Webfan
08.03.10, 12:28
Hallo zusammen,
ich habe ein kleinen Problem mit Failover.
Meine Konstellation sieht wie folgt aus:
1. Zwei Standorte per VPN verbunden
-> Standort 1: 10.0.0.0/24 und DHCPd-Server 10.0.0.3
-> Standort 2: 10.1.0.0/24 und DHCPd-Server 10.1.0.3
2. In jedem Standort gibt es zusätzlich einen DHCP-Relay Agent, der die Anfragen zusätzlich an den DHCP am anderen Standort leitet (Redundanz)
Im Moment sieht meine Konstellation wie folgt aus:
DHCP am Standort ist Primary für beide Netze, DHCP am Standort 2 ist Secondary für beide Netze.
Konfiguration wie folgt:
DHCPd unter 10.1.0.3 (Secondary)
failover peer "dhcp" {
secondary;
address 10.1.0.3; # local host IP address
port 647; # make sure this port is not used by other programs
peer address 10.0.0.3; # sec host IP address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
...
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
failover peer "dhcp";
...
}
}
subnet 10.1.0.0 netmask 255.255.255.0 {
pool {
failover peer "dhcp";
...
}
}
DHCPd unter 10.0.0.3 (Primary)
failover peer "dhcp" {
primary;
address 10.0.0.3; # local host IP address
port 647; # make sure this port is not used by other programs
peer address 10.1.0.3; # sec host IP address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 86400;
split 128;
load balance max seconds 3;
}
...
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
failover peer "dhcp";
...
}
}
subnet 10.1.0.0 netmask 255.255.255.0 {
pool {
failover peer "dhcp";
...
}
}
Das ganze funktioniert so auch wunderbar. Nun hätte ich jedoch gerne, dass die lokalen DHCP's jeweils Primary für das eigene Netz sind und Secondary für das entfernte Netz:
Also Konfiguration wie folgt aufgebaut:
DHCPd unter 10.1.0.3
failover peer "10-0-0-0" {
secondary;
address 10.1.0.3; # local host IP address
port 647; # make sure this port is not used by other programs
peer address 10.0.0.3; # sec host IP address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
failover peer "10-1-0-0" {
primary;
address 10.1.0.3; # local host IP address
port 648; # make sure this port is not used by other programs
peer address 10.0.0.3; # sec host IP address
peer port 648;
max-response-delay 60;
max-unacked-updates 10;
mclt 86400;
split 128;
load balance max seconds 3;
}
...
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
failover peer "10-0-0-0";
...
}
}
subnet 10.1.0.0 netmask 255.255.255.0 {
pool {
failover peer "10-1-0-0";
...
}
}
DHCPd unter 10.0.0.3
failover peer "10-0-0-0" {
primary;
address 10.0.0.3; # local host IP address
port 647; # make sure this port is not used by other programs
peer address 10.1.0.3; # sec host IP address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 86400;
split 128;
load balance max seconds 3;
}
failover peer "10-1-0-0" {
secondary;
address 10.0.0.3; # local host IP address
port 648; # make sure this port is not used by other programs
peer address 10.1.0.3; # sec host IP address
peer port 648;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
...
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
failover peer "10-0-0-0";
...
}
}
subnet 10.1.0.0 netmask 255.255.255.0 {
pool {
failover peer "10-1-0-0";
...
}
}
Nun bekomme ich folgende Ausgabe:
Mar 8 11:48:47 server dhcpd: Internet Systems Consortium DHCP Server V3.1.1
Mar 8 11:48:47 server dhcpd: Copyright 2004-2008 Internet Systems Consortium.
Mar 8 11:48:47 server dhcpd: All rights reserved.
Mar 8 11:48:47 server dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Mar 8 11:48:47 server dhcpd: Wrote 0 deleted host decls to leases file.
Mar 8 11:48:47 server dhcpd: Wrote 0 new dynamic host decls to leases file.
Mar 8 11:48:47 server dhcpd: Wrote 27 leases to leases file.
Mar 8 11:48:47 server dhcpd: failover peer 10-1-0-0: I move from communications-interrupted to startup
Mar 8 11:48:47 server dhcpd: failover peer 10-0-0-0: I move from recover to startup
Mar 8 11:49:02 server dhcpd: failover peer 10-1-0-0: I move from startup to communications-interrupted
Mar 8 11:49:02 server dhcpd: failover peer 10-0-0-0: I move from startup to recover
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer moves from normal to partner-down
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: I move from communications-interrupted to potential-conflict
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer moves from partner-down to potential-conflict
Mar 8 11:49:25 server dhcpd: Sent update done message to 10-1-0-0
Mar 8 11:49:25 server dhcpd: Update request from 10-1-0-0: nothing pending
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer moves from potential-conflict to conflict-done
Mar 8 11:49:25 server dhcpd: Sent update request message to 10-1-0-0
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer update completed.
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: I move from potential-conflict to normal
Mar 8 11:49:25 server dhcpd: balancing pool 81095c0 10.1.0/24 total 55 free 28 backup 27 lts 0 max-own (+/-)6
Mar 8 11:49:25 server dhcpd: balanced pool 81095c0 10.1.0/24 total 55 free 28 backup 27 lts 0 max-misbal 8
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer moves from conflict-done to normal
Mar 8 11:49:40 server dhcpd: failover: link startup timeout
Peer 10-1-0-0 funktioniert wunderbar. Peer 10-0-0-0 funktioniert leider nicht und meldet einen Timeout. Die Firewall greift hier nicht ein. Habe auch schon die Ports getauscht.
Kann es sein, dass es gleichzeitig Primary/Secondary Verbindungen nicht geregelt bekommt?
Hoffe mein Problem ist verständlich!
