Condividi tramite


Ensuring High Availability of DHCP using Windows Server 2012 DHCP Failover

Introduction

Ensuring high availability of critical network services like DHCP figures high in the list of priorities for any enterprise. In an environment where clients get their IP addresses and network configuration automatically, uninterrupted network connectivity is dependent on the availability of DHCP service at all times. Let us consider for a moment what high availability of DHCP server is intended for:

-         Any authorized computer which connects to the network should be able to obtain its IP address and network configuration from the enterprise DHCP service at all times.

-         After obtaining an IP address, a computer shouldbe able to renew its lease and continue using the same IP address so that there is no glitch in connectivity.

Windows Server 2012 DHCP provides a new high availability mechanism addressing these critical aspects. Two DHCP servers can be set up to provide a highly available DHCP service by entering into a failover relationship. A failover relationship has a couple of parameters which govern the behavior of the DHCP servers as they orchestrate the failover. One of them is the mode of the failover operation – I will describe this shortly. The other is the set of scopes that are part of the failover relation. These scopes are set up identically between the two servers when failover is configured. Once set up in this fashion, the DHCP servers replicate the IP address leases and associated client information between them and thereby have up-to-date information of all the clients on the network.  So even when one of the servers goes down – either in a planned or in an unplanned manner – the other DHCP server has the required IP address lease data to continue serving the clients.

Modes of Failover Operation

There are two modes of configuring DHCP failover to cater to the various deployment topologies:  Load Balance and Hot Standby. The Load Balance mode is essentially an Active-Active configuration wherein both DHCP servers serve client requests with a configured load distribution percentage. We will look at how the DHCP servers distribute client load in a later post.

The Hot Standby mode results in an Active-Passive configuration. You will be required to designate one of the two DHCP servers as the active server and the other as standby. The standby server is dormant with regard to serving client requests as long as the active server is up. However, the standby server receives all the inbound lease updates from the active DHCP server and keeps its database up to date.

The DHCP servers in a failover relationship can be in different subnets and can even be in different geographical sites.

Deployment Topologies

The support of these two modes enables a wide range of deployment topologies. The most rudimentary one is where two servers in a Load Balance or Hot Standby mode serve a set of subnets which are in the same site.

A slightly more involved deployment where failover is being deployed across two different sites is illustrated in Figure 1. Here, the Hyderabad and the Redmond  site each have a local DHCP server servicing clients in that site. To ensure high availability of the DHCP service at both the sites, one can setup two failover relationships in Hot Standby mode. One of the failover relationships will comprise all subnets/scopes at Hyderabad. It will have the local DHCP server as the active server with the DHCP server at Redmond as the standby. The second failover relationship will comprise all subnets/scopes at Redmond. It will have the local DHCP server as the active server and the DHCP server at Hyderabad as the standby.


 
                   Figure 1: DHCP Failover Deployed Across Two Sites

This deployment construct of two DHCP servers backing up each other for two different set of scopes via two failover relationships is extensible to more than two sites. One can visualize a ring topology involving multiple sites where a server at each site - in addition to being the active server for the local network – is the standby server for another site. The failover relationships can be set up to form a ring topology through the DHCP servers at different sites.

Hub-and-Spoke is another multi-site deployment topology which lends itself quite well to how organizations are looking to deploy failover. Here, a central DHCP server acts as the standby for multiple active DHCP servers each of which serves a different branch office.

Better than earlier HA mechanisms

Windows DHCP server has so far met the HA requirement by enabling hosting of the DHCP server on a Windows Failover Cluster or by split scope deployments. These mechanisms have their own disadvantages. The split scope mechanism relies on configuring identical scopes on two DHCP servers and setting up the exclusion ranges in such a fashion that 80% of a subnet’s IP range is used for leasing out IP addresses by one of the servers (primary) and remaining 20% by the other server (secondary). The secondary server is often configured to respond to clients with a slightly delayed response so that clients use IP addresses from the primary server whenever it is available. Split scope deployments suffer from two problems. IPv4 subnets often run at utilization rates above 80%. In such subnets, split scope deployment is not effective given the low free pool of IP addresses available. The other issue with split scope is the lack of IP address continuity for clients in case of an outage of the primary server. Since the IP address given out by the primary DHCP server would be in the exclusion range of the secondary server, the client will not be able to renew the lease on the current IP address and will need to obtain a new IP address lease from the secondary server. In the case of split scope, the two DHCP servers are oblivious to each other’s presence and do not synchronize the IP address lease information.

