We are considering setup reduant DHCP server clusers by using anycast.
In our situation customer get IP address with DHCP, DHCP server authenticate customer by radius.Authentication information is carried by option60 and option82.
does anybody has some suggestion on this ?
if anycast is suitable for our situation, does it possible to introduce load balancer in anycast node ? that is,
DHCP service availabilty is guaranteed by multiple anycast nodes, inside anycast node dhcp service availability
is guaranteed by server farm behind load balancer?
Joe
An anycast solution that doesn't involve a way to promptly yank the
route when the service is unhappy is not really a full anycast
solution. You could probably use http://code.google.com/p/dhquery/
for health checking, wrap in a script with something to talk to bgpctl
(if you're running openbgpd) or something similar if you're talking to
bird or quagga or whatever, loop once a second... you get the idea.
Don't forget to have a hook in your script so you can send it a signal
to yank the route and take the box offline without killing the
service.
Having the dhcp server boxes themselves speak BGP or your favorite IGP
(I'm in favor of BGP for this because of policy knobs) may or may not
be tenable in your organization. The optimal org chart for this sort
of setup is one wherein the routing people and the systems people are
the same folks. I'll go out on a limb and guess that in an
organization where you're thinking of this scale of dhcp server,
you're probably reporting to different VPs.
So the SLB might be necessary for layer 9 reasons - something that the
network guys trust to speak a routing protocol to. If you don't have
transaction load problems or layer 9 problems to solve with the load
balancer then I'm not sure what value it brings - assuring server
availability in an anycast environment is just not that valuable (so
long as the anycast environment is designed properly - see above).
In a message written on Mon, Aug 13, 2012 at 08:51:09AM +0000, Joe wrote:
We are considering setup reduant DHCP server clusers by using anycast.
I already see people pointing out problems with Anycast here, but
no one pointing out the best available solution.
Assuming your DHCP servers are properly clustered, simply have your
routers relay all requests to both servers. Here's instructions
on setting up ISC DHCPD for redundant (pooled) servers: http://www.madboa.com/geek/dhcp-failover/
Then configure your routers to send to both DHCP servers with
multiple helper-address lines:
interface Gig0/0
ip helper-address 10.0.0.1
ip helper-address 10.128.0.1
The way this work is when a box comes up the router sends DHCP
requests to both servers. The DHCP server that reponds first will
be used by the client, which will complete negotiation with that
server via unicast. The two DHCP servers will then synchronize
their pools.
Works great, no single point of failure, no anycast.
In our situation customer get IP address with DHCP, DHCP server
authenticate customer by radius.
Authentication information is carried by option60 and option82.
I think you are not talking about wireless services with roaming.
Then, as you can identify your customer with the authentication
information and can have a static mapping for customer
configurations, you can run multiple DHCP servers without
worrying about dynamic state synchronization between the
servers.
As a malfunctioning anycast server can still advertise a route
to it, blocking routes to back up servers, you should not use
anycast.