dhcp failover简配

简介

。。。。。。。。。。。。。。。。。。。。。。。。。。。

Be patient! Lin-credible!!

//建议仔细阅读manual手册

man dhcpd.conf

man 1 omshell

man 3 dhcpdctl  

//内容很丰富……

DHCP FAILOVER
       This  version of the ISC DHCP server supports the DHCP failover protocol as documented in draft-ietf-dhc-failover-07.txt.   This is not a final protocol
       document, and we have not done interoperability testing with other vendors’ implementations of this protocol, so you must not assume that this implemen-
       tation  conforms  to the standard.  If you wish to use the failover protocol, make sure that both failover peers are running the same version of the ISC
       DHCP server.

       The failover protocol allows two DHCP servers (and no more than two) to share a common address pool.   Each server will have about half of the available
       IP  addresses  in  the pool at any given time for allocation.   If one server fails, the other server will continue to renew leases out of the pool, and
       will allocate new addresses out of the roughly half of available addresses that it had when communications with the other server were lost.

       It is possible during a prolonged failure to tell the remaining server that the other server is down, in which case  the  remaining  server  will  (over
       time)  reclaim  all  the  addresses the other server had available for allocation, and begin to reuse them.   This is called putting the server into the
       PARTNER-DOWN state.

       You can put the server into the PARTNER-DOWN state either by using the omshell (1) command or by stopping the server, editing the last peer state decla-
       ration in the lease file, and restarting the server.   If you use this last method, be sure to leave the date and time of the start of the state blank:

       failover peer name state {
       my state partner-down;
       peer state state at date;
       }

       When  the other server comes back online, it should automatically detect that it has been offline and request a complete update from the server that was
       running in the PARTNER-DOWN state, and then both servers will resume processing together.

       It is possible to get into a dangerous situation: if you put one server into the PARTNER-DOWN state, and then *that* server goes  down,  and  the  other
       server  comes  back up, the other server will not know that the first server was in the PARTNER-DOWN state, and may issue addresses previously issued by
       the other server to different clients, resulting in IP address conflicts.   Before putting a server into PARTNER-DOWN state, therefore, make  sure  that
       the other server will not restart automatically.

       The  failover protocol defines a primary server role and a secondary server role.   There are some differences in how primaries and secondaries act, but
       most of the differences simply have to do with providing a way for each peer to behave in the opposite way from the other.   So one server must be  con-
       figured as primary, and the other must be configured as secondary, and it doesn’t matter too much which one is which.

。。。

简单实验

primary

192.168.233.2/dhcpd.conf

Ddns-update-style interim;
ignore client-updates;
default-lease-time 3600;
max-lease-time 43200;

failover peer "myfailover"{
        primary;
        address 192.168.233.2;
        port 647;
        peer address 192.168.233.3;
        peer port 647;
        max-response-delay 30;
        max-unacked-updates 10;
        load balance max seconds 3;
        mclt 1800;
        split 20;
        }

shared-network vlan{
        subnet 192.168.233.0 netmask 255.255.255.0 {
                default-lease-time 720;
                max-lease-time 8640;
                pool {
                        failover peer "myfailover";
                        range 192.168.233.210 192.168.233.250;
                        option routers 192.168.233.1;
                        option subnet-mask 255.255.255.0;
                        option broadcast-address 192.168.233.255;
                        option domain-name-servers 8.8.8.8;
                        }
                host taolinran {hardware ethernet aa:bb:cc:dd:87:e9; fixed-address x.x.x.x;}
                }
        }

secondary

192.168.233.3/dhcpd.conf

Ddns-update-style interim;
ignore client-updates;
default-lease-time 3600;
max-lease-time 43200;

failover peer "myfailover" {
        secondary;
        address 192.168.233.3;
        port 647;
        peer address 192.168.233.2;
        peer port 647;
        max-response-delay 30;
        max-unacked-updates 10;
        load balance max seconds 3;
}

shared-network vlan{
        subnet 192.168.233.0 netmask 255.255.255.0 {
                default-lease-time 720;
                max-lease-time 8640;
                pool {
                        failover peer "myfailover";
                        range 192.168.233.210 192.168.233.250;
                        option routers 192.168.233.1;
                        option subnet-mask 255.255.255.0;
                        option broadcast-address 192.168.233.255;
                        option domain-name-servers 8.8.8.8;
                        }

                host taolinran {hardware ethernet aa:bb:cc:dd:87:e9; fixed-address x.x.x.x;}

  } }

简单结果

[root@svn 192.168.233.2]# lsof -i:67,647
COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
dhcpd   1865 dhcpd    7u  IPv4  11964      0t0  UDP *:bootps 
dhcpd   1865 dhcpd    8u  IPv4  11965      0t0  TCP 192.168.233.2:56299->192.168.233.3:dhcp-failover (ESTABLISHED)
dhcpd   1865 dhcpd    9u  IPv4  11966      0t0  TCP 192.168.233.2:dhcp-failover (LISTEN)stop主DHCP服务器之后，在客户端"dhclient -r", 然后"dhclient"再试一下……

其他

目前只是简单实现了failover的配置，另外，如果条件有限，需要用虚拟机实验的话，考虑vmware的host-only的网卡模式，主要要关闭物理机防火墙，最好关闭SELinux和iptables(如果不太熟悉的话)！

之后的进一步处理还有很多，如omshell的利用，以及dhcpctl程序的编写，以便更灵活地管理DHCP服务器……

参考

Linux下DHCP服务器的灾难备份