Réf. : Re: failover or vrrp

JVNC04 Yahoo jvnc04 at yahoo.fr
Wed May 31 07:57:10 UTC 2006 

for your solution (both), should dhcpd.conf be same on both server ?
 
what about linux vrrp (vrrpd) ?
 
Thanks
 
Jacques
 
-------Message original-------
 
De : Simon Hobson
Date : 05/31/06 18:23:30
A : dhcp-users at isc.org
Sujet : Re: failover or vrrp
 
JVNC04 Yahoo wrote:
>Someone can tell me what will the best topology choise for DHCP server
>security:
>vrrp or failover ?
 
Neither, best is option 3 :
 
A careful network design and implementation making the choices
(compromises) that fit YOUR network requirements !
 
 
More seriously, they are different technologies designed to solve
different problems.
 
VRRP is a router failover protocol, designed to allow a router to
fail and the backup to pick up the load. It will protect you (in a
well designed network) from a single router failure - but it will NOT
protect you from a DHCP server failure.
 
DHCP Failover will protect you from a server failure, but gives you
no protection from a router (or link) failure.
 
 
For maximum protection you might choose to use both. Configure both
routers as relay agents, forwarding to both dhcp servers. This will
multiply the broadcast traffic up fourfold, but that is unlikely to
be a problem* - each server will get two copies of each broadcast
request.
 
One thing to be careful of is if one of your links is a dialup (I've
used ISDN dial-on-demand very effectively as a backup link). Your
backup router will pickup dhcp client broadcasts, and if you don't
take care with the routing tables it may well squirt them down the
backup link - bringing you a surprise on the next phone bill. I think
I dealt with this by using dynamic routing (EIGRP as I was using
Cisco kit), and setting the cost metric on the backup link such that
traffic from the backup router would be passed via the primary
router/link as long as the primary link and router were up.
 
Simon
 
* There was at one time a reported problem where a server (in
failover config) got two duplicate requests close together (such as
from two different relay agents). I can't remember what the effect
was or whether it's been fixed.

More information about the dhcp-users mailing list