DHCP 雙機的BUG嗎?
有誰用RedHat Linux AS 5 做過DHCP的雙機熱備. 是已經穩定運行的. 能給個配置文檔嗎?
要求兩台機器機上地址池是相同的~採用dhcp的Failover協議
我在實際操作過程中.遇見了這樣一個問題.當一台DHCP 伺服器Down時. 別一台伺服器是起了作用. 而且客戶端也能分到地址,但是當客戶端用ipconfig /release 釋放地址之後就會獲得一個新的IP,直到地址池耗盡不能在分到IP.試過了改很多東西都不靈. 有人做過這東西嗎? 網通和電信的DHCP又是怎麼做的呢. 不能就一台吧. 還是有專門開發的軟體. 有高人賜教嗎?
《解決方案》
回復 #1 summer820228 的帖子
將目前工作的進展以及出現問題時的日誌具體發上來,以便大家幫你分析
《解決方案》
Introduction
This tutorial will walk you through setting up DHCP fail over on CentOS 5.1 using the default ISC dhcp server, this can easily be adapted to any other Linux distro out there. You will most likely need Failover in environments where network down time can not be tolerated. My home is running a DLNA setup so I need my devices to be able to obtain network parameters at all times. Since DHCP and DNS often go hand in hand i will be configuring a local DNS server which allows for dynamic updates, such that hostnames will be automatically updated to DNS when ever a lease is granted to a client. My configuration with use the following please substitute to reflect your own network. ·
Domain name - home.topdog-software.com ·
Network - 192.168.1.0/24 ·
DHCP servers - 192.168.1.2,192.168.1.3 ·
Gateway - 192.168.1.254 ·
DNS servers - 192.168.1.2,192.168.1.3 Install required Packages
·
DHCP # yum install dhcp -y
·
DNS # yum install bind bind-chroot caching-nameserver -y
·
NTP # yum install ntp -y
ConfigurationDHCP
Backup your original config on the Master 192.168.1.2: # cp /etc/dhcpd.conf /etc/dhcpd.conf.orig
Edit the DHCP configuration /etc/dhcpd.conf on the master 192.168.1.2 and add the following, read the comments to understand the options: authoritative;
# server is authoritativeoption domain-name "home.topdog-software.com";
# the domain name issuedoption domain-name-servers 192.168.1.2,192.168.1.3;
# name servers issuedoption netbios-name-servers 192.168.1.2;
# netbios serversallow booting;
# allow for booting over the networkallow bootp;
# allow for bootingnext-server 192.168.1.2;
# TFTP server for bootingfilename "pxelinux.0";
# kernel for network bootingddns-update-style interim;
# setup dynamic DNS updatesddns-updates on;ddns-domainname "home.topdog-software.com";
# domain name for DDNS updateskey rndckey {
algorithm
hmac-md5;
secret
"xxxxxxxxxx";
# get from the /etc/rndc.key file}zone home.topdog-software.com
# forward zone to update{
primary 127.0.0.1;
# update on the local machine
key rndckey;
# key to use for the update}zone 1.168.192.in-addr.arpa
# reverse zone to update{
primary 127.0.0.1;
# update on the local machine
key rndckey;
# key for update}failover peer "home-net" {
# fail over configuration
primary;
# This is the primary
address 192.168.1.2;
# primarys ip address
port 647;
peer address 192.168.1.3;
# peer's ip address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;}subnet 192.168.1.0 netmask 255.255.255.0
# zone to issue addresses from{
pool {
failover peer "home-net";
# pool for dhcp leases with failover bootp not allowed
deny dynamic bootp clients;
option routers 192.168.1.254;
range 192.168.1.25 192.168.1.50;
}
pool {
# accomodate our bootp clients here no replication and failover
option routers 192.168.1.254;
range 192.168.1.51 192.168.1.55;
}
allow unknown-clients;
ignore client-updates;}
Back up your original config on the Slave 192.168.1.3: # cp /etc/dhcpd.conf /etc/dhcpd.conf.orig
Edit the DHCP configuration /etc/dhcpd.conf on the slave 192.168.1.3 and add the following, read the comments to understand the options: authoritative;
