Home page logo
/

nanog logo nanog mailing list archives

Re: Does anyone use anycast DHCP service?
From: Ryan Malayter <malayter () gmail com>
Date: Mon, 13 Aug 2012 08:54:09 -0500

From: Leo Bicknell <bicknell () ufp org>
Assuming your DHCP servers are properly clustered, simply have your
routers relay all requests to both servers.  Here's instructions
on setting up ISC DHCPD for redundant (pooled) servers:
http://www.madboa.com/geek/dhcp-failover/
..
Works great, no single point of failure, no anycast.

It may very well work *most* of the time, or during controlled
failover, but it looks pretty creaky to me. Some thoughts:

1) No third-party "witness" service for the cluster, making
split-brain scenarios a very real possibility.

2) Multi-master databases are quite challenging in practice. This one
appears to rely on timestamps from the system clock for conflict
detection, which has been shown to be unreliable time and again in the
application space.

3) There are single points of failure. You've traded hardware as a
single point of failure for "bug-free implementation of clustering
code on both DHCP servers" as a single point of failure. In general,
software is far less reliable than hardware.

I think it would be far more reliable to simply have two independent
DHCP servers with mutually exclusive address ranges, and have one
system be secondary and "delay" its responses by 2s so it always
"loses" when the primary is up and running well.

Yes, you lose the ability for clients to get the same IP during a
lease refresh if the primary is down, but that is a small price to pay
for simplicity and robustness.

-- 
RPM


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]