TCP/IP Network Protocols

Download Report

Transcript TCP/IP Network Protocols

DECUS Europe 2000
DHCP Failover Protocol
Thursday, 13 Apr 2000
9:00 - 9:45
Jeff Schreiber
©1999-2000 Process Software Corp.
[email protected]
1
Outline





DHCP Basic Operation
Existing forms of Redundancy
Requirements for Failover Redundancy
Problems, Goals, and Limitations
How it works
©1999-2000 Process Software Corp.
2
Redundancies

DNS: both Primary and Secondary
 Hardware configurations
 But only make-shift redundancies for DHCP
©1999-2000 Process Software Corp.
3
Basically, how DHCP works

Client: DHCPDISCOVER
 Server: DHCPOFFER
 Client:DHCPREQUEST
– or DHCPDECLINE

Server: DHCPACK
– Lease time
– IP address
– DNS server & other information
©1999-2000 Process Software Corp.
4
Basically, how DHCP works
Client goes into a “bound” state and starts the
T1 and T2 timers
 T1 is 1/2 the Lease time
 T2 is about 80% of the lease time.
 At T1, client sends a (unicast)
DHCPREQUEST to renew the lease.

©1999-2000 Process Software Corp.
5
Basically, how DHCP works

3 things can happen
– Server says ‘No’ and client gives up address at the
end of the lease
– No response. Therefore, the client keeps trying
until T2 when it sends out a broadcast.
– Gets the renewal as desired. New lease starts
here.
©1999-2000 Process Software Corp.
6
Basically, how DHCP works

Clients on different network as the server: use
a DHCP relay that forwards DHCP
communications from one subnet to the other.
©1999-2000 Process Software Corp.
7
Existing forms of DHCP redundancy

2 DHCP servers, both active at the same time.
– No synchronization or communications between
servers
– 2 disjoint address pools.
–
–
–
–
inefficient
wastes addresses.
Increases network recourses
both servers respond to clients
©1999-2000 Process Software Corp.
8
Existing forms of DHCP redundancy

Brute force:
– Have a standby server and periodically save the
lease database.
– Performance problems.
– Possibility of issuing one address to two clients.

Proprietary primary backup solutions
– do not provide “safe” failover (1 address can be
given to two clients).
©1999-2000 Process Software Corp.
9
Requirements for Failover servers

Cannot give two clients the same address.
 The secondary should be able to take over for
the primary.
 Do not change the fundamental way that
DHCP works.
– Do not change the client
– Server can change (al biet slightly)
– Client to give up the lease when told to or at the
end of the lease if it does not get renewed.
©1999-2000 Process Software Corp.
10
Things to address

How does primary server update secondary
and when.
 Failover assumes that an INIT_REBOOT does
not have an existing address. This scenario
can happen if the Client gets the 1st address
while primary cannot talk to secondary, then
reboots again.
©1999-2000 Process Software Corp.
11
Things to address

Server updates require stable storage to work
reliably. Don’t want to add a significant
amount of time that it already takes to do this.
 Clients may not be on same network
Therefore need to have a DHCP relay forward
the DHCP stuff to a particular server to that
that can send a request to more than one
server.
©1999-2000 Process Software Corp.
12
Problems to be aware of

Primary crashes before it can update
secondary. Secondary has no record of primary
allocation (DHCPACK)
 Primary and secondary cannot talk but clients
can see both. (network partitioning)
 Inherent to TCP connections, is keepalives to
make sure that the secondary is there.
©1999-2000 Process Software Corp.
13
Problems to be aware of

In a TCP connection (as opposed to a UDP)
will time out and will take up to 9 minutes.
This usually cannot be changed. This is too
long for a DHCP.
RESULTS: TCP is useful for reliable message
delivery, but cannot be depended upon do
detect server failover.
©1999-2000 Process Software Corp.
14
Goals (continued)

Must work with existing clients
 Must work with existing boot relay agents
 Must provide failover redundancy between
servers that are not located on the same
subnet
 Provide service to DHCP clients in the event
of primary server failure.
©1999-2000 Process Software Corp.
15
Goals (continued)

Avoid binding (giving) and address to a client
that another client already has. (no duplicate
addresses)
 Minimize the need for manual administration
intervention.
 Impose no additional client delays as a result of
primary-backup communications
 Share IP pools between primary and secondary
servers
©1999-2000 Process Software Corp.
16
Goals (continued)

Handled partitioned networks.
 Resynchronize without operator intervention
when primary failure is corrected.
 Enable one server to be secondary to many
primary servers.
 Allow proper lease renewal from either server.
©1999-2000 Process Software Corp.
17
Goals (continued)

If either server loses all of the information that
it has stored in stable storage, it should be
able to refresh from the other server.
©1999-2000 Process Software Corp.
18
Limitations

Only one secondary server.
 Have a subset of addresses that only the
secondary can hand out.
 Neither server hand out addresses during a
recovering failure.
©1999-2000 Process Software Corp.
19
MCLT

Maximum Client Lead Time
 a “lease time” known to both the secondary
and primary servers.
 Places an upper bound on the difference
allowed between the lease time given to a
client by a server and the lease time known by
the other server.
 Is much less than the “real” lease time.
©1999-2000 Process Software Corp.
20
MCLT

Tell the client what the other server knows,
plus MCLT
 Tell the other server what the client wanted (or
what the client was supposed to get) plus 1/2
of what it got
 Don’t give the client more than what it asked
for (or what it was supposed to get).
©1999-2000 Process Software Corp.
21
Practical Use
1
DHCPREQUEST
1 hour (MCLT)
2
3
1 day + 1/2 hour
1/2 Hour Later
4
Client
Renew Request
1 day (Lease)
5
Primary
DHCP
Server
6
1 day + 1/2 hour
Secondary
DHCP
Server
1/2 Day Later
7
Renew Request
1 day (Lease)
©1999-2000 Process Software Corp.
8
9
1 day + 1/2 hour
22
Practical Use
1
DHCPREQUEST
1 hour (MCLT)
2
3
1 day + 1/2 hour
1/2 Hour Later
4
Renew Request
(No Answer)
Client
5
Request Broadcasted
Primary
DHCP
Server
Secondary
DHCP
Server
1 Hour (MCLT)
7
“I’m Back”
“Here’s what I’ve done”
©1999-2000 Process Software Corp.
6
8
23
Questions
That’s all folks…
Any Questions?
©1999-2000 Process Software Corp.
24
Getting the Slides
Slides available via anonymous FTP:
ftp://ftp.process.com/decus/europe_2000/dhcp_failover.ppt
©1999-2000 Process Software Corp.
25