CentOS - Nov 2019 - DHCP server failover: advise is needed

Dear Experts,

I was running ISC DHCP server for longer than I would care to remember. 
Now I decided to climb out of the cave and configure failover set 
(primary-secondary), and I seem to hit brick wall, which I need help 
with. I only need IP v4, no v6, which may simplify things.

Could someone point to a description of working DHCP failover configuration?

I do not want to make two independent DHCP servers handling half of the 
pool each. We are not that rich as far as IP space is concerned.

I am not married to ISC DHCP server, so any one I will do, because:

<rant>
My current configuration is something that was gradually migrated and/or 
adjusted through several generations of systems, and server versions 
over the years. It works. When I tried to incorporate what I need for 
failover following ISC documentation, and some people's guides, I 
discovered, I need more sophisticated structure of sections and 
subsections, which I figured out finally. But the annoying part was: in 
ISC documentation I failed to find general stricture of which section 
can appear inside which; like:

a {
  b {
   c {

   }
  }
}

You can create each of sections/subsections following documentation, but 
to put them together making consistent config file you (I at least) have 
to figure on your own which section goes inside of which.
</rant>

So, I am not married to ISC DHCP server, we didn't get along now as far 
as my use of documentation is concerned. Anything that works - with 
failover! I am going to have it set up on FreeBSD, but if something 
works on Linux, I likely will be able to reproduce it on FreeBSD.


Thanks in advance for all your answers!

Valeri
-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

On Fri, 22 Nov 2019, Valeri Galtsev wrote:
> Dear Experts,
>
> I was running ISC DHCP server for longer than I would care to remember. Now
I
> decided to climb out of the cave and configure failover set 
> (primary-secondary), and I seem to hit brick wall, which I need help with.
I
> only need IP v4, no v6, which may simplify things.
>
> Could someone point to a description of working DHCP failover
configuration?
I wrote this article a long time ago:

https://www.madboa.com/geek/dhcp-failover/

It worked for me at my last job.

-- 
Paul Heinlein
heinlein at madboa.com
45?38' N, 122?6' W

> -----Original Message-----
> From: Valeri Galtsev
> Sent: Friday, November 22, 2019 12:10 PM
> 
> Dear Experts,
> 
> I was running ISC DHCP server for longer than I would care to remember.
> Now I decided to climb out of the cave and configure failover set
> (primary-secondary), and I seem to hit brick wall, which I need help
> with. I only need IP v4, no v6, which may simplify things.
> 
> Could someone point to a description of working DHCP failover
configuration?
> 
> I do not want to make two independent DHCP servers handling half of the
> pool each. We are not that rich as far as IP space is concerned.
> 
> I am not married to ISC DHCP server, so any one I will do, because:
I searched for this last weekend, and added it to my to do list for holiday
downtime coming up...

Quoting https://kb.isc.org/docs/aa-00502

A Basic Guide to Configuring DHCP Failover

Setting Up DHCP Failover: A Basic Overview

Many of the syntax options presented here are explained in more detail in the
dhcpd.conf man page distributed with dhcp. It is recommended that you consult
that document for specifics once you have grasped the basic steps involved.

1. Select your servers.  Choose one to be primary, the other to be secondary. 
Different versions of ISC dhcpd may implement failover differently.  To avoid
problems, use the same version (or as close as possible) on both machines of a
failover pair.
2. Ensure that clocks are closely synchronized.  DHCP is a time-sensitive
protocol and clock skew can cause problems.
3. Identify the networks and address pools that will be served.
4. Identify other network elements that will have to be aware of both servers. 
Configure DHCP relays to relay forwarded discovers and requests to both servers.
Ensure that firewalls and filters allow DHCP traffic, OMAPI control channel
traffic, and failover protocol messages to reach your servers.
5. Add declaration blocks for the failover peers to the configuration files on
the primary:
...

> 
> <rant>
> My current configuration is something that was gradually migrated and/or
> adjusted through several generations of systems, and server versions
> over the years. It works. When I tried to incorporate what I need for
> failover following ISC documentation, and some people's guides, I
> discovered, I need more sophisticated structure of sections and
> subsections, which I figured out finally. But the annoying part was: in
> ISC documentation I failed to find general stricture of which section
> can appear inside which; like:
> 
> a {
>   b {
>    c {
> 
>    }
>   }
> }
> 
> You can create each of sections/subsections following documentation, but
> to put them together making consistent config file you (I at least) have
> to figure on your own which section goes inside of which.
> </rant>
> 
> So, I am not married to ISC DHCP server, we didn't get along now as far
> as my use of documentation is concerned. Anything that works - with
> failover! I am going to have it set up on FreeBSD, but if something
> works on Linux, I likely will be able to reproduce it on FreeBSD.
> 
> 
> Thanks in advance for all your answers!
> 
> Valeri
> --
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

