DHCP Failover - initial Configuration

Philippe Maechler plcmaechler at gmail.com
Thu Aug 9 14:36:17 UTC 2018


Hi perl-list

Yes I already ran into the "issue" that the client can request a lease for
a certain time. Thats why we have

min-lease-time 3600;
default-lease-time 3600;
max-lease-time 3600;

set in our dhcpd.conf

It's good to know that we can set mclt and the lease-time to the same value
;)


On Thu, 9 Aug 2018 at 15:14, perl-list <perl-list at network1.net> wrote:

> That could be really bad.  MCLT only affects the behavior of the
> "secondary" failover peer when the "primary" isn't present and how long a
> "recover-wait" period lasts, as far as I know.  If you set your lease
> expiry time to 7200 and the length of your snooping/aging setup the same,
> that could work in most cases.  However, clients are in control of what
> lease time they want to use.  They can and do, at times, request different
> lease times than are offered by the DHCP server which could throw your
> snooping/aging system off.  All that said, I'd think you should set MCLT to
> the same as your lease length in this situation for maximum compatibility.
>
> ----- Original Message -----
> > From: "Philippe Maechler" <plcmaechler at gmail.com>
> > To: "Users of ISC DHCP" <dhcp-users at lists.isc.org>
> > Sent: Thursday, August 9, 2018 2:15:25 AM
> > Subject: Re: DHCP Failover - initial Configuration
>
> > Hello Simon, hello list
>
> > On Wed, 8 Aug 2018 at 19:24, Simon Hobson < [ mailto:
> dhcp1 at thehobsons.co.uk |
> > dhcp1 at thehobsons.co.uk ] > wrote:
>
> >> > Server restarts
> >>> Currently we restart the service every 5minutes if something changed.
> When we go
> >>> for failover, we should reload server one and if it synced to his
> partner, we
> >>> can reload the server two. How does server two know, that the server
> one is up
> >> > to date and everything is synced?
>
> >> After a restart it will take time for the servers to resync. You'll
> need to
> >> adapt your management system to hold off on restarts. Hopefully someone
> more
> >> familiar with failover will be along soon with more details, but from
> things
> >> said on here, there are some cases where the servers can take a while
> before
> >> they get back to fully normal operation.
>
> > Yes, I'm already testing a way for checking the server state before a
> reload.
> > The current idea is, that our reload script first checks via omapi the
> > failover-state from the other server. If the server is in ready and in
> sync, we
> > do the reload. otherwise we wait another few minutes. Since we already
> rely on
> > omapi for other things, this shouldn't be much magic :)
>
> > Something else you mentioned, mlct. On of our access system is doing
> something
> > like dhcp-snooping/dhcp-aging. When a client successfuly logs on with a
> DORA
> > sequence, the clients mac address is allowed to communicate for a given
> time.
> > unfortunately this time is hardcoded in the access system and not learnt
> from
> > the DORA sequence. If we have a lease time of 7200s but an mlct of 3600,
> > clients would first get a lease time of 1h and on a Request/Ackownlede a
> lease
> > time of 2h. Would that work if we set mlct==lease-time? What are the
> benedits
> > and drawbacks from such a configuration?
>
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20180809/07a38b93/attachment.html>


More information about the dhcp-users mailing list