The DHCP failover feature was introduced in Windows Server 2012. Prior to Server 2012, you had various options to implement fault tolerance for the DHCP server service, but they all had their drawbacks, and could not ensure DHCP server service availability at all times. With DHCP Failover, Microsoft’s goal is to change that, and ensure DHCP server service availability at all times. In this blog post we will quickly review the drawbacks of the earlier high availability methods for the DHCP service in Windows server, and then we will review and implement DHCP failover on 2012 R2 DHCP servers.
1. Earlier methods for implementing redundancy for the DHCP Service
1.1 Split Scopes
In this method, the IP address pool of a scope is split between two DHCP servers. Back in the days, this was called the 80/20 rule, because typically the primary server would be assigned 80% of the addresses in the scope, while the secondary server would be assigned 20% of the addresses.
The negative consequences of this method are that if one of the DHCP servers fail, you will have deficit in the number of available IP addresses on your network, until the failed server has been brought back online again, or been replaced with another DHCP server. It is possible to circumvent this problem, but the point is there is no automatic replication of lease information between the two servers, so the split scopes solution is not optimal.
1.2 Standby Server
This approach uses a hot standby DHCP server with scopes and options configured identically to the production DHCP server. In case of the production DHCP server failing, it requires manual intervention on the administrator’s part, to adequately replace the production server with the hot standby DHCP server.
1.3 Failover Cluster
High Availability is provided by configuring a failover cluster consisting of two or more nodes, where the DHCP database will reside on shared storage. So if one of the nodes fail, the DHCP database will automatically be moved to another node, in a process called failover. This method adds complexity in the form of requirement for the failover clustering feature and shared storage. Also, if you want redundancy on the shared storage, you will have to implement that separately.
You can of course still utilize all of these methods in Server 2012 R2 if you want.
2. DHCP Failover
As mentioned earlier, this feature was introduced in Windows Server 2012. You can create redundancy on scope level by configuring two DHCP servers to provide leases from the same pool of addresses. The two servers then replicate lease information between them, which enables one server to assume responsibility for providing leases to all clients on the subnet when the other server is unavailable. This ensures a higher degree of fault tolerance than the aforementioned methods.
The limitations of DHCP failover is that it only supports IPv4 scopes, and each scope can be set up for failover between maximum two DHCP servers only. Not supporting IPv6 is not such of a big limitation, since more often than not, IPv6 DHCP servers are used to service only the DHCP options configuration.
DHCP failover can be implemented in two different configurations;
This is the default configuration, leases are issued from both servers equally. This configuration does not only ensure high availability, but it also, as the name suggests, provides load balancing for a particular scope. Keep in mind, in certain scenarios, latency might occur when clients try to acquire or renew an IP address, in this failover mode. Such as in multi-site deployment topologies, where clients might be in Site A, while DHCP server 1 and 2, might be in Site B and Site C respectively.
Leases are issued only from the primary server, but continuously replicated to the hot standby server. When the primary server fails, the hot standby server will start issuing leases. Since failover is implemented at the scope level, you can configure a DHCP server as the primary server for one scope, and as the secondary server for another one.
3. Implementing DHCP Failover through GUI
3.1 You will have to install the DHCP Server role on the servers you are going to implement DHCP failover on. Which is a straightforward process in Server 2012 R2, since no configuration is made during the installation of the role. You only need to authorize the server, after installing the DHCP server role, which is also performed in Server Manager.
3.2 Since DHCP failover is implemented at scope level, you will have to create and configure scopes first. Only on one server of course.
3.3 Then you are ready to implement DHCP failover. Right-click a particular scope, or right-click the IPv4 node, and select Configure Failover. Former will let you configure failover for a particular scope, while latter will let you configure failover for any or all scopes.
3.4 Select one or more scopes, click Next
3.5 You can add partner server by typing the host name or IP address of it, by selecting a server you already have a failover relationship with, or you can click on Add Server to select from a list of authorized DHCP Servers. Which is what I did.
