DHCP 双机的BUG吗？

summer820228

有谁用RedHat Linux AS 5 做过DHCP的双机热备.  是已经稳定运行的. 能给个配置文档吗?
要求两台机器机上地址池是相同的~采用dhcp的Failover协议
我在实际操作过程中.遇见了这样一个问题.当一台DHCP 服务器Down时.  别一台服务器是起了作用.  而且客户端也能分到地址,但是当客户端用ipconfig /release 释放地址之后就会获得一个新的IP,直到地址池耗尽不能在分到IP.试过了改很多东西都不灵.  有人做过这东西吗?  网通和电信的DHCP又是怎么做的呢.   不能就一台吧. 还是有专门开发的软件.   有高人赐教吗？

kns1024wh

将目前工作的进展以及出现问题时的日志具体发上来，以便大家帮你分析

kns1024wh

Introduction

This tutorial will walk you through setting up DHCP fail over on CentOS 5.1 using the default ISC dhcp server, this can easily be adapted to any other Linux distro out there. You will most likely need Failover in environments where network down time can not be tolerated. My home is running a DLNA setup so I need my devices to be able to obtain network parameters at all times.

Since DHCP and DNS often go hand in hand i will be configuring a local DNS server which allows for dynamic updates, such that hostnames will be automatically updated to DNS when ever a lease is granted to a client.

My configuration with use the following please substitute to reflect your own network.

·
Domain name - home.topdog-software.com

·
Network - 192.168.1.0/24

·
DHCP servers - 192.168.1.2,192.168.1.3

·
Gateway - 192.168.1.254

·
DNS servers - 192.168.1.2,192.168.1.3

Install required Packages

·
DHCP

# yum install dhcp -y

·
DNS

# yum install bind bind-chroot caching-nameserver -y

·
NTP

# yum install ntp -y

Configuration

DHCP

Backup your original config on the Master 192.168.1.2:

# cp /etc/dhcpd.conf /etc/dhcpd.conf.orig

Edit the DHCP configuration /etc/dhcpd.conf on the master 192.168.1.2 and add the following, read the comments to understand the options:

authoritative;
# server is authoritative

option domain-name "home.topdog-software.com";
# the domain name issued

option domain-name-servers 192.168.1.2,192.168.1.3;
# name servers issued

option netbios-name-servers 192.168.1.2;
# netbios servers

allow booting;
# allow for booting over the network

allow bootp;
# allow for booting

next-server 192.168.1.2;
# TFTP server for booting

filename "pxelinux.0";
# kernel for network booting

ddns-update-style interim;
# setup dynamic DNS updates

ddns-updates on;

ddns-domainname "home.topdog-software.com";
# domain name for DDNS updates

key rndckey {

algorithm
hmac-md5;

secret
"xxxxxxxxxx";
# get from the /etc/rndc.key file

}

zone home.topdog-software.com
# forward zone to update

{

primary 127.0.0.1;
# update on the local machine

key rndckey;
# key to use for the update

}

zone 1.168.192.in-addr.arpa
# reverse zone to update

{

primary 127.0.0.1;
# update on the local machine

key rndckey;
# key for update

}

failover peer "home-net" {
# fail over configuration

primary;
# This is the primary

address 192.168.1.2;
# primarys ip address

port 647;

peer address 192.168.1.3;
# peer's ip address

peer port 647;

max-response-delay 60;

max-unacked-updates 10;

mclt 3600;

split 128;

load balance max seconds 3;

}

subnet 192.168.1.0 netmask 255.255.255.0
# zone to issue addresses from

{

pool {

failover peer "home-net";
# pool for dhcp leases with failover bootp not allowed

deny dynamic bootp clients;

option routers 192.168.1.254;

range 192.168.1.25 192.168.1.50;

}

pool {

# accomodate our bootp clients here no replication and failover

option routers 192.168.1.254;

range 192.168.1.51 192.168.1.55;

}

allow unknown-clients;

ignore client-updates;

}

Back up your original config on the Slave 192.168.1.3:

