failover compatibility

Campbell.ColinD at police.qld.gov.au Campbell.ColinD at police.qld.gov.au
Thu Sep 6 04:18:07 UTC 2012


Hi,

Thanks again. I probably haven't been as clear as I should have with the
plan. The upgrade is a complet OS upgrade, not just dhcpd. That means
each system will be off the air for about half a day.

I have two servers, old1 and old2. Both are running RHEL5 (dhcpd3.0.5).
The plan is to upgrade them to RHEL6.x (dhcpd 4.1.2) as follows:

1. stop old2/dhcpd3 - this leaves old1 serving DHCP
2. upgrade old2 to RHEL6.x - it is now "new2"
3. configure new2/dhcpd4 - restore old configs, what about leases?
4. stop old1/dhcpd3 - no one is serving DHCP
5. start new2/dhcpd4 - new2 is now serving DHCP
6. upgrade old1 to RHEL6.x - it is now "new1"
7. configure new1/dhcpd4 - restore old configs, what about leases?
8. start new1/dhcpd4

The two critical points are #3 and #7 - what do I do about lease files?
At #3 I could copy the lease file from old1 to new2 or I could just
start with no allocated leases (ie a virgin dhcpd.leases). Similarly, at
#7 I could start with a virgin lease file or copy the file from new2 to
new1. How does dhcpd react to a DHCPREQUEST when it hasn't given out any
leases?

Any advice on which strategy is least likely to cause problems? 

Colin
--
Colin Campbell
Security Specialist
Public Safety Network Management Centre
p: (07) 3008 4851
f: (07) 3008 4799
e: campbell.colind at police.qld.gov.au


