A few tips on how to make sure the DHCP infrastructure issuing IP addresses isn’t a single point of failure.
Redundancy is essential for dealing with both planned and unplanned outages, and that includes having redundant dynamic host-configuration protocol (DHCP) servers to allow uninterrupted dynamic assignment of IP addresses.
For those working in Windows environments, there are currently two options for setting up redundant DHCP servers: a failover scenario with a main server paired with another in hot standby; and a load-balancing scenario in which two DHCP servers actively handle client requests.
The hot-standby mode calls for a primary server that delivers DHCP services for all the clients in a particular IP-address range (scope) and a standby server that takes over only when the main server is unavailable for a period that is configurable in the setup.
This option is ideal for scenarios where the standby DHCP server is at a different physical location from the main server, making it less likely that both will fail at the same time due to power failure or hardware failure. The standby might also be a virtual machine running on separate hardware and powered from a different electrical source.
The load-balancing mode also calls for two servers, but both are active all the time and share handling DHCP requests.
Server requirements
To set up either option in a Windows environment, the servers must meet two criteria:
- Both servers must have the DHCP role enabled and configured through Windows Server Manager or PowerShell. In most cases, there will already be an active DHCP server in the network, so setting up a second machine with the DHCP role enabled must be authorized. To do this, connect to the second server using the Microsoft Management Console (MMC) DHCP snap-in, right-click on the server object and select “Authorize”.
- For the relationships to work, settings for both servers must be set to handle the same IP address ranges and have the same scope/server options. If they don’t match, the failover relationship cannot be established. The easiest way to do this is by copying these details from one server to the other with a backup on the existing DHCP server and a restore on the new one. To export from the existing DHCP server that you want to backup, connect to it using the MMC snap-in, expand the server object, right-click the server’s name, and select “Backup”, then select the backup location on the browsing dialog box that appears.
To establish the failover relationship, connect to the initial DHCP server using the DHCP MMC snap-in again, expand the server object, right-click on the “IPv4” icon or a specific scope and select “Configure Failover”. (When configuring the failover at the “IPv4” icon rather than on an individual scope, multiple scopes can be added to the failover relationship at the same time.) In the dialog box that appears, select the scopes that you want a failover relationship created for, or check “Select all” in the section “Available scopes” to have all of the available scopes selected. Click “Next” and specify the server you wish to create the relationship with by typing the fully qualified domain name (FQDN) of the other server or browsing for it in active directory using the “Add Server” button.
Defining the properties of the failover requires some configuring. Some settings apply to both the load-balancing and hot-standby modes; others apply just to one or the other. Settings for both modes include:
- Relationship name: By default the relationship name will be the two names of the servers being added in the format of server1-server2, but these can be changed to be more descriptive if needed.
- Maximum client lead time (MCLT): This sets the maximum amount of time either of the servers can extend a DHCP lease beyond what the partner server already knows about. Microsoft recommends the MCLT be set to one minute.
- State switchover interval: This sets the amount of time that one of the servers is unavailable before it is switched to a partner-down state. The default setting is 60 minutes during which the standby server will take on the full responsibility of the failover scope until its partner changes state again.
- Enable message authentication: This is an optional feature to allow for a shared secret for the two servers to prove to each other that they are who they say they are. If this setting is checked a shared secret must be provided which will use the Secure Hash Algorithm 2 (SHA-2).
For just the load-balancing mode:
- Load Balance Percentage: This sets the percentages of how many DHCP requests will be handled by each server.
For just the hot-standby mode:
- Hot Standby Configuration: This setting has two parts. The first is Role of partner Server which should be set to “Standby” if configuring from the main server. The second “Addresses reserved for standby server” is the percentage of each scope that is reserved for the standby server to use in the event the main server is unavailable. The default is 5%. Note that when the main server is unavailable, the standby server will continue to renew IP address of existing leases for the amount of time designated by the MCLT setting. It will only use the reserved standby addresses for new DHCP lease requests until the main server is back online or is designated as “Partner Down”.
Once these settings are made, a summary dialog box and final progress dialog box will show whether the relationship was successfully created. If it wasn’t, make sure all of the scopes and scope/server options are present on both DHCP servers then run it again.
Sync and replication with new scopes
Any changes to the scopes specified in these relationships don’t sync or replicate automatically. That must be done by going back to the MMC DHCP snap-in, right clicking on the scope on the primary server and choosing “Replicate scope”. Or it can be done via PowerShell using this command:
Invoke-DHCPServerv4FailoverReplication -computername DHCP-server.example.com
A new scope created on one server after the relationship between the servers has been established will not automatically be created on the other server. This requires the same steps as when setting up the original relationship, but there’s a time-saving option. Select the existing failover relationship from within the wizard by checking “reuse existing failover relationships configured with this server (if any exist)”. This appears in the first dialog box in the wizard.
Lastly, networks commonly include a DHCP relay—often the function of a core switch—that points to the active DHCP server for VLANs and subnets. After setting up failover-server relationships, be sure to add the static IP address of the second server to the list of DHCP relays so network traffic will be sent to it when there is a need for failover. This is applied differently depending on where the relay is located and how it is set up, but the failover should be tested after it is configurated and the relay is updated.