Thanks for the reply.

The 4 addresses are sufficient as I'd only need 2 per site.

Let me break down my original question into another area I don't understand. If I have 4 IP helper addresses configured on one 1 router (all 4 IPs belonging to 4 DHCP servers), when a client request comes in to the router - which of the 4 addresses does it forward the request to?

Thanks

the ip-helper forwards the request to all configured IP-addreesses.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Ok so one half of that puzzle is fine in that the request will be forwarded to the all helper addresses. Is it not possible to define a primary and seconday address and have 2 associated with the primary and 2 with the secondary?

Thanks,

no, specifying the IP is the whole flexibility that is available.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

The workaround you mentioned in your first post about ip sta. How exactly does that work for four live and operation servers (2 in each site as per my original post).

Thanks again mate

ip sla can track the reachability of a server. Based on that you can act on your router in that you change your config. For example you have only the first to ip-helper-addresses in your config. If these two addresses are not reachable any more, the these two lines get removed and two other ip helper lines get added.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

So this is a manual process. I mean its workable but ideally we'd like an automated option. Can no cisco and/or juniper router do this? Thanks again

I'm not aware of any automatic process for that.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Many Cisco devices supported embedded scripting.  An embedded script would be able to change your helper IP on the fly if it notices the primary isn't responding to pings.

Hi Andy,

this is an interesting problem and I challenged myself to find a solution which works fully automated and doesn't have to change the configs by EEM. I just want to present the idea here; for implementing it into a productive environment I'd recommend some optimization (and testing of course).

1. All 4 IP helper will be configured

2. Tracking the reachability of the Main-DHCP servers with IP SLA and EOT (Enhanced Object Tracking):

ip sla monitor 1
 type dhcp dest-ipaddr 172.16.1.1 source-ipaddr 192.168.0.1
ip sla monitor schedule 1 life forever start-time now
!
ip sla monitor 2
 type dhcp dest-ipaddr 172.16.2.2 source-ipaddr 192.168.0.1
ip sla monitor schedule 2 life forever start-time now
!
track 1 rtr 1
track 2 rtr 2
!
track 12 list boolean and
 object 1 not
 object 2 not
!

So the track object 12 comes up if DHCP-1 (172.16.1.1) and DHCP-2 (172.16.2.2) are out of service.

We now could use object 12 (with an inverse boolean logic in this case) for conditional (tracked) hostroutes for the DR DHCP servers pointing to interface Null0 but this would affect all types of traffic to the servers, not only DHCP traffic. So we need PBR (Policy Based Routing) as well.

3. PBR (Example for DHCP server 3 at DR site):

access-list 103 permit udp any host 172.16.3.3 eq bootps
!
route-map DHCP-DR permit 100
 match ip address 103
 set ip next-hop verify-availability 172.16.3.3 10 track 12
 set interface Null0

4. Apply the route-map to the interfaces with the IP helpers and for locally sourced traffic (relay agent):

ip local policy route-map DHCP-DR
!
interface VLAN xxx
 ip policy route-map DHCP-DR

So DHCP-traffic to server 3 is policy routed. If DHCP server 1 or 2 are in service, DHCP traffic to server 3 is send to interface Null0; in other words: It's discarded. If DHCP server 1 and 2 fail, DHCP traffic to server 3 is send to the normal next-hop IP address. This part was tricky because tracking is only possible for numeric next-hops of adjacent routers. But fortunately the "set ip next-hop" clause has a higher preference as "set interface" and that's why I could use the two set-statements.

IP: s=192.168.0.1 (local), d=172.16.3.3 (Null0), len 328, policy routed UDP src=67, dst=67
IP: local to Null0 172.16.3.3
%TRACKING-5-STATE: 1 rtr 1 state Up->Down
%TRACKING-5-STATE: 12 list boolean and Down->Up
IP: s=192.168.0.1 (local), d=172.16.3.3, len 330, policy match UDP src=67, dst=67
IP: s=192.168.0.1 (local), d=172.16.3.3 (Serial0/2), len 330, policy routed UDP src=67, dst=67
#show route-map
route-map DHCP-DR, permit, sequence 100
 Match clauses:
 ip address (access-lists): 103 
 Set clauses:
 ip next-hop verify-availability 172.16.3.3 10 track 12  [up]
 interface Null0
 Policy routing matches: 15 packets, 4794 bytes

As you can see, it works as required (at least in a lab environment).

I have to admit that it's somewhat cumbersome, unfortunately the tracking-option in PBR is not as flexible as I tought when the idea came into my mind. I'm curious if somebody finds a better way.

Hope that helps

Rolf