zero free leases

[Glenn Satchell]

>Date: Mon, 02 Jul 2007 12:02:31 +0900 (JST)
>To: dhcp-users at isc.org
>Subject: Re: zero free leases
>From: Koichi Mori <zko-mori at med.osaka-cu.ac.jp>
>X-archive-position: 3993
>X-ecartis-version: Ecartis v1.0.0
>X-original-sender: zko-mori at med.osaka-cu.ac.jp
>List-software: Ecartis version 1.0.0
>X-List-ID: <dhcp-users.isc.org>
>X-list: dhcp-users
>
>Hello,
>
>John Wobus <jw354 at cornell.edu> wrote
>in article Re: zero free leases 
>at Fri, 29 Jun 2007 13:37:18 -0400
>>DHCP failover is designed to avoid at all costs making IP address 
>>allocation mistakes,
>-----8<----<CUT>----8<----
>>What these limitations prevent the failover protocol and ISC software
>>from doing is providing a service that makes full use of available IP
>>addresses even through server failures, simply by turning on failover 
>>in the
>>configuration, and with no intervention or server testing on your part.
>
>Thank you for detailed explanation.
>(sorry to late reply, I am not so good at english)
>
>I know I have to restore the system as soon possible when the system be
>dead.
>It depends on the case, unfortunately I need the much time for 
>restore the system.
>The better way is DHCP configuration would be chane to with out
>failover?
>
>So I have to get ready "failover configuration file" and "no failover
>configuration file" for trouble?
>Then they will exchange the files when the peer partner be down?
>Becase, DHCP server can not change sate FREE while peer partner be down
>when I still use failover.
>(This case is needs the time so much for repaire)

Hi Koichi

Failoiver works a bit like this when one server fails:

The total number of addresses avilable to the surviving server in any
given pool is about half. The surviving server will renew any leases it
knows about. It will reply to discover messages with any free addresses
that it has.

Clients that try to renew their lease by contacting the failed server
will not get an answer. When their lease is about to expiure they will
send adiscover broadcast message to try to find another dhcp server.
The surviving server will answer and offer an IP address from its
available addresses.

So, the surviving server can run quite happily for a while. How long
depends on the lease duration, the number of clients and the amount of
free addresses.

For example, if the lease duration was 1 week, themn most clients are
not even going to notice for a fe days.

As an approximate measure, if the failure on the crashed server is
likely to be longer than half the lease time, or you have very few
spare IP addresses (say less that 10%) then you are likely to have
problems with clients that are uinable to get an IP address. In this
case you can manually switch the surviving server to "partner down"
mode.

In "partner down" mode the server knows the other serve is unavailable,
so it will use the full pool of IP addresses to allocate. In partner
down mode you have the same numberof Ip addresses as when the two
servers are operating normally. When the failed server returns to
service the original server switches out of partner down mode
automatically.

There are two common methods to put the server into partner down mode.
See the section titled "DHCP FAILOVER" in the dhcpd.conf man page for
details.

Switching to partner down is done as a manual step because firstly you
do not need to switch to partner down mode immediately as discussed
above. Secondly you want to be pretty sure the other server is down
before doing this, as other wise the two servers could offer the same
address to different clients.

In the past I have written scripts that check if the partner is down,
and if this situation continues for 30 or 60 minutes then it switches
the server to partner down.

Please continue to post more questions if anything is not clear.

regards,
-glenn