[2.1] Failover peers must be IPv4 for use with ISC dhcpd

Bug #1606508 reported by Gavin Panella
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
High
LaMont Jones

Bug Description

In `failover peer` stanzas in dhcpd.conf, both the `address` and `peer
address` settings must be IPv4 addresses; IPv6 addresses are rejected.

  /path/to/dhcpd.conf line 38: semicolon expected.
    address fde6:
                 ^

  /path/to/dhcpd.conf line 39: semicolon expected.
    peer address fd9d:
                      ^

In addition:

- A failover peer CANNOT be referenced from a `pool6` (IPv6) stanza. By
  contrast, a peer CAN be referenced from a `pool` (IPv4) stanza.

- A failover peer CANNOT be referenced from a `subnet6` (IPv6) or
  `subnet` (IPv4) stanza.

- A failover peer CAN be referenced from a `shared-network` stanza
  (covers both IPv4 and IPv6).

In MAAS do we:

- Insist that there be IPv4 connectivity between peers? This could
  probably be link-local. We would also need to reference peers from
  `shared-network` stanzas only, at least for DHCPv6.

- Do without failover in IPv6 configurations? As long as the subnet is
  large enough -- maybe /96 or bigger -- the chance of a collision
  between two DHCPv6 servers is so tiny as to be irrelevant.

- Do something else?

Related branches

Revision history for this message
Gavin Panella (allenap) wrote :

The DHCPv6 service appears to hand out leases in an unpredictable order
but it is not random. From dhcpd.conf(5):

  The DHCP server generates the list of available IP addresses from a
  hash table. This means that the addresses are not sorted in any
  particular order, and so it is not possible to predict the order in
  which the DHCP server will allocate IP addresses.

This seems to imply that we need active cooperation between multiple
DHCPv6 servers on a network.

However, there might be another approach.

IPv6 subnet ranges are typically vast. We could split the IPv6 ranges
allocated to a network between those DHCPv6 servers participating on
that segment and still expect to never exhaust these sub-ranges.

There would still be a problem where a primary DHCPv6 server fails and
the secondary is promoted: DHCP negotiation would result in each node on
the network getting a different address.

Which is better: split the ranges or insist on IPv4 connectivity between
DHCPv6 servers on the same network segment?

tags: added: maas-ipv6
summary: - Failover peers must be IPv4 for use with ISC dhcpd
+ [2.1] Failover peers must be IPv4 for use with ISC dhcpd
Changed in maas:
milestone: none → 2.1.0
tags: added: ipv6
removed: maas-ipv6
Revision history for this message
Gavin Panella (allenap) wrote :

The bug exists but I've marked it Incomplete because there are many ways to address it. We cannot progress with this bug until we've figured out which is appropriate.

Changed in maas:
status: Triaged → Incomplete
Changed in maas:
milestone: 2.1.0 → 2.1.1
Changed in maas:
status: Incomplete → Fix Committed
Changed in maas:
assignee: nobody → LaMont Jones (lamont)
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers