dhcp failover
Simon Hobson
dhcp1 at thehobsons.co.uk
Wed Jul 5 08:15:29 UTC 2006
Tony Aldo wrote:
>Hi, I have a 2 node cluster using the Linux HA project.
>I am not using any of DHCP's built in failover features but instead have
>linux ha manage dhcp by keeping one node running dhcp at a time.
>My question is, how bad is it not to mirror the leases databases between the
>two servers?
Potentially very bad !
Simple scenario :
You primary server fails, secondary is brought into use.
Secondary has no lease database.
New client* connects to network, address is allocated from 'free' pool.
Server pings address, but gets no reply because loads of stuff these
days have firewalls that block pings.
Server offers address to client which accepts it.
You now have two devices with the same IP address.
It's up to you whether it's a problem or not to have a high
probability of issuing duplicate addresses - personally I'd say
that's a BIG problem.
* This applies to any client that doesn't already think it has an
address on this subnet :
- it's never been connected to the network before
- it's last been on a different network
- it doesn't have non-volatile storage & clock so can't remember
lease info across power cycles
- it releases it's lease on shutdown (Macs do this)
If a client already has an address on this subnet, then it will
typically request the same address later. In this case it doesn't
matter too much as the server will give it the same address if it's
free and so populate it's database.
You will almost certainly have problems with DDNS. When you lose your
lease database, you lose all records of dns entries you've created -
so nothing will get removed when leases expire. Since the server is
now different, I think it will generate a different hash for the
'security key' and you will have failures because the new server
can't update/replace existing dns entries.
That enough problems for you ?
Simon
More information about the dhcp-users
mailing list