Looking for a book that describes highly available DHCP setups
Hi, I'm looking for a book that explains reliable and manageable DHCP setups. In particular, it should cover installations with failover and load balancing configurations of dhcpd. Both static and dynamic addressing is used. In addition, an explanation how to integrate and manage an LDAP backend would be nice; maintaining the shared configuration in a text file would probably be too error-prone. On my SUSE system, I found the IETF drafts and some example configurations. I did not found any more documentation. I searched on O'Reilly's Safari for DHCP books, but found none that covers DHCP failover. (I was astonished that ORA published a book on DHCP for Windows, but not one for Unix/Linux. It got a sad world to live in when there are more relevant Windows than Unix ORA books.) Can anybody on this list recommend a book or an online reference for that topic on me. I have understood the basic technology, and I am interested in how-to reports that gives operational tips for enterprise-class installations and explains common pitfalls and how to avoid them. Thanks in advance for any answer, Joachim PS: For relevance to this list: It should work on SUSE 10.0. But since the dhcpd has been version 3.0.x since at least 8.1, the SUSE version probably won't matter. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany
Joachim Schrod wrote:
I'm looking for a book that explains reliable and manageable DHCP setups. In particular, it should cover installations with failover and load balancing configurations of dhcpd. Both static and dynamic addressing is used.
Hi Joachim, a simple Linux-HA setup with heartbeat and drbd is really all you need. Yes, there's a little delay in starting the slave DHCP server when the master dies, but that hardly matters for DHCP?
Can anybody on this list recommend a book or an online reference for that topic on me. I have understood the basic technology, and I am interested in how-to reports that gives operational tips for enterprise-class installations and explains common pitfalls and how to avoid them.
I don't have any book/howto recommendations, sorry - but there's plenty of information on linux-ha; google will help you. /Per Jessen, Zürich -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.
Per Jessen wrote:
Joachim Schrod wrote:
I'm looking for a book that explains reliable and manageable DHCP setups. In particular, it should cover installations with failover and load balancing configurations of dhcpd. Both static and dynamic addressing is used.
a simple Linux-HA setup with heartbeat and drbd is really all you need. Yes, there's a little delay in starting the slave DHCP server when the master dies, but that hardly matters for DHCP?
dhcpd has clustering capability included, I want to use that capability. Linux-HA is not sufficient, as this doesn't synchronize the DHCP leases between the clustering nodes. I.e., in the case of failovers the new node would not know about leases of the previous node any more. Usage of ISC dhcpd's failover capabilities avoids that problem. As I wrote, I know about the technology already. I am interested in in-depth treatment of pitfalls and strategies for implementation, in the stuff that's not elaborated in product manuals and IETF RFC drafts. Cheers, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany
Joachim Schrod wrote:
dhcpd has clustering capability included, I want to use that capability.
Ah, I wasn't aware of that.
Linux-HA is not sufficient, as this doesn't synchronize the DHCP leases between the clustering nodes. I.e., in the case of failovers the new node would not know about leases of the previous node any more. Usage of ISC dhcpd's failover capabilities avoids that problem.
Actually, that's where drbd comes in. It's essentially a RAID1 over the network.
As I wrote, I know about the technology already. I am interested in in-depth treatment of pitfalls and strategies for implementation, in the stuff that's not elaborated in product manuals and IETF RFC drafts.
Sorry, like I said I wasn't even aware of the clustering abilities of dhcp - we simply use Linux-HA, which does the trick. /Per Jessen, Zürich -- http://www.spamchek.ch/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.
Per Jessen wrote:
Joachim Schrod wrote:
Linux-HA is not sufficient, as this doesn't synchronize the DHCP leases between the clustering nodes.
Actually, that's where drbd comes in. It's essentially a RAID1 over the network.
Did you have failovers and they were successful? I thought that dhcpd keeps its state information in memory (at least partly) and that therefore drdb is not sufficient. I'm going to look that up, if all state is on disk Linux-HA might really be a possibility. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany
Joachim Schrod wrote:
Actually, that's where drbd comes in. It's essentially a RAID1 over the network.
Did you have failovers and they were successful?
I tested failovers in the lab and it worked fine. I didn't have any "real" failovers as we decided there was no need for a HA DHCP setup.
I thought that dhcpd keeps its state information in memory (at least partly) and that therefore drdb is not sufficient. I'm going to look that up, if all state is on disk Linux-HA might really be a possibility.
To be honest, I don't know - but I would have thought that changes in leases are written to disk immediately. DHCP is not exactly a heavily loaded daemon, so not much reason for buffering a lot. AFAICS, the only state information you need is the list of currently active leases? /Per Jessen, Zürich -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.
