A) Introduction
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
DHCP Failover in Windows Server 2012 is a new feature that allows 2 DHCP Servers to share the same DHCP service, increasing the availability (High Availability) and serving continuously in the network.
When 2 DHCP Servers are configured with Failover feature, the two parties will replicate the scopes and information for each other such as DHCP Option, Reservations, Policies and Active Lease (the IPs that have been granted and are in use). And these DHCP Servers will communicate with each other thanks to Failover Relationships
Instead of replicating all the Scopes that the Primary DHCP Server has passed to the Partner DHCP Server. You can also define allowing several scopes to be replicated with each other.
B) Features of DHCP Failover
- DHCP Failover feature is only available from Windows Server 2012
- DHCP Failover only supports DHCPv4.
- 2 DHCP Servers will maintain communication with each other via TCP/IP
- DHCP Failover can be configured directly without stopping or restarting the DHCP service
- 1 Scope only supports up to 2 DHCP Servers running Failover together.
- 1 of 2 DHCP Servers can automatically set up replication and synchronization for each other.
- The client must be able to communicate with both DHCP servers, either directly or through DHCP Relay.
C) DHCP Failover Relationships
DHCP 1 and DHCP 2 can establish failover thanks to Failover Relationships. It is like a channel for 2 DHCP Servers to communicate with each other. The properties of Failover Relationships include:
- 1 relationship (Failover Relationship) only supports up to 2 DHCP Servers
- DHCP Server A allows creating up to 31 relationships (Failover Relationship) with one DHCP Server B. But DHCP Server A can also create many relationships between other DHCP Servers in the network such as C, D, E, F.
- The failover relationship can contain one or more scopes (depending on the configuration).
The above model describes the relationship between DHCP servers with each other:
- DHCP 1 – DHCP 2: communicate with each other through Failover Relationship 1 channel, and this channel is named DHCP1-DHCP2. On this channel containing 2 Scopes, A and B, the two parties will define a shared secret to exchange with each other. And run the Load-Balancing mechanism (50-50).
- DHCP 2 – DHCP 3: communicate with each other through the Failover Relationship 2 channel, and is named DHCP3-DHCP2. On this channel using Scope B to serve, the two parties also define a shared secret key to communicate with each other. Run Hot Standby mechanism (DHCP 3 is active, DHCP 2 is standby).
D) DHCP Failover Mode
There are 2 mechanisms running in DHCP Failover: Hot Standby and Load Balancing
- Hot Standby (Active – Passive)
- One server will be active and the other will be standby. The server running active will be responsible for serving the IP address in the network when the client requests. The server running standby is left for backup and not serving, only when the DHCP Server Active dies, it will take its place.
- A DHCP Server can be active for Failover Relationship 1 (Hot Standby) but can also be standby for Failover Relationship 2 (Hot Standby).
- When you configure Hot standby mode, there is a parameter called Reserved IP address, the default is 5%. This parameter means that the Standby server will keep 5% of the IP in the Scope to serve the client in case the client cannot contact the Active server to ask for the IP (while the Active server still exists in the network).
- The Maximum Client Lead Time (MCLT) parameter is the time that the Standby server renews the IP for the client. This case occurs when the client has been granted an IP and when it is time to renew it, it cannot contact the Active server, then the Standby server stands out to renew the client and apply the temporary extension time (MCLT).
- After renewing the client with a MCLT period. When the client expires and still cannot contact the Active server, at this time the Standby server will continue to renew, not grant a new IP to the client.
2. Load Balance :
- 2 DHCP Server failover will serve the same IP address in the network for the client. Default serving rate is 50% – 50%, you can customize 70% – 30%.
- The algorithm will be based on RFC 3074, ie get the client’s MAC address and hash it. Then compare with Hash bucket. For example, configure the load balancing 50% – 50%, then the hash bucket of DHCP Server 1 is from 1 to 128, the hash bucket of DHCP Server 2 is from 129 to 256. If the hash of the client is in the range 1 to 128, DHCP Server 1 will serve this client’s request, if the client is between 129 and 256, then DHCP Server 2 will serve.
Regarding the allocation of IP addresses to 2 DHCP Servers depending on the percentage. For example, we have a scope 10.0.0.0/24, from 10.0.0.1 to 10.0.0.200 and the scale is 50 % – 50 %. Then DHCP Server 1 will keep resource IP from 10.0.0.1 to 10.0.0.100 and DHCP 2 will keep from 10.0.0.101 to 10.0.0.200. If the client request is serviced by DHCP 1, it will start at 10.0.0.1, and if the client request is served by DHCP 2, it will start at 10.0.0.101.
