On Tue, Oct 2, 2012 at 3:11 PM, Aaron Hall <aaron.h...@washburn.edu> wrote:
> We're considering ways to provide redundant DHCP to maintain service > should our (physical) server go down suddenly. We're using isc-dhcpd on > RHEL. One server handles all of campus, and it's not breaking a sweat. > > Our first thought was ISC's failover, but it doesn't seem well-suited > for us. We have a large and complex DHCP config (many subnets, many > static hosts), and failover doesn't keep the configs in sync. Further, > the config changes near-constantly during the day. Our wireless network > registration system (NetReg 1.3) stuffs new registrations into the DHCP > config (via an included file). We also have concerns about how > IP pool-sharing works, but that's secondary. > > How do other shops provide redundant DHCP service when the built-in > isc-dhcpd failover isn't appropriate? > > > We've planned a fairly hacky solution, but I really hope it's an > already-solved problem. Our plan is to: > > * Maintain the backup server as a hot-spare, with dhcpd configured but > not running. It won't run the registration software, just dhcpd to > maintain service to existing clients. > > * Whenever a registration event causes the master dhcpd to restart, copy > that config and the leases DB to the backup server. There's already a > cron job that checks every minute for new registrations and restarts > dhcpd if so; we'd hook into that. (The details of this are tricky -- > what happens, say, if the master server dies in the middle of a copy? > We can surmount that, but still.) > Have you considered backing the DHCP services with an LDAP database? This allows ldap replication of the database while keeping the DHCP servers closer to the edge nodes. The LDAP database can support multiple DHCP servers. The DHCP server can be configured to load the entire DHCP database that it is responsible for on startup or it can forward all requests to the ldapserver in real time. You can write scripts against the LDAP database to do updates and to get statistics. There are some down sides but they're probably not the ones you're thinking of: Connectivity to the LDAP server is not really an HA issue. If the link to the LDAP server is down, so is all other outbound network traffic from the served network segment. You could have a virtual interface on your primary LDAP server as the target of the DHCP servers. If that fails you could bring up the same virtual interface on the backup LDAP server. If your lease times are fairly short (on the order of an hour or two for mobile address ranges) then the max outage is kept low. > * Should the master server go down, we'd sanity-check the config on the > backup, and turn on dhcpd. This could be a manual or automatic > process. > > I'd be grateful for pointers to other ways, or comments on the above > scheme. > > Thanks, > Aaron > > -- > Aaron Hall <aaron.h...@washburn.edu> > Asst. Systems & Network Administrator > Washburn University ITS > 785-670-2305 > ______________________________**_________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-**bin/mailman/listinfo/tech<https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech> > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- ---- Mark Lamourine <markll...@gmail.com> Dad, Hubbie, Software Developer, System Administrator, Road Cyclist
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