# cp /etc/dhcpd.conf /etc/dhcpd.conf.orig

Edit the DHCP configuration /etc/dhcpd.conf on the slave 192.168.1.3 and add the following, read the comments to understand the options:

authoritative;
# server is authoritative

option domain-name "home.topdog-software.com";
# the domain name issued

option domain-name-servers 192.168.1.2,192.168.1.3;
# name servers issued

option netbios-name-servers 192.168.1.2;
# netbios servers

allow booting;
# allow for booting over the network

allow bootp;
# allow for booting

next-server 192.168.1.2;
# TFTP server for booting

filename "pxelinux.0";
# kernel for network booting

ddns-update-style interim;
# setup dynamic DNS updates

ddns-updates on;

ddns-domainname "home.topdog-software.com";
# domain name for DDNS updates

key rndckey {

algorithm
hmac-md5;

secret

"xxxxxxxxxx";
# get from the /etc/rndc.key file on the master

}

zone home.topdog-software.com
# forward zone to update

{

primary 192.168.1.2;
# update on the local machine

key rndckey;
# key to use for the update

}

zone 1.168.192.in-addr.arpa
# reverse zone to update

{

primary 192.168.1.2;

# update on the local machine

key rndckey;
# key for update

}

failover peer "home-net" {
# fail over configuration

secondary;

# This is the secondary

address 192.168.1.3;
# our ip address

port 647;

peer address 192.168.1.2;
# primary's ip address

peer port 647;

max-response-delay 60;

max-unacked-updates 10;

mclt 3600;

load balance max seconds 3;

}

subnet 192.168.1.0 netmask 255.255.255.0
# zone to issue addresses from

{

pool {

failover peer "home-net";

# pool for dhcp leases with failover bootp not allowed

deny dynamic bootp clients;

option routers 192.168.1.254;

range 192.168.1.25 192.168.1.50;

}

pool {

# accomodate our bootp clients here no replication and failover

option routers 192.168.1.254;

range 192.168.1.51 192.168.1.55;

}

allow unknown-clients;

ignore client-updates;

}

DNS

Back up the the Bind configuration on the master:

# cp /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.caching-nameserver.conf.orig

Edit the configuration to reflect the config below.

options {

directory

"/var/named";

dump-file
"/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source
port 53;

query-source-v6 port 53;

allow-query
{ localhost; localnets; };

};

include "/etc/rndc.key";

include "/etc/named.rfc1912.zones";

zone "home.topdog-software.com" {

type master;

file "data/home.topdog-software.com.hosts";

allow-transfer { 192.168.1.3; };

allow-update { key "rndckey"; };

allow-query { any; };

};

zone "1.168.192.in-addr.arpa" {

type master;

file "data/1.168.192.in-addr.arpa.hosts";

allow-transfer { 192.168.1.3; };

allow-update { key "rndckey"; };

allow-query { any; };

};

Back up the the Bind configuration on the slave:

# cp /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.caching-nameserver.conf.orig

Edit the configuration to reflect the config below.

options {

directory
"/var/named";

dump-file
"/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source
port 53;

query-source-v6 port 53;

allow-query
{ localhost; localnets; };

};

include "/etc/rndc.key";

include "/etc/named.rfc1912.zones";

zone "home.topdog-software.com" {

type slave;

masters { 192.168.1.2; };

file "data/home.topdog-software.com.hosts";

};

zone "1.168.192.in-addr.arpa" {

type slave;

masters { 192.168.1.2; };

file "data/1.168.192.in-addr.arpa.hosts";

};

Create the zone files on the master

·
/var/named/chroot/var/named/data/home.topdog-software.com.hosts

·
$ORIGIN .

·
$TTL 38400

·
home.topdog-software.com IN SOA ns1.home.topdog-software.com. andrew.topdog.za.net. (

·

2008061629 ; serial

·


10800
; refresh (3 hours)

·

3600
; retry (1 hour)

·

604800
; expire (1 week)

·

38400
; minimum (10 hours 40 minutes)

·


)

·

NS
ns1.home.topdog-software.com.

