dhcp failover

[Simon Hobson]

Tony Aldo wrote:

>Hi, I have a 2 node cluster using the Linux HA project.
>I am not using any of DHCP's built in failover features but instead have
>linux ha manage dhcp by keeping one node running dhcp at a time.
>My question is, how bad is it not to mirror the leases databases between the
>two servers?

Potentially very bad !

Simple scenario :
You primary server fails, secondary is brought into use.
Secondary has no lease database.
New client* connects to network, address is allocated from 'free' pool.
Server pings address, but gets no reply because loads of stuff these 
days have firewalls that block pings.
Server offers address to client which accepts it.
You now have two devices with the same IP address.

It's up to you whether it's a problem or not to have a high 
probability of issuing duplicate addresses - personally I'd say 
that's a BIG problem.


* This applies to any client that doesn't already think it has an 
address on this subnet :
- it's never been connected to the network before
- it's last been on a different network
- it doesn't have non-volatile storage & clock so can't remember 
lease info across power cycles
- it releases it's lease on shutdown (Macs do this)


If a client already has an address on this subnet, then it will 
typically request the same address later. In this case it doesn't 
matter too much as the server will give it the same address if it's 
free and so populate it's database.


You will almost certainly have problems with DDNS. When you lose your 
lease database, you lose all records of dns entries you've created - 
so nothing will get removed when leases expire. Since the server is 
now different, I think it will generate a different hash for the 
'security key' and you will have failures because the new server 
can't update/replace existing dns entries.


That enough problems for you ?

Simon