In the previous blog on DHCP Failover, we discussed the DHCP failover load balance mode where both DHCP servers respond to client requests and load balance the requests between them based on an admin specified load distribution ratio.
In the other mode of a failover relationship, known as the Hot-Standby mode (Active-Passive), only one of the servers actively leases IP addresses and option configuration to clients in given subnet(s)/scope(s) while the other server (standby) is passive. The standby server services the clients, only in event of active server being down. The clients fallback to the active server once the active server becomes available again post the outage.
The Load balance mode is more suited for single site deployment where the 2 DHCP servers in a failover relationship are co-located with the subnets/scopes being served by them. As the servers are in network proximity with the clients, the clients do not experience any latency while acquiring or renewing an IP address.
Hot-Standby mode is more suited for multi-site deployment topologies. Each site would have a local DHCP server which is configured to provide the DHCP service to the clients on the local network and DHCP server at a remote site would be standby server. In a normal state of operation, computers and devices on a given site receive IP addresses and other network configuration from the DHCP server located at the same site as the clients. However, in the event of the local DHCP server being down, the DHCP server from the remote site would provide the service to the clients.
You could choose to deploy hot standby mode in a single-site deployment also if you need to.
While configuring a failover relationship in Hot standby mode, there are 2 configuration parameters which are specific to the Hot Standby mode:
The role of a server participating in hot standby failover relation can be set to Active / standby server as part of new relationship configuration.
As discussed in the blog on Load balanced mode, the free IP address pool of a scope which is part of a failover relationship in Load Balance mode, will be apportioned in the configured load distribution percentage to enable both DHCP servers to respond to client requests for new IP addresses. However, in a hot standby failover mode, free IP address pool is owned by the Active server entirely as it is serving all the client requests. In the event of an outage of the active server, the standby server needs to be able to renew existing IP address leases as well as give out new IP address leases to clients who request a new lease. For the later scenario – leasing new IP addresses to clients, the standby server needs a free IP address pool available to it from which it can give out new leases. The standby server will take over the free IP address pool of the active server only after it transitions into Partner Down state from Communicated Interrupted state and a time period of MCLT (Maximum Client Lead Time) has expired. This is as per the DHCP failover protocol. To enable the standby server to serve new IP address leases to clients during this interim period - i.e. till it transitions to Partner Down and takes over the entire free IP address pool of a scope – a percentage of free IP address pool needs to be available to standby server. This can be provided by the configuration parameter – reserve address percentage.
The percentage of addresses reserved for the hot standby server can be configured for a failover relationship configured for hot standby mode. Free IP addresses in proportion to the percentage value configured would be assigned to the hot standby server. If address reserve percentage is set to 0, no addresses will be reserved for the hot standby server and new client leases cannot be granted by the hot standby server in case of outage of active server. The default value for reserve address percentage is 5%. Since the reserve address percentage is meant for an interim period as discussed above, the value chosen for it can typically be small (5-10%).
Figure 1: Creating a Failover Relation in Hot Standby Mode
A new failover Relationship can be configured for Hot-standby mode and even an existing relationship in load balancing mode can be converted to hot-standby mode and vice-versa.
Unlike the Load Balance mode, where the 2 DHCP servers compute a hash of the MAC address of the clients and decide whether to respond to the client or not, in hot standby mode, the servers do not compute hash of the MAC address of clients. The active server responds to all client requests and the standby server does not respond to any client requests at all while operating in NORMAL state. When active server goes down, the standby server transitions into Communication Interrupted state and starts responding to the clients. Once the active server is up, the standby server retreats into standby mode and stops responding to clients. This facilitates failback of the clients back to the active server.
If you do not specify the "state switchover interval" parameter, how do you instruct a server that the partner is down? Reading the documentation:
"Since there is no way for the server to detect the reason for loss of communication with its partner, the server will continue to remain in communication interrupted state until the administrator manually changes the state to partner down."
I don't see an option to manually change to partner down.
You can manually change the state of a server which is running in communication interrupted to partner down using DHCP MMC or DHCP PowerShell.
In MMC, go to IPv4->Properties, go to Failover tab, select the specific failover relationship and click edit. You will see "Change to partner down" button on the edit page. This button is enabled when the server is running in communication interrupted state.
In PowerShell, You can run the following command -
Set-DhcpServerv4Failover -ComputerName <servername> -Name <Failover relationship name> -PartnerDown
Again, this will work only if the server is in communication interrupted state.
Can we install this new DHCP Failover in 2 Windows server 2012 AD domain controller servers or it should be in two dedicated servers?
Hi Bashar, you can install it on 2 Windows Server 2012 AD domain controllers. There is no need for dedicated servers for DHCP Failover
Normally it was my best solution to put it together with the DC Role, but the Best Practices Analyzer had some failures if put the roles on same machine.
Or was this only for Srv 2008 ? technet.microsoft.com/.../ee941109(v=ws.10).aspx
There is no change in this regard - you can run DHCP and DC together. The BPA failure that you may be seeing is related to setting DNS credentials when running DC and DHCP together. See technet.microsoft.com/.../ee941181(v=ws.10).aspx
This is to ensure that dynamic DNS updates from DHCP server work fine.
Is it possible to configure One active and Two Hot Standby servers... ? One standby in same site and second standby in another site ?
Arvin, for a given scope(s) DHCP failover supports only 2 DHCP servers. If you require redundancy beyond 2 DHCP servers, you can use DHCP Failover in conjunction with Windows Failover cluster i.e. you can deploy DHCP server 1 on a Windows Failover cluster at site 1 and then configure DHCP Failover between DHCP server 1 to DHCP Server 2 at site 2 in hot standby mode.
Is it possible to have the Maximum Client Lead Time to 20 minutes and set State Switch over Interval to 60 minutes. From what I gather, after 60 mins the active server will be transition to a down state but since the MCLT is 20 mins... Will the standby DHCP server poll thrice in a hour before it takes over the scope. Thanks.
PSY, You can set MCLT to 20 minutes and state switch over to 60 minutes. When a server is unable to communicate with its partner DHCP server (which could be because the partner server is down or there is a network connectivity problem between the two), it will automatically transition to COMMUNICATION INTERRUPTED state. If state switch over is enabled, it will start a timer for the specified state switch over interval (in this case 60 minutes). During this time (state switch over interval), it will try repeatedly to establish contact with the partner DHCP server - every few seconds. If the server succeeds in re-establishing communication with partner DHCP server, the server transitions back to NORMAL state of the failover relationship. If even after expiry of the state switch over time, the server is not able to establish communication with partner DHCP server, it automatically moves to PARTNER DOWN state. After moving to PARTNER DOWN state, the server will start another timer for MCLT. On expiry of this timer, if it is still in PARTNER DOWN state, it will take over the portion of the free IP pool which was owned by the partner DHCP server. Even while in PARTNER DOWN state, the server will continue to make attempts to re-establish communication with partner server every few seconds. If communication with partner is re-established, it will transition out of PARTNER DOWN state and eventually moved back into NORMAL state.
Is it possible to have the failover server in another non-trusted domain?
DHCP Failover itself has no dependency on AD so the lease synchronization protocol itself would work fine between 2 DHCP servers in different AD domains without trust. However, you may run into issues while configuring since the user setting up failover
needs to be member of DHCP Administrators account on both the DHCP servers for which you are setting up failover.