DHCP Failover - hot standby architecture in a hub and spoke environment

Brandon Poindexter 66 Reputation points
2021-10-15T01:43:46.447+00:00

I have reviewed the documents in Technet describing how to deploy DHCP Failover using Windows DHCP service. There are some details that are missing that I need answered.

Our topology is 6 branch offices and 1 HQ office. These locations are linked together by site to site VPN tunnels in a hub and spoke arrangement. We would put a DHCP server at HQ and in each branch office. Our goal is for each branch office server to serve local clients and rely on the HQ server as a hot standby. We would also want HQ server to use one of the branch office servers as its hot standby. That would create a unique situation where one branch office server (call it Branch Office #1) and the HQ server would both use the other as a hot standby, assuming that is possible with this feature.

I am unclear on how clients in a branch office actually contact the hot standby server if the branch office's dhcp server is down. Typically a client sends a broadcast packet into its subnet looking for a DHCP server. When the local DHCP server is down, how do the packets get through the VPN tunnel to the HQ hot standby server?

Typically the way DHCP requests cross subnets is by using a DHCP relay, typically running on a router or other piece of networking hardware. However, my understanding is also that you should not have a DHCP relay and DHCP server running in the same subnet. It seems like that would be functionally the same as having two DHCP servers in the same subnet. Client requests would be sent to the local DHCP server and relayed to the hot standby by the DHCP relay.

The alternative would be to change the behavior of the router so that dhcp broadcast packets from clients in a branch office would be retransmitted the broadcast address of the HQ server's subnet. This seems like the same problem as before.

Am I missing something here? Is this type of configuration even supported?

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,023 questions
0 comments
Accepted answer
  1. Gary Reynolds 9,391 Reputation points
    2021-10-15T10:17:34.033+00:00

    Hi @Brandon Poindexter

    You can still use the DHCP rely (IP helper\dhcp forwarder) in the branch office. The DHCP protocol is design to handle this scenario. As part of the DHCP DORA process, the clients will send out the Discovery packet as a broadcast so any and all DHCP servers listening can respond. The Offer response from the server is send as a unicast packet directly to the client, the client will respond with the Reponse packet to the first DHCP Offer received. If multiple Offers are received, they are ignored and only the first Offer is actioned. This allows multiple DHCP servers to exist on the same network and are able to provide fail-over.

    I hope this helps.

    Gary.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest