DHCP Failover using PowerShell
DHCP failover allows administrators to ensure high availability of DHCP service by ensuring that in the event of a DHCP server going down, DHCP clients are able to extend the leases on their current IP addresses by communicating with another DHCP server on the enterprise network. The administrator can use either MMC or PowerShell for configuring and monitoring failover relationships.
PowerShell users can use the following cmdlets for setting up and monitoring failover:
Add–DhcpServerv4Failover - Adds a new IPv4 failover relationship on the DHCP server
Add–DhcpServerv4FailoverScope - Adds the specified scopes to an existing failover relationship
Get–DhcpServerv4Failover - Gets the failover relationships configured on the server
Set–DhcpServerv4Failover - Modifies the properties of an existing failover relationship
Remove–DhcpServerv4Failover - Deletes the specified failover relationships
Remove–DhcpServerv4FailoverScope - Removes the specified scopes from the failover relationship
Invoke-DhcpServerv4FailoverReplication - Replicates scope configuration between failover partner servers
In addition to these failover specific cmdlets, there is Get–DhcpServerv4ScopeStatisticscmdlet which returns scope statistics and has a - failover switch. Specifying this switch makes cmdlet return failover specific statistics for scopes which are configured for failover.
Let us look at all these cmdlets in detail.
Parameter Set: LoadBalance
Add-DhcpServerv4Failover [-Name] <String> [-ScopeId] <IPAddress[]> [-PartnerServer] <String> [-AsJob] [-AutoStateTransition <Boolean> ] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Force] [-LoadBalancePercent <UInt32> ] [-MaxClientLeadTime <TimeSpan> ] [-PassThru] [-SharedSecret <String> ] [-StateSwitchInterval <TimeSpan> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: HotStandby
Add-DhcpServerv4Failover [-Name] <String> [-ScopeId] <IPAddress[]> [-PartnerServer] <String> [-AsJob] [-AutoStateTransition <Boolean> ] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Force] [-MaxClientLeadTime <TimeSpan> ] [-PassThru] [-ReservePercent <UInt32> ] [-ServerRole <String> ] [-SharedSecret <String> ] [-StateSwitchInterval <TimeSpan> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
The Add–DhcpServerv4Failover cmdlet creates a new IPv4 failover relationship on a DHCP server. A failover relationship can be either load balance i.e. active-active or hot standby i.e. active-passive.
Let us assume that you wish to create a load balance, or active-active, failover relationship between the DHCP servers dhcpserver.contoso.com and dhcpserver2.contoso.com with the scopes 10.10.10.0 and 20.20.20.0 present on the DHCP server dhcpserver.contoso.com. These scopes will be created on the partner DHCP server dhcpserver2.contoso.com as part of the failover relationship creation. 70% of the client requests are to be served by DHCP server running on the computer named dhcpserver.contoso.com and 30% by the DHCP server running on the computer named dhcpserver2.contoso.com. The maximum client lead time for the failover relationship is to be set to 2 hours. The automatic state transition from the COMMUNICATION INTERRUPTED state to the PARTNER DOWN state is to be turned on and the timer for automatic state transition is to be set to 2 hours. Here is the command to achieve the same.
Add-DhcpServerv4Failover -ComputerName dhcpserver.contoso.com -Name SFO-SIN-Failover -PartnerServer dhcpserver2.contoso.com -ScopeId 10.10.10.0,20.20.20.0 -LoadBalancePercent 70 -MaxClientLeadTime 2:00:00 -AutoStateTransition $true -StateSwitchInterval 2:00:00
Instead of load balance, you may require to create a hot standby or active-passive failover relationship between the DHCP servers dhcpserver.contoso.com and dhcpserver2.contoso.com with the scopes 11.10.10.0 and 21.20.20.0 present on the DHCP server dhcpserver.contoso.com. These scopes will be created on the partner DHCP server dhcpserver2.contoso.com as part of the failover relationship creation. The DHCP server dhcpserver2.contoso.com will be a standby DHCP server with the DHCP server dhcpserver.contoso.com as the active DHCP server in the failover relationship. 10% of the free IP addresses in the scopes needs to be reserved for the standby DHCP server. The maximum client lead time for the failover relationship is to be set to 2 hours. The automatic state transition from the COMMUNICATED INTERUPTED state to the PARTNER DOWN state is to be turned on and the timer for automatic state transition is to be set to 2 hours. You can achieve this by the following command:
Add-DhcpServerv4Failover -ComputerName dhcpserver.contoso.com -Name SFO-SIN-Failover2 -PartnerServer dhcpserver2.contoso.com -ScopeId 11.10.10.0,21.20.20.0 -ReservePercent 10 -MaxClientLeadTime 2:00:00 -AutoStateTransition $true -StateSwitchInterval 2:00:00
Add-DhcpServerv4FailoverScope [-Name] <String> [-ScopeId] <IPAddress[]> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-PassThru] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
This cmdlet can be used for associating one or more scopes with an existing failover relationship.
If you wish to add the scopes 10.10.11.0 and 20.20.21.0 to the failover relationship SFO-SIN-Failover created above, you can achieve by the following command:
Add-DhcpServerv4FailoverScope -ComputerName dhcpserver.contoso.com -Name SFO-SIN-Failover -ScopeId 10.10.11.0, 20.20.21.0
Let us say, there are a large number of scopes to be added and these are present in a text file failoverscopes.txt in the following format:
30.0.0.0
32.0.0.0
35.0.0.0
40.0.0.0
44.0.0.0
45.0.0.0
46.0.0.0
47.0.0.0
50.0.0.0
52.0.0.0
54.0.0.0
57.0.0.0
Given below is a script addfailoverscopes.ps1 that can be used to add scopes listed in a text file to a failover relationship.
Usage: .addfailoverscopes.ps1 –InputFileName C:failoverscopes.txt –RelationName SFO-SIN-Failover2
addfailoverscopes.ps1
param(
[string]$InputFileName,
[string]$RelationName
)
if($InputFileName -eq $null -or $RelationName -eq $null)
{
write-host ""
write-host "Usage: .addfailoverscopes.ps1 -InputFileName <string> -RelationName <string>"
write-host "RelationName: name of the relation to which scopes are to be applied"
write-host "InputFileName: the filename containing a line-separated list of scopes"
Exit
}
$filecontent = Get-Content $InputFileName
$list = @()
foreach ($row in $filecontent)
{
$scope = $null
if($row.Trim() -ne "")
{
$scope = [ipaddress]($row.Trim())
if($scope -ne $null)
{
$list += $scope
}
}
}
Add-DhcpServerv4FailoverScope -Name $RelationName -ScopeId $list
In case you wish to add a large number of scopes while creating the relationship itself, you can replace Add-DhcpServerv4FailoverScope cmdlet in addfailoverscopes.ps1 with Add-DhcpServerv4Failover with suitable input parameters as shown in previous examples in this blog post.
This script can be particularly useful in case you wish to add all the scopes on the server to the relationship. To write the scope IDs of all the scopes to the text file failoverscopes.txt use the following command:
Get-DhcpServerv4Scope -ComputerName dhcpserver.contoso.com | Format-Table -Property ScopeID -HideTableHeaders > C:failoverscopes.txt
Parameter Set: Name
Get-DhcpServerv4Failover [[-Name] <String[]> ] [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-ThrottleLimit <Int32> ] [ <CommonParameters>]
Parameter Set: ScopeId
Get-DhcpServerv4Failover -ScopeId <IPAddress[]> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-ThrottleLimit <Int32> ] [ <CommonParameters>]
For checking the parameters of existing failover relationships, you can use the Get-DhcpServerv4Failover cmdlet.
For example,
Get-DhcpServerv4Failover -ComputerName dhcpserver.contoso.com -Name SFO-SIN-Failover
will give the output in the following format:
Name : SFO-SIN-Failover
PartnerServer : dhcpserver2.contoso.com
Mode : LoadBalance
LoadBalancePercent : 70
ServerRole :
ReservePercent :
MaxClientLeadTime : 02:00:00
StateSwitchInterval : 02:00:00
State : Normal
ScopeId : {10.10.10.0, 20.20.20.0, 10.10.11.0, 20.20.21.0}
AutoStateTransition : True
EnableAuth : False
It can also be used to get the information of all the failover relationships that a server/scope is a part of. To get the information for all of the failover relationships on the DHCP server running on the computer named dhcpserver.contoso.com:
Get-DhcpServerv4Failover -ComputerName dhcpserver.contoso.com
To get the information of the failover relationships of which the scopes 10.10.10.0 and 11.10.10.0 are a part of:
Get-DhcpServerv4Failover -ComputerName dhcpserver.contoso.com -ScopeId 10.10.10.0, 11.10.10.0
Parameter Set: Set1
Set-DhcpServerv4Failover [-Name] <String> [-AsJob] [-AutoStateTransition <Boolean> ] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Force] [-LoadBalancePercent <UInt32> ] [-MaxClientLeadTime <TimeSpan> ] [-PartnerDown] [-PassThru] [-ReservePercent <UInt32> ] [-SharedSecret <String> ] [-StateSwitchInterval <TimeSpan> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
To update the parameters of the failover relationship, you can use the Set-Dhcpserverv4Failover cmdlet.
