Re: Kea Experiment Update

To: rhkramer@gmail.com
Cc: debian-user@lists.debian.org
Subject: Re: Kea Experiment Update
From: Dan Ritter <dsr@randomstring.org>
Date: Mon, 4 Aug 2025 12:38:05 -0400
Message-id: <[🔎] 20250804163805.tekohg3guwejlqcz@randomstring.org>
In-reply-to: <[🔎] 202508041147.51376.rhkramer@gmail.com>
References: <20250731064227.3f45aac0@peregrine> <[🔎] 202508022156.34039.rhkramer@gmail.com> <[🔎] 20250802211923.66f9c4f2@peregrine> <[🔎] 202508041147.51376.rhkramer@gmail.com>

rhkramer@gmail.com wrote: 
> 
> Aside: note that I'll say because DHCP leases are persisistent, that 
> complicates things a little -- I try to address in these notes:
> 
>    * load-balancing / sharing with failover (in normal operation two (or more, 
> iiuc) servers share the load, if one (and maybe more than one, as long as 
> there is one left) fails, the other server(s) take over the full load with a 
> possible cost in performance.  Servers advise each other about the leases they 
> open / create so that on failure of one server, the other has the information 
> about open leases which it needs to continue.

It halves the performance, but that's rarely much of a concern -- even big
networks don't get *that* much DHCP traffic, and those that do generally
handle DHCP locally.

The problem with this implementation is that you, the sysadmin,
need to decide ahead of time on a metric that the servers can
use to identify which hosts they will normally handle, and which
ones they will want the other servers to handle. 

>    * hot-standby: one server does the job, but sends information about the 
> leases it opens / creates to a (hot) backup server so that if the "working" 
> server fails, the hot-standby has the information it needs to continue to do 
> the job

Almost everyone wants this configuration. The exceptions are
very very large and for some reason don't want to or can't subdivide the
responsibilities to local servers.

>    * passive-backup: not completely clear to me at the moment, so I won't try 
> to describe

In this mode, the primary does the job, sends the lease
information to the backups, but does not listen for them to
acknowledge. The backups will not automatically start
themselves when the primary fails, so someone has to get one
started as the new primary.

> I'll also mention that there is a somewhat technical reason why they call 
> these modes "high-availability" instead of redundancy, which I did not 
> immediately grasp and didn't (and won't) bother to try to understand, at least 
> atm.

The term they are avoiding is "failover", which in this
particular case means the official,
known-to-not-work-or-be-too-complex-to-use DHCP failover
protocol.

None of these HA modes meet the usual definition of redundant,
either, which just means that spare capacity to meet needs is
always available on via systems which are unlikely to have the same
event kill all of them. Rather, redundancy is a strategy that
can help with HA.

-dsr-

Reply to:

References:
- Re: Kea Experiment Update
  - From: rhkramer@gmail.com
- Re: Kea Experiment Update
  - From: Charles Curley <charlescurley@charlescurley.com>
- Re: Kea Experiment Update
  - From: rhkramer@gmail.com

Prev by Date: Re: Installing Devuan Daedalus on a Mac Mini, ...
Next by Date: Re: Kea Experiment Update
Previous by thread: Re: Kea Experiment Update
Next by thread: Re: Kea Experiment Update
Index(es):
- Date
- Thread