No, they would not have pools, they would be running VRRP, but DHCP server (relayee) is behind it.. it has the block..
From: AF <af-boun...@af.afmug.com> On Behalf Of Sterling Jacobson via AF Sent: Wednesday, February 12, 2025 3:42 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Cc: Sterling Jacobson <sterl...@avative.com> Subject: Re: [AFMUG] DHCP Fail over Dennis, isn't that a recipe for double IP assignments? Wouldn't each DHCP server (relay DHCP endpoint server) need to have non-overlapping IPv4 pools? ASFAIK there is no actual HA replication of DHCP tables on a server, so if one server is always responding to the layer2 domain request and it becomes unavailable the secondary or tertiary server would answer with a stale table and possibly assign a duplicate? ________________________________ From: AF <af-boun...@af.afmug.com<mailto:af-boun...@af.afmug.com>> on behalf of Dennis Burgess - LTI Support via AF <af@af.afmug.com<mailto:af@af.afmug.com>> Sent: Wednesday, February 12, 2025 1:52 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com<mailto:af@af.afmug.com>> Cc: Dennis Burgess - LTI Support <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> Subject: Re: [AFMUG] DHCP Fail over You can also run a mikrotik DHCP Server with relay going to each server, the MT server can run virtually and have high availability on itself, but the three DHCP (relays), will all be pulling from the same pool. From: AF <af-boun...@af.afmug.com<mailto:af-boun...@af.afmug.com>> On Behalf Of Josh Luthman Sent: Tuesday, February 11, 2025 6:09 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com<mailto:af@af.afmug.com>> Subject: Re: [AFMUG] DHCP Fail over Kea is what you want, I think... https://www.isc.org/kea/ For HA: https://kea.readthedocs.io/en/latest/arm/hooks.html#supported-configurations On Tue, Feb 11, 2025 at 6:23 PM Adam Moffett <dmmoff...@gmail.com<mailto:dmmoff...@gmail.com>> wrote: We have two DHCP servers per market and they run VRRP. VRRP gives you an active/standby setup. Configurations have to be synchronized of course, but I'd say this is the simplest way. To have any kind of active/active setup the DHCP servers would have to share the same lease database. I believe ISC had a way to do that where they would send messages to update each other, but I haven't looked into this in awhile so I may be hallucinating that. -Adam ________________________________ From: AF <af-boun...@af.afmug.com<mailto:af-boun...@af.afmug.com>> on behalf of Jesse DuPont <jesse.dup...@celeritycorp.net<mailto:jesse.dup...@celeritycorp.net>> Sent: Tuesday, February 11, 2025 5:29 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com<mailto:af@af.afmug.com>> Subject: Re: [AFMUG] DHCP Fail over What will you be using for your DHCP "concentrator" (for lack of a better term); that is, what will be the gateway device(s)? It seems you'd be better served by having a pair of routers running VRRP or some other cluster prototol, then having redundant DHCP servers that the concentrators/gateways relay to simultaneously (both of which check with RADIUS for auth and assignment for statics). The two DHCP servers can be configured active/active or active/backup and they'll both serve the same blocks (based on what RADIUS tells them to provide). ISC DHCP did this "okay", but KEA DHCP (ISC's replacement) does it really well. The two gateways using VRRP would appear like a single device and have a single IP. Depending on the routers, sometimes "state" (like current ARP resolutions) are sync'd between both routers, sometimes the failover router has to just re-ARP for everything; not the end of the world. You can simplify all this by using an actual BNG for your DHCP side (and your PPPoE, for that matter). Something like NetElastic's or IP Infusion's BNG can do all this. On 2/11/25 3:12 PM, Mark - Myakka Technologies via AF wrote: We currently run 3 PPPoE servers using an OSPF concentrator and radius to manage the IP addresses. With this setup, it doesn't matter which IP lands on which PPPoE server. OSFP handles it. We now need to do something similar with DHCP. I've been messing around with /32's and Option 121, but just can not get a stable solution. I'm now thinking about plan B. Similar general setup we use on the PPPoE side. Lets say we go with 3 DHCP servers connected to an OSPF concentrator. I would have to set my DHCP network on all 3 servers to something like 192.168.0.0/23<http://192.168.0.0/23> for about 512 address total. Server one will do a GW of 192.168.0.1, Server two will do a GW of 192.168.0.2, server 3 will do a GW of 192.168.0.3. When a client connects they will randomly connect to one of the 3 servers and receive an IP address from radius. My current thoughts are 1. Each server will have a /32 address not the /23. IP address on server 1 will be 192.168.0.1/32<http://192.168.0.1/32>. 2. OSFP will only announce the /32 address of the server to the concentrator. 3. I will have to use the DHCP script option to insert and delete the clients ip address as a /32 in OSPF on the server to update the concentrator. The one issue I see off the bat is when a client reboots. If the client reboots and moves from server 1 to server 3, I now have two servers with the same IP address. I think I can deal with that by using a short lease time. Thoughts? I'm still digging around looking for other (better) options of having DHCP fail-over. The one option that will not work is reserving a block of IPs per server. We have several customers that are using static IPs, so they need to be accessible from all 3 servers. -- Thanks, Mark mailto:m...@mailmt.com Myakka Communications https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=www.Myakka.com&umid=1441A957-2DF9-D106-811E-BCB6CA2DE986&auth=079c058f437b7c6303d36c6513e5e8848d0c5ac4-fa9453da52899fafe1ff7238134f4c4ebdfaa494<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.Myakka.com&umid=8BF5F074-2DF8-1D06-9B77-963F7B157DC1&auth=079c058f437b7c6303d36c6513e5e8848d0c5ac4-a84bae446161478a171469aa150830dab090a331> Serving Manatee and Sarasota Counties with High-Speed Internet for over 20 years -- AF mailing list AF@af.afmug.com<mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