Let us change the reserved percentage of addresses on the standby server for the hot standby relationship SFO-SIN-Failover2 from 10% to 8%. Also, let us enable message authentication for the failover messages between the 2 DHCP servers by specifying a shared secret. Here is the command to achieve that.
Set-DhcpServerv4Failover -ComputerName dhcpserver.contoso.com -Name SFO-SIN-Failover2 -SharedSecret "secretkey" -ReservePercent 8
Note: If you wish to change the mode(load balance to hot standby or vice versa) of an existing failover relationship, you can do so using the DHCP server MMC. With the current set of cmdlets, PowerShell does not allow the same.
Remove-Dhcpserverv4FailoverScope
Remove-DhcpServerv4FailoverScope [-Name] <String> [-ScopeId] <IPAddress[]> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Force] [-PassThru] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
This cmdlet can be used to remove one or more scopes from a failover relationship.
To remove the scopes 10.10.11.0 and 20.20.21.0 from the failover relationship SFO-SIN-Failover:
Remove-DhcpServerv4FailoverScope -ComputerName dhcpserver.contoso.com -Name SFO-SIN-Failover -ScopeId 10.10.11.0, 20.20.21.0
This cmdlet will delete the specified scopes from the partner server.
In case you wish to use this command when the partner server is down, you can use it with the –Force switch. However, then the scopes will have to be separately removed from the partner server when it has recovered.
Remove-DhcpServerv4Failover [-Name] <String[]> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Force] [-PassThru] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
This cmdlet can be used to delete one or more failover relationships.
To delete the failover relationship SFO-SIN-Failover2:
Remove-DhcpServerv4Failover -ComputerName dhcpserver.contoso.com -Name SFO-SIN-Failover2
This cmdlet will also delete the scopes which were associated with the failover relationships from the partner server.
In case you wish to use this command when the partner server is down, you can use it with the –Force switch. However, then the relationships will have to be separately removed from the partner server when it has recovered.
Invoke-DhcpServerv4FailoverReplication
Parameter Set: Name
Invoke-DhcpServerv4FailoverReplication [[-Name] <String[]> ] [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Force] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: ScopeId
Invoke-DhcpServerv4FailoverReplication -ScopeId <IPAddress[]> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Force] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
This cmdlet can help you replicate scope configuration changes made on a server to its failover partner. The scope configuration includes – all scope properties, scope options, reservations etc. The cmdlet can perform the replication on the scope level, the relationship level or the server level. Performing replication at the relationship level will replicate all the scopes in that relationship. Performing replication at the server level will replicate all of the failover scopes on that DHCP server to one or more respective partner DHCP servers.
Consider a situation where you had to change the lease duration of scopes 10.10.10.0 and 20.20.20.0 from 8 days to 4 days. Now, you want to ensure that the same configuration parameters are replicated on the partner server for these scopes. You can do so by invoking replication for the scopes 10.10.10.0 and 20.20.20.0.
Invoke-DhcpServerv4FailoverReplication -ComputerName dhcpserver.contoso.com -ScopeId 10.10.10.0, 20.20.20.0
Alternatively, you may also invoke replication for the failover relationship.
Invoke-DhcpServerv4FailoverReplication -ComputerName dhcpserver.contoso.com -Name SFO-SIN-Failover
Or you can invoke the replication for all the failover scopes on the server by using the following command:
Invoke-DhcpServerv4FailoverReplication -ComputerName dhcpserver.contoso.com
Get-DhcpServerv4ScopeStatistics
Get-DhcpServerv4ScopeStatistics [[-ScopeId] <IPAddress[]> ] [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Failover] [-ThrottleLimit <Int32> ] [ <CommonParameters>]
For scopes that are part of a failover relationship; there is ‘-failover’ tag in this cmdlet which can be used for getting failover related statistics.
Get-DhcpServerv4ScopeStatistics -ComputerName dhcpserver.contoso.com -ScopeId 10.10.10.0, 20.2020.20.0 –Failover|fl
will give output in the format:
ScopeId : 10.10.10.0
AddressesFree : 0
AddressesInUse : 0
PendingOffers : 0
ReservedAddress : 0
PercentageInUse : 0
SuperscopeName :
Comments
- Anonymous
September 10, 2015
wish I would have found this sooner!