From owner-freebsd-questions@freebsd.org  Fri Nov 22 17:49:31 2019
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id BA4121BD009
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Fri, 22 Nov 2019 17:49:31 +0000 (UTC)
 (envelope-from kab00m@lich.phys.spbu.ru)
Received: from skeleton.phys.spbu.ru (skeleton.phys.spbu.ru [195.19.241.202])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 47KP7t088Dz42c5
 for <freebsd-questions@freebsd.org>; Fri, 22 Nov 2019 17:49:28 +0000 (UTC)
 (envelope-from kab00m@lich.phys.spbu.ru)
Received: from skeleton.phys.spbu.ru (localhost [127.0.0.1])
 by skeleton.phys.spbu.ru (Postfix) with ESMTP id 665F8902E0
 for <freebsd-questions@freebsd.org>; Fri, 22 Nov 2019 20:49:19 +0300 (MSK)
 (envelope-from kab00m@lich.phys.spbu.ru)
Received: from [10.4.4.236] (unknown [91.108.27.7])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by skeleton.phys.spbu.ru (Postfix) with ESMTPSA id 20114902C2
 for <freebsd-questions@freebsd.org>; Fri, 22 Nov 2019 20:49:19 +0300 (MSK)
 (envelope-from kab00m@lich.phys.spbu.ru)
Subject: Re: DHCP server failover: advise is needed
To: freebsd-questions@freebsd.org
References: <53102df9-ca90-6338-7ff2-c370a42c690e@kicp.uchicago.edu>
From: Dima Veselov <kab00m@lich.phys.spbu.ru>
Message-ID: <943ea22c-ce4d-e6d0-2ee6-21dea3af075d@lich.phys.spbu.ru>
Date: Fri, 22 Nov 2019 20:49:18 +0300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <53102df9-ca90-6338-7ff2-c370a42c690e@kicp.uchicago.edu>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-Rspamd-Queue-Id: 47KP7t088Dz42c5
X-Spamd-Bar: +
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of kab00m@lich.phys.spbu.ru has no SPF
 policy when checking 195.19.241.202) smtp.mailfrom=kab00m@lich.phys.spbu.ru
X-Spamd-Result: default: False [1.03 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.12)[-0.117,0];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1];
 RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[];
 NEURAL_SPAM_LONG(0.24)[0.244,0]; DMARC_NA(0.00)[spbu.ru];
 R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:5495, ipnet:195.19.241.0/24, country:RU];
 MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.00)[country: RU(0.01)]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Nov 2019 17:49:31 -0000

On 22.11.2019 20:00, Valeri Galtsev wrote:

I had been in same situation as you described, my advice may be handy.

> Could someone point to description of working DHCP failover configuration?

I used https://kb.isc.org/docs/aa-00502 as an instruction.

> I do not want to make two independent DHCP servers handling half of the 
> pool each. We are not that rich as far as IP space is concerned.

> I am not married to ISC DHCP server, so any one I can run on FreeBSD 
> will do, because:
> 
> <rant>
> My current configuration is something that was gradually migrated and/or 
> adjusted through several generations of systems, and server versions 
> over the years. It works. When I tried to incorporate what I need for 
> failover following ISC documentation, and some people's guides, I 
> discovered, I need more sophisticated structure of sections and 
> subsections, which I figured out finally. But the annoying part was: in 
> ISC documentation there is no general stricture of which section can 
> appear inside which; like:

Basically, ISC DHCPD allow described structures and nothing more. Being 
on your side I had to do some work like moving static hosts in main 
config and reorganize subnets. This seemed noisy but appeared quite 
easy. For detailed advice we need to see your config or questionable 
parts of it.

> So, I am not married to ISC DHCP server, we didn't get along now as far 
> as my use of documentation is concerned. Anything that works - with  > failover! - on FreeBSD will be great.

I can email you my own working configuration. General advice - try to 
make configuration as plain as it might be. If you have working subnets 
with working pools you just add failover peer and it start working.

-- 
Dima Veselov
Physics R&D Establishment of Saint-Petersburg University