E) DHCP Failover Communication
This section will guide you to configure DHCP Failover in 2 mechanisms: Load Balancing and Hot Standby
A) The model is as follows:
- DHCP Server 1: is a Domain Controller with the domain “Huypd.cominstall DHCP Server feature
- DHCP Server 2: join domain + set IP + install DHCP feature to be the 2nd DHCP Server
- Client : Windows 8.1 + Test
B) Configuration
1) Install DHCP feature for both Servers (done on both machines)
- Conduct Authorize to verify this DHCP Server is “trusted” in the Domain.
2) Create a Scope for DHCP Server (this step you want to configure on DHCP Server 1 or 2 also), here I create a Scope 172.1.1.0 with the following parameters:
- IP Range from 172.1.1.150 to 172.1.1.200
- Exclusive IP : exclude IPs in 172.1.1.150 to 172.1.1.160
- Default Gateway : 172.1.1.1
- DNS : 172.1.1.1
- Complete the configuration and also activate this Scope.
3) Next is to configure the DHCP Failover feature
- Configure the Load-Balancing mechanism
- Select the Scope that both DHCP Servers will use to run Failover (this step is equivalent to creating 1 Failover Relationships)
- If you have multiple scopes, this step will give you more options
- Declare your Partner Server (2nd DHCP Server).
- This step selects Failover mechanism, select Load-Balancing. The percentage parameter (%) is the serving rate, and based on this parameter, Split scope (split IP range) according to the corresponding ratio. Here I leave the default 50-50, i.e. DHCP Server 1 will keep 50% of the IP (from 172.1.1.161 to 172.1.1.180) and DHCP Server 2 will keep the IP range from (172.1.1.181 to 172.1.1.200)
- Stick to “Enable Message Authentication” and declare a shared secret. This key is shared to exchange and authenticate for both parties. This key will be used to Hash (hash) the contents of the packet, before sending. For example, if the DHCP Server receives an update packet (in the packet includes data, hash value) it will take its key and hash it with the data of the packet and then compare it with the hash value of the packet. If the match (true), it is assumed that the incoming DHCP Server belongs to the Failover Relationship with you and updates what is in the received packet, if it is wrong, it will cancel the packet and send a packet to notify the other party of the reason. .
- State Switchover Interval : this parameter is available on both sides. If within a 60-minute period (depending on configuration) your Partner does not contact, the DHCP Server will consider your Partner Server dead.
- Finish the configuration
- View stats and insights about Scope
- Now go to the second DHCP Server to check and see that there is scope in DHCP
- Test the Load-Balancing feature: on the client, go to Run -> CMD -> to execute IPCONFIG commands
- Type Ipconfig /release to delete the IP in use
- Use the command Ipconfig /renew to get a new IP address
- Type Ipconfig /all to see detailed information about IP, now we see that DHCP Server provides IP as DHCP Server 2 (172.1.1.2)
- Next, assuming DHCP Server 2 (172.1.1.2) is dead (maybe shutdown), retype Ipconfig /release and ipconfig /renew again
- Type Ipconfig /all to see the assigned IP information, this time DHCP Server 1 will serve to grant IP addresses to the client.
2. Configure the Hot-Standby . mechanism
- Follow the steps in Load-Balancing, but at the step of selecting the mechanism, select Hot standby.
- Partner Server will be DHCP Server 2 and let it be Standby (Passive) – fallback. And of course DHCP Server 1 is Hot Standby (Active)
- MCLT : is the time that the Standby server renews the IP for the client. This case occurs when the client has been granted an IP and when it is time to renew it, it cannot contact the Active server, then the Standby server stands out to renew the client and apply the temporary extension time (MCLT).
- Address Reserved : is the percentage (%) of the IP that DHCP Server 2 will keep for the Client in case the Client cannot contact DHCP Server 1 (Active)
- 10% of IP addresses is equivalent to 4 addresses.
- Test : on the client type Ipconfig /release and ipconfig /renew . Then type Ipconfig /all to see the information. At this time, DHCP Server 1 (Active) will be responsible for assigning IP addresses to the Client.
- Let DHCP Server 1 die (shutdown), and execute the Ipconfig /release, /renew, /all commands again. At this time, the information shows that DHCP Server 2 performs IP allocation for the Client