Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP Failover and CARP

    Scheduled Pinned Locked Moved
    DHCP and DNS
    dhcp carp high-avail
    1
    2
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      howa_it
      last edited by

      I have a HA setup with the one physical SG-2440 device and 1 pfSense VM. I'm successfully replicating info via a High Availability SYNC interface and settings changes are being synced without issue. I have tested failover and the CARP status moves cleanly between MASTER and BACKUP on both devices based on availability.

      I have VLANs and each VLAN has a virtual IP that I advertise to my clients as a gateway and each pfSense successfully communicates over that VIP.

      My question is about DHCP and failover. In the "Services ->DHCP Server-> Other Options" area I set the VIP for each VLAN as the gateway and the "Failover peer IP" as the IP address of the other pfSense device.

      With this setup each device starts the DHCPd service, recognizes the other device, sets their status to 'normal' and responds to DHCP requests. Then, about every 90 seconds, each node goes into 'communications-interrupted' eventually returns to 'normal' and then goes back to 'communications-interrupted'
      Logs don't show anything useful.

      Aug  1 11:49:07 DEVICE-02 dhcpd: failover peer dhcp_opt4: peer moves from normal to communications-interrupted
Aug  1 11:49:07 DEVICE-02 dhcpd: failover peer dhcp_opt4: I move from communications-interrupted to normal
Aug  1 11:49:07 DEVICE-02 dhcpd: balancing pool 80131c3c0 192.168.x.x/24  total 21  free 10  backup 11  lts 0  max-own (+/-)2
Aug  1 11:49:07 DEVICE-02 dhcpd: balanced pool 80131c3c0 192.168.x.x/24  total 21 free 10  backup 11  lts 0  max-misbal 3
Aug  1 11:49:07 DEVICE-02 dhcpd: failover peer dhcp_opt4: peer moves from communications-interrupted to normal
Aug  1 11:49:07 DEVICE-02 dhcpd: failover peer dhcp_opt4: Both servers normal
Aug  1 11:49:12 DEVICE-02 dhcpd: failover peer dhcp_opt3: peer moves from normal to communications-interrupted

      Example (I do this for multiple VLANs with different IPs)
      LAN VIP 10.0.0.1 (Advertising Frequency BASE/SKEW set to 1/0 for MASTER and 1/100 for BACKUP)
      LAN CARP MASTER Interface IP 10.0.0.2
      LAN CARP BACKUP Interface IP 10.0.0.3
      DHCP Server Gateway IP (Both devices) 10.0.0.1
      Failover Peer IP (CARP MASTER device) 10.0.0.3
      Failover Peer IP (CARP BACKUP device) 10.0.0.2

      Removing the Failover Peer IP addresses from the DHCP Server area results in the DHCP server on the MASTER device assigning leases like normal.
      Checking the "Status -> DHCP Leases" page shows the same leases on both devices so data is being synced via the sync interface.

      I also tried creating floating rules allowing all traffic between the MASTER and BACKUP interface IPs (for DHCPd failover ports 519/tcp and 520/tcp are used) but I didn't see any positive results.

      My questions are:

      1. Since I'm using CARP IPs and a High Availability Sync setup do I need to also use the DHCP Server -> Failover Peer IP address settings? Do these settings conflict with each other?
      2. If I don't have any Failover Peer IP addresses and the MASTER or BACKUP device goes down will clients still be able to interface with the CARP Gateway VIP address and receive leases?

      My thought is that I'm duplicating functionality and that's somehow causing issues but any advice would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • H
        howa_it
        last edited by

        After running for the last week I haven't had any issues with not having a failover DHCP server defined.

        Each firewall takes over their duties as expected when their partner isn't available.

        I would like to get some final confirmation though; if anyone has been through this (CARP + DHCP server failover) please tell me if my setup seems strange.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post