To host the DHCP server on a Windows Failover Cluster, the DHCP database needs to be hosted on a shared storage accessible to both nodes of a cluster in addition to the deployment of the cluster itself. DHCP servers running on each node of the cluster operate on the same DHCP database hosted on the shared storage. In order to avoid the shared storage being the single point of failure, a storage redundancy solution needs to be deployed. This increases the complexity as well as the TCO of the DHCP high availability deployment.

The Windows Server 2012 DHCP failover mechanism eliminates these shortcomings and provides a vastly simplified deployment experience. Moreover, DHCP failover is supported in all editions (Foundation, Standard, Data Center) of Windows Server 2012.  As one of the server reviewers aptly put it, this is high availability of DHCP on a low budget!

Management interfaces

DHCP failover can be configured using the DHCP MMC as well as the DHCP PowerShell cmdlets. Everything you can do via the MMC for DHCP failover is achievable via the DHCP PowerShell cmdlets as well. The DHCP MMC provides a Failover Setup wizard which greatly eases the setup of failover. There are two launch points in the DHCP MMC from which a user can start the wizard. The right click menu options on the IPv4 node now have a Configure failover… option. If launched from here, all the scopes on the server which are not yet setup for failover are selected for failover configuration. Alternatively, if you select one or more scopes and right click, you will see the same Configure Failover… option. If launched in this fashion, only the selected scopes are configured for failover. Please see the step by step guide to setup failover using DHCP MMC. You can download the “Understanding and Troubleshooting guide” here.

For the command line users, DHCP PowerShell provides the following PowerShell cmdlets for setting up and monitoring failover:

  • Add–DhcpServerv4Failover - Creates a new IPv4 failover relationship to a DHCP server
  • Add–DhcpServerv4FailoverScope - Adds the specified scope(s) to an existing failover relationship
  • Get–DhcpServerv4Failover - Gets the failover relationships configured on the server
  • Remove–DhcpServerv4Failover - Deletes the specified failover relationship(s)
  • Remove–DhcpServerv4FailoverScope - Removes the specified scopes from the failover relationship
  • Set–DhcpServerv4Failover - Modifies the properties of an existing failover relationship
  • Invoke-DhcpServerv4FailoverReplication - Replicates scope configuration between failover partner servers

In addition to these, Get–DhcpServerv4ScopeStatistics cmdlet which returns scope statistics has a “-failover” switch. Specifying this switch causes the cmdlet to return failover specific statistics for scopes which are configured for failover.

In conclusion, DHCP failover in Windows Server 2012 provides a high availability mechanism for DHCP which is very easy to deploy and manage and caters to the critical requirements of continuous availability of DHCP service and IP address continuity for the clients. Early adopters of the feature have shared our enthusiasm for this critical DHCP functionality and feedback from them has been very positive.

Give it a spin on Windows Server 2012 Release Candidate and we hope that you will find it useful!

Team DHCP

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    DHCP team, I am assuming based on the content that DHCP logs are not replicated. I would just like to confirm this. Thanks!

  • Anonymous
    January 01, 2003
    Thanks Thorsten for noting that! The reference to enterprise edition has now been removed from the blog.

  • Anonymous
    January 01, 2003
    Thanks for this. One other question, can the setup be reversed? You describe the scenario for the schools being active and the central server being passive. Can we reverse that and have the central server be the active server and the school sites be passive and only become active if communication to the central server goes down?

  • Anonymous
    January 01, 2003
    Hi Dan, Thanks for sharing your feedback. We have shared a script which is integrated with Windows task scheduler and provides for automatic synchronization of scope configuration like options, reservations, range etc. You can download it from - gallery.technet.microsoft.com/.../Auto-syncing-of-configurati-6eb54fb0 Please do let us know if this will help address the scenarios that you pointed out.

  • Anonymous
    January 01, 2003
    Hi Jlinesmn, Yes. You can have school server as standby and central server as active.

  • Anonymous
    January 01, 2003
    Jose, Windows Server 2012 as well as Windows Server 2012 R2 does not support DHCP failover relationship between more than 2 servers for the same scope(s). A server can however participate in multiple failover relationship with the same or different partner servers but each relationship will have to be for a different set of scopes. For your deployment, you can use a combination of DHCP failover and Windows Failover cluster. For example, you Site 1 you can configure DHCP server on a Windows Failover cluster and likewise for Site 2. Then you can setup a DHCP failover relationship between the 2 clustered DHCP server instances. Is this solution acceptable for your deployment.