> -----Original Message-----
> From:
dhcp-users-bounces+campbell.colind=police.qld.gov.au at lists.isc.org
>
[mailto:dhcp-users-bounces+campbell.colind=police.qld.gov.au at lists.isc.o
rg]
> On Behalf Of Glenn Satchell
> Sent: Wednesday, 5 September 2012 4:49 PM
> To: Users of ISC DHCP
> Subject: RE: failover compatibility
> 
> The client can continue to use the IP address until the lease expires.
> SOme non-conforming clients continue to use it.
> 
> Most clients will try to renew when the lease is at the 50% time, and
> continue retrying until the expiry time. Then it falls back to doing a
> broadcast to find new dhcp servers.
> 
> As a way to mitigate the migration, you could increase your lease time
a
> few days before the upgrade, so all the clients will be more tolerant
of
> any outage.
> 
> It's only clients whose leases expire that will drop off the new.
Renewing
> clients will just keep on trying until they get a response or the
lease
> expires.
> 
> You can get an idea of the impact by counting the number of clients
doing
> a dhcp discover in a given period, say 5 minutes.
> 
> Being on the same box actually works in your favour. Only need to
upgrade
> the dhcp packages - config and lease files will stay in place.
> 
> regards,
> -glenn
> 
> On Wed, September 5, 2012 4:26 pm, Campbell.ColinD at police.qld.gov.au
wrote:
> > Hi,
> >
> > Again, thanks. My method will have to be a little different since
oldx
> > and newx are the same box but I get the idea. The IP addresses will
be
> > the same as we're allocating through a WAN so using ip-helpers.
> >
> > One last, probably dumb question, if I may. What does a client do if
no
> > DHCP servers are available? Does it keep its address or drop it and
go
> > off the air?
> >
> > Colin
> > --
> > Colin Campbell
> > Security Specialist
> > Public Safety Network Management Centre
> > p: (07) 3008 4851
> > f: (07) 3008 4799
> > e: campbell.colind at police.qld.gov.au
> >
> >
> >> -----Original Message-----
> >> From:
> > dhcp-users-bounces+campbell.colind=police.qld.gov.au at lists.isc.org
> >>
> >
[mailto:dhcp-users-bounces+campbell.colind=police.qld.gov.au at lists.isc.o
> > rg]
> >> On Behalf Of Glenn Satchell
> >> Sent: Wednesday, 5 September 2012 4:20 PM
> >> To: Users of ISC DHCP
> >> Subject: RE: failover compatibility
> >>
> >> (b) copy the leases file is preferable. Do this after shutting down
> > dhcpd.
> >>
> >> The clients hold the lease information too, so they need to match
up.
> >>
> >> It's been a while since I've done this, but essentially you need to
> > copy
> >> each one.
> >>
> >> 1. Shut down old1
> >> 2. Copy dhcpd.conf and dhcpd.leases to new1.
> >> 3. Start new1
> >> 4. Shut down old2
> >> 5. Copy dhcpd.conf and dhcpd.leases to new2
> >> 6. Start new 2
> >>
> >> May need to swap steps 3 and 4.
> >>
> >> Are you using new dhcp servers? Will they have the same or new IPs?
If
> > the
> >> new servers are running on new ip addresses then all clients will
need
> > to
> >> wait for their lease to expire, then they will go back to discover
the
> > new
> >> dhcp servers. On the other hand if the new servers have the same IP
> >> addresses as the old servers then the clients will contact them
> > directly
> >> to renew existing leases. Either works ok as long as the leases
file
> > is
> >> copied to the new server so that it can issue the same IP address
the
> >> client had before.
> >>
> >> regards,
> >> -glenn
> >>
> >> On Wed, September 5, 2012 2:30 pm,
Campbell.ColinD at police.qld.gov.au
> > wrote:
> >> > Hi,
> >> >
> >> > Thanks for that. That brings a new quandary.
> >> >
> >> > I can't upgrade both servers simultaneously. I have to do one at
a
> > time.
> >> > In doing so, I plan on shutting one down, upgrading it, restoring
> > the
> >> > configs, shutting down the other old server and doing something
with
> > the
> >> > leases on the new server. That something could be:
> >> >
> >> > a) let the new server create a new leases file, or
> >> > b) copy the leases file from the still-active old server
> >> >
> >> > Is (a) or (b) preferable? If neither, what is the correct
procedure?
> >> >
> >> > Colin
> >> > --
> >> > Colin Campbell
> >> > Security Specialist
> >> > Public Safety Network Management Centre
> >> > p: (07) 3008 4851
> >> > f: (07) 3008 4799
> >> > e: campbell.colind at police.qld.gov.au
> >> >
> >> >
> >> >> -----Original Message-----
> >> >> From:
> >> >
dhcp-users-bounces+campbell.colind=police.qld.gov.au at lists.isc.org
> >> >>
> >> >
> >
[mailto:dhcp-users-bounces+campbell.colind=police.qld.gov.au at lists.isc.o
> >> > rg]
> >> >> On Behalf Of Glenn Satchell
> >> >> Sent: Wednesday, 5 September 2012 2:11 PM
> >> >> To: Users of ISC DHCP
> >> >> Subject: Re: failover compatibility
> >> >>
> >> >> No. The failover protocol changed somewhere in the 3.1 to 4.x
> > range.
> >> >> Details would be in the RELNOTES file distributed with the
source.
> >> >>
> >> >> Essentially you need to shutdown and upgrade both failover hosts
at
> >> > the
> >> >> same time. You can pre-check the format of dhcpd.conf and
> > dhcpd.leases
> >> >> using dhcpd -t and dhcpd -T to see if there are any issues wit
the
> > new
> >> >> version. In general, the files *should* be compatible with all
> > newer
> >> >> versions.
> >> >>
> >> >> regards,
> >> >> -glenn
> >> >>
> >> >> On Wed, September 5, 2012 8:24 am,
> > Campbell.ColinD at police.qld.gov.au
> >> > wrote:
> >> >> > Hi,
> >> >> >
> >> >> > Will a 3.0.5 server form a failover pair with a 4.x server?
This
> >> > would
> >> >> > be a temporary arrangement during a server pair upgrade.
> >> >> >
> >> >> > Colin
> >> >> > --
> >> >> > Colin Campbell
> >> >> > Security Specialist
> >> >> > Public Safety Network Management Centre
> >> >> > p: (07) 3008 4851
> >> >> > f: (07) 3008 4799
> >> >> > e: campbell.colind at police.qld.gov.au
> >> >> >
> >> >> >
> >> >> >
> >> >
> >
**********************************************************************
> >> >> > CONFIDENTIALITY:   The information contained in this
> >> >> > electronic mail message and any electronic files attached
> >> >> > to it may be confidential information, and may also be the
> >> >> > subject of legal professional privilege and/or public interest
> >> >> > immunity.  If you are not the intended recipient you are
> >> >> > required to delete it.  Any use, disclosure or copying of
> >> >> > this message and any attachments is unauthorised.  If you
> >> >> > have received this electronic message in error, please
> >> >> > inform the sender or contact
securityscanner at police.qld.gov.au.
> >> >> >
> >> >> > This footnote also confirms that this email message has
> >> >> > been checked for the presence of computer viruses.
> >> >> >
> >> >
> >
**********************************************************************
> >> >> > _______________________________________________
> >> >> > dhcp-users mailing list
> >> >> > dhcp-users at lists.isc.org
> >> >> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >> >> >
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> dhcp-users mailing list
> >> >> dhcp-users at lists.isc.org
> >> >> https://lists.isc.org/mailman/listinfo/dhcp-users
> >> > _______________________________________________
> >> > dhcp-users mailing list
> >> > dhcp-users at lists.isc.org
> >> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >> >
> >>
> >>
> >> _______________________________________________
> >> dhcp-users mailing list
> >> dhcp-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/dhcp-users
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> 
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users


More information about the dhcp-users mailing list