using of DHCP Failover Protocol
sthaug at nethelp.no
sthaug at nethelp.no
Wed Jul 30 16:01:20 UTC 2014
> Infoblox told in 2007, that they have made significant improvements to
> ISC dhcpd regarding DHCPFO protocol (draft-ietf-dhc-failover-12).
>
> You can read this here:
> http://www.lex.com.gr/downloads2/InfoBlox/SolutionNote_DHCP%20failover%20and%20Infoblox.pdf
>
> * My first question is, did ISC fix this issues as well?
The PDF describes a server based on ISC 3.0.x - which is *very* old. I
would *not* consider running failover with anything that old!
That being said, here are some more specific comments on the points
made in the Infoblox PDF:
1. With the ISC DHCP server, there is no enforcement, synchronization,
or checking to ensure that peers have identical configurations.
This is true - you're responsible for ensuring that the servers in a
failover pair have the same config.
2. If the TCP connection between peers does not establish properly,
the failover peers can become locked in the COMMUNICATIONS-INTERRUPTED
state indefinitely.
Not a problem with newer versions of ISC DHCP. As I wrote in
https://lists.isc.org/pipermail/dhcp-users/2014-May/017911.html :
> There are very significant failover problems fixed in newer versions.
> You want *at least* 4.1.1, newer is better. We're running 4.2.5-P1 on
> a failover pair here, with great results.
3. Troubleshooting DHCP Failover can be time-consuming due to the lack
of diagnostic information available to administrators.
I believe the logging has been improved in newer versions. We haven't
found this to be much of a problem.
4. The ISC DHCP Failover implementation has not been optimized for
performance.
This may well be true - however, as long as dhcpd runs on servers with
a good disk subsystem, we have never felt this to be a problem. See
also the following message for some real performance numbers:
https://lists.isc.org/pipermail/dhcp-users/2014-February/017616.html
5. The ISC DHCP server does not permit simple manipulation of the
leases database.
Probably true, but at least for us this has not been a problem in
practice.
> * And can anyone recommend or has anyone bad experiences with this
> implementation?
Some of us run ISC DHCP in reasonably large failover configurations,
with great success.
Final words - as somebody else mentioned: *Test it* in your lab
(including various failure scenarios) before putting it into
production.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the dhcp-users
mailing list