  • Anonymous
    January 01, 2003
    Hi David, The statistics are not updated to reflect the fact that second DHCP server has taken ownership of the entire address pool of a scope. So, you will not see address available on the second server go to 100% after MCLT expiry in PARTNER DOWN state.

  • Anonymous
    January 01, 2003
    @Stewart, Agreed it is SO nice to see code changes on bits of the OS that haven't seen an update like this since NT4!

  • Anonymous
    January 01, 2003
    You can  replicate any scope configuration including lease duration, options, reservations etc using the "Replicate scope" action provided in DHCP MMC. This will replicate the scope configuration to the partner DHCP server.

  • Anonymous
    January 01, 2003
    Andrew, this would happen if one of your servers is domain joined (standard ?) and the other server is workgroup (essentials?). The workgroup server checks for the presence of any domain joined DHCP server and stops itself if it finds one. You can get around this by adding the registry param DisableRogueDetection (DWORD) and setting it to 1 under HKEY_LOCAL_MACHINESystemCurrentControlSetServicesDHCPServerParameters on the workgroup server.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi Bryan, you are correct - DHCP logs are not replicated. Events to the respective DHCP log file are logged independently by each DHCP server.

  • Anonymous
    January 01, 2003
    John, for the subnets at the remote site, you can create a failover relationship with active/active configuration between the servers at primary and secondary site. This will cause client load to be distributed in the ratio that you specified (default 50:50). When one of the server is not reachable from the remote site, clients will retransmit the requests. This is normal DHCP client behavior. The second server will notice that the clients are retransmitting and respond to the client requests. So, the clients will be able to extend the lease. New clients coming up will also be able to get a new lease.

  • Anonymous
    January 01, 2003
    Hi Jason, 20010 is ERROR_DHCP_OPTION_NOT_PRESENT - The specified option does not exist on the DHCP server. The error codes are documented athttp://msdn.microsoft.com/en-us/library/windows/desktop/aa363378(v=vs.85).aspx. In which step are you getting this error ? during import or while creating the failover relationship ?

  • Anonymous
    January 01, 2003
    Hi Jason,
    You seem to be doing the right thing by using export and import. Can you give us the step by step detail of what you are doing so that we can pin-point the problem better.
    Thanks

  • Anonymous
    January 01, 2003
    Is the failover has a AD requirement ? it seems not but i would like to be sure because I have a 2003 AD, . thanks for your blog.

  • Anonymous
    January 01, 2003
    Hi Ross, DHCP failover does not provide for replication of server level/wide configuration. Allow/Deny MAC filter is a server level/wide configuration. The reason this is not provided for is because a DHCP serve can participate in more than one failover relationships with different partner DHCP servers. In such scenarios, replicating server level configuration can lead to undesirable resultant server level/wide configuration. If your server has a single failover relationship or a allow/deny MAC address filter list that applies to all servers, you can setup a regular sync between the DHCP servers by writing a simple PowerShell script and integrating it with Windows Task Scheduler so that it runs on a periodic basis. Let us know if you have further questions.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Robb, thanks for sharing your observation. The automatic sync script relies on DHCP server events being logged for a configuration change. The event serves as a trigger to sync the scope(s) to the partner DHCP server. For an IP range change event, there is no event logged by the DHCP server. Hence, it will not get replicated immediately. However, the script runs a replication every 30 minutes in any case. At that time, the IP range will get replicated. 30 minutes interval can be changed to lower//higher in the script.

  • Anonymous
    January 01, 2003
    Ben, IPAM takes care of updating both copies of a failover scope when a reservation, option or any other scope level configuration is updated. It does not keep the server level configuration in sync. For MAC address list, you could achieve sync by writing a PowerShell script using DHCP Server PowerShell cmdlets for MAC addresses.

  • Anonymous
    January 01, 2003
    DHCP Failover in Windows Server 2012 has no dependency on Active Directory. You can configure DHCP failover with workgroup DHCP servers also.

  • Anonymous
    January 01, 2003
    Hi, I was wondering if the Active-Passive mode can be used on more than two servers. We currently have a centralized DHCP server. One of our schools had their fiber cut and could not log in to local resources. We would have 12 schools that fall in to this scenario. So, could we set up Active-Passive with that many servers? Thanks.

