DHCP High Availability: DHCP Failover

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in our last nugget we took a look at DHCP high availability using split scopes and I promised you in the last nugget that I'd continue that discussion here with DHCP failover which is possibly the best solution for a highly available DHCP infrastructure let's go ahead and take a look at DHCP fela alright so how do we actually configure DHCP failover we do this by right-clicking on ipv4 up here and then choosing configure failover now notice that I've actually got two scopes here that I could use I could choose select all I don't really wanted to use all of them I'll just choose this one so you can pick them as you like and then you can you reuse an existing failover relationship if there's any that already exist there I'm not gonna use anything that already is there I'm gonna create a new one here so I'm gonna choose DHCP zero two and then I'll click on next and from here we'll continue on now you can see here that you can change the relationship name if you want to I did that just to make it more readable we also have the mode which is important to determine we can do load balancing which is similar to a split scope except that in my case by default here at least it's 50/50 you can change that to 80/20 70/30 whatever you want to it's a little bit arbitrary the other difference between this and a normal split scope that we looked at earlier is that there's no millisecond delay both partners in this relationship are equally capable of issuing IP addresses all things can be so pissed achill a both would have probably about 50 percent of the addresses leased the other thing I could do would be go to hot standby mode and with that one we can make our partner server in other words DHCP 0 - in this relationship a standby only and that means that it's not going to issue any addresses unless DHCP 0 1 goes offline and then it will issue 5% of the addresses but I could also go to active and if I do active then it will also issue addresses but it will only issue 5% by default if you really want to make it active you probably need to make that more so I might make it 30% because or even 50% because otherwise with only 5% on an active server it's gonna probably deplete those pretty quickly in my case I'm just gonna go here to load balanced mode and then I also want to point out a couple of other interesting dialogues here and it's actually these these options here first one here is the maximum client time which is an hour by default but I'm going to change that to 5 minutes for purposes of an explanation coming up and then there's also the state switchover interval which I'll discuss separately here coming up as well let's first of all take a look at the maximum client lead time and see the value of that you can see that I change mine to 5 minutes what happens is if DHCP zero one issues 10.10 dot ten dot seven - client 0 1 then what it does is it it sends that information over here to DHCP 0 - because remember these two DHCP servers actually have their own databases they just update each other on whatever it is that they're leasing out they don't have shared storage like you would have in clustering but the key thing here is when DHCP 0 1 updates and tells DHCP 0 2 that it's leased this address DHCP 0 2 leases it for 8 days or it shows the lease time of 8 days now the advantage of this is what if right after we updated DHCP 0 to DHCP 0 1 failed well now we see that DHCP 0 2 still maintains that lease duration of 8 days for that particular client and that's probably enough time for us to get DHCP 0 1 back up and running again and kind of resync everything right but let me back out of that a little bit here and take a look at another scenario what if when we attempted to lease that address DHCP 0 1 still leased this but it was only for five minutes but then right after it did it and before it could update DHCP 0 to DHCP 0 1 failed there for DHCP 0 2 has no record of this lease that went out that's the advantage of the maximum client lead time of 5 minutes because now that it's down for this 5 minutes at least it's possible that DHCP 0 - that when it comes alive it could issue a lease at 10.10 dot ten dot 7 you know maybe the chance is a little bit slim that it would do that but it could happen within this five minute interval however what happens with a DHCP lease is it actually starts to attempt to renew the lease at 50% of the lease time so in two and a half minutes client zero one will attempt to renew 10.10 dot ten dot seven DHCP 0/1 but it's down so that it won't get anything therefore it's gonna send out a general message in DHCP 0/2 will pick it up and then DHCP zero-two will say oh you wait a minute you want dot seven okay that's fine you can have it and then it will lease that 10.72 client zero one for their conventional eight-day lease so you see it's really to your advantage that we have a really short lease time right here just to avoid that kind of halfway in between time where a server goes down and didn't properly or adequately update the other server over here by the way when that client leased that IP address for five minutes it only does that on the initial lease when it tries to renew it and if it successfully renews it from its original DHCP server then it gets the normal lease duration which is by default eight days now the scenario I showed you just now was for a load balance scenario like this where either one of those servers could have equally issued those address but let me show you another thing that actually not many people know about this but that helps to split this up a little bit to again help ensure that they don't do duplicate addressing what happens is there's actually a hash of the MAC address for the clients that are requesting the address and so for example that the local server here will will service any addresses that come in at the top half of the range and the partner server will address will issue any addresses that come in at the lower hash value of those MAC addresses okay I'm not spelling very well anyway but you get the idea so there's a there's a hash value that takes place that helps to make sure that these are two are separated and that they don't overlap one another's IP address spaces another thing to keep in mind is that both of these servers here will maintain a persistent connection with one another under normal circumstances over TCP 647 and if there's any reason for this communication to fail then they go into what's called a communication interrupted State now depending upon what kind of original configuration they were in they'll take different actions so for example if they're in a load-balanced state that's fine you know and you know maybe he's this server went down and that's why the communication is interrupted DHCP 0/2 will continue to issue addresses the same way that it always has and because of the hash value issue it's not likely to issue addresses that have been already been issued by this server over here so that that helps a little bit Plus this issue here where it issues the IP address for only five minutes which we already discussed earlier all right let's wrap this up notice that there's also an enable message authentication you can enter in a password here and that will help to make sure that you don't have a man-in-the-middle attack that gets in between these two then just finish this and then close and now we'll see that down here under DHCP zero - when i refresh the screen will see that we not only have the scope itself with a pool that we have specified here notice this these should all match so if I click on one server it should be exactly duplicated on the other server address the lease is up here exactly duplicated down here any reservations up here again exactly duplicated here scope options should all look exactly the same also policies and filters but I removed any of the any other ones that I had I think so i don't think i'm gonna show anything there anyway but otherwise you'll see here that they all exactly now duplicate with one another all right now I'm gonna simulate a failure here I'm using VMware Workstation eleven here I'm gonna go back over to my removable devices here to the network card on DHCP zero one and disconnect it to simulate a network failure here now what I'll do is I'll go down to DHCP zero two so now that's switching over here to DHCP zero two then I go to my IP version 4 here and as I go down to the properties well notice that we have this failover tab and I can edit the existing relationship here if I want to and this is all the same stuff we looked at before but now if I know good and well the DHCP zero one is on fire and it's you know in a bad bad state and not just a temporary network interruption then I can change to partner down at which point it will change from communication interrupted to partner down and then I click OK here and now DHCP zero two takes the full onus or the full responsibility for the entire scope in this nugget we took a look at DHCP high availability with DHCP failover I hope this has been informative for you and I'd like to thank you for viewing

Info

Channel: CBT Nuggets

Views: 34,124

Rating: undefined out of 5

Keywords: cisa training videos 2015, cisa training videos, cisa training, cisa online training video, cisa training lessons, cisa training videos 2016, cisa certification training videos, cisa training videos 2019, cisa training video process of auditing information..., cisa training 2019, cisa training domain 3, cisa training course, cisa training ppt, cisa training online

Id: 6zjU6uQMY3o

Channel Id: undefined

Length: 8min 53sec (533 seconds)

Published: Wed Jan 14 2015