Danke und Gruß
Daniel
ich habe ein kleinen Problem mit Failover.
Meine Konstellation sieht wie folgt aus:
1. Zwei Standorte per VPN verbunden
-> Standort 1: 10.0.0.0/24 und DHCPd-Server 10.0.0.3
-> Standort 2: 10.1.0.0/24 und DHCPd-Server 10.1.0.3
2. In jedem Standort gibt es zusätzlich einen DHCP-Relay Agent, der die Anfragen zusätzlich an den DHCP am anderen Standort leitet (Redundanz)
Im Moment sieht meine Konstellation wie folgt aus:
DHCP am Standort ist Primary für beide Netze, DHCP am Standort 2 ist Secondary für beide Netze.
Konfiguration wie folgt:
DHCPd unter 10.1.0.3 (Secondary)
failover peer "dhcp" {
secondary;
address 10.1.0.3; # local host IP address
port 647; # make sure this port is not used by other programs
peer address 10.0.0.3; # sec host IP address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
...
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
failover peer "dhcp";
...
}
}
subnet 10.1.0.0 netmask 255.255.255.0 {
pool {
failover peer "dhcp";
...
}
}
DHCPd unter 10.0.0.3 (Primary)
failover peer "dhcp" {
primary;
address 10.0.0.3; # local host IP address
port 647; # make sure this port is not used by other programs
peer address 10.1.0.3; # sec host IP address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 86400;
split 128;
load balance max seconds 3;
}
...
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
failover peer "dhcp";
...
}
}
subnet 10.1.0.0 netmask 255.255.255.0 {
pool {
failover peer "dhcp";
...
}
}
Das ganze funktioniert so auch wunderbar. Nun hätte ich jedoch gerne, dass die lokalen DHCP's jeweils Primary für das eigene Netz sind und Secondary für das entfernte Netz:
Also Konfiguration wie folgt aufgebaut:
DHCPd unter 10.1.0.3
failover peer "10-0-0-0" {
secondary;
address 10.1.0.3; # local host IP address
port 647; # make sure this port is not used by other programs
peer address 10.0.0.3; # sec host IP address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
failover peer "10-1-0-0" {
primary;
address 10.1.0.3; # local host IP address
port 648; # make sure this port is not used by other programs
peer address 10.0.0.3; # sec host IP address
peer port 648;
max-response-delay 60;
max-unacked-updates 10;
mclt 86400;
split 128;
load balance max seconds 3;
}
...
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
failover peer "10-0-0-0";
...
}
}
subnet 10.1.0.0 netmask 255.255.255.0 {
pool {
failover peer "10-1-0-0";
...
}
}
DHCPd unter 10.0.0.3
failover peer "10-0-0-0" {
primary;
address 10.0.0.3; # local host IP address
port 647; # make sure this port is not used by other programs
peer address 10.1.0.3; # sec host IP address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 86400;
split 128;
load balance max seconds 3;
}
failover peer "10-1-0-0" {
secondary;
address 10.0.0.3; # local host IP address
port 648; # make sure this port is not used by other programs
peer address 10.1.0.3; # sec host IP address
peer port 648;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
...
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
failover peer "10-0-0-0";
...
}
}
subnet 10.1.0.0 netmask 255.255.255.0 {
pool {
failover peer "10-1-0-0";
...
}
}
Nun bekomme ich folgende Ausgabe:
Mar 8 11:48:47 server dhcpd: Internet Systems Consortium DHCP Server V3.1.1
Mar 8 11:48:47 server dhcpd: Copyright 2004-2008 Internet Systems Consortium.
Mar 8 11:48:47 server dhcpd: All rights reserved.
Mar 8 11:48:47 server dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Mar 8 11:48:47 server dhcpd: Wrote 0 deleted host decls to leases file.
Mar 8 11:48:47 server dhcpd: Wrote 0 new dynamic host decls to leases file.
Mar 8 11:48:47 server dhcpd: Wrote 27 leases to leases file.
Mar 8 11:48:47 server dhcpd: failover peer 10-1-0-0: I move from communications-interrupted to startup
Mar 8 11:48:47 server dhcpd: failover peer 10-0-0-0: I move from recover to startup
Mar 8 11:49:02 server dhcpd: failover peer 10-1-0-0: I move from startup to communications-interrupted
Mar 8 11:49:02 server dhcpd: failover peer 10-0-0-0: I move from startup to recover
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer moves from normal to partner-down
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: I move from communications-interrupted to potential-conflict
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer moves from partner-down to potential-conflict
Mar 8 11:49:25 server dhcpd: Sent update done message to 10-1-0-0
Mar 8 11:49:25 server dhcpd: Update request from 10-1-0-0: nothing pending
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer moves from potential-conflict to conflict-done
Mar 8 11:49:25 server dhcpd: Sent update request message to 10-1-0-0
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer update completed.
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: I move from potential-conflict to normal
Mar 8 11:49:25 server dhcpd: balancing pool 81095c0 10.1.0/24 total 55 free 28 backup 27 lts 0 max-own (+/-)6
Mar 8 11:49:25 server dhcpd: balanced pool 81095c0 10.1.0/24 total 55 free 28 backup 27 lts 0 max-misbal 8
Mar 8 11:49:25 server dhcpd: failover peer 10-1-0-0: peer moves from conflict-done to normal
Mar 8 11:49:40 server dhcpd: failover: link startup timeout
Peer 10-1-0-0 funktioniert wunderbar. Peer 10-0-0-0 funktioniert leider nicht und meldet einen Timeout. Die Firewall greift hier nicht ein. Habe auch schon die Ports getauscht.
Kann es sein, dass es gleichzeitig Primary/Secondary Verbindungen nicht geregelt bekommt?
Hoffe mein Problem ist verständlich!
Danke und Gruß
Daniel