  • Anonymous
    June 29, 2012
    Great stuff. Been wanting something like this for quite some time...

  • Anonymous
    October 22, 2012
    Also, if you change the lease duration for a scope in one server, it won't replicate to the other server. You have to micromanage that setting along with the other settings that I mentioned, on each server.

  • Anonymous
    December 21, 2012
    Dear All, I have configured the two windows 2012 std server on two different site with DHCP fail-over service. i just want to know how the fail over works.. ? should i need to add the partner IP in my network switches (Ip helper address) so that in case of primary server fail host can reach up to partner server ?? Your urgent response in this regard will be highly appreciated..   Thanks. Nadeem

  • Anonymous
    February 17, 2013
    Erm, replication of allowdeny MAC filter?  I'm surprised this feature was completely missed out, we rely upon this in our organisation to prevent anyone from just plugging a device in, it seems this is the only aspect the Server 2012 replication doesnt handle, am I mistaken? Thanks, Ross

  • Anonymous
    March 27, 2013
    The comment has been removed

  • Anonymous
    April 08, 2013
    The comment has been removed

  • Anonymous
    June 08, 2013
    I am attempting to configure DHCP failover using load balancing with an Essentials and a Standard server.  I have everything configured and working but I am facing an issue.  If I try to start the DHCP services on the Essentials server and the DHCP services on the Standard server are already started it will not start and I get error 1053 The DHCP/BINL service has encountered another server on this network with IP Address, 192.168.1.3, belonging to the domain: . in the event log on the Essentials serve. Any dieas why this is?

  • Anonymous
    July 23, 2013
    The comment has been removed

  • Anonymous
    July 30, 2013
    The comment has been removed

  • Anonymous
    October 18, 2013
    Hey DHCP team...DFACS question for you if i setup the DFACS on the first node to sync to the second one, everything works as designed, meaning all the config gets replicated to the second node, but lets say i go and change something on the second DHCP node, then on the next timed sync (as per xml config file), the node 1 will overwrite the changes on node 2, unless i manually click on node 2 gui to sync, before the xml time config does. the PS documentation itself says 2 instances of the script cannot be executed in parallel. so...whats the trick here ? should i only make changes on the first node all the time ? to make it consistent ? or is there a way to always keep these boxes talking to each other, regardless if the admin clicked on the replicate gui ? thanks ! Martin

  • Anonymous
    October 21, 2013
    Hello Martin, As mentioned in the DFACS guide, the configuration changes for scopes in a failover relationship need to be made on only one of the DHCP servers in the failover relationship. Making configuration changes on both DHCP failover servers with DFACS is not supported. In your scenario, would the admin be performing configuration changes on both the DHCP failover servers.

  • Anonymous
    October 21, 2013
    The comment has been removed

  • Anonymous
    October 21, 2013
    Hi Martin, if you are using IPAM 2012 R2 then you do not need DFACS. When you update/edit a failover scope using IPAM 2012 R2, IPAM automatically updates the configuration of the scope on both the DHCP failover servers. Regarding your question related to adding a new scope - a new scope added to a DHCP failover server does not automatically get added to the failover relationship. You will need to add it the failover relationship. Once added to the failover relationship, any further configuration changes on the scope will automatically be performed on both the DHCP failover servers by IPAM.

  • Anonymous
    November 25, 2013
    Hello, Please your help Install DHCP Failover (Active, Passive), but left the fortigate DHCP IP ACTIVE assets at the time of testing the client can not renew IP The steering, using the  DHCP PASIVE, because I find that I set change?

  • Anonymous
    November 25, 2013
    The comment has been removed

  • Anonymous
    November 26, 2013
    Hi Team Thank,

  1. DHCP Active 172.19.3.22
  2. DHCP Pasive 172.19.3.23
  3. In the Fortigate, is configuring the rule of DHCP Server, its 172.19.3.22 (DHCP Active)
  4. in the test, disconnect server Active 172.19.3.22
  5. Client no find DHCP Pasive server 172.19.3.23
  6. Client, IP renew not working Thank for your help
  • Anonymous
    November 26, 2013
    Thanks for the details, Henry. I assume Fortigate is acting as a DHCP relay - forwarding the DHCP client message to the DHCP server. To ensure that the DHCP client message goes to both DHCP servers, you will need to configure Fortigate with both DHCP server IP addresses - 172.19.3.22 and 172.19.3.23. The passive server will not respond to the DHCP client message while the Active server is still up and running. Hope that helps.

