Using cascaded relay agents with Windows DHCP Windows Server 2012
Introduction
Deploying DHCP failover translates into deploying more DHCP servers working in an Active-Active or Active-Passive mode for a set of scopes/subnets. Given the limitations in certain older switches/routers on the number of IP helpers that can be configured, configuring additional IP helpers to reach these new servers can become a problem.
This problem can however be overcome by using a Windows server RRAS IPv4 DHCP relay agent to reach to the DHCP servers. By using a RRAS relay agent, the IP helpers still need to reach to only one IP address, that of the RRS relay agent. The RRAS relay agent in turn relays the DHCP packets from the IP helpers to the DHCP failover pair and vice versa. This new relay agent in the proposed solution puts a formation of cascaded DHCP relay agents (including the existing IP helper) in the network. The blog post describes how this cascading can be achieved.
The problem
Consider a normal DHCP server-client setup shown below:
There is a DHCP server, a DHCP client and an IP helper/relay agent which forwards the broadcast DHCP client messages from the DHCP client to the DHCP server as a unicast message and vice versa. Notice that the DHCP server and the client belong to different subnets.
Now the hardware on which the IP helper or the relay agent has been configured may connect clients from different subnets to the DHCP server. A switch, for example, may have 8 IP helpers connecting 8 different subnets to the DHCP server.
Now consider deploying DHCP failover in such a scenario. Failover for your DHCP server translates to deploying one more DHCP server. You will need to configure eight more IP helpers on the switch to point to the new DHCP failover server. But then you realize that the old switch that you have been using poses the constraint with a max limit of less than 16 IP helpers.
So what’s the solution? Deploying a Windows RRAS relay agent can help you out here.
The solution: RRAS relay agent
Here’s what you can do. Introduce a Windows Server RRAS relay agent in the equation. Your altered setup with DHCP failover and the additional relay agent will then look something like the setup shown below.
DHCP Server 1 and DHCP Server 2 are the two DHCP servers which have been configured for failover. They could be in either of the two failover modes: Hot Standby or Load Balance. A Windows Server RRAS relay agent, Relay Agent 2, has also been put into place.
More on installing the RRAS role and configuring the IPv4 relay agent: https://technet.microsoft.com/en-us/library/dd458979.aspx
The IP helper configured on the switch, like before, needs to point to only one IP address, that of Relay Agent 2 (174.16.1.1). The IP addresses of DHCP Server 1 (192.168.1.1) and DHCP Server 2 (192.168.1.3) have been configured on Relay Agent 2 (RRAS relay agent can be configured to relay packets to the IP addresses of more than one DHCP servers). Also the default gateway on the DHCP failover pair for the subnets being served has been set to Relay Agent 2’s IP address (192.168.1.254). Relay Agent 2 forwards any DHCP message received from the IP helper to both members of the DHCP failover pair and one of the servers then responds to the packet.
The default gateway of Relay Agent 2 (at the adapter with address 174.16.1.1) will have to be set to send to that of the switch (174.16.1.254). This is to enable Relay Agent 2 to forward any packets received from the failover pair back to the switch, which would in turn send it to the DHCP client.
It should be noted that the extra RRAS relay agent deployed adds a single point of failure for the DHCP failover pair. This solution hence has its own disadvantages. But, it may be used as an interim solution till you retire the older switch/router for a newer one which allows for configuring large number of IP helpers.
So when being constrained by the hardware limitations on the number of IP helpers that can be configured; you can use a Windows Server RRAS relay agents to establish a communication channel between the IP helpers and the DHCP failover pair. The IP helpers which, in non-failover DHCP server deployments, would have pointed to the DHCP servers will now point to the RRAS relay agent. While this article talks about using Windows DHCP relay agent, the same deployment can be configured with any third party DHCP relay agents as well as long as they support at least 2 DHCP server IP addresses.
We hope that this post was of help. Do let us know your questions, comments and feedback.