Option 50 in failover mode

Simon Hobson dhcp1 at thehobsons.co.uk
Mon Nov 28 11:28:28 UTC 2011


Bob Proulx wrote:

>  > >At this point several people will jump in talking about putting the
>>  >single remaining server (after the other failed) into partner-down
>>  >mode in order to move allocatable ip space from the down server to the
>>  >remaining server.  That is all well and good but if you are available
>>  >to do that then you would also be available simply to repair the
>>  >failed server and get it back online.
>>
>>  Some people have scripted this - it can be automated.
>
>It would need very careful handling.  Let me show one example.  What
>if the problem is a network split due to a router down ending up with
>one dhcpd online on the main network and the other dhcpd online along
>with some number of clients on an isolated network.

Even more incidious are cases where you can have two servers in a 
failover pair, they cannot communicate with each other, but can both 
communicate with all the clients. There are several ways this can 
happen, 2 which come to mind are :
- The servers have an "out of band" connection through which they 
communicate which is separate from the server-client connectivity.
- There is a routing issue such that the servers cannot exchange 
packets, but they can still communicate with the clients.

I have seen a case similar to the latter (but not in a DHCP context) 
- due to a routing issue, I've seen it where a whole chunk of 
internet is not accessible from somewhere else (in the case I have in 
mind it was a client site not accessible from our site), but the 
office managing the network had full connectivity between their site 
and both the client's and our sites.
Not common, but does happen. It can also occur as a transitory effect 
as internet routing changes propagate.

Bob Proulx wrote:

>  > Given that ISC DHCP, until a very recent version, only supported
>>  "hands on" failover, my guess is that most failover configurations
>>  today are "hands on", i.e. no automatic setting of a failed server
>>  in "partner-down" state.
>
>I have personally been using "hands off" failover mode since 3.1.1
>from 2008.  It has been three years and it has been working very well
>for me.  The failover protocol was introduced in isc dhcpd version 3.0
>way back in 2000 sometime but since I didn't use it then I don't know
>how stable it was during that period.  I could believe it wasn't
>usable then.  But if you search the net you will find many howto
>documents such as this one http://www.madboa.com/geek/dhcp-failover/
>from 2005 where apparently at least some people were successfully
>using failover six years ago.
>
>I don't consider at least six years of working failover in the isc
>dhcpd very recent at all.  And I have had years of stability from it.

Yes, but unless you scripted handling of partner down state, then 
this wasn't what most people consider "hands off". I think this could 
well be just a difference of opinion about what the words mean.

As Glenn explained, until recently there was no option to 
automatically go into partner-down state because the ISC (correctly 
IMO) determined that they couldn't know anything about the networks 
on which people would be running the software. They figured that the 
only safe option was to leave it to the administrators of the servers 
and networks to work out what worked/was safe for them.

If you have a reasonable quantity of spare addresses then things will 
carry on reasonably well with one server down but it's partner not in 
partner-down state. But to get full functionality back requires 
either setting the new option, or manually putting (or scripting) the 
remaining server into partner-down mode.


-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.



More information about the dhcp-users mailing list