On Fri, 2005-12-30 at 12:17 +0100, Joachim Schrod wrote:
Hi,
I'm looking for a book that explains reliable and manageable DHCP setups. In particular, it should cover installations with failover and load balancing configurations of dhcpd. Both static and dynamic addressing is used.
Load balancing? I worked for a company that had over 500 users with over 400 PC's using DHCP in 60 different offices around the country and never had a load problem running a single DHCP server on a 1.5Ghz Intel Celeron. As far as "highly available" the server is either available or you have network issues preventing it from being available.
In addition, an explanation how to integrate and manage an LDAP backend would be nice; maintaining the shared configuration in a text file would probably be too error-prone.
On my SUSE system, I found the IETF drafts and some example configurations. I did not found any more documentation. I searched on O'Reilly's Safari for DHCP books, but found none that covers DHCP failover.
Search again or give them a call as they are there. http://www.onlamp.com/pub/a/bsd/2003/05/01/FreeBSD_Basics.html is just one of several links to configuring a DHCP server available. Also have you tried Google? Found this http://www.madboa.com/geek/dhcp-failover/ using "dhcp failover" linux as the search criteria. Setting up a cluster is another option. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
Hi Joachim, You might also want to try http://www.nerdbooks.com. I've had good luck with them in the past. regards, - Carl
Carl Hartung wrote:
You might also want to try http://www.nerdbooks.com. I've had good luck with them in the past.
Thanks, Carl -- great site that I haven't known before. I'll give some books that I found there a second look. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany
Ken Schneider wrote:
On Fri, 2005-12-30 at 12:17 +0100, Joachim Schrod wrote:
Hi,
I'm looking for a book that explains reliable and manageable DHCP setups. In particular, it should cover installations with failover and load balancing configurations of dhcpd. Both static and dynamic addressing is used.
Load balancing?
Load balancing is a keyword for those who know ISC's dhcpd, to tell them what I want. Namely, to use dhcpd's active/active clustering capability. Sorry if I didn't make that clear enough.
As far as "highly available" the server is either available or you have network issues preventing it from being available.
Or the server is down due to some hardware failure, software failure, kernel crash, human error, or application software error. In all these cases, a second server shall take over the DHCP service. Without such a second server, all clients would not work any more after the lease expired. This is meant with "high availability": Continuation of the DHCP service in the case of server outages. Btw, for my situation "high availability" is very clearly defined: I want to realize an SLA of 99.99% (measured yearly in a 24x6 operation) for my DHCP service; i.e., a maximum outage time of 45 minutes per year during operational hours for minor outages. Server hardware errors are to be considered minor outages. My company network is already highly available, we have realized
99.999% for the last five years (no worms and no STP loops either ;-).
I searched on O'Reilly's Safari for DHCP books, but found none that covers DHCP failover.
Search again or give them a call as they are there. http://www.onlamp.com/pub/a/bsd/2003/05/01/FreeBSD_Basics.html is just one of several links to configuring a DHCP server available.
I read this set of articles. It is about general DHCP configuration, but not about configuration of DHCP server clusters. As I wrote already, I know about the technology -- this means I'm quite proficient with `normal' dhcpd setups. (I.e., I use and run them since many years.) I also know how to configure a dhcpd cluster in failover mode, this is trivial. What I was looking for are in-depth discussion about common pitfalls, tips, and implementation strategies for the situation that I explicated above. That's also the reason why I asked for a book, such material is often described in books and not in online articles.
Also have you tried Google? Found this http://www.madboa.com/geek/dhcp-failover/ using "dhcp failover" linux as the search criteria.
Yes, this is basically the technology I want to use. A similar level of information is already included in our dear SUSE distribution, in /usr/share/doc/packages/dhcp-server/examples/ and /usr/share/doc/packages/dhcp/. (I mentioned them briefly in my original email.) Again, I'm not interested in technology explanation and configuration examples. I'm interested in implementation strategies -- e.g., how to manage the shared configuration part if one doesn't use LDAP; are there common errors after failover; process to establish the primary node again after an outage, i.e., how does re-synchronization from a secondary to a new primary work; reporting and statistics software to combine logs of two cluster nodes for technical- and management-level reporting (SLAs are of no use without reporting, after all), etc. pp. `Implementation' not as in `writing code or configuration', but as in `realizing an enterprise-class IT service'.
Setting up a cluster is another option.
Sadly, no. A `normal' Linux-HA cluster doesn't synchronize the dhcpd lease database, and failovers won't work properly without synchronization of this state information. Thanks for your reply, and sorry that I caused work at your side; I hope that I presented my information need better this time. Cheers, and a happy new year for those of us living with the Gregorian calendar. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany
Joachim Schrod wrote:
examples. I'm interested in implementation strategies -- e.g., how to manage the shared configuration part if one doesn't use LDAP;
For configuration data that is needed in multiple places, we tend to use rsync (for few copies) or rdist (for 100s of copies). And some mechanism on the target side for reloading servers/daemons when the config changes.
