OpenLDAP Everywhere Reloaded, Part I
One last note on the DHCP failover protocol: if you have more devices on one subnet than 50% of the overall amount available in the pool range, seriously consider re-engineering your network before implementing DHCP failover.
The protocol inherently relies on having an excess of free addresses
to allocate, even after the pool range is cut in half by
The maximum amount of available IP addresses for DHCP in a C Class subnet most of the time is 253 (255 addresses, minus 1 address for broadcast, minus 1 address for the router).
If you have more than 126 devices within one failover subnet, either split it into more subnets (for example, one subnet for each floor of the building), or use a larger subnet than C Class. Configure the subnet declaration in /etc/dhcpd.conf to increase its pool range accordingly. It will save you problems later on.
Now that the DHCP servers are configured with failover pools, the final thing to do is configure the 192.168.3.0/24 and 192.168.4.0/24 to forward DHCP client broadcasts through the LAN/WAN to 192.168.1.10 and 192.168.2.10.
This is done on router03.example.com with IP Helper addresses. On linux03.example.com, it's done with ISC's DHCP Relay Agent.
Assume router03.example.com is a Cisco Catalyst Multi-layer
Switch. Configure IP Helper addresses by entering privileged mode
enable command). Using the
apply the two DHCP server IP addresses to the router interface that has
the 192.168.3.1/24 address. On the Catalyst 3750G in my lab, this is
interface "vlan20". The commands are applied like so:
router03#show running-config Building configuration... --- output suppressed --- interface Vlan20 description linuxjournal_vlan ip address 192.168.3.1 255.255.255.0 end --- output suppressed --- router03#configure terminal router03(config)#interface vlan 20 router03(config-if)#ip helper-address 192.168.1.10 router03(config-if)#ip helper-address 192.168.2.10 router03(config-if)#end router03#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] 0 bytes copied in 8.715 secs (0 bytes/sec) router03#show running-config interface vlan 20 Building configuration... Current configuration : 154 bytes ! interface Vlan20 description linuxjournal_vlan ip address 192.168.3.1 255.255.255.0 ip helper-address 192.168.1.10 ip helper-address 192.168.2.10 end router03#
On linux03.example.com, you need to install the isc-debian-relay package. Once it's installed, it will ask for the "multiple server names be provided as a space-separated list". Enter "linux01.example.com linux02.example.com", or if this host isn't configured to resolve from our DNS server pair, "192.168.1.10 192.168.2.10". It will ask on which interface to listen. If you have no preference, leave it blank and press Enter. It will ask you to specify additional options, but you simply can press Enter.
If you make a mistake, you can reconfigure by running the command
dpkg-reconfigure isc-dhcp-relay or modify the
SERVERS variable in
Your DHCP clients now should be able to contact either DHCP server.
In Part II of this series, I'll explain how to configure OpenLDAP on the two Linux servers and start to populate the directory with data.
Example configuration files for this article: ftp://ftp.linuxjournal.com/pub/lj/listings/issue216/11148.tgz
Debian GNU/Linux: http://www.debian.org/distrib
Download Debian 18.104.22.168: http://cdimage.debian.org/debian-cd/22.214.171.124
Manual Page for ntp.conf(5): http://linux.die.net/man/5/ntp.conf
Manual Page for named.conf(5): http://linux.die.net/man/5/named.conf
Manual Page for dhcpd.conf(5): http://linux.die.net/man/5/dhcpd.conf
Manual Page for dhcp-options(5): http://linux.die.net/man/5/dhcp-options
ISC dhcp-users Mailing List: https://lists.isc.org/mailman/listinfo/dhcp-users
Cisco IOS 12.3 T Command Reference for Idle through IP local-proxy-arp
ip helper-address): http://www.cisco.com/en/US/docs/ios/12_3t/ip_addr/command/reference/ip1_i1gt.html
Stewart Walters is a Solutions Architect with more than 15 years' experience in the Information Technology industry. Amongst other industry certifications, he is a Senior Level Linux Professional (LPIC-3).
|Natalie Rusk's Scratch Coding Cards (No Starch Press)||Feb 17, 2017|
|Own Your DNS Data||Feb 16, 2017|
|IGEL Universal Desktop Converter||Feb 15, 2017|
|Simple Server Hardening||Feb 14, 2017|
|Server Technology's HDOT Alt-Phase Switched POPS PDU||Feb 13, 2017|
|Bash Shell Script: Building a Better March Madness Bracket||Feb 09, 2017|
- Own Your DNS Data
- Simple Server Hardening
- Understanding Firewalld in Multi-Zone Configurations
- Teradici's Cloud Access Platform: "Plug & Play" Cloud for the Enterprise
- From vs. to + for Microsoft and Linux
- The Weather Outside Is Frightful (Or Is It?)
- Returning Values from Bash Functions
- IGEL Universal Desktop Converter
- Economy Size Geek - Interview with Rich Hickey, Creator of Clojure
- Natalie Rusk's Scratch Coding Cards (No Starch Press)
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide