Escolar Documentos
Profissional Documentos
Cultura Documentos
The Dynamic Host Configuration Protocol (DHCP) is at the core of almost every enterprise network forming a mission-critical service that is the cornerstone of reliable and simplifies workstation management. Yet, this service is usually configured as a single point of failure with little thought to high availability or disaster recovery. While longer lease durations are often used to provide some cushion in the event of unavailability, this should not be used as the only protection against system failure. Even in modestly-sized environment, the volume of lease requests and the risk associated with the failure of DHCP beg for a better solution.
Technology Overview
What IS DHCP?
When TCP/IP-based networks were first being developed and used, all network configuration was done manually. IP addresses, subnets and the like were all configured on the individual hosts and had to be manually tracked and documented. This worked for small businesses and controlled environments where constant attention by a single network administrator could be provided or where very tight controls on documentation could be achieved. As these networks grew and larger enterprises adopted the technology, the management burden grew to the point of being unmanageable a centralized, enterprise solution is needed. The Dynamic Host Configuration Protocol is the answer to this problem. DHCP provides a service to hosts on an enterprise network that allows the hosts to request and receive IP Addresses, subnet information, and other important configuration information. This also acts as a single enterprise database for this information where a network administrator can access all configuration assignments from one place.
IP Helper-Address
There are some limitations though. Since workstations that are requesting configuration information do not yet have valid IP addresses, they have to rely on network broadcasts to find a DHCP server, request an address, and secure a lease. This means that all of these communications occur on Layer-2 of the network and are not routable at least not without some help from the network infrastructure. Most enterprise-class routers and switches can forward DHCP packets directly to a specified server in another network or subnet. This is called an IP Helper, or just helper address. In the Cisco product line, this is specified at the network or subnet level as: IP Helper-address <Destination IP Address>
this reciprocal exclusions should be used to divide the scope into pieces let's look at a 50/50 split for the 10.1.1.1/24 subnet as an example: Now the communication looks like this: (Client) "Hey DHCP Server, I need to renew my address. 87.5% of my lease time is up." (Server 2) "I can certainly do that for you. What address would you like to renew." (Client) "Well, I have been using 10.1.1.53/24. I'd like to keep using that one." (Server 2) "Hmm, I am authoritative for 10.1.0/24, but I have an exclusion on that address. How about 10.1.1.222?" (Client) "Thanks! 10.1.1.222 it is.
High-Availability Scenarios
Now we have all the pieces to pull together effective high-availability DHCP solutions to serve our enterprise. Just as there are a number of different network configurations, there are different configurations of DHCP that can be deployed to support them. It should also be noted that that using MSCS clusters to support DHCP isn't an ideal solution as this tends to work inconsistently and is expensive.
Setup Steps: 1. 2. 3. 4. 5. Plan and diagram out your scopes. You generally want to plan for at least a 50% growth margin for DHCP to accommodate network growth as well as a long-term outage of one of your DHCP servers. Configure all scopes on both servers Configure 50/50 reciprocal exclusions on both servers Configure any manual reservations on both servers Test failover by disabling DHCP on each server and forcing a renew on the client (IPConfig /release | IPConfig /renew)
Distributed DHCP
In larger environments with many sites, it is important to provide local DHCP services to clients for immediate response to lease requests, but also to provide a centralized backup that is able to server requests in the event that there is a problem with the local server. This removes the risk associated with relying on the WAN links for a mission-important service like DHCP. In this scenario, we will be relying on the fact that the WAN link is much slower than the on-segment network. The router/ switch must be configured with an IP helper to route the DHCP request to the centralized server, but the time needed to make this round trip will be significantly longer than the time needed to serve the request on the local network. The sample scenario to the right is a three-site scenario comprised as a main HQ site and two branch offices. In this configuration, the scopes have been configured in an 80/20 distribution with 80% of the available IP address leases residing on the local network and 20% across the WAN as failover. It should also be noted that since the backup DHCP server is the second local server at the HQ site, it is splitting the DHCP load 50/50. Often, network engineers will choose to only have a single DHCP server per site, but having a separate server at the main site will allow the load to be controlled and avoids a single point of failure at the HQ site. This may seem a bit complicated, but is relatively simple to configure and allow you to build all additional sites against a common design pattern. Finally, you should let the network design and WAN connectivity act as a guide for the designing of highly available DHCP configurations. If you are set up as a hub and spoke configuration, the solution will be slightly different that in you have a few main sites with spokes off of each. Just make sure that you are taking the entire topology into consideration as you plan the final solution.
Setup Steps: 1. 2. 3. 4. 5. 6. 7. 8. Plan and diagram out your scopes. You generally want to plan for at least a 50% growth margin for DHCP to accommodate network growth as well as a long-term outage of one of your DHCP servers. Make sure you understand your network topology and plan your DHCP setup to avoid awkward network hops. Configure the Primary DHCP servers for each site Configure all scopes the backup DHCP server Configure 80/20 reciprocal exclusions between the Branch Office DHCP servers and the Backup server. Configure any manual reservations on both servers Configure IP Helper-address commands on the routers/ switches at the branch offices. Test failover by disabling DHCP on each server and forcing a renew on the client (IPConfig /release | IPConfig /renew)
Conclusion
Configuring highly-available DHCP solutions is not complicated or tricky if you understand the technology and plan using your network topology as a guide. Whether it is just configuring a single site failover for DHCP or an enterprise-scoped failover topology, using reciprocal scopes and IP helper-addresses will ensure that DHCP services are always available. One last note, be sure that you are monitoring your DHCP services. Even with HA servers backing up your primary scopes, you want to be sure that you are notified of server problems when then happen so you can react to them quickly. The best failover scenario is one that you never have to use.