Contributed by merdely on from the cotfoo dept.
Will Backman writes:
The kotfu blog has a nice entry about DHCP Failover on OpenBSD.
"I have been running a DHCP server on my home network for eons now, and today I decided I'd move it on to my OpenBSD firewall cluster. It probably really shouldn't be there but I already run a handful of other internal services there, like DNS, and NTP..."
Read more at the kotfu blog.
(Comments are closed)
By sthen (85.158.44.148) on
Comments
By Steve Shockley (68.80.137.106) on
And does ISC's dhcpd do privsep?
By Mike Erdely (merdely) on http://erdelynet.com/
You don't actually need ifstated. If you use ifstated, you have to sync your /var/db/dhcpd.leases between the two machines.
Or, what I've done in the past, if the dynamically assigned addresses don't matter (and they shouldn't because they're dynamic):
- duplicate hard coded (reservations) in both dhcpd.conf files
- assign different ranges for dynamic allocation on each server (192.168.100.100-192.168.100.175 on one and 192.168.100.176-192.168.100.254 on the other) picking good private ranges to give enough addresses.
- Run both dhcpd servers all the time. Who cares if a client gets an address from the "backup" dhcp server since the ranges don't overlap.
Comments
By Renaud Allard (renaud) on
>
> You don't actually need ifstated. If you use ifstated, you have to sync your /var/db/dhcpd.leases between the two machines.
>
> Or, what I've done in the past, if the dynamically assigned addresses don't matter (and they shouldn't because they're dynamic):
>
> - duplicate hard coded (reservations) in both dhcpd.conf files
> - assign different ranges for dynamic allocation on each server (192.168.100.100-192.168.100.175 on one and 192.168.100.176-192.168.100.254 on the other) picking good private ranges to give enough addresses.
> - Run both dhcpd servers all the time. Who cares if a client gets an address from the "backup" dhcp server since the ranges don't overlap.
You can generally even have overlapping ranges as a ping canbe done by the DHCP to verify it the address is already taken.
Comments
By nuintari (64.246.119.65) on
lots of stuff rejects pings, sad fact of reality is that this is not a safe method of determining availability unless you control 100% of your clients. I work for an ISP, I have to deal with the crap my customers buy.
By Anonymous Coward (128.171.90.200) on
Good article all the same.
Comments
By Anonymous Coward (76.10.128.247) on
>
> Good article all the same.
Wouldn't carp not help because you don't need carp's ability to share an ip address but you do need the ability to sync dhcpd.leases?
Comments
By Anonymous Coward (76.10.128.247) on
> >
> > Good article all the same.
>
> Wouldn't carp not help because you don't need carp's ability to share an ip address but you do need the ability to sync dhcpd.leases?
And Mike has beaten my by 10 minutes with a better answer...
By Anonymous Coward (82.229.31.69) on
>
> Good article all the same.
You can imagine a carp solution mixed with ISC dhcpd lease sync mecanism.
there is a a great "server-identifier" option in dhcpd.conf for this kind of scenario.
sometimes dumb dhcp client want to have always the same dhcp server...
By Andy (75.166.167.135) on
Comments
By Chris Kuethe (68.148.116.122) ckuethe@ on
> of leases on my 400 lease DHCP Server. or who has
> which lease, or how many have been abandoned.
"who has which lease" -> grep
used/free/expired/abandoned stats can be done in about half a screenful of perl - i suppose you could do it in awk, too.