Setting up a cluster is another option.
Sadly, no. A `normal' Linux-HA cluster doesn't synchronize the dhcpd lease database, and failovers won't work properly without synchronization of this state information.
I can understand you want to look into using DHCPs failover stuff, but your actual objective is achievable using only Linux-HA with drbd. How this compares to using DHCPs builtin failover stuff, I can't say, but it works fine. We don't actually use a redundant DHCP setup - I just tested it a while ago. IMO, there is little need for a redundant DHCP setup - clients will keep their addresses after they have expired even if they can't get an ACK. OK, new clients won't get an address when the DHCP server is down, but for us that's not worth it. /Per Jessen, Zürich -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.
Per Jessen wrote:
Joachim Schrod wrote:
We don't actually use a redundant DHCP setup - I just tested it a while ago. IMO, there is little need for a redundant DHCP setup - clients will keep their addresses after they have expired even if they can't get an ACK.
We had a server outage not long ago, and the clients reconfigured themselves to 169.254.* addresses after the lease expired. This enabled me to convince the management that budget for redundancy is needed. The reconfiguration was done due to the APIPA feature of Windows. It can be disabled in the registry[*], and I'm fighting to get this done on all Windows systems to avoid that problem, but this is not always successful as client software release and configuration management is made by another department. So the HA setup for dhcpd is planned as another protection against outages. Joachim [*] http://www.windowsnetworking.com/articles_tutorials/w2knoaip.html for those who are interested in this issue. Though you want to create a .reg file or include it in your master image, and don't edit each Windows system configuration anew. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany
Joachim Schrod wrote:
Per Jessen wrote:
Joachim Schrod wrote:
We don't actually use a redundant DHCP setup - I just tested it a while ago. IMO, there is little need for a redundant DHCP setup - clients will keep their addresses after they have expired even if they can't get an ACK.
We had a server outage not long ago, and the clients reconfigured themselves to 169.254.* addresses after the lease expired. This enabled me to convince the management that budget for redundancy is needed. The reconfiguration was done due to the APIPA feature of Windows.
Ah, now it makes more sense (not Windows, but your need for HA DHCP). We have only very few Windows-clients, so ...
[*] http://www.windowsnetworking.com/articles_tutorials/w2knoaip.html
Good link, thanks. /Per Jessen, Zürich
Ken Schneider wrote:
As far as "highly available" the server is either available or you have network issues preventing it from being available.
Ken, what about powersupply- or fan-issues preventing it from being available? Hardware failure is generally the reason you want a high-availability N+1 setup :-) /Per Jessen, Zürich -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.
On Fri, Dec 30, 2005 at 12:17:51PM +0100, Joachim Schrod wrote:
Hi,
I'm looking for a book that explains reliable and manageable DHCP setups. In particular, it should cover installations with failover and load balancing configurations of dhcpd. Both static and dynamic addressing is used.
In addition, an explanation how to integrate and manage an LDAP backend would be nice; maintaining the shared configuration in a text file would probably be too error-prone.
On my SUSE system, I found the IETF drafts and some example configurations. I did not found any more documentation. I searched on O'Reilly's Safari for DHCP books, but found none that covers DHCP failover. (I was astonished that ORA published a book on DHCP for Windows, but not one for Unix/Linux. It got a sad world to live in when there are more relevant Windows than Unix ORA books.)
Can anybody on this list recommend a book or an online reference for that topic on me. I have understood the basic technology, and I am interested in how-to reports that gives operational tips for enterprise-class installations and explains common pitfalls and how to avoid them.
Thanks in advance for any answer,
Joachim
PS: For relevance to this list: It should work on SUSE 10.0. But since the dhcpd has been version 3.0.x since at least 8.1, the SUSE version probably won't matter.
I can recommend the DHCP book written by Ralph Droms and Ted Lemon. It doesn't cover a lot of failover details or pitfalls, but at least the basic principles, afair. Unfortunately, I haven't seen any other reference yet which covers all one might want to know, so it seems the only option (book). Otherwise, I recommend asking/discussing on the dhcp-server list, that's where you directly reach those few (!) people who actually run dhcpd in failover mode. The list archive is a valuable resource. Peter -- When in danger, or in doubt, run in circles, scream and shout. -- Robert A. Heinlein
participants (5)
-
Carl Hartung
-
Joachim Schrod
-
Ken Schneider
-
Per Jessen
-
poeml@cmdline.net