On 2019-11-22 11:19, Jason Pyeron wrote:
>> -----Original Message-----
>> From: Valeri Galtsev
>> Sent: Friday, November 22, 2019 12:10 PM
>>
>> Dear Experts,
>>
>> I was running ISC DHCP server for longer than I would care to remember.
>> Now I decided to climb out of the cave and configure failover set
>> (primary-secondary), and I seem to hit brick wall, which I need help
>> with. I only need IP v4, no v6, which may simplify things.
>>
>> Could someone point to a description of working DHCP failover
configuration?
>>
>> I do not want to make two independent DHCP servers handling half of the
>> pool each. We are not that rich as far as IP space is concerned.
>>
>> I am not married to ISC DHCP server, so any one I will do, because:
> 
> I searched for this last weekend, and added it to my to do list for holiday
downtime coming up...
> 
> Quoting https://kb.isc.org/docs/aa-00502
>
Yes, this is one of the pieces of documentation I followed (adding what 
is missing here from other sources).

Thanks anyway!

Valeri
> A Basic Guide to Configuring DHCP Failover
> 
> Setting Up DHCP Failover: A Basic Overview
> 
> Many of the syntax options presented here are explained in more detail in
the dhcpd.conf man page distributed with dhcp. It is recommended that you
consult that document for specifics once you have grasped the basic steps
involved.
> 
> 1. Select your servers.  Choose one to be primary, the other to be
secondary.  Different versions of ISC dhcpd may implement failover differently. 
To avoid problems, use the same version (or as close as possible) on both
machines of a failover pair.
> 2. Ensure that clocks are closely synchronized.  DHCP is a time-sensitive
protocol and clock skew can cause problems.
> 3. Identify the networks and address pools that will be served.
> 4. Identify other network elements that will have to be aware of both
servers.  Configure DHCP relays to relay forwarded discovers and requests to
both servers.  Ensure that firewalls and filters allow DHCP traffic, OMAPI
control channel traffic, and failover protocol messages to reach your servers.
> 5. Add declaration blocks for the failover peers to the configuration files
on the primary:
> ...
> 
> 
>>
>> <rant>
>> My current configuration is something that was gradually migrated
and/or
>> adjusted through several generations of systems, and server versions
>> over the years. It works. When I tried to incorporate what I need for
>> failover following ISC documentation, and some people's guides, I
>> discovered, I need more sophisticated structure of sections and
>> subsections, which I figured out finally. But the annoying part was: in
>> ISC documentation I failed to find general stricture of which section
>> can appear inside which; like:
>>
>> a {
>>    b {
>>     c {
>>
>>     }
>>    }
>> }
>>
>> You can create each of sections/subsections following documentation,
but
>> to put them together making consistent config file you (I at least)
have
>> to figure on your own which section goes inside of which.
>> </rant>
>>
>> So, I am not married to ISC DHCP server, we didn't get along now as
far
>> as my use of documentation is concerned. Anything that works - with
>> failover! I am going to have it set up on FreeBSD, but if something
>> works on Linux, I likely will be able to reproduce it on FreeBSD.
>>
>>
>> Thanks in advance for all your answers!
>>
>> Valeri
>> --
>> ++++++++++++++++++++++++++++++++++++++++
>> Valeri Galtsev
>> Sr System Administrator
>> Department of Astronomy and Astrophysics
>> Kavli Institute for Cosmological Physics
>> University of Chicago
>> Phone: 773-702-4247
>> ++++++++++++++++++++++++++++++++++++++++
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

On 2019-11-22 11:18, Paul Heinlein wrote:
> On Fri, 22 Nov 2019, Valeri Galtsev wrote:
> 
>> Dear Experts,
Success!

Thank you, everybody who answered, all your insights helped!

Special thinks to you, Paul! Your instruction did put my brain together, 
finally.

Valeri
>>
>> I was running ISC DHCP server for longer than I would care to 
>> remember. Now I decided to climb out of the cave and configure 
>> failover set (primary-secondary), and I seem to hit brick wall, which 
>> I need help with. I only need IP v4, no v6, which may simplify things.
>>
>> Could someone point to a description of working DHCP failover 
>> configuration?
> 
> I wrote this article a long time ago:
> 
> https://www.madboa.com/geek/dhcp-failover/
> 
> It worked for me at my last job.
> 
-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++