·

NS
ns2.home.topdog-software.com.

·
ns1
IN
A 192.168.1.2

·
ns2
IN
A 192.168.1.3

·
/var/named/chroot/var/named/data/1.168.192.in-addr.arpa.hosts

·
$ORIGIN .

·
$TTL 38400
; 10 hours 40 minutes

·
1.168.192.in-addr.arpa
IN SOA
ns1.home.topdog-software.com. andrew.topdog.za.net. (

·

2008061644 ; serial

·

10800
; refresh (3 hours)

·


3600
; retry (1 hour)

·

604800
; expire (1 week)

·

38400
; minimum (10 hours 40 minutes)

·

)

·

NS
ns1.home.topdog-software.com.

·

NS
ns2.home.topdog-software.com.

·
2
IN
PTR ns1.home.topdog-software.com.

·
3
IN
PTR ns2.home.topdog-software.com.

NTP

NTP is required because the two DHCP servers need to be in sync for fail over as well as DDNS to take place. You can run a full fledged NTP server if you want, i will only provide you with instructions on using cron to sync NTP to an external NTP server every hour. You need to do this on BOTH servers.

·
create a file /etc/cron.hourly/timesync and add the following:

·
#!/bin/bash

·
#

·
ntpdate -s 0.rhel.pool.ntp.org

·
make the file executable and run it for the first time:

# /etc/cron.hourly/timesync

Finally

Well we are done, let's fire up the services and begin testing.

·
on the master:

# service named start
# service dhcpd start

·
on the slave:

# service named start
# service dhcpd start

You should see the following in your logs on the master:

Jun 16 13:58:56 kudusoft dhcpd: failover peer home-net: I move from recover to startup

Jun 16 13:58:56 kudusoft dhcpd: dhcpd startup succeeded

Jun 16 13:58:56 kudusoft dhcpd: failover peer home-net: I move from startup to recover

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer moves from unknown-state to recover

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: requesting full update from peer

Jun 16 13:59:12 kudusoft dhcpd: Sent update request all message to home-net

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer moves from recover to recover

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: requesting full update from peer

Jun 16 13:59:12 kudusoft dhcpd: Update request all from home-net: sending update

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer update completed.

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: I move from recover to recover-done

Jun 16 13:59:13 kudusoft dhcpd: Sent update done message to home-net

Jun 16 13:59:13 kudusoft dhcpd: failover peer home-net: peer moves from recover to recover-done

Jun 16 13:59:13 kudusoft dhcpd: failover peer home-net: I move from recover-done to normal

Jun 16 13:59:13 kudusoft dhcpd: failover peer home-net: peer moves from recover-done to normal

Jun 16 13:59:14 kudusoft dhcpd: pool 914eb10 192.168.1/24 total 26
free 25
backup 0
lts -12

Jun 16 13:59:14 kudusoft dhcpd: pool 914eb10 192.168.1/24
total 26
free 25
backup 0
lts 12

And on the slave:

Jun 16 13:59:12 shaka dhcpd: Sending on
Socket/fallback/fallback-net

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: I move from recover to startup

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: peer moves from unknown-state to recover

Jun 16 13:59:12 shaka dhcpd: dhcpd startup succeeded

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: requesting full update from peer

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: I move from startup to recover

Jun 16 13:59:12 shaka dhcpd: Sent update request all message to home-net

Jun 16 13:59:12 shaka dhcpd: Sent update done message to home-net

Jun 16 13:59:12 shaka dhcpd: Update request all from home-net: nothing pending

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: peer moves from recover to recover-done

Jun 16 13:59:14 shaka dhcpd: failover peer home-net: peer update completed.

