Switch from Single DHCP to Master-Slave DHCP setup

Steven Carr sjcarr at gmail.com
Tue Jul 30 07:04:43 UTC 2013

On 30 July 2013 01:14, Gregory Sloop <gregs at sloop.net> wrote:

> Time synchronization is *very* important too. Use NTP to make sure the
> master and slave are in very close sync time-wise. [I've heard greater
> than 60 seconds time skew between the two will cause huge issues. I'm
> not sure if that's the exact right value where problems start, but the
> gist is the same: Keep them time sync'd.]

Not sure on the exact tolerance with DHCP failover but as a general rule,
*every* device on my network will sync against a central NTP server.

> What steps would one take when you need to take one of the DHCP
> servers off-line for a while. [Hours to more than days?]
> [Looks like use omshell, and...]
> server someserver.fqdn
> key keyname secretkey
> connect
> new failover-state
> set name downservername
> local-state = 4
> update
> Does that look right?

So assuming it's DHCPD v4 then yes, set local-state to 4 to indicate that
the partner is down. But this really depends on your leases. If you have
short leases then when one of the peers is down hosts will start renewing
while the other system is down and get issued with leases that are valid
for the MCLT time you specified. So you probably will end up increasing
your DHCP traffic during the outage. Additionally you have to work out your
free IP addresses, the servers in a failover will always split the
remaining "free" pool addresses 50/50 so if you had 100 addresses in a
pool, 20 in use, each server would have 40 IP addresses allocated to
itself. When the secondary is down the primary will still only have it's 40
addresses, it cannot use the 40 addresses belonging to the secondary, only
when you put the primary into partner-down can it gain access to those
addresses. (The primary will happily renew any existing address leases
belonging to the secondary server but issue a lease with MCLT time only, if
it's a new client then it will use an address from it's own half of the
pool). So if you can live with the increase in traffic *and* have plenty of
free IP addresses available to the primary then you can leave it as it is.
If IP address numbers are tight or you don't want the extra traffic then
first shut down the DHCP service on the secondary server and then run the
omshell commands on the primary to set it into partner-down (DHCPD on the
secondary must not be running, as soon as it comes back up it will cancel
the partner-down and try to resync).

...And if so, how would one query for the current state?
> [Use "open" instead of "local-state = 4"?

Yep, open will return all of the locally configured variables.

> And related:
> What steps for having one of the DHCP servers fail and get replaced
> from a "from-scratch" new server. [Assume no backup of old
> server/lease-file etc.]
> ...From related discussions - it appears you can just (re-)configure a new
> peer and bring it up - and they'll sync up fine. [Ignore complications
> around DNS/DDNS/Master/Slave etc.]

Yeah this sounds right, the secondary server will be down so you can go
ahead and set the primary into partner down. Rebuild your secondary and
then when the DHCP configuration is back in place start up DHCPD and it
should start to resync automatically with the primary.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130730/45b9b262/attachment-0001.html>

More information about the dhcp-users mailing list