DHCP code in 2.0.4+

Alexander Clouter alex at digriz.org.uk
Mon Jun 8 16:38:45 CEST 2009


Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk> wrote:
> 
> Alex C; A small point about LDAP and DHCP leases. IIRC LDAP doesn't 
> have any kind of 'locking' mechanism for objects/properties, or any 
> way of defining index constraints. This makes it unsuitable for 
> storing DHCP lease information in a clustered (or threaded) 
> environment, as you cannot guarantee at the point of modifying the 
> lease state, that the directory contents has not been modified.
>
I'm not storing state in LDAP, I store policy in there.  The 'state' (in 
the case of DHCP) will live in some postgresql database.
 
>>  However, with a
>> common data source driving your DHCP, you also don't have to worry about
>> creating meshes of DHCP failover relationships, because failover has
>> disappeared.
>>
>> It's one of the great things about DHCPv6, by the way - no more
>> failover!
> 
> Is anyone actually using that? What advantages does it have over the 
> stateless auto-configuration protocol? (i've not really done that much 
> reading as regards to IPv6 yet).
>
Problem with stateless is that in the long run (for organisations) I 
doubt people will use it.  Why, RFC3041.  Second reason, in the IPv6 
world it's expected that you have *several* IPv6 addresses (mobile IPv6, 
local-link, SCTP gets exciting too here).  It's going to make it awkward 
to deal with user accountability when most systems are built around the 
concept that the user has one IPv4 address...yet alone in addition 
several IPv6 addresses some of which vary over time.

I think that's why a lot of organisations are not keen on stateless IPv6 
address assignment but are keener on DHCPv6.  I personally would just 
like an event driven (no SNMP polling...) method that lets me log 
address<->MAC address usage.

I would ask for ideas, but this is all getting hugely OT.
 
>> Er - packet or DHCP-level balancing? We have never needed packet level
>> load balancing; the servers we use have never come remotely close to
>> needing it. I suppose a bigger network might need it,
> 
> We have a subnet with ~3000 hosts. After a campus wide power failure, 
> it is conceivable that they'd all be trying to acquire leases at the 
> same time, especially once the distribution layer is UPS backed. This 
> would probably make the DHCP server sad.
> 
Apparently it's easy to see around 9->10am at some places DHCP traffic 
persistantly run at about 50kB/s or more.

Cheers

-- 
Alexander Clouter
.sigmonster says: Don't hit me!!  I'm in the Twilight Zone!!!




More information about the Freeradius-Users mailing list