Optimising failover parameters....(sent to dhcp-server list also)

Thu Nov 27 17:04:35 UTC 2003

Hi DHCP Server people.....

I don't know how many people out there are using DHCPD in failover mode,
but this is a mail asking how to optimise the settings.
I have had a few problems of the leases file corrupting when the link
between the two servers is cut.  "peer holds all free leases" messages
appear on the primary and the secondary won't serve if it's allocation
is not all leased.  When the link is restored the problems persist.
If I delete the corrupted leases file and let the server rebuild from
the partner everything goes back to normal.....after the MCLT.  The
mention of the MCLT brings me to the subject of correct configuration.
The MCLT seems to be at the heart of a correct failover configuration.
However, it is documented relatively little with respect to the other
timing paramaters, such as default-lease-time.

The MCLT, maximimum client lead time, is the time lag for the "lazy"
updates between the failover server pair.  The MCLT effectively puts a
minimum limit on the time of a lease, and the time it takes to move an
address back into the free or backup states after an expiry. BNDUPD and
BNDACK messages ensure leases are kept upto date.

The important parameters for failover are:

mclt ## should be < default-lease-time - the time between lazy updates
##
max-lease-time
default-lease-time
min-lease-time
max-unacked-updates ## the number of BNDUPD messages that can be sent
before a server receives a BNDACK) - what should this be set to when you
have shorter lease times ##
max-response-delay ## contact timeout - should be long enough to allow
router/switch upgrades##
Load-Balance-Split - split 128
load-balance-max ## The time taken to override the load-balancing -
default should be OK - how does this behave when the link between
servers is lost? ##
min-secs ## for primary/backup relationship specified on backup only,
not required on load-balancing servers. ##
free address balance ## always 50/50 for ISC DHCPD (Mentioned in DHCP
Handbook, but not configurable in ISC DHCPD) ##

At CERN I have the following settings:

max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;
default-lease-time 1800;
max-lease-time 3600;

So in our configuration we have=20

mclt > default-lease-time;  What effect will this have on the
load-balancing?
mclt =3D max-lease-time;
min-lease-time =3D undefined;

Questions
=3D=3D=3D=3D=3D=3D=3D=3D=3D

1. Given our lease-time definitions, what is a reasonable value to set
as the MCLT?  Should this be a ratio of the default-lease-time, say 1/3
or 2/3?

2. I believe we should also increment the time of max-response-delay to
reflect the time it takes to reboot a router, 300 secs maximum.  Would
this have any negative effect on the service?

3. Should min-lease-time be defined?  If so, should it be greater or
less than MCLT?

4. When the lease time is short,  would an increase or decrease in
max-unacked-updates be useful to take account of the increased traffic?
=20
5. Is there a simple way to describe how DHCPD uses it's mask/hashing to
make load-balancing decisions?

I would very much appreciate a reply from anyone who is willing to share
their knowledge or experiences with these failover issues.

Many thanks,

Nick

Nick Garfield
IT/CS Campus Networking Section
CERN
Geneva
Switzerland

Tel:+41 22 76 74 533=20