[email protected] wrote: > > Aside: note that I'll say because DHCP leases are persisistent, that > complicates things a little -- I try to address in these notes: > > * load-balancing / sharing with failover (in normal operation two (or > more, > iiuc) servers share the load, if one (and maybe more than one, as long as > there is one left) fails, the other server(s) take over the full load with a > possible cost in performance. Servers advise each other about the leases > they > open / create so that on failure of one server, the other has the information > about open leases which it needs to continue.
It halves the performance, but that's rarely much of a concern -- even big networks don't get *that* much DHCP traffic, and those that do generally handle DHCP locally. The problem with this implementation is that you, the sysadmin, need to decide ahead of time on a metric that the servers can use to identify which hosts they will normally handle, and which ones they will want the other servers to handle. > * hot-standby: one server does the job, but sends information about the > leases it opens / creates to a (hot) backup server so that if the "working" > server fails, the hot-standby has the information it needs to continue to do > the job Almost everyone wants this configuration. The exceptions are very very large and for some reason don't want to or can't subdivide the responsibilities to local servers. > * passive-backup: not completely clear to me at the moment, so I won't try > to describe In this mode, the primary does the job, sends the lease information to the backups, but does not listen for them to acknowledge. The backups will not automatically start themselves when the primary fails, so someone has to get one started as the new primary. > I'll also mention that there is a somewhat technical reason why they call > these modes "high-availability" instead of redundancy, which I did not > immediately grasp and didn't (and won't) bother to try to understand, at > least > atm. The term they are avoiding is "failover", which in this particular case means the official, known-to-not-work-or-be-too-complex-to-use DHCP failover protocol. None of these HA modes meet the usual definition of redundant, either, which just means that spare capacity to meet needs is always available on via systems which are unlikely to have the same event kill all of them. Rather, redundancy is a strategy that can help with HA. -dsr-
