Sunday, December 2, 2018

DHCP Fail-over Implementation Windows Server 2012R2



DHCP Fail-over Implementation Windows Server 2012R2

This article is about DHCP Fail-over implementation on Windows Server 2012R2, by the time I publish this blog Microsoft launched windows server 2016 and 2019 Technical preview but I would like to share this for those who are still with 2012R2 and planning for DHCP Fail-over implementation.
Microsoft introduced this feature in windows 2012 to make the DHCP service reliable and redundant.

I will take you all through the best practices to be followed and the detailed implementation plan, also i would like to flag the limitations in DHCP Fail-over scope option replication in W2K12 and its solution provided by Microsoft.

Anyway the limitation which we are going to talk about is rectified in windows server 2016 release


Document Scope


This document is focusing more on the limitation of DHCP Failover replication and its solution in Windows server 2012 platform; however an overview of the failover feature and its installation and configuration which has been performed on a demo site is covered here in the first half of this document.

Recommended to read the reference links provided in this document before installing it in production environment as the content may amend time to time by Microsoft.


Introduction


DHCP is one of the critical components of an IT environment today. Ensuring its continuous availability is one of the top priorities of any IT administration. In Windows Server 2012, DHCP server can be configured to provide high availability by pairing two DHCP servers in a failover relationship. Two DHCP servers in a failover relationship synchronize the IP address lease information on a continual basis there by keeping their respective databases up-to-date with client information and in sync with each other

DHCP Server Failover Feature

The DHCP failover feature can be used in two relationship modes:

Load Balance (Active-Active): Two independent DHCP servers share the responsibility for servicing clients in a scope or a set of scopes as per a configured load balance ratio. In case anyone of the servers fails the other assumes the complete responsibility for servicing the clients.

Load balancing in a single site with a single subnet

Load balancing in a single site with multiple subnets





Hot Standby (Active-Passive): A DHCP server can be designated as a standby server for a primary DHCP server. The standby server assumes the load in case primary server goes down.
Hot Standby in a multi-Site infrastructure


Hot Standby in a single site infrastructure



Both these modes increase the redundancy of DHCP service in the network and make it more fault-tolerant. This fail-over feature can be used in different topologies like hub and spoke topology or ring topology.
Note: But if the user makes any changes in any property/configuration (e.g. add/remove option values, reservation) of a failover scope, he/she needs to ensure that it is replicated to the failover server.

Due to these limitations in DHCP Fail-over replication, it is preferred to use Hot stand-by mode in both single and multi-site environment.

Solution: DHCP Failover Auto Config Sync (DFACS) which will be explained later in this document.

The DHCP Failover feature has been explained in greater detail on http://technet.microsoft.com/en-us/library/hh831385.aspx



DHCP Fail-over Implementation

Pre-requisites

1)  Ensure that a valid recent full backup of the server is available.

2)  Take a backup of DHCP Configurations on the existing server.

3)  Identify a server to configure DHCP standby partner server.

4)  Check the WDS roll is installed on the proposed DHCP standby server  (If yes make sure                     that the port 67 is checked in the WDS

5)  Ensure that the TCP port 647 is open in the firewall of both servers in the DHCP failover                     relationship.

If TCP port 647 is blocked, create an inbound and outbound firewall rule to allow the connection. (If it is a multisite environment make sure that TCP port 647 is opened in layer3 devices/Firewalls)

6)  Ensure that the clocks on both servers are synchronized to within one minute (Check NTP server’s info)

7)  Check existing DHCP server will update dynamic DNS records, if so new and existing DHCP server should use the same credentials

           Ex: Service account – “DHCPConfig” (Verify the password)

8)  If DHCP Failover partner is configure in hot-standby mode ensure each scope is having enough IP addresses to reserve 5-10% for the partner server.

Open DHCP manager à Navigate to the scopes configured under ipv4 à Right click on the scopes which are going to add to the failover à click “Display Statistics”.

The output will be shown as below

a) Scope – Example scope 1
IP Range – 10.20.0.0/22 (255.255.252.0)
Description,Details
Total Addresses819
In Use,479 (58%)
Available,340 (41%)

b) Scope – Example scope 2

IP Range – 10.20.4.0/24 (255.255.255.0)
Description,Details
Total Addresses,244
In Use,42(17%)
Available,202(82%)

09) The maximum number of fail-over relationships for either DHCP server

The local/partner server already has 31 (maximum allowed) fail-over relationships. A server cannot have more than 31 fail-over relationships.

10) The operating system on the fail-over partner server

The version of specified DHCP server does not support fail-over.

11) Are scopes already present on the fail-over partner server
Following scopes already exist on the specified partner server. These scope(s) will need to be deleted on the partner server before configuring fail-over

For detailed considerations and pre-requisites, please refer the links below

  https://sjohnonline.blogspot.com/2018/12/in-this-article-i-am-sharing-detailed.html




Implementation Plan


DHCP Role installation on partner server

1) Login to server (Proposed DHCP standby server) with domain admin credentials

2) Install DHCP service role on the proposed DHCP standby server but not installed with WDS role.