  • Anonymous
    November 27, 2013
    thank you, very much, excelent,

  • Anonymous
    March 07, 2014
    I have two 2012 DHCP servers in Active Passive HA mode (1 in Primary site and other in secondary site). I also have a remote office with the router having both DHCP servers IP helpers defined. My question is...if there is a network connection issue to remote site and the Primary site, will the secondary DHCP be aware of this and issue/renew an IP to the client based on the second IP helper off the remote site router? What's the best setup to account for remote-primary site WAN failures?

  • Anonymous
    August 05, 2014
    I am trying to configure failover from a 2012 R2 to another 2012 R2 server. It keeps giving me a "specified option does not exist error 20010". I've configured the custom options and even tried importing the source servers config from both netsh and powershell's import-dhcpserver cmdlet. something in there is hidden or corrupted and we have many scopes not feasible to recreate them on the source server...

  • Anonymous
    August 26, 2014
    The comment has been removed

  • Anonymous
    September 05, 2014
    Unless something is broken on my system, it seems that I was under the mistaken impression that the replication of the scope also replicate scope parameters. I have been making changes to the start IP of some scopes only to find out that this edit didn't replicate over to the other server. It might be important to call out exactly what is included in the replication.

  • Anonymous
    December 22, 2014
    Thanks for all the great info herein. I have the same question as "Lukus" above (7 Mar 2014), and noticed there was no response to that question. My assumption would be that in the situation described, one would want to use Active/Active Load-Balancing configuration, so that if the WAN link to the primary server goes down, the secondary server will respond to the remote site's DHCP request even though the link between the primary and secondary DHCP servers is up and the primary is thus seen as being in a "NORMAL" state by its partner node. Is this correct or would you recommend a different config?

  • Anonymous
    December 29, 2014
    "DHCP failover does not provide for replication of server level/wide configuration" (in response to Ross, 2-18-2013)
    Can IPAM Server do this? If so, can you point me to docs that detail how? I want to maintain two master lists of MAC addresses (one allow & one deny) for Link Layer Filtering and have those two lists apply to two DHCP servers in an active/active relationship (or, better, multiple scopes on those two DHCP servers).
    Thanks.

  • Anonymous
    August 27, 2015
    Hi DHCP Team, I have a backup question...I work in an Enterprise environment and we are using Netbackup for the backup of our servers. I currently have the backups set for System State full weekly with a 1 month retention, but I need to create a backup for the C:windowssystem32dhcpbackup folder as well. I was wondering what the best plan would be for the DHCP database, I believe a weekly full would suffice, but just wanted an expert opinion on this.

    Thanks!

    Wendy

  • Anonymous
    September 01, 2015
    The comment has been removed

  • Anonymous
    September 02, 2015
    Sean, for a set of scopes DHCP failover can be configured only between 2 DHCP servers. A DHCP server can have multiple failover relationships with different partner DHCP servers but those will have to be for distinct scopes.
    For your scenario, 2 servers at main site and one at DR site, you can consider using a combination of Failover clustering and DHCP failover.

  • Anonymous
    September 02, 2015
    Sean, please see this link https://technet.microsoft.com/en-us/library/dn338983.aspx#cluster for how DHCP failover can be used in conjunction with Windows failover cluster.

  • Anonymous
    September 07, 2015
    We are using split scope mechanism, but it seems one of the server is not at all being used for providing IP's

  • Anonymous
    September 07, 2015
    Nazir, in split scope deployment typically the second server is configured with a delay. So, only the leases given by one server reach the client early and are accepted. The second server comes to play only when the first server goes down.
    If you are on Windows Server 2012 or 2012R2, I would suggest using DHCP failover instead of split scope.

  • Anonymous
    September 30, 2015
    Can you have a DHCP server on a workgroup failover with a DHCP server on a domain? We've got one on a workgroup and have been attempting to add one onto a domain server, but the domain server says we have to authorise it.

  • Anonymous
    September 30, 2015
    BenB, yes you can have a failover relationship between a workgroup DHCP server and domain-joined DHCP server. Domain-joined DHCP server will have to be authorized so that it starts responding to client requests.