UBUNTU-22.04-DHCP-failover mode issue

Question

We have 2 DHCP servers (Ubuntu 18.04), they are configured as failover mode (primary / secondary). They work brilliantly, no issues with them since about 4 years.

Now, we had a power cut, so one of them went down (the primary) for about 6 hours. For my surprise, the secondary refused to issue any IP addresses at all, so it looked like that both of them have to be online to work, which is not the purpose of having failover mode.

Both of them started to work as soon as the power came back and the primary came online again.

Any idea why we lose DHCP service if one is out of order? As mentioned, failover mode should work in case one server goes down for any reason.

MY configurations is as follows:

Primary:

/etc/dhcp/dhcpd.conf

log-facility local7;
authoritative;
ddns-update-style none;
failover peer "failover" {
  primary; 
  address 172.17.1.11;
       port 519;
       peer address 172.17.1.20;
       peer port 520;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 3600;
  split 128;
}

Secondary:

log-facility local7;
authoritative;
ddns-update-style none;
failover peer "failover" {
  secondary; # declare this to be the secondary server
  address 172.17.1.20;
       port 520;
       peer address 172.17.1.11;
       peer port 519;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}

Would it help if I change "split" to 255 in the primary (instead of 128) OR use hba, as below

hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff;

instead of "split" and add the following to both ?

max-lease-misbalance 2;
max-lease-ownership 1;
min-balance 300;
max-balance 1800;

Many thanks

Madona

Answer 1

I was trolling for a different DHCP issue and came across this unanswered one.

Can you post your DHCP.conf more fully. Within the scope stanza you have to call out that each scope has a failover peer.

Example:

failover peer "failover-partner" {
     primary;
     address 10.89.100.152;
     peer address 10.89.100.153;
     peer port 647;
     max-response-delay 60;
     max-unacked-updates 10;
     mclt 3600;
     split 128;
     load balance max seconds 3;
}
subnet 10.89.130.0 netmask 255.255.255.0 {
    option domain-name-servers 10.89.100.152;
    option routers 10.89.130.1;
    pool {
        failover peer "failover-partner";
        range 10.89.130.10 10.89.130.254;
    }
}
Many thanks for your reply,I was waiting for any help for ages.
Please find below some on my DHCP.conf, they are for 3 Vlans out of over 200.
Primary:
log-facility local7;
authoritative;
ddns-update-style none;

failover peer "dhcpfo" {
primary; # declare this to be the primary server
address 172.16.1.11;
  port 647;
# port 847;
#port 519;
peer address 172.16.1.20;
 peer port 647;
# peer port 847;
# peer port 520;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
mclt 3600;
split 128;
}


subnet 172.16.1.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
option routers 172.16.1.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 172.16.1.51 172.16.1.245;

}
}

#---------------------------------------------------------------------


subnet 192.168.2.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.2.51 192.168.2.245;

}
}

#----------------------------------------------------------------


subnet 192.168.3.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.3.51 192.168.3.245;

}
}


SECONDARY:
log-facility local7;
authoritative;
ddns-update-style none;

failover peer "dhcpfo" {
secondary; # declare this to be the secondary server
address 172.16.1.20;
  port 647;
#port 847;
#port 520;
peer address 172.16.1.11;
 peer port 647;
#peer port 847;
# peer port 519;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;

}

subnet 172.16.1.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
option routers 172.16.1.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 172.16.1.51 172.16.1.245;

}
}

#---------------------------------------------------------------------

subnet 192.168.2.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.2.51 192.168.2.245;

}
}

#----------------------------------------------------------------


subnet 192.168.3.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.3.51 192.168.3.245;

}
}



I just wanted to make sure that my config is right, so that if one of the servers goes down the other one would carry on with the job.
Many thanks
Madona

Answer 2

Many thanks for your reply,I was waiting for any help for ages.

Please find below some on my DHCP.conf, they are for 3 Vlans out of over 200.

PRIMARY:

log-facility local7;
authoritative;
ddns-update-style none;
failover peer "dhcpfo" {
primary; # declare this to be the primary server
address 172.16.1.11;
  port 647;
port 847;
#port 519;
peer address 172.16.1.20;
 peer port 647;
peer port 847;
peer port 520;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
mclt 3600;
split 128;
}
subnet 172.16.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
option routers 172.16.1.250;
option domain-name-servers 192.168.xxx.xx;
option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";
pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 172.16.1.51 172.16.1.245;
}
}
#---------------------------------------------------------------------
subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.250;
option domain-name-servers 192.168.xxx.xx;
option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";
pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.2.51 192.168.2.245;
}
}
#----------------------------------------------------------------
subnet 192.168.3.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.250;
option domain-name-servers 192.168.xxx.xx;
option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";
pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.3.51 192.168.3.245;
}
}

SECONDARY:

log-facility local7;
authoritative;
ddns-update-style none;
failover peer "dhcpfo" {
secondary; # declare this to be the secondary server
address 172.16.1.20;
  port 647;
#port 847;
#port 520;
peer address 172.16.1.11;
 peer port 647;
#peer port 847;
peer port 519;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
}
subnet 172.16.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
option routers 172.16.1.250;
option domain-name-servers 192.168.xxx.xx;
option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";
pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 172.16.1.51 172.16.1.245;
}
}
#---------------------------------------------------------------------
subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.250;
option domain-name-servers 192.168.xxx.xx;
option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";
pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.2.51 192.168.2.245;
}
}
#----------------------------------------------------------------
subnet 192.168.3.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.250;
option domain-name-servers 192.168.xxx.xx;
option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";
pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.3.51 192.168.3.245;
}
}

I just wanted to make sure that my config is right, so that if one of the servers goes down the other one would carry on with the job.

Many thanks

Madona

Answer 3

your stanzas look fine. The formatting is a bit different than examples from dhcp standard site and examples I borrowed. But if configuration passes when it parses.. then my guess is it just is formatting.

Do you have both DHCP added to upstream router(s) for dhcp helper service?

That is a mistake many make.. you have to list both. And it forwards broadcast to the first listed IP if it is up and mac is showing (aka. ignorant of services correct or running).

Flip your helper order. then see which one is first in list and that shows out leasing.