DHCP in VRRP configuration

Hello,

I have two RB1100AHx2 configured in VRRP.
I believe only the master router works as a DHCP server and leases IPs to the clients but I found the slave router does the same.
Is it right?

thx

Best practice would be to not use the routers as the DHCP server. They don’t share any state information with each other when doing VRRP, so I can only assume they wouldn’t share DHCP lease information. Set up a DHCP relay on the VRRP interface and point it to a standalone DHCP server.

thanks a lot. I will follow your suggestion.


please, where can I found a list of (key) best-practice of different scenarios?

I’d agree with mpreissner, but sometimes you may have to run DHCP at the router level.

An option to get this to work properly would be to change the primary router’s dhcp server to respond immediately on the first DHCP request it receives, and set the secondary device to only respond after 10s. This way it will only jump in to action when the primary device does not respond after 10s.

Example Primary:

/ip dhcp-server
add address-pool=PRV-POOL authoritative=yes disabled=no interface=ether1 lease-time=1d name=PRV-LAN

Example: Secondary

/ip dhcp-server
add address-pool=PRV-POOL authoritative=after-10sec-delay disabled=no interface=ether1 lease-time=1d name=PRV-LAN

Does the MikroTik DHCPD check if an IP is already in use? If not, this may cause serious trouble.

You would only implement this in a situation when you have a failure of your router and do not have another option. In the field, this set up has proven to work fine in the implementations I have done.

According to the DHCP RFC, the server “should” probe using ARP or ICMP, but I am not sure how Mikrotik implements it.

I had another look in the docs and found this.

DHCP server lease submenu is used to monitor and manage server’s leases. The issued leases are showed here as dynamic entries. You can also add static leases to issue a specific IP address to a particular client (identified by MAC address) .

Generally, the DHCP lease it allocated as follows:

an unused lease is in waiting state
if a client asks for an IP address, the server chooses one
if the client receives a statically assigned address, the lease becomes offered, and then bound with the respective lease time
if the client receives a dynamic address (taken from an IP address pool), the router sends a ping packet and waits for answer for 0.5 seconds. During this time, the lease is marked testing
in the case where the address does not respond, the lease becomes offered and then bound with the respective lease time
in other case, the lease becomes busy for the lease time (there is a command to retest all busy addresses), and the client’s request remains unanswered (the client will try again shortly)
A client may free the leased address. The dynamic lease is removed, and the allocated address is returned to the address pool. But the static lease becomes busy until the client reacquires the address.

http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server

So Mikrotik does try check to see if the IP is in use…I’m guessing its the same as if someone assigned an IP statically on the LAN it would want to avoid allocating a conflicting IP.