorewall/rules*

#DHCP Failover
ACCEPT          net             fw              tcp     647
ACCEPT          net             fw              tcp     67,68,69
ACCEPT          net             fw              udp     67,68,69

*/var/log/messages*

Oct 28 10:09:55  dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Oct 28 10:09:55  dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Oct 28 10:09:55  dhcpd: All rights reserved.
Oct 28 10:09:55  dhcpd: For info, please visit
https://www.isc.org/software/dhcp/
Oct 28 10:09:55  dhcpd: Not searching LDAP since ldap-server, ldap-port and
ldap-base-dn were not specified in the config file
Oct 28 10:09:55  dhcpd: Wrote 0 leases to leases file.
Oct 28 10:09:55  dhcpd: Listening on LPF/eth0/00:25:90:6c:cf:90/
137.118.48.0/24
Oct 28 10:09:55  dhcpd: Sending on   LPF/eth0/00:25:90:6c:cf:90/
137.118.48.0/24
Oct 28 10:09:55  dhcpd: Sending on   Socket/fallback/fallback-net
Oct 28 10:09:55  dhcpd: failover peer dhcp: I move from recover to startup
Oct 28 10:10:10  dhcpd: failover peer dhcp: I move from startup to recover

*/var/lib/dhcpd/dhcpd.leases*

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1


failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
}
server-duid "\000\001\000\001\033\334\030\262\000%\220l\317\220";


failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
}

failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
}

***** Secondary Server *****

*dhcpd.conf*

authoritative;
default-lease-time 3600;
max-lease-time 3600;

# OMAPI Setup

omapi-port 7911;
omapi-key omapi_key;

key omapi_key {
        algorithm hmac-md5;
        secret hey a key;
        }

# Failover Configuration

failover peer "dhcp" {
        secondary;
        address dhcp2.example.net;
        port 647;
        peer address dhcp.example.net;
        port 647;
        max-response-delay 60;
        max-unacked-updates 10;
        mclt 3600;
        load balance max seconds 3;
}

# DHCP Declarations

#stub to make DHCP start
subnet xxx.xxx.xxx.xxx netmask 255.255.255.0 {}

subnet 172.16.101.0 netmask 255.255.255.0 {
        option routers 172.16.101.1;
        option subnet-mask 255.255.255.0;
        pool {
                failover peer "dhcp";
                range 172.16.101.2 172.16.101.254;
                deny dynamic bootp clients;
        }
}

*/etc/shorewall/rules*

#DHCP Failover
ACCEPT          net             fw              tcp     647
ACCEPT          net             fw              tcp     67,68,69
ACCEPT          net             fw              udp     67,68,69

*/var/log/messages*

Oct 28 10:09:57 dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Oct 28 10:09:57 dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Oct 28 10:09:57 dhcpd: All rights reserved.
Oct 28 10:09:57 dhcpd: For info, please visit
https://www.isc.org/software/dhcp/
Oct 28 10:09:57 dhcpd: Not searching LDAP since ldap-server, ldap-port and
ldap-base-dn were not specified in the config file
Oct 28 10:09:57 dhcpd: Wrote 0 leases to leases file.
Oct 28 10:09:57 dhcpd: Listening on LPF/eth0/00:50:56:02:08:00/
137.118.42.0/24
Oct 28 10:09:57 dhcpd: Sending on   LPF/eth0/00:50:56:02:08:00/
137.118.42.0/24
Oct 28 10:09:57 dhcpd: Sending on   Socket/fallback/fallback-net
Oct 28 10:09:57 dhcpd: failover peer dhcp: I move from recover to startup
Oct 28 10:10:12 dhcpd: failover peer dhcp: I move from startup to recover

*/var/lib/dhcpd/dhcpd.leases*

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1.1-P1


failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
  mclt 3600;
}
server-duid "\000\001\000\001\033\334\030\262\000PV\002\010\000";


failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
  mclt 3600;
}

failover peer "dhcp" state {
  my state recover at 4 2014/10/23 19:51:14;
  partner state unknown-state at 4 2014/10/23 19:51:14;
  mclt 3600;
}

-- 
Jonathan Labbé
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20141028/36707872/attachment.html>

More information about the dhcp-users mailing list