DHCP 高可用实践
本文不会包含
- 如何跟网工沟通,以及什么是 subnet,什么是 ip helper address
- 如何安装,或者编译安装 DHCP,以及 keepalived
- 如何启动 DHCP 以及 keepalived
DHCP 高可用实现要点
DHCP 高可用分为以下几个步骤实现,这里举一个实际的栗子:
- 确定使用 10.223.0.246 这个 IP 来接受 DHCP 请求
- 网络交换机正确配置
ip address helper 10.223.0.246(如若只有二层网络可以忽略这个配置) - DHCP 本身的 Failover 配置(实现 lease db 的自动同步)
- keepalived 的 VIP 配置
前两步需要与网工沟通后完成,服务器的配置写在本文的最后。
DHCP Failover
依赖声明:因为 DHCP failover 协议尚在 draft 阶段(draft-ietf-dhc-failover-07.txt),所以请至少使用 ISC-DHCP-4.1 及以上的版本,并且保持同一个 failover 集群下的 DHCP 版本一致,避免一些潜在的兼容性问题
# DHCP Primary | # DHCP Sencondary
|
ddns-update-style interim; | ddns-update-style interim;
log-facility local6; | log-facility local6;
authorized; | authorized;
ping-check true; | ping-check true;
ping-timeout 3; | ping-timeout 3;
default-lease-time 86400; | default-lease-time 86400;
max-lease-time 86400; | max-lease-time 86400;
|
failover peer "oob" { | failover peer "oob" {
primary; | secondary;
split 128; | # no split in secondary
mclt 3600; | mclt 3600;
address 10.223.0.244; | address 10.223.0.245;
port 647; | port 647;
peer address 10.223.0.245; | peer address 10.223.0.244;
peer port 647; | peer port 647;
max-response-delay 60; | max-response-delay 60;
max-unacked-updates 10; | max-unacked-updates 10;
load balance max seconds 3; | load balance max seconds 3;
} | }
|
|
|
subnet 10.223.0.0 netmask 255.255.240.0 { | subnet 10.223.0.0 netmask 255.255.240.0 {
option routers 10.223.0.247; | option routers 10.223.0.247;
option broadcast-address 10.223.15.255; | option broadcast-address 10.223.15.255;
option subnet-mask 255.255.240.0; | option subnet-mask 255.255.240.0;
|
pool { | pool {
failover peer "oob"; | failover peer "oob";
range 10.223.0.11 10.223.0.240; | range 10.223.0.11 10.223.0.240;
range 10.223.1.11 10.223.1.240; | range 10.223.1.11 10.223.1.240;
range 10.223.2.11 10.223.2.240; | range 10.223.2.11 10.223.2.240;
range 10.223.3.11 10.223.3.240; | range 10.223.3.11 10.223.3.240;
range 10.223.4.11 10.223.4.240; | range 10.223.4.11 10.223.4.240;
range 10.223.5.11 10.223.5.240; | range 10.223.5.11 10.223.5.240;
range 10.223.6.11 10.223.6.240; | range 10.223.6.11 10.223.6.240;
range 10.223.7.11 10.223.7.240; | range 10.223.7.11 10.223.7.240;
range 10.223.8.11 10.223.8.240; | range 10.223.8.11 10.223.8.240;
range 10.223.9.11 10.223.9.240; | range 10.223.9.11 10.223.9.240;
range 10.223.10.11 10.223.10.240; | range 10.223.10.11 10.223.10.240;
range 10.223.11.11 10.223.11.240; | range 10.223.11.11 10.223.11.240;
range 10.223.12.11 10.223.12.240; | range 10.223.12.11 10.223.12.240;
range 10.223.13.11 10.223.13.240; | range 10.223.13.11 10.223.13.240;
range 10.223.14.11 10.223.14.240; | range 10.223.14.11 10.223.14.240;
range 10.223.15.11 10.223.15.240; | range 10.223.15.11 10.223.15.240;
} | }
} | }
参考资料: man 5 dhcpd.conf
Keepalived
vrrp_instance VI_1 { | vrrp_instance VI_1 {
state MASTER | state MASTER
interface eth2 | interface eth2
virtual_router_id 51 | virtual_router_id 51
priority 99 | priority 90 # so this is backup server
advert_int 1 | advert_int 1
authentication { | authentication {
auth_type PASS | auth_type PASS
auth_pass 1111 | auth_pass 1111
} | }
virtual_ipaddress { | virtual_ipaddress {
10.223.0.246/32 | 10.223.0.246/32 # VIP
} | }
} | }
参考资料