Jun 16 13:59:14 shaka dhcpd: failover peer home-net: I move from recover to recover-done

Jun 16 13:59:14 shaka dhcpd: failover peer home-net: peer moves from recover-done to normal

Jun 16 13:59:14 shaka dhcpd: failover peer home-net: I move from recover-done to normal

Jun 16 13:59:14 shaka dhcpd: pool 9d78ad8 192.168.1/24 total 26
free 25
backup 0
lts 12

Jun 16 13:59:14 shaka dhcpd: pool response: 12 leases

summer820228

请问三楼的哥们，这是你们单位现在所用的吗？  您试过吗？
我的DHCP的做法和你给我发的文档基本一样,  两台机器之间可以互交换信息的. 只不过是当一台DHCP挂了的时候. 如果用户使用ipconfig /release 释放地址之后就会获得一个新的IP,直到地址池耗尽不能在分到IP.    我也不能期待用户不用这个命令啊~~~  呵呵.

summer820228

我不要从网上贴的~哪位高手帮帮忙~

bingosek

我做过，而且在3对服务器上部署过，配置我有时间再发

建议你检查一下tcp port，我记得好像两边是不一样的

bingosek

另外，电信使用专业的dhcp设备，不是服务器＋linux＋ISC dhcp做的

summer820228

port 647;

peer port 647;

您指的是这个端口吗?  一样的. 还有不一样的我都试过.  

效果是一样的.  很迷茫~

能把你的配置发上来看一下吗?  真的很急啊.  谢谢你了

summer820228

Mar 27 18:34:50 Server2 dhcpd: timeout waiting for failover peer dhcp
Mar 27 18:34:50 Server2 dhcpd: peer dhcp: disconnected
Mar 27 18:34:50 Server2 dhcpd: failover peer dhcp: I move from normal to communications-interrupted
Mar 27 18:35:07 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:08 Server2 dhcpd: DHCPOFFER on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:08 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 (192.168.30.22) from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:08 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:10 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:10 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:16 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:16 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:19 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:19 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:26 Server2 dhcpd: DHCPRELEASE of 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1 (found)
Mar 27 18:35:31 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:32 Server2 dhcpd: DHCPOFFER on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:36 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:36 Server2 dhcpd: DHCPOFFER on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPOFFER on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPREQUEST for 10.102.129.6 (192.168.30.22) from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPACK on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:55 Server2 dhcpd: DHCPRELEASE of 10.102.129.6 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1 (found)
Mar 27 18:36:02 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1: peer holds all free leases
Mar 27 18:37:05 Server2 last message repeated 4 times

summer820228

# All times in this file are in UTC (GMT), not your local timezone.   This is
# not a bug, so please don't ask about it.   There is no portable way to
# store leases in the local timezone, so please don't request this as a
# feature.   If this is inconvenient or confusing to you, we sincerely
# apologize.   Seriously, though - don't ask.
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-V3.0.5-RedHat

failover peer "dhcp" state {
  my state communications-interrupted at 5 2009/03/27 10:34:50;
  partner state normal at 5 2009/03/27 10:29:52;
  mclt 3600;
}
lease 10.102.129.5 {
  starts 5 2009/03/27 10:35:19;
  ends 5 2009/03/27 10:35:26;
  tstp 5 2009/03/27 19:35:19;
  tsfp 5 2009/03/27 19:33:49;
  cltt 5 2009/03/27 10:35:19;
  binding state released;
  next binding state free;
  hardware ethernet 00:23:ae:0a:ca:b9;
  uid "\001\000#\256\012\312\271";
}
lease 10.102.129.6 {
  starts 5 2009/03/27 10:35:45;
  ends 5 2009/03/27 10:35:55;
  tstp 5 2009/03/27 17:05:45;
  tsfp 5 2009/03/27 10:29:52;
  cltt 5 2009/03/27 10:35:45;
  binding state released;
  next binding state free;
  hardware ethernet 00:23:ae:0a:ca:b9;
  uid "\001\000#\256\012\312\271";
}
failover peer "dhcp" state {
  my state communications-interrupted at 5 2009/03/27 10:34:50;
  partner state normal at 5 2009/03/27 10:29:52;
  mclt 3600;
}
failover peer "dhcp" state {
  my state communications-interrupted at 5 2009/03/27 10:34:50;
  partner state normal at 5 2009/03/27 10:29:52;
  mclt 3600;
}