Community discussions

 
cagnaluia
just joined
Topic Author
Posts: 12
Joined: Thu May 14, 2009 4:08 pm

DHCP in VRRP configuration

Fri Oct 14, 2016 1:02 pm

Hello,

I have two RB1100AHx2 configured in VRRP.
I believe only the master router works as a DHCP server and leases IPs to the clients but I found the slave router does the same.
Is it right?

thx
 
mpreissner
Member
Member
Posts: 356
Joined: Tue Mar 11, 2014 11:16 pm
Location: Columbia, MD

Re: DHCP in VRRP configuration

Sat Oct 15, 2016 1:20 am

Best practice would be to not use the routers as the DHCP server. They don't share any state information with each other when doing VRRP, so I can only assume they wouldn't share DHCP lease information. Set up a DHCP relay on the VRRP interface and point it to a standalone DHCP server.
Michael Preissner
CISSP, CCSP, CEH, PMP
 
cagnaluia
just joined
Topic Author
Posts: 12
Joined: Thu May 14, 2009 4:08 pm

Re: DHCP in VRRP configuration

Mon Oct 17, 2016 9:53 am

thanks a lot. I will follow your suggestion.


please, where can I found a list of (key) best-practice of different scenarios?
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: DHCP in VRRP configuration

Tue Oct 18, 2016 2:29 pm

I'd agree with mpreissner, but sometimes you may have to run DHCP at the router level.

An option to get this to work properly would be to change the primary router's dhcp server to respond immediately on the first DHCP request it receives, and set the secondary device to only respond after 10s. This way it will only jump in to action when the primary device does not respond after 10s.

Example Primary:
/ip dhcp-server
add address-pool=PRV-POOL authoritative=yes disabled=no interface=ether1 lease-time=1d name=PRV-LAN
Example: Secondary
/ip dhcp-server
add address-pool=PRV-POOL authoritative=after-10sec-delay disabled=no interface=ether1 lease-time=1d name=PRV-LAN
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME
 
patrick7
Member Candidate
Member Candidate
Posts: 298
Joined: Sat Jul 20, 2013 2:40 pm

Re: DHCP in VRRP configuration

Tue Oct 18, 2016 5:24 pm

Does the MikroTik DHCPD check if an IP is already in use? If not, this may cause serious trouble.
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: DHCP in VRRP configuration

Tue Oct 18, 2016 5:39 pm

You would only implement this in a situation when you have a failure of your router and do not have another option. In the field, this set up has proven to work fine in the implementations I have done.

According to the DHCP RFC, the server "should" probe using ARP or ICMP, but I am not sure how Mikrotik implements it.
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: DHCP in VRRP configuration

Tue Oct 18, 2016 5:48 pm

I had another look in the docs and found this.
DHCP server lease submenu is used to monitor and manage server's leases. The issued leases are showed here as dynamic entries. You can also add static leases to issue a specific IP address to a particular client (identified by MAC address) .

Generally, the DHCP lease it allocated as follows:

an unused lease is in waiting state
if a client asks for an IP address, the server chooses one
if the client receives a statically assigned address, the lease becomes offered, and then bound with the respective lease time
if the client receives a dynamic address (taken from an IP address pool), the router sends a ping packet and waits for answer for 0.5 seconds. During this time, the lease is marked testing
in the case where the address does not respond, the lease becomes offered and then bound with the respective lease time
in other case, the lease becomes busy for the lease time (there is a command to retest all busy addresses), and the client's request remains unanswered (the client will try again shortly)
A client may free the leased address. The dynamic lease is removed, and the allocated address is returned to the address pool. But the static lease becomes busy until the client reacquires the address.
http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server

So Mikrotik does try check to see if the IP is in use.....I'm guessing its the same as if someone assigned an IP statically on the LAN it would want to avoid allocating a conflicting IP.
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 77 guests