DHCP Redundancy

Simon Hobson dhcp1 at thehobsons.co.uk
Mon Nov 29 15:30:46 UTC 2010 

Nathan McDavit-Van Fleet wrote:
>  > Be warned that only HALF of the address space is "automatically" taken
>>  over by the surviving DHCP process (assuming the failover team consists
>>  of 2 servers) :
>>  "If one server fails, the other server will continue to renew leases
>>  out of the pool, and will allocate new addresses out of the roughly
>>  half of available addresses that it had when communications with the
>>  other server were lost. "
>
>Is this true? Doesn't this make the fail-over rather limited then? I imagine
>on a high churn network it wouldn't take long before the server is no longer
>able to supply enough IP addresses to clients (having only legacy clients on
>the other half).

Yes, it's (sort of) true **without admin intervention**. During 
normal ops, the two servers will share any free addresses evenly 
between them - so they will each 'own' about half of the free 
addresses.

That does not mean they own half of all the leased addresses since 
it's quite possible to have all the clients using just one server. 
You could configure one server to not answer immediately, and so 
clients will normally get their leases from the other one.
Also, if one server is 'closer' in network terms to most of the 
clients, then that will tend to be favoured. An example of that would 
be if you run a failover pair with one at a central location and 
another on-site in a satellite office. Clients in the satellite 
office will almost always get a reply from the local server long 
before the packets have gone back and forth across the WAN link to 
the central server.

If one server fails, the other will go into communications 
interrupted mode. It cannot know that the other server is actually 
down* and so it will NOT give out any addresses owned by it's peer. 
However, once the admin tells it that the other machine is actually 
down then the remaining server WILL process the full address space on 
it's own - and operation will be more or less the same as with the 
failover pair operating.

* There are many topplogies where two servers can be implemented. It 
is far from impossible to get a situation where the two servers are 
unable to talk to each other, but are still able to talk to clients. 
So the servers cannot assume that just because they can't talk to 
each other, that they can safely assume the other one can't talk to 
clients.

On the other hand, if you do wish to do that, it is not hard to knock 
up a script to detect a server in comms interrupted mode and put it 
into partner down mode. If you decide to do that, then it is your 
decision based on your priorities and knowledge of your network.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

More information about the dhcp-users mailing list