How-to: Configure DHCP Failover

Knowledge Base Community
, , , ,
1

Configure DHCP Failover

Environment

  1. A single network configured with a single DHCP server already serving IP addresses.
  2. On a second UCS server in the same network the DHCP-Server app installed

Note1: The primary DHCP server has not necessarily to be the UCS domain master server. Use whatever server type (master, backup, slave) you like. Additionally, the “secondary DHCP” can be the UCS master server or any other server type. We will use the terms “primary” and “secondary” for DHCP failover.
Note2: The following works flawlessly if you have only a single network configured. In case of multiple networks you have to edit the below commands accordingly.

Note3: To install the needed packages to configure the DHCP Failover, the following article could be helpfully:

Setting up DHCP Failover

Step 1: Define Variables and Configuration Items

Open a shell on the upcoming primary server and set the variables to be used in the later steps:

export self_ip=$(univention-ldapsearch -LLLb "$(ucr get ldap/hostdn)" aRecord | sed -ne 's/^aRecord: //p;T;q')
export peer_ip=$(univention-ldapsearch -LLL '(univentionService=DHCP)' aRecord | sed -ne 's/^aRecord: //p' | grep -v -F "$self_ip")

Step 2: Create Service Records

kinit Administrator
service="$(udm dhcp/service list | sed -ne 's/^DN: //p;T;q')"
ldapadd -Y GSSAPI <<__LDIF__
dn: cn=failover,${service}
objectClass: dhcpFailOverPeer
cn: failover
dhcpFailOverPrimaryServer: $self_ip
dhcpFailOverSecondaryServer: $peer_ip
dhcpFailoverPrimaryPort: 5019
dhcpFailOverSecondaryPort: 5020
dhcpFailOverSplit: 128
dhcpMaxClientLeadTime: 600
__LDIF__

Step 3: Configure UCS Firewall

Do the following on both servers:

ucr set security/packetfilter/package/univention-dhcp/tcp/{5019,5020}/all{=ACCEPT,/en=DHCP\ Failover}
systemctl restart univention-firewall

Step 4: Configure Pools

Change your address range below to your needs:

service=$(udm dhcp/service list | sed -ne 's/DN: //p')
subnet=$(udm dhcp/subnet list --superordinate "$service" | sed -ne 's/DN: //p')
udm dhcp/pool create \
 --superordinate "$subnet" \
 --set name=FailoverPool \
 --set range="192.168.42.30 192.168.42.230" \
 --set dynamic_bootp_clients=deny \
 --set failover_peer=failover

Step 5: Restart Services

On both servers restart the service:
systemctl restart isc-dhcp-server.service

Step 6: Verify Result

If everything configured properly you should see in /var/log/daemon.log both DHCP servers offering different IP addresses to clients.

Additional:

Configure DHCP Failover with Load Balancing on Primary and Secondary DHCP Servers

Overview

This part explains how to configure a DHCP failover with load balancing using the /etc/dhcp/local.conf file on both the Primary and Secondary DHCP servers. This method can be used to ensure high availability and failover capability for a DHCP service.

Reference:
ISC Knowledge Base – Setting up DHCP Failover: A Basic Overview

Prerequisites

  • Two DHCP servers (Primary and Secondary) are available and configured.
  • Administrative access to both systems.
  • Basic understanding of DHCP configuration.

Configuration

The failover configuration is defined in the /etc/dhcp/local.conf file on both the Primary and Secondary DHCP servers.

Primary DHCP Server Configuration

Add the following configuration to /etc/dhcp/local.conf:

failover peer "failover" {
    primary;
    address 10.1.1.1;
    peer address 10.1.1.2;
    port 5019;
    peer port 5020;
    max-response-delay 60;
    max-unacked-updates 10;
    mclt 3600;
    split 128;
    load balance max seconds 3;
}

Secondary DHCP Server Configuration

Add the following configuration to /etc/dhcp/local.conf:

failover peer "failover" {
    secondary;
    address 10.1.1.2;
    peer address 10.1.1.1;
    port 5019;
    peer port 5020;
    max-response-delay 60;
    max-unacked-updates 10;
    load balance max seconds 3;
}

Applying the Configuration

After editing the configuration files on both servers, restart the DHCP service to apply the changes:

systemctl restart isc-dhcp-server.service

Verification

To verify that the failover configuration is active and working as expected, you can use the following commands:

Check service status:

systemctl status isc-dhcp-server.service

Monitor the DHCP server logs:

tail -f /var/log/daemon.log

Result

With these settings, the DHCP failover and load balancing should function as intended, providing redundancy and improved reliability for your DHCP service.