Join Log in
Score:1
madona33 avatar Ubuntu

UBUNTU-22.04-DHCP-failover mode issue

ch flag
madona33

We have 2 DHCP servers (Ubuntu 18.04), they are configured as failover mode (primary / secondary). They work brilliantly, no issues with them since about 4 years.

Now, we had a power cut, so one of them went down (the primary) for about 6 hours. For my surprise, the secondary refused to issue any IP addresses at all, so it looked like that both of them have to be online to work, which is not the purpose of having failover mode.

Both of them started to work as soon as the power came back and the primary came online again.

Any idea why we lose DHCP service if one is out of order? As mentioned, failover mode should work in case one server goes down for any reason.

MY configurations is as follows:

Primary:

/etc/dhcp/dhcpd.conf

log-facility local7;
authoritative;
ddns-update-style none;

failover peer "failover" {
  primary; 
  address 172.17.1.11;
       port 519;
       peer address 172.17.1.20;
       peer port 520;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 3600;
  split 128;
}

Secondary:

log-facility local7;
authoritative;
ddns-update-style none;


failover peer "failover" {
  secondary; # declare this to be the secondary server
  address 172.17.1.20;
       port 520;
       peer address 172.17.1.11;
       peer port 519;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;

}

Would it help if I change "split" to 255 in the primary (instead of 128) OR use hba, as below

hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff;

instead of "split" and add the following to both ?

max-lease-misbalance 2;
max-lease-ownership 1;
min-balance 300;
max-balance 1800;

Many thanks

Madona

213
3 + 2
madona33 avatar
ch flag
madona33
Hi, any help or suggests please?
1
Reply
Matias N Goldberg avatar
vg flag
Matias N Goldberg
This is silly but please make sure both servers have static IPs. If your secondary server asks your primary for an IP address and both are taken down but only the secondary goes back up, it's going to fail.
0
Reply
Score:0
penguinpages avatar Ubuntu
it flag
penguinpages

I was trolling for a different DHCP issue and came across this unanswered one.

Can you post your DHCP.conf more fully. Within the scope stanza you have to call out that each scope has a failover peer.

Example:

failover peer "failover-partner" {
     primary;
     address 10.89.100.152;
     peer address 10.89.100.153;
     peer port 647;
     max-response-delay 60;
     max-unacked-updates 10;
     mclt 3600;
     split 128;
     load balance max seconds 3;
}

subnet 10.89.130.0 netmask 255.255.255.0 {
    option domain-name-servers 10.89.100.152;
    option routers 10.89.130.1;
    pool {
        failover peer "failover-partner";
        range 10.89.130.10 10.89.130.254;
    }
}


Many thanks for your reply,I was waiting for any help for ages.

Please find below some on my DHCP.conf, they are for 3 Vlans out of over 200.

Primary:

    log-facility local7;
    authoritative;
    ddns-update-style none;
    
    failover peer "dhcpfo" {
    primary; # declare this to be the primary server
    address 172.16.1.11;
      port 647;
    # port 847;
    #port 519;
    peer address 172.16.1.20;
     peer port 647;
    # peer port 847;
    # peer port 520;
    max-response-delay 30;
    max-unacked-updates 10;
    load balance max seconds 3;
    mclt 3600;
    split 128;
    }
    
    
    subnet 172.16.1.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 172.16.1.255;
    option routers 172.16.1.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 172.16.1.51 172.16.1.245;
    
    }
    }
    
    #---------------------------------------------
    
    
    subnet 192.168.2.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.2.255;
    option routers 192.168.2.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 192.168.2.51 192.168.2.245;
    
    }
    }
    
    #---------------------------------------------
    
    
    subnet 192.168.3.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.3.255;
    option routers 192.168.3.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 192.168.3.51 192.168.3.245;
    
    }
    }

SECONDARY:

    log-facility local7;
    authoritative;
    ddns-update-style none;
    
    failover peer "dhcpfo" {
    secondary; # declare this to be the secondary server
    address 172.16.1.20;
      port 647;
    #port 847;
    #port 520;
    peer address 172.16.1.11;
     peer port 647;
    #peer port 847;
    # peer port 519;
    max-response-delay 30;
    max-unacked-updates 10;
    load balance max seconds 3;
    
    }
    
    subnet 172.16.1.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 172.16.1.255;
    option routers 172.16.1.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 172.16.1.51 172.16.1.245;
    
    }
    }
    
    #---------------------------------------------
    
    subnet 192.168.2.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.2.255;
    option routers 192.168.2.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 192.168.2.51 192.168.2.245;
    
    }
    }
    
    #---------------------------------------------
    
    
    subnet 192.168.3.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.3.255;
    option routers 192.168.3.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 192.168.3.51 192.168.3.245;
    
    }
    }


I just wanted to make sure that my config is right, so that if one of the servers goes down the other one would carry on with the job.
Many thanks
Madona
+ 0
Score:0
penguinpages avatar Ubuntu
it flag
penguinpages

your stanzas look fine. The formatting is a bit different than examples from dhcp standard site and examples I borrowed. But if configuration passes when it parses.. then my guess is it just is formatting.

Do you have both DHCP added to upstream router(s) for dhcp helper service?

That is a mistake many make.. you have to list both. And it forwards broadcast to the first listed IP if it is up and mac is showing (aka. ignorant of services correct or running).

Flip your helper order. then see which one is first in list and that shows out leasing.

+ 0
Score:0
madona33 avatar Ubuntu
ch flag
madona33

Many thanks for your reply,I was waiting for any help for ages.

Please find below some on my DHCP.conf, they are for 3 Vlans out of over 200.

PRIMARY:

log-facility local7;
authoritative;
ddns-update-style none;

failover peer "dhcpfo" {
primary; # declare this to be the primary server
address 172.16.1.11;
  port 647;
# port 847;
#port 519;
peer address 172.16.1.20;
 peer port 647;
# peer port 847;
# peer port 520;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
mclt 3600;
split 128;
}


subnet 172.16.1.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
option routers 172.16.1.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 172.16.1.51 172.16.1.245;

}
}

#---------------------------------------------


subnet 192.168.2.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.2.51 192.168.2.245;

}
}

#---------------------------------------------


subnet 192.168.3.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.3.51 192.168.3.245;

}
}

SECONDARY:

log-facility local7;
authoritative;
ddns-update-style none;

failover peer "dhcpfo" {
secondary; # declare this to be the secondary server
address 172.16.1.20;
  port 647;
#port 847;
#port 520;
peer address 172.16.1.11;
 peer port 647;
#peer port 847;
# peer port 519;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;

}

subnet 172.16.1.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
option routers 172.16.1.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 172.16.1.51 172.16.1.245;

}
}

#---------------------------------------------

subnet 192.168.2.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.2.51 192.168.2.245;

}
}

#---------------------------------------------


subnet 192.168.3.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.3.51 192.168.3.245;

}
}

I just wanted to make sure that my config is right, so that if one of the servers goes down the other one would carry on with the job.

Many thanks

Madona

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.