using of DHCP Failover Protocol

sthaug at nethelp.no sthaug at nethelp.no
Wed Jul 30 16:01:20 UTC 2014 

> Infoblox told in 2007, that they have made significant improvements to
> ISC dhcpd regarding DHCPFO protocol (draft-ietf-dhc-failover-12).
> 
> You can read this here:
> http://www.lex.com.gr/downloads2/InfoBlox/SolutionNote_DHCP%20failover%20and%20Infoblox.pdf
> 
> * My first question is, did ISC fix this issues as well?

The PDF describes a server based on ISC 3.0.x - which is *very* old. I
would *not* consider running failover with anything that old!

That being said, here are some more specific comments on the points
made in the Infoblox PDF:

1. With the ISC DHCP server, there is no enforcement, synchronization,
or checking to ensure that peers have identical configurations.

This is true - you're responsible for ensuring that the servers in a
failover pair have the same config.

2. If the TCP connection between peers does not establish properly,
the failover peers can become locked in the COMMUNICATIONS-INTERRUPTED
state indefinitely.

Not a problem with newer versions of ISC DHCP. As I wrote in
https://lists.isc.org/pipermail/dhcp-users/2014-May/017911.html :

> There are very significant failover problems fixed in newer versions.
> You want *at least* 4.1.1, newer is better. We're running 4.2.5-P1 on
> a failover pair here, with great results.

3. Troubleshooting DHCP Failover can be time-consuming due to the lack
of diagnostic information available to administrators.

I believe the logging has been improved in newer versions. We haven't
found this to be much of a problem.

4. The ISC DHCP Failover implementation has not been optimized for
performance.

This may well be true - however, as long as dhcpd runs on servers with
a good disk subsystem, we have never felt this to be a problem. See
also the following message for some real performance numbers:

https://lists.isc.org/pipermail/dhcp-users/2014-February/017616.html

5. The ISC DHCP server does not permit simple manipulation of the
leases database.

Probably true, but at least for us this has not been a problem in
practice.

> * And can anyone recommend or has anyone bad experiences with this
> implementation?

Some of us run ISC DHCP in reasonably large failover configurations,
with great success.

Final words - as somebody else mentioned: *Test it* in your lab
(including various failure scenarios) before putting it into
production.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

More information about the dhcp-users mailing list