DHCP Redundancy

Matt Jenkins matt at smarterbroadband.net
Tue Nov 30 09:32:47 UTC 2010


So is it possible to maintain a central or distributed leases file for 
multiple (unknown quantity) of servers?

I ask because I am working on a design to change over all of my wireless 
clients to dhcp. With the wide spread nature of the network, ALL 
services are distributed so that any single point can fail and 
everything else stays active. This assumes that the point of failure 
will never recover. The system MUST be able to handle this 
automatically. I definitely do not have 2x the address space as others 
suggested. I kind of assumed that the dhcp servers maintained 
synchronised information regarding leases.

I estimate the need for 17 dhcp servers (right now) distributed across 
the system handling multiple /18's (in total) of address space. Can this 
be handled?



On 11/29/2010 07:53 PM, Glenn Satchell wrote:
>> Nathan McDavit-Van Fleet wrote:
>>>   >  Be warned that only HALF of the address space is "automatically"
>>> taken
>>>>   over by the surviving DHCP process (assuming the failover team
>>>> consists
>>>>   of 2 servers) :
>>>>   "If one server fails, the other server will continue to renew leases
>>>>   out of the pool, and will allocate new addresses out of the roughly
>>>>   half of available addresses that it had when communications with the
>>>>   other server were lost. "
>>> Is this true? Doesn't this make the fail-over rather limited then? I
>>> imagine
>>> on a high churn network it wouldn't take long before the server is no
>>> longer
>>> able to supply enough IP addresses to clients (having only legacy clients
>>> on
>>> the other half).
>> Yes, it's (sort of) true **without admin intervention**. During
>> normal ops, the two servers will share any free addresses evenly
>> between them - so they will each 'own' about half of the free
>> addresses.
>>
>> That does not mean they own half of all the leased addresses since
>> it's quite possible to have all the clients using just one server.
>> You could configure one server to not answer immediately, and so
>> clients will normally get their leases from the other one.
>> Also, if one server is 'closer' in network terms to most of the
>> clients, then that will tend to be favoured. An example of that would
>> be if you run a failover pair with one at a central location and
>> another on-site in a satellite office. Clients in the satellite
>> office will almost always get a reply from the local server long
>> before the packets have gone back and forth across the WAN link to
>> the central server.
>>
>> If one server fails, the other will go into communications
>> interrupted mode. It cannot know that the other server is actually
>> down* and so it will NOT give out any addresses owned by it's peer.
>> However, once the admin tells it that the other machine is actually
>> down then the remaining server WILL process the full address space on
>> it's own - and operation will be more or less the same as with the
>> failover pair operating.
>>
>> * There are many topplogies where two servers can be implemented. It
>> is far from impossible to get a situation where the two servers are
>> unable to talk to each other, but are still able to talk to clients.
>> So the servers cannot assume that just because they can't talk to
>> each other, that they can safely assume the other one can't talk to
>> clients.
>>
>> On the other hand, if you do wish to do that, it is not hard to knock
>> up a script to detect a server in comms interrupted mode and put it
>> into partner down mode. If you decide to do that, then it is your
>> decision based on your priorities and knowledge of your network.
>>
>> --
>> Simon Hobson
>>
> Remember though, that just because a dhcp server is down the clients don't
> lose their addresses immediately. It is only when the lease expires, or a
> client boots without a lease that it won't get one from the server. The
> servers continually balance the available leases so that they are split
> 50/50 between the servers. This is because you can't tell which server may
> fail, so it is fairest if they have an equal number potentially available
> to them.
>
> The worst case is where you have short lease times and high churn rates.
> If you have long lease times (ie greater than the likely length of an
> outage) then it's not so much of a problem. There is an inteface using
> OMAPI where you can put the surviving server in partner-down mode. This
> allows it to allocate leases from the full range of IPs.
>
> regards,
> -glenn
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users



More information about the dhcp-users mailing list