# server is authoritativeoption domain-name "home.topdog-software.com";
# the domain name issuedoption domain-name-servers 192.168.1.2,192.168.1.3;
# name servers issuedoption netbios-name-servers 192.168.1.2;
# netbios serversallow booting;
# allow for booting over the networkallow bootp;
# allow for bootingnext-server 192.168.1.2;
# TFTP server for bootingfilename "pxelinux.0";
# kernel for network bootingddns-update-style interim;
# setup dynamic DNS updatesddns-updates on;ddns-domainname "home.topdog-software.com";
# domain name for DDNS updateskey rndckey {
algorithm
hmac-md5;
secret
"xxxxxxxxxx";
# get from the /etc/rndc.key file on the master}zone home.topdog-software.com
# forward zone to update{
primary 192.168.1.2;
# update on the local machine
key rndckey;
# key to use for the update}zone 1.168.192.in-addr.arpa
# reverse zone to update{
primary 192.168.1.2;
# update on the local machine
key rndckey;
# key for update}failover peer "home-net" {
# fail over configuration
secondary;
# This is the secondary
address 192.168.1.3;
# our ip address
port 647;
peer address 192.168.1.2;
# primary's ip address
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
load balance max seconds 3;}subnet 192.168.1.0 netmask 255.255.255.0
# zone to issue addresses from{
pool {
failover peer "home-net";
# pool for dhcp leases with failover bootp not allowed
deny dynamic bootp clients;
option routers 192.168.1.254;
range 192.168.1.25 192.168.1.50;
}
pool {
# accomodate our bootp clients here no replication and failover
option routers 192.168.1.254;
range 192.168.1.51 192.168.1.55;
}
allow unknown-clients;
ignore client-updates;}
DNS
Back up the the Bind configuration on the master: # cp /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.caching-nameserver.conf.orig
Edit the configuration to reflect the config below. options {
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source
port 53;
query-source-v6 port 53;
allow-query
{ localhost; localnets; };};include "/etc/rndc.key";include "/etc/named.rfc1912.zones";zone "home.topdog-software.com" {
type master;
file "data/home.topdog-software.com.hosts";
allow-transfer { 192.168.1.3; };
allow-update { key "rndckey"; };
allow-query { any; };};zone "1.168.192.in-addr.arpa" {
type master;
file "data/1.168.192.in-addr.arpa.hosts";
allow-transfer { 192.168.1.3; };
allow-update { key "rndckey"; };
allow-query { any; };};
Back up the the Bind configuration on the slave: # cp /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.caching-nameserver.conf.orig
Edit the configuration to reflect the config below. options {
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source
port 53;
query-source-v6 port 53;
allow-query
{ localhost; localnets; };};include "/etc/rndc.key";include "/etc/named.rfc1912.zones";zone "home.topdog-software.com" {
type slave;
masters { 192.168.1.2; };
file "data/home.topdog-software.com.hosts";};zone "1.168.192.in-addr.arpa" {
type slave;
masters { 192.168.1.2; };
file "data/1.168.192.in-addr.arpa.hosts";};
Create the zone files on the master ·
/var/named/chroot/var/named/data/home.topdog-software.com.hosts ·
$ORIGIN .·
$TTL 38400 ·
home.topdog-software.com IN SOA ns1.home.topdog-software.com. andrew.topdog.za.net. (·
2008061629 ; serial·
10800
; refresh (3 hours)·
3600
; retry (1 hour)·
604800
; expire (1 week)·
38400
; minimum (10 hours 40 minutes)·
)·
NS
ns1.home.topdog-software.com.·
NS
ns2.home.topdog-software.com.·
ns1
IN
A 192.168.1.2·
ns2
IN
A 192.168.1.3
·
/var/named/chroot/var/named/data/1.168.192.in-addr.arpa.hosts ·
$ORIGIN .·
$TTL 38400
; 10 hours 40 minutes·
1.168.192.in-addr.arpa
IN SOA
ns1.home.topdog-software.com. andrew.topdog.za.net. (·
2008061644 ; serial·
10800
; refresh (3 hours)·
3600
; retry (1 hour)·
604800
; expire (1 week)·
38400
; minimum (10 hours 40 minutes)·
)·
NS
ns1.home.topdog-software.com.·
NS
ns2.home.topdog-software.com.·
2
IN
PTR ns1.home.topdog-software.com.·
3
IN
PTR ns2.home.topdog-software.com.
