# dhcp failover without shared-network.

## 1clue

Hi.

I use net-misc/dhcp on a somewhat complex network.  There are Cisco switches with VLANs.  Each VLAN is set up to forward icmp packets to my Gentoo-based DHCP server.  The system works well.

I'm trying to configure failover.  I have a new Gentoo box with DHCP on it, but I'm hesitant to mess with my production setup unless I have a reasonable amount of faith that it'll work correctly.

I get the message that a failover peer must be declared inside a shared-network.  I don't want a shared-network, because what it says in the man page would be a disaster for me.  I have one dhcp server writing leases for some odd 10 VLANs, and they each must have their own separate pool.  Moving from one VLAN to the other MUST force a renegotiation of an address.

Has anyone had experience with this arrangement?  I've seen threads here about failover on simple networks, these threads do not seem to help.

----------

## magic919

We use pairs of DHCP servers dishing out pools of addresses based on which subnet the request came from.  We run them live-live and they do half the work each.  They are both known to the routers on the network and broadcasts for DHCPs get unicast to both these addresses along with data regarding where the request came from.  

The pair of DHCP servers use some kind of keep-alive and fail over when they think the other is dead.  They both get all the requests for IPs and they respond when they are main for that subnet and ignore when they are backup.

You could have a look for Cisco Network Registrar for some reading material.

----------

## 1clue

Yeah, I have everything but the failover going.  My brain gets a kernel panic when I see that "shared-network" thing though.  I only have two Gentoo boxes, and one of them is in production.  I need to install another box I guess.

Could you look at your config and tell me if you use that shared-network construct?  My guess is either the dhcpd.conf man page is slightly wrong or there's some way to do it without shared-network.

If I can use shared-network and still guarantee that a laptop which is unplugged from subnet 1 and plugged into subnet 2, both using the same DHCP server, will be forced to get a new address then I guess that's what I need.  According to the man page though, shared-network causes the server to collect all the address pools together and hand them out randomly.  That gives me the creeps, for some reason.

Thanks for the response.

----------

## 1clue

Just pinging this one to see if somebody has some insight on this particular problem.

Thanks.

----------

## Dalrain

I actually need to do something like this now, as we are also using VLANs at my institution, with Cisco helper addresses to get the DHCP requests where they need to go on the server.  I'm looking for someone with knowledge of how to correctly specify multiple subnets in a failover situation, if possible.  (I just want to make sure I'm getting the configuration correct.)

Thanks to anyone that can give 1clue or me more info on this!

----------

## 1clue

I still don't have an answer either.  I'd really appreciate anyone who could help out.

----------

## 1clue

I seem to have this working.

First, it seems that my error was either a misplaced failover peer statement or it was a syntax error in the file.

There's a lot of stuff that doesn't work for me, like DDNS updates.  DDNS is mostly a Windows Domain update, and the stuff ain't working.  That's beside the point for this topic, but if anyone knows what's wrong let me know and I'll be much obliged.

The failover peer declaration needs to be slightly different on the primary and on the secondary.  This is the primary, which is the only thing I have running at the moment.

Here's what I have in dhcpd.conf:

```

failover peer "dhcp" {

  primary;

  address dhcp1.my.net;  # Address THIS server listens on for failover traffic.

  port 12345;                # port is not yet defined in standards, so we need this.

  peer address dhcp2.my.net; # Address of failover peer.

  peer port 12345;

  max-response-delay 60;

  max-unacked-updates 10;

  mclt 3600;  # max client lead time, defined on primary only.

  split 128;  # must be 128, defined on primary only.

  load balance max seconds 3;

}

                                                                    

include "/etc/dhcp/dhcpd.master";

```

My dhcpd.master is the file that is copied between both servers, and should be identical on both systems.  I included only a couple VLANs so it's not too complicated.

Here's some fragments from dhcpd.master:

```

default-lease-time 2400;

max-lease-time 2400;

dynamic-bootp-lease-length 2400;

                                                                                                    

ddns-domainname "MYWINDOWSDOMAIN.COM";

ddns-update-style interim;

do-forward-updates true;

option netbios-name-servers 192.168.2.21;          # wins server

option domain-name "my.net.";

option domain-name-servers 192.168.2.11,192.168.3.15;

                                                                                                    

update-static-leases true;

always-reply-rfc1048 true;

option fqdn.no-client-update false;                   # clients should not update dns dynamically.

option ntp-servers tick.my.net, tock.my.net; # time servers

option www-server www.my.net;

deny unknown-clients;

                                                                                                    

subnet 192.168.4.0 netmask 255.255.255.0 {

  # NO DHCP!

  authoritative;

  deny unknown-clients;

  option routers 192.168.4.1;

}

                                                                                                    

subnet 192.168.6.0 netmask 255.255.255.0 {

  # VLAN 6

  authoritative;

  ddns-updates on;

  allow unknown-clients;

  option routers 192.168.6.1;

  pool {

    deny dynamic bootp clients;

    failover peer "dhcp";

    range 192.168.6.100 192.168.6.254;

  }

}

```

In the man page for dhcpd.conf, search on failover peer name and you'll see a construct that should go into your leases file before you start your first server, or the server will come up and deny a stack of leases for what seems like hours, just because it can't see the peer.  My first attempt at this I tried to configure two servers at once and almost certainly this is what killed me.

----------

