<div dir="ltr">On 30 July 2013 01:14, Gregory Sloop <span dir="ltr"><<a href="mailto:gregs@sloop.net" target="_blank">gregs@sloop.net</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Time synchronization is *very* important too. Use NTP to make sure the<br>
master and slave are in very close sync time-wise. [I've heard greater<br>
than 60 seconds time skew between the two will cause huge issues. I'm<br>
not sure if that's the exact right value where problems start, but the<br>
gist is the same: Keep them time sync'd.]<br></blockquote><div><br></div><div>Not sure on the exact tolerance with DHCP failover but as a general rule, *every* device on my network will sync against a central NTP server.<br>
</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
What steps would one take when you need to take one of the DHCP<br>
servers off-line for a while. [Hours to more than days?]<br>
<br>
[Looks like use omshell, and...]<br>
<br>
server someserver.fqdn<br>
key keyname secretkey<br>
connect<br>
new failover-state<br>
set name downservername<br>
local-state = 4<br>
update<br>
<br>
Does that look right?<br></blockquote><div><br></div><div>So assuming it's DHCPD v4 then yes, set local-state to 4 to indicate that the partner is down. But this really depends on your leases. If you have short leases then when one of the peers is down hosts will start renewing while the other system is down and get issued with leases that are valid for the MCLT time you specified. So you probably will end up increasing your DHCP traffic during the outage. Additionally you have to work out your free IP addresses, the servers in a failover will always split the remaining "free" pool addresses 50/50 so if you had 100 addresses in a pool, 20 in use, each server would have 40 IP addresses allocated to itself. When the secondary is down the primary will still only have it's 40 addresses, it cannot use the 40 addresses belonging to the secondary, only when you put the primary into partner-down can it gain access to those addresses. (The primary will happily renew any existing address leases belonging to the secondary server but issue a lease with MCLT time only, if it's a new client then it will use an address from it's own half of the pool). So if you can live with the increase in traffic *and* have plenty of free IP addresses available to the primary then you can leave it as it is. If IP address numbers are tight or you don't want the extra traffic then first shut down the DHCP service on the secondary server and then run the omshell commands on the primary to set it into partner-down (DHCPD on the secondary must not be running, as soon as it comes back up it will cancel the partner-down and try to resync).<br>
<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
...And if so, how would one query for the current state?<br>
[Use "open" instead of "local-state = 4"?<br>
</blockquote><div><br></div><div>Yep, open will return all of the locally configured variables.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
And related:<br>
What steps for having one of the DHCP servers fail and get replaced<br>
from a "from-scratch" new server. [Assume no backup of old<br>
server/lease-file etc.]<br>
<br>
...From related discussions - it appears you can just (re-)configure a new<br>
peer and bring it up - and they'll sync up fine. [Ignore complications<br>
around DNS/DDNS/Master/Slave etc.]<span class=""><font color="#888888"><br></font></span></blockquote><div><br><div>Yeah this sounds right, the secondary server will be down so you can go ahead and set the
primary into partner down. Rebuild your secondary and then when the DHCP
configuration is back in place start up DHCPD and it should start to
resync automatically with the primary.<br><br></div><div>Steve</div></div></div></div></div>