DHCP failover : peers not talking

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
EdHeron
Posts: 23
Joined: 2009/03/20 20:34:11
Location: Albuquerque, NM, USA

DHCP failover : peers not talking

Post by EdHeron » 2013/11/20 22:05:53

I've been using dual virtual servers on quad core Xeons with 32G RAM and 1TB drives to create a Virtual Desktop Infrastructure, currently, CentOS 5 with Xen. I use DRBD to sync virtual disks. I use 1 NIC for internal traffic, 1 NIC for storage replication (cross-over) and 1 NIC for external traffic (not configured on virtual server). I install a virtual machine as a firewall on each virtual server, each with its own public IP address.

Until recently, I've had varying requirements for the firewalls so I used different software. I've finally gotten the requirements to a place where I can load CentOS on both firewalls and I'm developing kickstart scripts to install them so I can re-create them on a regular basis to include updates and provide reassurance of cleanlyness.

I'm working on making the virtual machines fail-over, both because I've had issues with MS Windows workstations correctly using multiple default routes and a new network vendor says their Adtran CPE's don't play well with Vyatta (the apparently most suggested dynamic routing daemon).

I'm using a snapshot of CentOS 5.10 repositories from a few weeks ago.

I've rebuilt a recent rpm of Keepalived and it is looking like it is working. The internal Virtual IP is set as default route and it apears to fail-over as desired. Except the NAT address is the physical IP on whichever firewall is active. This could disrupt outbound seesions during fail-over but I'll do further testing on the impact of that, later.

I'm working on DHCPd fail-over but I'm having difficulty getting the peer communication going. The docs use port 520,521 as examples but that doesn't appear to be an assigned port in SELinux. I see, from semanage port -l, that 647 is listed as dhcp-failover but using that doesn't resolve the issue. I've set SELINUX to disabled in /etc/sysconfig/selinux and rebooted without effect. The errors in messages says "address not available" and "unexpected error", which, from google'ing, appear to be network issues. netstat -anp doesn't show 647 being used.

Please, what am I missing?

EdHeron
Posts: 23
Joined: 2009/03/20 20:34:11
Location: Albuquerque, NM, USA

Re: DHCP failover : peers not talking

Post by EdHeron » 2013/11/21 16:43:50

I rebuilt my config files and restaged my routers then it started working.

I recommend using IP addresses in the address statements. That might have been the issue, if it was resolving it's own address incorrectly, it might not have bound to the interface correctly.

Unfortunately, I don't have an image of the old server to diff against to find what is different...

Now, off to try to get my ipsec tunnels to failover.

Post Reply

Return to “CentOS 5 - Server Support”