Dhcp Failover behind load balancers

Glenn Satchell Glenn.Satchell at uniq.com.au
Sat May 13 13:49:43 UTC 2006


>Date: Sat, 13 May 2006 09:32:32 -0400
>From: anthony <acqant at optonline.net>
>To: dhcp-users at isc.org
>Subject: Re: Dhcp Failover behind load balancers
>
>Glenn Satchell wrote:
>>> Date: Fri, 12 May 2006 13:00:00 -0400
>>> From: anthony <acqant at optonline.net>
>>> To: dhcp-users at isc.org
>>> Subject: Dhcp Failover behind load balancers
>>>
>>> I'm running DHCP failover on two servers behind a load balancer.  I have
>>> 15 remote sites forwarding the dhcp requests to the virtual ip and they
>>> get sent to only one of the two dhcp servers at a time.
>>>
>>> For awhile it looked like if a request came to one server it would
>>> forward it to the other.
>>>
>>> Now for some reason I have a pool out of wack and the "peer holds all
>>> leases" error.
>>>
>>> I have two questions:
>>>
>>> 1) Do I need to send the dhcp traffic to both servers behind the load
>>> balancers?
>>> 	vip 10.0.0.1 ---> goes to primary, secondary hot spare
>>> 	vip 10.0.0.2 ---> goes to secondary, primary hot spare
>>> 	ip address helper 10.0.0.1,10.0.0.2
>>>
>>> 2) I'm running the rpm package from Fedora Core3.  I think I need to
>>> upgrade to at least 3.0.3.
>> 
>> If you're running dhcpd in failover mode then you don't really need the
>> load balancer.
>> 
>> dhcpd failover is a load sharing setup, ie the two dhcp servers
>> essentially split the pool of available addresses between them and
>> notify the other server when they issue a lease or a lease expires.
>> 
>> Both need to receive the broadcast DHCPDISCOVER messages and both need
>> to receive the renewal requests which are unicast back to the dhcp
>> server that issued the lease.
>> 
>> So your pools are out of wack because only one dhcp server has been
>> receiving the client data.
>> 
>> If you want to use a load balancer then you should configure dhcpd to
>> not use failover and then use some other means to copy the dhcpd.leases
>> file to the other server periodically (say every couple of minutes or
>> so).
>> 
>> regards,
>> -glenn
>> 
>> 
>> 
>
>If you remove the load balancer part how do the two servers get unicast
>renewals?  Once the client ACK's the offer and has the ip address of the
>server that issued it it doesn't broadcast again til much later, correct?

They don't. The client unicasts back to the server that allocated it's
lease. In simple terms if this message goes to the other server then it
can't renew that lease beacuse the other server owns it.

So the problem here is that if pne server goes down, then the clients
(apporximately 50%) will not be able to renew their lease. So they
eventually expire, then go back tobroadcasting a DHCPDISCOVER and the
other server hands out an IP address for them. This assumes that the
remaining server has enough spare IP addresses to handle all the other
clients.

Usually, this will be ok for a short time, ie a fractional period of
the default lease time. For extended outages (ie a period close to or
more than the default lease time) then the remaining server needs to be
switched to PARTNER-DOWN mode. In this mode it will renew leases for
all IP addresses. Because the two dhcp servers communicate lease
updateinformation it will know about all the leases the other server
allocated.

There have been some simple scripts published on the list that detect
the failure of the other dhcp server and switch to partner down mode.
The dhcp server does not do this automatically by itself, although a
few have seen this as a desirable option.

>I guess at this point it's a decision of which is more reliable.  Use
>the load balancer to remove the load balancing features or copy the
>lease files.  I'd hate to dedicate two servers outside of the load
>balance farm since so many other services fit behind them.

Yes this is the precise problem - your call as to which way you want to go.
 
>Thanks.
>
>
>It turns out my secondard had a pool that the primary did not so that
>was the out of wack part.  I think what's happening now is the client
>just keeps DISCOVERing until it hits the server based on the mac hash.
>
>If I use two ip's and dedicate a server each to them on the load
>balancer and add them both to the ip help-address they both will then
>see the DISCOVER.
>
The method suggested most often to avoid mismatching configurations is
to use the same dhcpd.conf file on both servers. Edit one, then copy it
to the other server. Unfortunately with failover there are some
configuration settings that need to be unique, but this can be achieved
by putting these definitions in a separate file and using the "include"
statement to load it in from the dhcpd.conf.

regards,
-glenn



More information about the dhcp-users mailing list