Option 50 in failover mode

[Bob Proulx]

Simon Hobson wrote:
> Bob Proulx wrote:
> >When two dhcpd servers are configured in failover mode then it is
> >critical that you have enough IP address space in your pool that
> >either single server's pool is large enough for the entire network.
> 
> For the record, lest anyone believe this is universally true - it
> isn't. It is true if you want "hands off" handling of failures :

I feel confident saying that most people setting up two dhcpd servers
in a failover configuration will want it to have hands off handling of
failures.

> >At this point several people will jump in talking about putting the
> >single remaining server (after the other failed) into partner-down
> >mode in order to move allocatable ip space from the down server to the
> >remaining server.  That is all well and good but if you are available
> >to do that then you would also be available simply to repair the
> >failed server and get it back online.
> 
> Some people have scripted this - it can be automated.

It would need very careful handling.  Let me show one example.  What
if the problem is a network split due to a router down ending up with
one dhcpd online on the main network and the other dhcpd online along
with some number of clients on an isolated network.  The isc dhcpd
failover configuration will handle this situation okay.  But if either
or both were put into partner-down mode in that situation then it
would cause trouble when the network was joined back together and
un-split.  Because in partner-down the server may have assigned an
address to a client that was also in use on the other network.  I am
not saying it can't be done.  I am saying it would be easier just to
make sure each failover server had enough space in the pool to handle
the entire network without needing to worry about that case.

> Bear in mind that if you rely on each server having a separate pool
> capable of serving the network (which incidentally is NOT failover),
> then in the event of a server failing, all the clients using that
> server will get new addresses which may or may not cause problems.

Right.  But the original question asked specifically about operation
in the failover mode.  What you just described isn't failover mode.

> With failover, once you put a server into partner down state, it can
> handle the clients issued leases by the failed server without
> forcing clients to change addresses.

With failover properly configured and with one failed dhcpd server
offline then the remaining server can handle leases issued by the
failed server without forcing clients to change addresses without
putting the remaining server into partner-down mode.  If the pools are
large enough then partner-down mode isn't required.

Bob