Fail over serves on different VLANS

Hi

We have been running 2 dhcp servers in fail over configuration for quite
a while. Now we consider moving one server to a host in another
building. This will also place the host on another VLAN.

In a earlier tread here John Wobus <[hidden email]> wrote:
 > As far as I know, DHCP redundancy works by having the servers
 > offer different addresses and the client picking one. ISC
 > DHCP servers reduce the obvious duplicated effort by having
 > one of the two DHCP servers wait a few seconds to see if the
 > other server makes an offer. But if the one server doesn't
 > pick up on it's peer's offer, the address it offers itself
 > is always a different one.

How does the server "see if the other server makes an offer". Do they
need to bee on the same VLAN or is it communicated directly between the
servers?

--
Regards
Klaus Vink Slott
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On Thu, Jan 14, 2016 at 01:18:00PM +0100, Klaus Vink Slott wrote:
> How does the server "see if the other server makes an offer". Do
> they need to bee on the same VLAN or is it communicated directly
> between the servers?

The dhcpd servers define a TCP port in their configuration.  They
have an internal protocol by which their leases are communicated
directly.

See "CONFIGURING FAILOVER" in the dhcpd.conf(5) manual.
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Actually, observing network captures in our network, I usually see paired offers - different addresses, one from each server - and the querying host picks one and acknowledges it. The other offer expires and gets sent out again in response to a different request.

I don't think moving your second host to a new VLAN should necessarily be cause for concern as long as the two servers can communicate with each other.

Better to test to be sure, of course.
 
Patrick
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Den 14-01-2016 kl. 13:45 skrev /dev/rob0:
Thanks. I have been searching the manual - but did not find any
information on which information is shared over the communication
channel. However digging in once more I found "load balance max seconds"
which suggest that time since the the first DHCPDISCOVER or DHCPREQUEST
is used if the communication channel is not reliable.

As the dhcphelper distributes DHCPDISCOVER to both server I guess my
worries has no reason.

--
Thanks
Klaus
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On 14 January 2016 at 12:18, Klaus Vink Slott <[hidden email]> wrote:
> How does the server "see if the other server makes an offer". Do they need
> to bee on the same VLAN or is it communicated directly between the servers?

The client broadcasts it's DHCPREQUEST in which it states which server
it has chosen, those packets are then forwarded by the IP helpers to
both DHCP failover peers.

DHCP failover doesn't need both peers to be in the same VLAN, the only
requirement is that the IP helper sends to both peers simultaneously.

Steve
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Klaus Vink Slott <[hidden email]> wrote:

> We have been running 2 dhcp servers in fail over configuration for quite a while. Now we consider moving one server to a host in another building. This will also place the host on another VLAN.
> ...
> How does the server "see if the other server makes an offer".

It doesn't !

> Do they need to bee on the same VLAN or is it communicated directly between the servers?

It's direct.

OK, a bit of background.
If a client does not have a valid lease, or it knows the lease is not valid for the current network, it broadcasts a DHCP_discover packet. This should reach all DHCP servers servicing the network - either direct or via relay agents (helpers). All DHCP servers configured to service this client will respond with an offer, and the client will pick an offer - technically the client should pick the "best"* offer, in practice I think most clients just take the first that has everything they need.

For servers that made offers not taken up, they will simply cancel the offer once they time out and don't get a request from the client.

When a client already has a lease, it will renew (extend) it by unicasting a request to the server that gave it the lease. No other server will see this, and it doesn't need the help of any relay agents.

* For whatever definition of best it is using.


Note that I've specifically catered for an arbitrary number of servers - that's because you can have multiple servers servicing a network, with some restrictions to avoid problems. For example, you could run multiple servers with non-overlapping pools and that will work just fine.

With failover, the requirements are :
The two servers can communicate via unicast packets between them - to run the failover protocol.
The two servers can both service the network for DHCP - that means being able to receive (and reply to) broadcast packets either directly or via a helper, and to communicate via unicast packets with clients.

There's no requirement to be on the same network, or VLAN, or even the same site - as long as the connectivity requirements are met, location doesn't matter (though if on different continents, latency may have an effect !).

As an aside, the reason the servers will not automatically go into partner down state when communication with the partner is lost, is because the traffic may take different routes. Eg, servers at sites A and B may both be able to communicate with a client at site C - but not communicate with each other due to a network problem. An example might be if there are three leased lines, one is down, but there is no redundant routing via the third site. There are also more mundane causes - such as the servers using different interfaces for different traffic and a cable is unplugged, or a switch has failed, or ...

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On 15-01-2016 - 15:46 Simon Hobson wrote:
> Klaus Vink Slott <[hidden email]> wrote:
>> We have been running 2 dhcp servers in fail over configuration for quite a while. Now we consider moving one server to a host in another building. This will also place the host on another VLAN.
> OK, a bit of background.
Thanks for a good introduction Simon.

And I can add that we have now moved the server to the new location -
and it is working fine again.

--
Regards
Klaus
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users