Does anyone use anycast DHCP service?
hi, We are considering setup reduant DHCP server clusers by using anycast. In our situation customer get IP address with DHCP, DHCP server authenticate customer by radius.Authentication information is carried by option60 and option82. does anybody has some suggestion on this ? if anycast is suitable for our situation, does it possible to introduce load balancer in anycast node ? that is, DHCP service availabilty is guaranteed by multiple anycast nodes, inside anycast node dhcp service availability is guaranteed by server farm behind load balancer? Joe
An anycast solution that doesn't involve a way to promptly yank the route when the service is unhappy is not really a full anycast solution. You could probably use http://code.google.com/p/dhquery/ for health checking, wrap in a script with something to talk to bgpctl (if you're running openbgpd) or something similar if you're talking to bird or quagga or whatever, loop once a second... you get the idea. Don't forget to have a hook in your script so you can send it a signal to yank the route and take the box offline without killing the service. Having the dhcp server boxes themselves speak BGP or your favorite IGP (I'm in favor of BGP for this because of policy knobs) may or may not be tenable in your organization. The optimal org chart for this sort of setup is one wherein the routing people and the systems people are the same folks. I'll go out on a limb and guess that in an organization where you're thinking of this scale of dhcp server, you're probably reporting to different VPs. So the SLB might be necessary for layer 9 reasons - something that the network guys trust to speak a routing protocol to. If you don't have transaction load problems or layer 9 problems to solve with the load balancer then I'm not sure what value it brings - assuring server availability in an anycast environment is just not that valuable (so long as the anycast environment is designed properly - see above). hope this helps! -r Joe <sj_hznm@hotmail.com> writes:
hi,
We are considering setup reduant DHCP server clusers by using anycast. In our situation customer get IP address with DHCP, DHCP server authenticate customer by radius.Authentication information is carried by option60 and option82. does anybody has some suggestion on this ? if anycast is suitable for our situation, does it possible to introduce load balancer in anycast node ? that is, DHCP service availabilty is guaranteed by multiple anycast nodes, inside anycast node dhcp service availability is guaranteed by server farm behind load balancer? Joe
In a message written on Mon, Aug 13, 2012 at 08:51:09AM +0000, Joe wrote:
We are considering setup reduant DHCP server clusers by using anycast.
I already see people pointing out problems with Anycast here, but no one pointing out the best available solution. Assuming your DHCP servers are properly clustered, simply have your routers relay all requests to both servers. Here's instructions on setting up ISC DHCPD for redundant (pooled) servers: http://www.madboa.com/geek/dhcp-failover/ Then configure your routers to send to both DHCP servers with multiple helper-address lines: interface Gig0/0 ip helper-address 10.0.0.1 ip helper-address 10.128.0.1 The way this work is when a box comes up the router sends DHCP requests to both servers. The DHCP server that reponds first will be used by the client, which will complete negotiation with that server via unicast. The two DHCP servers will then synchronize their pools. Works great, no single point of failure, no anycast. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Joe wrote:
In our situation customer get IP address with DHCP, DHCP server authenticate customer by radius. Authentication information is carried by option60 and option82.
I think you are not talking about wireless services with roaming. Then, as you can identify your customer with the authentication information and can have a static mapping for customer configurations, you can run multiple DHCP servers without worrying about dynamic state synchronization between the servers. As a malfunctioning anycast server can still advertise a route to it, blocking routes to back up servers, you should not use anycast. Masataka Ohta
participants (4)
-
Joe
-
Leo Bicknell
-
Masataka Ohta
-
Robert E. Seastrom