DHCP code in 2.0.4+

Alan DeKok aland at deployingradius.com
Tue Jun 9 04:15:45 CEST 2009 

Karl Auer wrote:
> It's not a good sign that we bicker about terminology. Suffice it to say
> that "DHCP failover" is not ISC specific, it is implemented by several
> DHCP servers 

  That looks to me like fail-over has a well-agreed upon meaning for
everything *other* than DHCP.

> ... It could not replicate failover as defined in the draft ...

  Which leads back to my comments on problem versus solution.

  The fail-over protocol does not work.  Full-stop.

  If you think it works for you, it's because you've never ran into
cases where it failed.  Or, the implementation you're using doesn't
follow the protocol as documented.

> One of the benefits of ISC DHCP, for example, is
> that it can be deployed extremely easily, on a simple little low-powered
> server or two, and will then provide largely bullet-proof DHCP service
> *with failover*.

  Where "failover" is defined as "sometimes works".

> It scales quite nicely from the small network up to a
> quite large network - obviously it tops out somewhere, and people
> needing real industrial strength move to something like the Nominum
> products. But ISC DHCP is working well in tens of thousands of
> installations of all different sizes right now. If it required a
> (relatively) complex database back end, it would not serve the needs of
> many as well as it does.

  If you look at the design of FreeRADIUS, you see a better way to do
things.  FreeRADIUS doesn't *require* a DB.  But if you have one, it
uses it.

  ISC DHCP *requires* flat-text files.  If you have a DB, it doesn't
care.  On the other hand, administrators want to manage their systems
using information in a DB.  ISC either doesn't fit, or they have to
write horrible "shim" software to copy data back and forth.

  Which they do.

  I'd like them to just run a DHCP server that can talk SQL.  Why not?

> :-) You've missed my point a bit. I mean that if you have (say) an ISC
> DHCP server in your network, you can't do DHCP failover with it unless
> your server also speaks DHCP failover.

  That's a Good Thing.

> As to using SQL as a lingua franca, I can see a world of pain right
> there. You would definitely need a standard to hold stuff together. Of
> course, the standards process is there for all, so go for it :-)

  A public SQL schema.  That's it.

> Not to play my network is bigger than your network, but we've had power
> outages that took out 30,000 clients. If they come back across (say) two
> minutes, that's an average of 1000 DHCP messages per second (discover,
> offer, request, ack). We've never had them all go, but we've had about a
> quarter of them go at once. The Nominum servers dealt with it just fine.

  ISC doesn't deal with that situation very well.  At least part of the
issue is the delays due to the failover protocol.

  And I'll get money that Nominum is getting such high performance by
doing the kind of optimizations I'm talking about.

  Alan DeKok.

More information about the Freeradius-Users mailing list