Blogs‎ > ‎

DHCP load balancing / redundancy under OS X server

posted Oct 16, 2011, 2:50 AM by Ian Curtinsmith   [ updated Oct 16, 2011, 2:58 AM ]

How do I setup DHCP redundancy / load balancing so in the event of a Failure of one server the other one can do the job ?


There are a multiple ways to achieve this goal including setting up a 


* DHCP Cluster, see http://technet.microsoft.com/en-us/library/ee405263(WS.10).aspx

* DHCP split scope, see http://technet.microsoft.com/en-us/library/cc770535.aspx

* Use "failover peer" support in DHCP failover using  RFC 3074 http://tools.ietf.org/html/rfc3074


Yes I refered to microsoft above, get the info where it lies I say.


The easiest and cheapest solution that I would recommend is to setup a DHCP split scope. It does not require complex configurations or DHCP Cluster designs and you can do everything from the GUI with Apple OSX Server


Microsoft recommend a 80/20 rule for this, meaning one server distributes 80% of the DHCP pool and the other server distributes 20% of the DHCP pool.


My recommendation is a 100/100 rule ! Seriously why would you design your network so that in the event of a failure of the primary DHCP server only 20% of your machine can get on the network.  Internal IP ranges are free. It does not cost you any more to setup a 10.0.0.1/24 IP range as it does to setup a 10.0.0.1/23 or even a 10.0.0.1/8 network


What that means is rather than your network having 254 IP's that it can use, configure it to be able to use 510 IP's all the way up to 16,777,214 IP's :)


This is really simple to do. Just configure 2 different servers to provide 2 completely different but complimentary IP ranges on the same network.


That's it !


When a computer on the network requests an IP address, whichever is the first DHCP server to respond back provides the IP for that machine. If one Server is slow to respond or under load or has used all it's available IP pool or has failed, the other server's response will be used instead.


The catch here is to make sure that no matter what server responds back the computer requesting the info will be able to see the whole network. So each server MUST provide identical information in every way from DNS servers to Routers to DHCP Options, even reserved IP addresses. The only difference will be the DHCP pool address are different and will NOT use the same IP ranges in them.


An example of a small network


Lets pretend you have 100 computers / devices you want to provide an IP for at any one time on a network and have a small IP block free for server / printers etc.. that you want to be manually configure. We could use a 10.0.0.1/24 scope here


Router : 10.0.0.1

Subnet : 255.255.255.0

DHCP Server 1 : 10.0.0.2

DHCP Server 2 : 10.0.0.3

Servers / printers etc.. : 10.0.4 to 10.0.52

DHCP Pool for computers : 10.0.0.53 to 10.0.0.254


In the above network example just have DHCP Server 1 setup with a DHCP pool of 10.0.0.53 to 10.0.0.153 and DHCP Server 2 with a DHCP pool of 10.0.0.154 to 10.0.0.254. Keep the router and the DNS entries and name server etc.. the same


That's it.. Nice and simple


Now in a larger network you may want double that with the increase of wifi devices etc.. In most organisation's you would budget 4 IP's for every staff. Work phone, mobile phone, computer wifi and computer ethernet port all may ask for an IP at the same time.


There is no difference here as above except to extend the available IP range and make it a /23 and make it 200 IP ranges per server


Router : 10.0.0.1

Subnet : 255.255.254.0

DHCP Server 1 : 10.0.0.2

DHCP Server 2 : 10.0.0.3

Servers / printers : 10.0.4 to 10.0.53

Servers / printers : 10.1.1 to 10.1.53

DHCP Pool, 10.0.0.54 to 10.0.0.54 and 10.0.1.54 to 10.0.1.254 


In the above network example just have DHCP Server 1 setup with a DHCP pool of 10.0.0.54 to 10.0.0.254 and DHCP Server 2 with a DHCP pool of 10.0.1.54  to 10.0.1.254. 


Want to increase it more than 200 IP's ? No problems you can go all the way to a /8 if you want and give yourself 16,777,214 IP's to play with :)


Remember that if you are running a VPN server and it is providing an IP address in the same IP subnet, you will want to make sure that that IP range is not being distributed via either DHCP server


Generally you would setup your IP phones on your network to be under a different VLAN for QOS = Different IP range again. So you may want to deploy the same setup here as well


For more info on DHCP read 


http://en.wikipedia.org/wiki/Dhcp

http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xml

http://tools.ietf.org/html/rfc2132

http://manuals.info.apple.com/en_US/NetworkSvcs_v10.6.pdf



Comments