NS1 Cloud-Managed DDI customers can deploy DHCP services to edge nodes across their network to automatically provide and assign IP addresses, default gateways, and other network parameters to client devices. These DHCP services can be configured to operate in high availability (HA) mode to support automatic failover and redundancy. When HA is configured, two DHCP services operate as an active/active HA pair, enabling redundancy and load balancing by sharing one or more IP pools. In the event that one DHCP server fails, one peer will take over responding to all traffic directed to both servers.
Follow the steps below to configure two DHCP services as an active/active HA pair.
To begin, you must ensure that port TCP/5353 is exposed on both DHCP service components to enable bidirectional communication. This allows the DHCP peers to exchange lease updates and determine their peer’s health (i.e., “heartbeat”). You must perform this step for both DHCP services in the active/active pair. For more information, refer to Default ports & firewall rules.
In this step, you will apply “tags” to the node running the DHCP service component that will act as “primary” in the HA pair.
First, identify the node ID for the node running the DHCP service component which you want to set as “primary” in the HA pair. Then, execute the command below to retrieve any existing tags that have been applied to that node.
curl -X GET -H "X-NSONE-KEY: $NSONE_API_KEY" https://api.prod.svc.ns1.dev/v1/fleet/node/<nodeID>
Example response:
{
"id": "<nodeID>",
"tags": {
"__customerId": "55555",
"__ns1_proxy": "v5.0.0",
"hostname": "hostname",
"pop": "DHCP1",
"region": "US-EAST",
"role": "dhcp"
}
},
The response includes any existing tags that are already applied to the node. You must include these tags when you apply new ones — otherwise, the new tags will overwrite the existing ones.
Next, execute the command below — including any tags returned in the previous response and adding the “peer” and “primary” tags:
-
Next to “peer,” enter the IP address of the node running the secondary DHCP service component in the HA pair.
-
Set the “primary” value to “true.”
curl -X POST -H "X-NSONE-KEY: $NSONE_API_KEY" https://api.prod.svc.ns1.dev/v1/fleet/node/<nodeID> -d '
{
"tags": {
"__customerId": "55555",
"__ns1_proxy": "v5.0.0",
"hostname": "hostname",
"pop": "DHCP1",
"region": "US-EAST",
"role": "dhcp",
"peer": "<secondary_IP_address>",
"primary": "true"
}
}'
Again, note that the additional tags shown in the example above (i.e., all tags other than “peer” and “primary”) should be replaced with any tags returned in the response to the initial GET command. These will be unique to your node configuration.
Similarly, in this step, you will apply “tags” to the node running the DHCP service component that will act as “secondary” in the HA pair.
First, identify the node ID for the node running the DHCP service component which you want to set as “secondary” in the HA pair. Then, execute the command below to retrieve any existing tags that have been applied to that node.
curl -X GET -H "X-NSONE-KEY: $NSONE_API_KEY" https://api.prod.svc.ns1.dev/v1/fleet/node/<nodeID>
Example response:
{
"id": "<nodeID>",
"tags": {
"__customerId": "55555",
"__ns1_proxy": "v5.0.0",
"hostname": "hostname",
"pop": "DHCP2",
"region": "US-EAST",
"role": "dhcp"
}
},
Again, the response includes any existing tags that are already applied to the node. You must include these tags when you apply new ones — otherwise, the new tags will overwrite the existing ones.
Next, execute the command below — including any tags returned in the previous response and adding the “peer” and “primary” tags.
-
Next to “peer,” enter the IP address of the node running the primary DHCP service component in the HA pair.
Set the “primary” value to “false.”
curl -X POST -H "X-NSONE-KEY: $NSONE_API_KEY" https://api.prod.svc.ns1.dev/v1/fleet/node/<nodeID> -d '
{
"tags": {
"__customerId": "55555",
"__ns1_proxy": "v5.0.0",
"hostname": "hostname",
"pop": "DHCP2",
"region": "US-EAST",
"role": "dhcp",
"peer": "<primary_IP_address>",
"primary": "false"
}
}'
Execute the command below for the DHCP service component to apply the HA configuration.
curl -X POST -s -H "X-NSONE-KEY: $NSONE_API_KEY" https://api.prod.svc.ns1.dev/v1/service/<DHCP_service_name>/dhcp -d '
{
"selector": "role=dhcp",
"version": "latest",
"config": {
"dhcp_heartbeat_delay": 10000,
"dhcp_max_response_delay": 10000,
"dhcp_ha": "enabled",
"dhcp_is_primary": "{{ primary }}",
"dhcp_peers": [ "{{ peer }}" ]
}
}'
where:
|
<DHCP_service_name> |
The unique name of the DHCP service defined in your configuration. By default, this is typically a three-digit number but may have been changed during the initial configuration. |
|
selector |
One or more key-value pairs (e.g., "role=dhcp") are applied to the DHCP service during the initial configuration. Note that the “selector” key-value pairs correspond with the “tag” key-value pairs applied to each node. |
|
dhcp_heartbeat_delay |
An integer specifying a duration of time (in milliseconds) from the last heartbeat to sending the next heartbeat between peers in HA mode. Default is 10000. |
|
dhcp_max_response_delay |
An integer specifying a duration of time (in milliseconds) from the last successful communication with peers in HA mode until the server assumes that communication with peers has been interrupted. Default is 10000. |
|
dhcp_ha |
Set to “enabled” to ensure DHCP HA is enabled. |
|
dhcp_is_primary |
Copy & paste the value as it appears above. This maps to the tags applied in the previous steps. |
|
dhcp_peers |
Copy/paste the value as it appears above. This maps to the tags applied in the previous steps. |
Execute the command below to redeploy the node running the primary DHCP service component in the HA pair.
curl -X PUT -H "X-NSONE-KEY: $NSONE_API_KEY" https://api.prod.svc.ns1.dev/v1/fleet/node/<primary_node_id>/deploy | jq .
Execute the command below to redeploy the node running the secondary DHCP service component in the HA pair.
curl -X PUT -H "X-NSONE-KEY: $NSONE_API_KEY" https://api.prod.svc.ns1.dev/v1/fleet/node/<secondary_node_id>/deploy | jq .
After deploying the nodes, you can run the following command to verify that your DHCP services are online.
watch kubectl get pods
Ensure the status of your DHCP service components is shown as “Running.” If you experience any issues configuring high availability for DHCP services, contact your dedicated NS1 Solutions Engineer or contact NS1 customer support.