Nicolas Williams writes: > On Wed, Oct 22, 2008 at 04:25:48PM -0400, James Carlson wrote: > > Unfortunately, the server is not required to go along with the > > client's suggestion, so your alternative (if the server didn't agree) > > would be to just drop off the net anyway. > > But they generally do, yes?
That might be going a bit far. > > "Self-healing" makes sense if you can reconfigure yourself to deal > > with a failure. I don't think it makes as much sense if you keep > > trying something that's broken. Sometimes, a deterministic machine > > actually needs a deterministic fix. ;-} > > Self-healing was primarily about hardware faults, I know. I was not > arguing that we need a timebomb in case dhcpagent is buggy. Rather, I > was probing the extent of your discomfort with the system continuing to > use a leased address past lease expiration. I don't think we should do it intentionally as a matter of design, but I don't think that expecting an application to drop core or receive SIGKILL is a normal part of design. One possible way out of this mess would be to redesign the way we handle dhcpagent shutdown. Currently, the default is *not* to release addresses on shutdown. We save the lease in a file, and disable the interface. If you want us to release leases, you have to modify the /etc/default/dhcpagent configuration file. The theory behind this mechanism is that it allows us to shut down and reliably pick up an unexpired lease at next boot (by default), and can allow the comparatively rare (at the time all this was designed) mobile systems to select release instead. However, we could change this. Shutting down dhcpagent could simply return administrative control (and responsibility) to the system administrator. This means that (by default) we'd remove the IFF_DHCPRUNNING flag, but leave everything else in place. The rationale for this would be that an administrator could (if he wanted) configure any static IP address, including one "owned" by a DHCP server, if DHCP is not running. There's nothing to stop that, so continuing to use an address while no intentionally longer paying attention to the lease (by killing the agent) is equivalent. Doing that would allow us to remove the "-a" hack used by NFS and the new iSCSI hack. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
