Maximum Time difference between DHCP primary and DHCP failover Server

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On 18/01/2021 09:33, Kraishak Mahtha wrote:
"The trick is finding the balance between DHCP lease renewal time,
failover time, and server load."

https://stevendiver.com/2020/02/21/isc-dhcp-failover-configuration/

HTH.
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Kraishak Mahtha <[hidden email]> wrote:

> What would be the maximum time difference that can be between a ISC  DHCP primary and failover server

AIUI, not a huge amount.

But I have to wonder at the question - do you have a problem with timekeeping ? NTP will typically keep clocks accurate to millisecond accuracy which is a few orders of magnitude better than is needed for failover.

Simon
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

The maximum skew is 60 seconds.

On 1/18/21 12:56 PM, Ed Daniel wrote:
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On 2021-01-19 05:41, Simon Hobson wrote:
Even if you are on an isolated network with no external access you could
set the two dhcp servers as NTP peers so they were synchronised to each
other.

regards,
Glenn
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi Simon

Thanks for Reply,

do you have a problem with timekeeping ? NTP will typically keep clocks
accurate to millisecond accuracy which is a few orders of magnitude better
than is needed for failover.
------->Actually I want add validation script so that for the given two
server address it can calculate the time difference and give me the results
for proceeding to add failover peer on not.
I checked in the ISC website documents but no where I can find what can be
the maximum time difference so I just want to know

Can you also please comment or share your experience if you have any, about
what could be the maximum network latency between the primary and failover
DHCP servers that does not impact the server performance

-Thanks in advance
 Kraishak





--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi Thomas,

Thanks for sharing information, Can you also please comment or share your
experience if you have any, about what could be the maximum network latency
between the primary and failover DHCP servers that does not impact the
server performance

Thanks in advance
Kraishak



--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

kraishak <[hidden email]> wrote:

> Actually I want add validation script so that for the given two
> server address it can calculate the time difference and give me the results
> for proceeding to add failover peer on not.

Fair enough - seems a reasonable check to do. But I have a suggestion for an alternative approach ...

> Can you also please comment or share your experience if you have any, about
> what could be the maximum network latency between the primary and failover
> DHCP servers that does not impact the server performance

I've not actually used failover, it's just not been appropriate to my needs. But given the answer you've been given of "anything within 60s is OK", I don't think you should have a problem.

I would tackle the issue from a different direction.
Put measures in place so that you can assume all your servers are time-synced, and have monitoring in place so you can see if any of them aren't. That way, you can assume DHCP failover will work (or at least, time won't be a reason for it to fail) as long as you don't have any alarms in place.

Obviously NTP is good for keeping everything in sync, that's a problem solved decades ago !
At my last job, I used Nagios to monitor all sorts of stuff. One of the things it can monitor is NTP status - raising alerts if the monitored server isn't synced with a source, or (from memory) if it's time differs from a configured source by more than a settable amount. Monitoring was something I made a big thing as I'd gone into an environment where even basics like time sync weren't being done, and monitoring was of the "phone rings because a customer sees a problem" style !

So with NTP working you don't have a time problem. With a monitoring system in place, you'll know if there's a problem with that working.
If your monitoring system has a green status page, time differences aren't a consideration for your DHCP deployment.


Simon

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

This is going to vary largely on site dynamics. The primary challenge to
failover performance, is that it is a synchronous protocol.  Servers are
supposed to wait until their peers acknowledge that a least update has
been received prior to sending the corresponding response (i.e. DHCPACK)
to the client.

In other words, this adds the round trip latency to the response time
for a given client's DHCPREQUEST.  If DHCPREQUESTs are coming in too
fast, the server will fall behind and clients will stop getting
responses. If you need as sustained 10 DORAs a second, then 250ms
round-trip latency between the peers is going to be a deal breaker.

I'm sure others on this list will have plenty to share on the subject.


On 1/19/21 6:38 AM, kraishak wrote:
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Excuse the typo "least update" should be "lease update"

On 1/19/21 8:03 AM, Thomas Markwalder wrote:
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi Simon,

Thanks for the information and suggested tools for monitoring the NTP

-Kraishak



--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi Thomas,

The primary challenge to failover performance, is that it is a synchronous
protocol.  Servers are
supposed to wait until their peers acknowledge that a least update has been
received prior to sending the corresponding response (i.e. DHCPACK)to the
client.

---> I have doubt about this topic, The dhcp failover protocol support lazy
update right?
server grants the leases for the client and updates the peer server after
client lease acknowledgment, This is how it can operate even if the peer
server is down, please correct if I am wrong

-Thanks
Kraishak

 



--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Sorry, not enough coffee before answering emails, please disregard.

On 1/19/21 8:38 AM, kraishak wrote:
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi Team,

Can any one please confirm the statement
1)The dhcp failover protocol supports lazy Update i.e Server grants the
leases for the client and updates the peer server after client lease
acknowledgment, please correct If I am wrong

2)And also can any one please comment or share your experience if you have
any, about what could be the maximum network latency between the primary and
failover DHCP servers that does not impact the
server performance


Thanks in advance




--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users