NTP
NTP is required because the two DHCP servers need to be in sync for fail over as well as DDNS to take place. You can run a full fledged NTP server if you want, i will only provide you with instructions on using cron to sync NTP to an external NTP server every hour. You need to do this on BOTH servers. ·
create a file /etc/cron.hourly/timesync and add the following: ·
#!/bin/bash·
#·
ntpdate -s 0.rhel.pool.ntp.org
·
make the file executable and run it for the first time: # /etc/cron.hourly/timesync
Finally
Well we are done, let's fire up the services and begin testing. ·
on the master: # service named start
# service dhcpd start
·
on the slave: # service named start
# service dhcpd start
You should see the following in your logs on the master: Jun 16 13:58:56 kudusoft dhcpd: failover peer home-net: I move from recover to startupJun 16 13:58:56 kudusoft dhcpd: dhcpd startup succeededJun 16 13:58:56 kudusoft dhcpd: failover peer home-net: I move from startup to recoverJun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer moves from unknown-state to recoverJun 16 13:59:12 kudusoft dhcpd: failover peer home-net: requesting full update from peerJun 16 13:59:12 kudusoft dhcpd: Sent update request all message to home-netJun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer moves from recover to recoverJun 16 13:59:12 kudusoft dhcpd: failover peer home-net: requesting full update from peerJun 16 13:59:12 kudusoft dhcpd: Update request all from home-net: sending updateJun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer update completed.Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: I move from recover to recover-doneJun 16 13:59:13 kudusoft dhcpd: Sent update done message to home-netJun 16 13:59:13 kudusoft dhcpd: failover peer home-net: peer moves from recover to recover-doneJun 16 13:59:13 kudusoft dhcpd: failover peer home-net: I move from recover-done to normalJun 16 13:59:13 kudusoft dhcpd: failover peer home-net: peer moves from recover-done to normalJun 16 13:59:14 kudusoft dhcpd: pool 914eb10 192.168.1/24 total 26
free 25
backup 0
lts -12Jun 16 13:59:14 kudusoft dhcpd: pool 914eb10 192.168.1/24
total 26
free 25
backup 0
lts 12
And on the slave: Jun 16 13:59:12 shaka dhcpd: Sending on
Socket/fallback/fallback-netJun 16 13:59:12 shaka dhcpd: failover peer home-net: I move from recover to startupJun 16 13:59:12 shaka dhcpd: failover peer home-net: peer moves from unknown-state to recoverJun 16 13:59:12 shaka dhcpd: dhcpd startup succeededJun 16 13:59:12 shaka dhcpd: failover peer home-net: requesting full update from peerJun 16 13:59:12 shaka dhcpd: failover peer home-net: I move from startup to recoverJun 16 13:59:12 shaka dhcpd: Sent update request all message to home-netJun 16 13:59:12 shaka dhcpd: Sent update done message to home-netJun 16 13:59:12 shaka dhcpd: Update request all from home-net: nothing pendingJun 16 13:59:12 shaka dhcpd: failover peer home-net: peer moves from recover to recover-doneJun 16 13:59:14 shaka dhcpd: failover peer home-net: peer update completed.Jun 16 13:59:14 shaka dhcpd: failover peer home-net: I move from recover to recover-doneJun 16 13:59:14 shaka dhcpd: failover peer home-net: peer moves from recover-done to normalJun 16 13:59:14 shaka dhcpd: failover peer home-net: I move from recover-done to normalJun 16 13:59:14 shaka dhcpd: pool 9d78ad8 192.168.1/24 total 26
free 25
backup 0
lts 12Jun 16 13:59:14 shaka dhcpd: pool response: 12 leases
《解決方案》
謝謝二三樓的回復
請問三樓的哥們,這是你們單位現在所用的嗎? 您試過嗎?