3.6 Select a server, then click ok and Next.
3.7 You will be told to create a new failover relationship. This relationship will not only pertain to the scope, but it will be created between the two servers. Meaning even if you remove the scope from the relationship later on, the relationship itself will remain, with all of the settings you define here. You can freely reuse this relationship between the two servers on other scopes later on. You are also free to create more than one relationship between two servers.
The configuration options here are as follows;
Give the failover relationship a friendly name.
Maximum Client Lead Time
Defines the maximum amount of time that one server can extend a DHCP lease for a client beyond the time known by the failover server. This time also determines how long the active server waits with its partner offline before assuming total control of the DHCP scope.
Load Balance will create an active/active configuration, while Hot Standby will create an active/passive configuration.
The percentage of DHCP client requests that will be serviced by each DHCP server, in the active/active relationship.
State Switchover Interval
The active DHCP server will automatically place its partner into a partner-down state when it can’t communicate with it for the specified amount of time. If this setting is disabled, an administrator must manually tell DHCP Failover that a server is in a partner-down state. Either through the GUI (DHCP management console) or Powershell. You can only change to partner down state, if the communication has been interrupted between the two servers. If the DHCP Server service notices that the communication is in fact intact, you will not be able to change to partner down state.
Enable Message Authentication
Enables authentication of the failover replication traffic between partners. What this basically does is to secure communications between failover partners.
If you have selected the Enable Message Authentication check box, then you will need to specify a password here for authentication of traffic.
If you select the hot-standby mode, you can select the Role of Partner Server, and what percentage of the IP addresses of the scope will be reserved for standby server. The hot standby server will use these addresses to service new clients after the primary server goes down, during the time interval before the standby server assumes control over the entire IP address range of a scope. Remember, in the hot-standby mode, both servers can obviously not be active, so one of them has to be assigned the standby role.
The failover server assumes control over the entire IP address range only after it transitions into partner down state and a certain time (defined by Maximum Client Lead Time) has elapsed after moving into the partner down state. The clients will fallback to the active server, when the active server becomes available again.
3.8 Make your choices, then click Next, various tasks will be performed. Click Close, to complete the wizard.
3.9 You can check the scope on both servers to see that the scope information is indeed being replicated.
4. Managing DHCP Failover
4.1 Remove the failover relationship from a scope
4.1.1 To deconfigure (remove) the failover relationship from a scope, right-click the scope and select Deconfigure failover. Then click OK.
You will only get the message at the bottom if its the only scope (left) in the failover relationship.
4.1.2 Various tasks will be performed, including the removal of the failover relationship from the scope, and the deletion of the scope on partner server. Meaning you have removed the redundancy of the scope.
4.1.3 It does not matter on which server you first created the scope, the server from where you run the Deconfigure Failover wizard, will keep the scope, while it will be deleted on the partner server, as noted in the picture above.
4.2 Viewing the failover configuration for a scope
4.2.1 Right-click the scope, select properties
4.2.2 Then select the Failover tab.
4.3 Managing Failover Relationships
4.3.1 Right-click the IPv4 node → Properties
4.3.2 On the Failover tab, select a relationship, then click Edit to edit the settings of that failover relationship. Otherwise click Delete to delete that failover relationship
Notice how the Change to partner down button is greyed out, since the communication between the two servers in the failover relationship is functioning just fine.
4.3.3 On the same tab, you can also view the Failover Status
4.3.4 If you choose to delete a failover relationship, redundancy for all scopes belonging to that relationship will also be removed
4.4 Forcing Replication
4.4.1 To force the replication of a single scope, right-click the scope and select Replicate Scope
4.4.2 To force the replication of all scopes in a failover relationship to the partner server for that relationship, right-click a scope you know is a part of the failover relationship you want to force replication for, then select Replicate Relationship
4.4.2 To force the replication of all scopes in all failover relationships to the partner servers for those relationships, right-click the IPv4 node for the server and select Replicate Failover Scopes
5. Implementing and Managing DHCP Failover through PowerShell
The following cmdlets are used to implement and manage DHCP Failover through PowerShell.
You can read more about them on technet.
Technet: DHCP Failover Hot-Standby Mode
Technet: DHCP Failover Load Balance Mode