注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

红烧鱼

linux & windows management

 
 
 

日志

 
 
关于我
mac

专注IT基础架构设计与运维。 欢迎给我留言,或邮件沟通zjwsk@163.com

网易考拉推荐

Setting Up DHCP Failover: A Basic Overview  

2012-06-14 23:19:27|  分类: Linux |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

https://deepthought.isc.org/article/AA-00502/31/A-Basic-Guide-to-Configuring-DHCP-Failover.html

http://www.madboa.com/geek/dhcp-failover/

Many of the syntax options presented here are explained in more detain in the dhcpd.conf man page distributed with dhcp. It is recommended that you consult that document for specifics once you have grasped the basic steps involved.

1)  Select your servers.  Choose one to be primary, the other to be secondary.  Different versions of ISC dhcpd may implement failover differently.  To avoid problems, use the same version (or as close as possible) on both machines of a failover pair.
2)  Ensure that clocks are closely synchronized.  DHCP is a time-sensitive protocol and clock skew can cause problems.
3)  Identify the networks and address pools that will be served.
4)  Identify other network elements that will have to be aware of both servers.  Configure DHCP relays to relay forwarded discovers and requests to both servers.  Ensure that firewalls and filters allow DHCP traffic, OMAPI control channel traffic, and failover protocol messages to reach your servers.
5)  Add declaration blocks for the failover peers to the configuration files on the primary:

       failover peer "failover-partner" {
         primary;
         address dhcp-primary.example.com;
         port 519;
         peer address dhcp-secondary.example.com;
         peer port 520;
         max‐response‐delay 60;
         max‐unacked‐updates 10;
         mclt 3600;
         split 128;
         load balance max seconds 3;
       }

..and secondary:

       failover peer "failover-partner" {
         secondary;
         address dhcp-secondary.example.com;
         port 520;
         peer address dhcp-primary.example.com;
         peer port 519;
         max‐response‐delay 60;
         max‐unacked‐updates 10;
         load balance max seconds 3;
       }

The paramater mclt (Maximum Client Lead Time) must be defined on the primary.  It must NOT be defined on the secondary.  "split" (or its alternate, "hba") is another parameter that should be defined on the primary and omitted from the configuration on the secondary.  For further information on these configuration parameters see the dhcpd.conf man page.

6)  Add peer references to each subnet / pool for which you want to do failover.  e.g.:

subnet 10.100.100.0 netmask 255.255.255.0 {
   option domain-name-servers 10.0.0.53;
   option routers 10.100.100.1;
             pool{
                   failover peer "failover-partner";
                   range 10.100.100.20 10.100.100.254;
                   host laser_printer {
                        hardware ethernet 00:de:ad:be:ef:01;
                        fixed-address 10.100.100.252;
                   }
             }
}

7)  Configure OMAPI and define a secret key.

# insert this (with your own key text substituted) into dhcpd.conf on primary and secondary..

omapi-port 7911;
omapi-key omapi_key;

key omapi_key {
     algorithm hmac-md5;
     secret Ofakekeyfakekeyfakekey==;
}

Key Generation Hint

You can generate good random OMAPI keys using the dnssec-keygen utility, distributed with BIND.

e.g.:  dnssec‐keygen ‐a HMAC‐MD5 ‐b 512 ‐n USER DHCP_OMAPI

8)  Restart the servers to apply your configuration changes.
9)  Test.   If OMAPI is working properly you can test failover by putting a server into shutdown.
10)  Put all servers back into operation.  You're good to go.

? 2001-2012 Internet Systems Consortium


--------------------------

Synchronous Disk Writes and DHCP Performance Limitations

Problem:

DHCP performance can be limited by disk I/O.  Every lease issued by the DHCP server (every DHCP ACK) incurs a write to the dhcpd.leases file.  Messages sent to syslog are generally written at some point to a system log file. Modern I/O devices vary considerably in their performance characteristics but in general writes to a file system stored on a traditional hard disk are extremely slow compared to other operations performed by the server and may create a bottleneck which will affect your DHCP server's performance.

Solutions:

Here are some tips to help you speed performance on an I/O bound server:

  • Although every lease needs to be written to disk, you may be able to realize performance increases by changing the configuration parameters for"delayed-ack" and "max-ack-delay", causing the DHCP server to batch-write leases to disk, eliminating costly fsyncs.
  • If you have the option to do so, moving the leases file to an SSD or other high-performance, low latency storage system can dramatically speed lease writes and reduce blocking.
  • If you are using DDNS in conjunction with DHCP, you may see better performance using ISC dhcpd 4.2 or later, as dynamic DNS updates are performed asynchronously starting in 4.2.
  • Be aware that not all versions of syslog behave identically. In particular some (not all) Linux implementations (and possibly on other OS platforms as well) default to synchronous writes. If your default syslog is causing you problems there are many alternative open software versions available with which you can replace it.
If you are still experiencing I/O limitations after trying the previous suggestions, other approaches you can take to achieve greater performance include adjusting the lease time upwards to reduce the frequency of renewals and configuring parallel servers and dividing the address space served by them into separate pools.

------------------------------

How do I resychronize a failover pair?

There are various reasons for wanting to resynchronize a failover pair of DHCP servers.  These include

  • Hardware failure - one server is offline for a long time while it is replaced
  • Configuration error (changes or migrations) causing issues such as both servers believing that they are the primary for one or more address ranges
  • Migration

If the requirement is (for whatever reason) to manually trigger a  re-synchronization, then assuming that the primary server is correct, on the secondary (or vice versa):

  1. Stop dhcpd
  2. Delete the leases file
  3. Restart dhcpd.
This will cause the secondary to refresh the leases file entirely from the primary.  (This is sometimes called "faulting the database".)

-------------
http://www.cisco.com/en/US/docs/net_mgmt/network_registrar/6.1/user/guide/16Failov.html
  评论这张
 
阅读(566)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017