我的DHCP的做法和你給我發的文檔基本一樣, 兩台機器之間可以互交換信息的. 只不過是當一台DHCP掛了的時候. 如果用戶使用ipconfig /release 釋放地址之後就會獲得一個新的IP,直到地址池耗盡不能在分到IP. 我也不能期待用戶不用這個命令啊~~~ 呵呵.
《解決方案》
真的就沒人做過這東西嗎?
我不要從網上貼的~哪位高手幫幫忙~
《解決方案》
我做過,而且在3對伺服器上部署過,配置我有時間再發
建議你檢查一下tcp port,我記得好像兩邊是不一樣的
《解決方案》
另外,電信使用專業的dhcp設備,不是伺服器+linux+ISC dhcp做的
《解決方案》
port 647;
peer port 647;
您指的是這個埠嗎? 一樣的. 還有不一樣的我都試過. 效果是一樣的. 很迷茫~
能把你的配置發上來看一下嗎? 真的很急啊. 謝謝你了
《解決方案》
這是我斷掉主伺服器時備用伺服器的日誌.
Mar 27 18:34:50 Server2 dhcpd: timeout waiting for failover peer dhcp
Mar 27 18:34:50 Server2 dhcpd: peer dhcp: disconnected
Mar 27 18:34:50 Server2 dhcpd: failover peer dhcp: I move from normal to communications-interrupted
Mar 27 18:35:07 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:08 Server2 dhcpd: DHCPOFFER on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:08 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 (192.168.30.22) from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:08 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:10 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:10 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:16 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:16 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:19 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:19 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:26 Server2 dhcpd: DHCPRELEASE of 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1 (found)
Mar 27 18:35:31 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:32 Server2 dhcpd: DHCPOFFER on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:36 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:36 Server2 dhcpd: DHCPOFFER on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPOFFER on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPREQUEST for 10.102.129.6 (192.168.30.22) from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPACK on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:55 Server2 dhcpd: DHCPRELEASE of 10.102.129.6 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1 (found)
Mar 27 18:36:02 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1: peer holds all free leases
Mar 27 18:37:05 Server2 last message repeated 4 times
《解決方案》
這是dhcpd.lease文件的內容.
# All times in this file are in UTC (GMT), not your local timezone. This is
# not a bug, so please don't ask about it. There is no portable way to
# store leases in the local timezone, so please don't request this as a
# feature. If this is inconvenient or confusing to you, we sincerely
# apologize. Seriously, though - don't ask.
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-V3.0.5-RedHat
failover peer "dhcp" state {
my state communications-interrupted at 5 2009/03/27 10:34:50;
partner state normal at 5 2009/03/27 10:29:52;
mclt 3600;
}
lease 10.102.129.5 {
starts 5 2009/03/27 10:35:19;
ends 5 2009/03/27 10:35:26;
tstp 5 2009/03/27 19:35:19;
tsfp 5 2009/03/27 19:33:49;
cltt 5 2009/03/27 10:35:19;
binding state released;
next binding state free;
hardware ethernet 00:23:ae:0a:ca:b9;
uid "\001\000#\256\012\312\271";
}
lease 10.102.129.6 {
starts 5 2009/03/27 10:35:45;
ends 5 2009/03/27 10:35:55;
tstp 5 2009/03/27 17:05:45;
tsfp 5 2009/03/27 10:29:52;
cltt 5 2009/03/27 10:35:45;
binding state released;
next binding state free;
hardware ethernet 00:23:ae:0a:ca:b9;
uid "\001\000#\256\012\312\271";
}
failover peer "dhcp" state {
my state communications-interrupted at 5 2009/03/27 10:34:50;
partner state normal at 5 2009/03/27 10:29:52;
mclt 3600;
}
failover peer "dhcp" state {
my state communications-interrupted at 5 2009/03/27 10:34:50;
partner state normal at 5 2009/03/27 10:29:52;
mclt 3600;
}
