zero free leases

John Wobus jw354 at cornell.edu
Fri Jun 29 17:37:18 UTC 2007 

On Jun 28, 2007, at 11:47 PM, Koichi Mori wrote:

> Hello,
>
> "David W. Hankins" <David_Hankins at isc.org> wrote
> in article Re: zero free leases
> at Thu, 28 Jun 2007 12:58:09 -0700
>> The state change may not be getting acknowledged for many reasons;
>>
>> 1) Servers not communicating - not in 'normal' state.  Extended
>>   runtime even in communciations-interrupted state will not reclaim
>>   leases.
>
> I have some questions.
> Is it in specification of ISC DHCP server?
> Dose it work well DHCP?
> failover MUST 2 servers be working?
>
> I thought failover is duplicate system of DHCP.
> Usually duplicate system is still working when other side be down.
> #same as both systems are working.
>
> This specification means "If you use failover, ISC DHCP doesn't work
> well when a server to be down" dosen't it?
>
> I hope(need) failover work same as both server working when other
> side be down.
>
> -- 
> Koichi Mori

DHCP failover is designed to avoid at all costs making IP address 
allocation mistakes,
specifically, the mistake of two or more clients getting the same IP 
address at the
same time.  It will not serve a client rather than serve it with an IP 
address that its
peer might have served to some other client.  This is a fundamental 
limitation on
what peers can do to cover for each other.

DHCP failover does not determine whether the other server is running, 
and is
designed with the assumption that it might be, in which case the two 
servers could
each be serving addresses of which the other is not aware.
Furthermore, software cannot possibly know whether the other server
is running.  You provide the confidence that the other server is not 
running,
and tell a DHCP server instance to take over its peer's work.  You can 
choose to
script this, at which point you are making the determination of which 
tests
you will depend upon to assure the other server is not running.  ISC
and the software and the failover protocol are not making that decision 
for you.

DHCP failover does allow one server to continue serving clients even if
it is no longer communicating with its peer.  But there are limitations 
on
the service either individual server can provide for the reasons 
mentioned
above.  However, the DHCP failover protocol and the ISC server does 
give you
the means to design a DHCP service that meets your needs through single
server outages, if you provide it with sufficient resources (IP 
numbers) and
you configure it with that goal in mind.  In general, you must assure 
there are
enough free addresses that either server has enough for your client 
load,
and you must set the lease times to match your needs.

What these limitations prevent the failover protocol and ISC software
from doing is providing a service that makes full use of available IP
addresses even through server failures, simply by turning on failover 
in the
configuration, and with no intervention or server testing on your part.

John Wobus

More information about the dhcp-users mailing list