DHCP failover setup with several relay agents

Glenn Satchell Glenn.Satchell at uniq.com.au
Mon Sep 22 15:17:56 UTC 2008 

>From: Robert Blayzor <rblayzor.bulk at inoc.net>
>To: dhcp-users at isc.org
>Subject: Re: DHCP failover setup with several relay agents
>Date: Mon, 22 Sep 2008 10:46:59 -0400
>
>On Sep 22, 2008, at 10:33 AM, Simon Hobson wrote:
>> The simple answer is to configure your relay agents properly - ie to  
>> send to both servers at the same time. Either add two helper  
>> addresses, or use a broadcast address.
>
>
>
>Thanks.  I think what Chuck and you have pointed out is to try and use  
>directed broadcast.  I'm just doing some searching to see how that's  
>going to effect any hosts on the other interfaces/LAN's of where the  
>DHCP servers live.  Shouldn't be to bad as long as the ingress  
>firewalls "clean up" that type of inbound traffic.
>
>I think directed broadcast seems like the more reliable way to go... I  
>think that by configuring two relay agent/helper IP's may cause some  
>problems with packet delivery and race conditions over several  
>questionable WAN interface.  If using directed broadcast, at least I  
>know the packet got to the server LAN ok and that the chance of both  
>servers seeing everything is extremely high.
>

Generally you either do dhcp failover, or you can use one of the
linux-ha type applications where you have a shared IP that moves
between two servers and some sort of backend that either has shared
disk or synchronises the leases file frequently.

As long as most of the packets get to the servers you should be fine.
dhcp has lots of redundancy built into the protocol - if a client
doesn't get a response then it keeps trying, same for renewals, etc.
The two servers communicate with each other as well using a tcp
connection, so if one server gets a request and the other doesn't it
shouldn't matter too much. There are lots of sites using failover with
lots of clients over various WAN links quite successfully.

Don't try and make things more complex than they need to be, try the
simple option first and iof that works well enough then don't worry
about trying tobe tricky. If things don't work as well as expected,
then go looking for ways to improve the configuration.

regards,
-glenn

More information about the dhcp-users mailing list