UBUNTU-22.04-DHCP 故障转移模式问题

UBUNTU-22.04-DHCP 故障转移模式问题

我们有 2 台 DHCP 服务器(Ubuntu 18.04),它们配置为故障转移模式(主/辅)。它们运行良好,大约 4 年来从未出现过问题。

现在,我们停电了,所以其中一个服务器(主服务器)停机了大约 6 个小时。令我惊讶的是,辅助服务器拒绝分配任何 IP 地址,因此看起来它们两个都必须在线才能工作,而这并不是故障转移模式的目的。

一旦电源恢复并且主设备再次上线,两台设备便立即开始工作。

知道为什么如果一台服务器出现故障,我们会失去 DHCP 服务吗?如上所述,如果一台服务器因任何原因出现故障,故障转移模式应该可以工作。

我的配置如下:

基本的:

/etc/dhcp/dhcpd.conf

log-facility local7;
authoritative;
ddns-update-style none;

failover peer "failover" {
  primary; 
  address 172.17.1.11;
       port 519;
       peer address 172.17.1.20;
       peer port 520;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 3600;
  split 128;
}

次要的:

log-facility local7;
authoritative;
ddns-update-style none;


failover peer "failover" {
  secondary; # declare this to be the secondary server
  address 172.17.1.20;
       port 520;
       peer address 172.17.1.11;
       peer port 519;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;

}

如果我将主服务器中的“split”更改为 255(而不是 128)或使用 hba,会有帮助吗,如下所示

hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff;

而不是“拆分”,并将以下内容添加到两者中?

max-lease-misbalance 2;
max-lease-ownership 1;
min-balance 300;
max-balance 1800;

非常感谢

玛多娜

答案1

非常感谢您的回复,我等待帮助已经很久了。

请在我的 DHCP.conf 上找到以下一些内容,它们适用于 200 多个 Vlan 中的 3 个。

基本的:

log-facility local7;
authoritative;
ddns-update-style none;

failover peer "dhcpfo" {
primary; # declare this to be the primary server
address 172.16.1.11;
  port 647;
# port 847;
#port 519;
peer address 172.16.1.20;
 peer port 647;
# peer port 847;
# peer port 520;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
mclt 3600;
split 128;
}


subnet 172.16.1.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
option routers 172.16.1.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 172.16.1.51 172.16.1.245;

}
}

#---------------------------------------------------------------------


subnet 192.168.2.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.2.51 192.168.2.245;

}
}

#----------------------------------------------------------------


subnet 192.168.3.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.3.51 192.168.3.245;

}
}

次要的:

log-facility local7;
authoritative;
ddns-update-style none;

failover peer "dhcpfo" {
secondary; # declare this to be the secondary server
address 172.16.1.20;
  port 647;
#port 847;
#port 520;
peer address 172.16.1.11;
 peer port 647;
#peer port 847;
# peer port 519;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;

}

subnet 172.16.1.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
option routers 172.16.1.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 172.16.1.51 172.16.1.245;

}
}

#---------------------------------------------------------------------

subnet 192.168.2.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.2.51 192.168.2.245;

}
}

#----------------------------------------------------------------


subnet 192.168.3.0 netmask 255.255.255.0 {
#                 option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.250;
option domain-name-servers 192.168.xxx.xx;
# option domain-name-servers 192.168.xxx.xx;
option domain-name "xxxxx.com";

pool {
failover peer "dhcpfo";
deny dynamic bootp clients;
default-lease-time 14400;
max-lease-time 36000;
range 192.168.3.51 192.168.3.245;

}
}

我只是想确保我的配置是正确的,这样如果其中一台服务器出现故障,另一台服务器仍能继续工作。

非常感谢

玛多娜

答案2

我正在寻找不同的 DHCP 问题并遇到了这个尚未解答的问题。

您能否更详细地发布您的 DHCP.conf。在范围节中,您必须指出每个范围都有一个故障转移对等点。

例子:

failover peer "failover-partner" {
     primary;
     address 10.89.100.152;
     peer address 10.89.100.153;
     peer port 647;
     max-response-delay 60;
     max-unacked-updates 10;
     mclt 3600;
     split 128;
     load balance max seconds 3;
}

subnet 10.89.130.0 netmask 255.255.255.0 {
    option domain-name-servers 10.89.100.152;
    option routers 10.89.130.1;
    pool {
        failover peer "failover-partner";
        range 10.89.130.10 10.89.130.254;
    }
}


Many thanks for your reply,I was waiting for any help for ages.

Please find below some on my DHCP.conf, they are for 3 Vlans out of over 200.

Primary:

    log-facility local7;
    authoritative;
    ddns-update-style none;
    
    failover peer "dhcpfo" {
    primary; # declare this to be the primary server
    address 172.16.1.11;
      port 647;
    # port 847;
    #port 519;
    peer address 172.16.1.20;
     peer port 647;
    # peer port 847;
    # peer port 520;
    max-response-delay 30;
    max-unacked-updates 10;
    load balance max seconds 3;
    mclt 3600;
    split 128;
    }
    
    
    subnet 172.16.1.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 172.16.1.255;
    option routers 172.16.1.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 172.16.1.51 172.16.1.245;
    
    }
    }
    
    #---------------------------------------------------------------------
    
    
    subnet 192.168.2.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.2.255;
    option routers 192.168.2.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 192.168.2.51 192.168.2.245;
    
    }
    }
    
    #----------------------------------------------------------------
    
    
    subnet 192.168.3.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.3.255;
    option routers 192.168.3.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 192.168.3.51 192.168.3.245;
    
    }
    }

SECONDARY:

    log-facility local7;
    authoritative;
    ddns-update-style none;
    
    failover peer "dhcpfo" {
    secondary; # declare this to be the secondary server
    address 172.16.1.20;
      port 647;
    #port 847;
    #port 520;
    peer address 172.16.1.11;
     peer port 647;
    #peer port 847;
    # peer port 519;
    max-response-delay 30;
    max-unacked-updates 10;
    load balance max seconds 3;
    
    }
    
    subnet 172.16.1.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 172.16.1.255;
    option routers 172.16.1.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 172.16.1.51 172.16.1.245;
    
    }
    }
    
    #---------------------------------------------------------------------
    
    subnet 192.168.2.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.2.255;
    option routers 192.168.2.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 192.168.2.51 192.168.2.245;
    
    }
    }
    
    #----------------------------------------------------------------
    
    
    subnet 192.168.3.0 netmask 255.255.255.0 {
    #                 option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.3.255;
    option routers 192.168.3.250;
    option domain-name-servers 192.168.xxx.xx;
    # option domain-name-servers 192.168.xxx.xx;
    option domain-name "xxxxx.com";
    
    pool {
    failover peer "dhcpfo";
    deny dynamic bootp clients;
    default-lease-time 14400;
    max-lease-time 36000;
    range 192.168.3.51 192.168.3.245;
    
    }
    }


I just wanted to make sure that my config is right, so that if one of the servers goes down the other one would carry on with the job.
Many thanks
Madona

答案3

您的节看起来不错。格式与 dhcp 标准站点中的示例和我借用的示例略有不同。但如果配置在解析时通过,那么我猜它只是格式化。

您是否已将 DHCP 添加到上游路由器以提供 DHCP 辅助服务?

这是许多人都会犯的一个错误... 你必须列出两者。如果第一个列出的 IP 已启动且显示 mac(也就是说不知道服务是否正确或正在运行),它会将广播转发到第一个列出的 IP。

翻转您的助手顺序。然后查看哪一个在列表中排在第一位,并且显示租赁。

相关内容