DHCP Hot Backup Using the Failover protocol of DHCP

DHCP Hot Backup Using the Failover protocol of DHCP

I. Current backup solutions and Defects

Currently, DHCP servers adopt the cold backup solution. Only one server provides services and the backup server is enabled only when the primary server goes down. The disadvantage of this solution is:

1. High switching latency when the primary server fails. In this case, you need to disconnect the master instance from the network and change the IP address of the backup server to the master instance IP address.

2. Some users may experience brief interruptions. Because the lease file is not synchronized, IP addresses are repeatedly allocated, resulting in IP address conflicts.

3. A single server has a performance bottleneck. Under normal circumstances, a server can still apply for IP addresses from more than 10 thousand users in Shenzhen. In special circumstances such as user burst and DHCP attacks, a server cannot provide normal services.

Ii. advantages of the new solution

DHCP Hot Backup Using the Failover protocol of DHCP has the following advantages:

1. If a Server failure does not affect the normal DHCP service, the faulty server can be taken offline for repair before going online.

2. A single server failure has no impact on users.

3. This solution adopts dual-host hot standby, and the load can be evenly distributed on the two servers. Therefore, it can better cope with serious DHCP attacks and other emergencies.

Iii. Deployment

1. Two servers install suse10, dhcp-3.0.3, and ensure that the time of the two servers is consistent.

2. Configuration

Master DHCP Server Configuration:

DHCPD. conf

Ddns-Update-style none;

One-lease-per-client true;

Option domain-name "szgwbn.net.cn ";

Option domain-name-servers 211.162.78.1, 211.162.78.2;

Default-lease-time 7200;

Max-lease-time 7200;

Authoritative;

Failover peer "DHCP "{

Primary;

Address 211.162.78.3;

Port 519;

Peer address 211.162.78.4;

Peer Port 520;

Max-response-delay 60; // interval for monitoring whether the peer is invalid

Max-unacked-Updates 10 ;//

Mclt 600; // The time when the peer is not in contact

Split 128;

Load Balance Max seconds 3;

}

Include "/etc/DHCPD. Master ";

Configure the secondary DHCP server:

DHCPD. conf

Ddns-Update-style none;

One-lease-per-client true;

Option domain-name "szgwbn.net.cn ";

Option domain-name-servers 211.162.78.1, 211.162.78.2;

Default-lease-time 7200;

Max-lease-time 7200;

Authoritative;

Failover peer "DHCP "{

Secondary;

Address 211.162.78.4;

Port 520;

Peer address 211.162.78.3;

Peer Port 519;

Max-response-delay 60;

Max-unacked-Updates 10;

}

Include "/etc/DHCPD. Master ";

Main configuration file:

DHCPD. Master:

Subnet 10.254.0.0 netmask 255.255.255.0 {

Option routers 10.254.0.254;

Option broadcast-address 10.254.0.255;

Pool {

Failover peer "DHCP ";

Range 10.254.0.10 10.254.0.253;

Deny dynamic BOOTP clients;

}

}