3) On Server Manager à under Configure this local server à click Add Roles and Features.

4) In the Add Roles and Features Wizard à click Next three times, and then on the Select server roles page select the DHCP Server checkbox.

When you are prompted to add required features àclick Add Features.

5) Click next three times and then click Install.

6) Wait for the installation process to complete.

7) On the Authorization screen of the DHCP Post-Install Configuration wizard, select the appropriate option for selecting a user with domain admin rights. This is required to authorize the server. When done, click Commit.

Configure DHCP failover

1)  Open the DHCP console from Existing DHCP Server

Expand IPv4
Right-click on IPV4 from the left column and select Configure Failover
Select all scopes

2)  Click Add Server to add the partner server and add the Proposed DHCP Standby server as DHCP partner server, then click next

3)  Give a valid failover relation name “servername1 – servername2 Failover “

4)  Maximum client lead time set it as 1 hour (Default value)

5)   Select the failover mode as "Hot Standby", then specify the role of partner server as "Standby"

6)  Enter the address reservation for standby server (As per the total address availability in each scope)

7)  State Switchover interval set to 60 minutes (Default)

8) Enable message authentication and enter the shared secret, then click next and finish

9) Check if all the jobs are completed successfully


Configure IP Helper (On a Layer 3 device)

As the routers block broadcast by default and DHCP Uses broadcast for the IP leasing mechanism, If your infrastructure is having multiple subnet and each subnet that does not have its own DHCP server then will need to be configured with a IP helper address on the router or layer 3 device to direct DHCP broadcast request to the DHCP Server.



1)  Login to the core switch “IP addresss” by entering the admin credentials

2)  Take the backup of switch

3)  Add standby DHCP Server’s IP address as secondary IP helper address to the Vlan’s which are already configured with IP Helper address.

For HP Layer 3 switches (Follow the below commands)

#vlan 105
#name "example1"
#untagged A12
#ip helper-address 10.20.0.10 ! Primary DHCP Server
#ip helper-address 10.20.0.11 ! Standby DHCP Server
#ip address 10.20.4.1 255.255.255.0
 #tagged A1,A3,A5,A24,B18-B20,C1-C2,C4,C6,C13-C24,D1,D13-D24
#ipigmp
Exit


For Cisco Switches

interface vlan123
descsvi for vl123 dhcp relay example
ip address 10.20.4.1
ip helper-address 10.20.0.10 ! Primary DHCP server
ip helper-address 10.20.0.11 ! Secondary DHCP server

4) Repeat step 3 for all the other Vlan’s

vlan 110 - name "example2"
vlan 115 - name "example3"
vlan 160 -  name "exampl34"

5)  Copy the changes to startup config
6)  Take the backup of Running & startup config and save it in a secure location.

#Copy running configtftp
#Copy startup configtftp

If you are using any other layer 3 device, use your vendor guide and check how to configure IP Helper.

Post Implementation Checks

1)  Right-click on Scope on the left column and select Properties, then open Failover tab

Review the failover configuration status of the main server - Role of this server should be "Active"

2)  Repeat the operation on the partner server

Review the failover configuration status of the partner server - Role of this server should be "Standby"

3) Failover the server in out of office hours and check whether the clients are getting new IP address.

Rollback Plan


1) Go to the primary server.

Right click IPV4 hit properties.
Go to failover tab.
Select server pair and hit delete.

2) Remove the DHCP role from replica server

3) Revert the IP helper configuration.

Limitations of DHCP Failover in windows Server 2012R2



1)  If a new scope is added to the primary server this needs to be added manually to the failover relations

2)  If the scope and its option modified this need to be manually replicate to the partner server, (Sync can be automated using script and scheduled task.)

3)  If we are using scripted sync, it will synchronize the database in only one direction either Primary - Partner vice versa

4)   This has been rectified in windows server 2016 editions, if you’ve windows 2016 the below steps can be ignored (Please refer Microsoft documentation and verify it)

Please refer the below link for installation and configurations of DHCP failover in detail.

Refer:  https://sjohnonline.blogspot.com/2018/12/in-this-article-i-am-sharing-detailed.html

Using DHCP Failover Auto Config Sync

DHCP Failover on windows Server 2012 is a good alternative for DHCP in a Windows failover cluster and Split scope DHCP. But If the user makes any changes in any property/configuration (e.g. add/remove option values, reservation) of a failover scope, he/she needs to ensure that it is replicated to the failover server. Windows Server 2012 provides functionality for performing this replication using DHCP MMC as well as PowerShell. But these require initiation by the user. This requirement for explicitly initiating replication of scope configuration can be avoided by using a tool which automates this task of replicating configuration changes on the failover server. DHCP Failover Auto Config Sync (DFACS) is a PowerShell based tool which automates the synchronization of configuration changes. This document is a guide to using DFACS.

We will see how to configure DHCP Failover Auto Config Sync (DFACS) in the next article.


Hope this article helped you to setup a DHCP Failover in your infrastructure.

Cheers😃


Posted by at
Labels: , , , , ,

1 comment:

Subscribe to: Post Comments (Atom)