Pages

Search This Blog

Thursday, August 30, 2012

DHCP resiliency with Windows Server 2012 ; Awesome !!

DHCP is designed to reduce the administration burden and complexity of configuring hosts on a TCP/IP-based network, such as a private intranet. Using the DHCP Server service, the process of configuring TCP/IP on DHCP clients is automatic .

Windows Server 2008 R2 provided two mechanisms for DHCP server role resiliency , as follow :

DHCP in a Windows failover cluster. This option places the DHCP server in a cluster with an additional server configured with the DHCP service that assumes the load if the primary DHCP server fails. The clustering deployment option uses a single shared storage. This makes the storage a single point of failure (SPoF), and requires additional investment in redundancy for storage. In addition, clustering involves relatively complex setup and maintenance.

Split scope DHCP. Split scope DHCP uses two independent DHCP servers that share responsibility for a scope. Typically 70% of the addresses in the scope are assigned to the primary server and the remaining 30% are assigned to the backup server. If clients cannot reach the primary server then they can get an IP configuration from the secondary server. Split scope deployment does not provide IP address continuity and is unusable in scenarios where the scope is already running at high utilization of address space, which is very common with Internet Protocol version 4 (IPv4).

Although these mechanisms enhanced DHCP functionality some cons were attached to them  . Windows Server 2012 continues to provide DHCP resiliency while overcoming the challenges for Windows 2008 R2 mechanisms. The main goals are :

  • Provide DHCP service availability at all times on the enterprise network.
  • If a DHCP server is no longer reachable, the DHCP client is able to extend the lease on its current IP address by contacting another DHCP server on the enterprise network.

The DHCP server failover feature provides the ability to have two DHCP servers provide IP addresses and option configuration to the same subnet or scope, providing for continuous availability of DHCP service to clients. The two DHCP servers replicate lease information between them, allowing one server to assume responsibility for servicing of clients for the entire subnet when the other server is unavailable. It is also possible to configure failover in a load-balancing configuration with client requests distributed between the two servers in a failover relationship.

DHCP failover in Windows Server 2012 provides support for a maximum of two DHCP servers, and the failover relationship is limited to IPv4 scopes and subnets. Network nodes using Internet Protocol version 6 (IPv6) typically determine their own IPv6 address using stateless IP auto configuration. In this mode, the DHCP server delivers only the DHCP option configuration, and the server does not maintain any lease state information. A high availability deployment for stateless DHCPv6 is possible by simply setting up two servers with identical option configuration. Even in a stateful DHCPv6 deployment, the scopes do not run under high address utilization, which makes split scope a viable solution for high availability.

I think now you are saying “enough chit chat ,where is the interesting part ?” , “here it comes” Is my reply .

Lab setup :

In order to test Windows Server I have built a lab with the following :

  • A domain controller with IP = 10.10.10.10 hosts integrated DNS for my domain ( ITGuyDiaries.net )
  • 2 DHCP servers joined and authorized for my domain ( ITGuyDiaries.net )
    • DHCP-01 with IP = 10.10.10.11
    • DHCP-02 with IP = 10.10.10.12
  • Windows 8 , as a client for failover process test

DHCP failover creation procedure :

After setting my VMs, I have created IT Guy Corp. scope , as below ( Hosted on DHCP-02 )

image

  • Now to configure DHCP failover , right click on the scope and choose “Configure Failover

image

  • At Configure Failover introduction window , you can choose :
    1. To configure failover for all scopes on the current DHCP server
    2. Choose specific scopes to configure failover for it ( available after unchecking “select all” check box )

image

  • At Specify the partner server to use for failover :
    1. Add the second member of DHCP failover for the selected scope(s)
    2. If this DHCP server is member of an old failover , you can use it for the newly added scope(s)

image

  • At Create a new failover relationship window you have the following options :
    1. Relationship name : Generated automatically from based on DHCP servers hostnames
    2. Maximum client lead time (MCLT): Controls the time beyond the expiration of a lease given to a client. The maximum client lead time is transmitted to the secondary server to be sure the failover mechanism keeps working when a DHCP server gives a lease to a client but fails to transmit the information about the given lease to it’s replication partner.
    3. Mode : to chose failover mode for DHCP cluster , you can choose from :
      • Load Balance Mode: When the cluster is configured in Load Balance mode, this results in an active-active setup of the two DHCP Servers. You can also configure the ratio of load balancing the default is 1 : 1 ( 50 % for each )
      • Hot Standby Mode: When the cluster is configured in Hot Standby mode, only one DHCP server is used initially, if this server goes down, the Hot Standby is activated (Active-Passive). You can also configure role of the server to be Active or to be Standby and finally configure the reserved percentage from the scope(s) to be used by this server in case of active DHCP server failure .
    4. State Switchover Interval: A server that loses communication with a partner server transitions into a communication interrupted state. The loss of communication may be due to a network outage or the partner server may have gone offline. Since there is no way for the server to detect the reason for loss of communication with its partner, the server will continue to remain in communication interrupted state until the administrator manually changes the state to partner down. Alternatively, DHCP failover has a provision for automatic transition to partner down state based on a time out interval. This is a configurable element called the  state switchover interval.
    5. Shared Secret : Windows Server "8" Beta implements failover message authentication using the Secure Hash Algorithm 2 (SHA-2) cryptographic standard. By default, DHCP failover uses the SHA-256 algorithm.To configure message authentication, the DHCP failover setup wizard prompts the administrator to provide a shared secret. As part of the failover relationship creation, the failover setup wizard provisions the shared secret for message authentication to each of the servers in the failover relationship

For me , I will go with Load Balance Mode .

Load Balance Mode

Hot Standby Mode

image image

  • A summary for configuration , review and click Finish

image

  • Failover relationship is building ( all goes successfully )

image

  •  IT Guy Corp. scope is now in a failover load balance mode

image

  • Here is the failover status while DHCP-01 VM is pause

image

Here is the view from Windows 8 client where DHCP-02 initially provided the IP then it failed , so lease is maintained by DHCP-01 ( The replication partner )

Initial leased obtained from DHCP-02
[ 10.10.10.12 ]

Failover lease obtained from DHCP-01
[ 10.10.10.11 ]

imageNow , I am done . go and try it yourself ; it is awesome Winking smile image
Posted by at 1:05 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)