[2.1] Failover peers must be IPv4 for use with ISC dhcpd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
High
|
LaMont Jones |
Bug Description
In `failover peer` stanzas in dhcpd.conf, both the `address` and `peer
address` settings must be IPv4 addresses; IPv6 addresses are rejected.
/path/
address fde6:
^
/path/
peer address fd9d:
In addition:
- A failover peer CANNOT be referenced from a `pool6` (IPv6) stanza. By
contrast, a peer CAN be referenced from a `pool` (IPv4) stanza.
- A failover peer CANNOT be referenced from a `subnet6` (IPv6) or
`subnet` (IPv4) stanza.
- A failover peer CAN be referenced from a `shared-network` stanza
(covers both IPv4 and IPv6).
In MAAS do we:
- Insist that there be IPv4 connectivity between peers? This could
probably be link-local. We would also need to reference peers from
`shared-network` stanzas only, at least for DHCPv6.
- Do without failover in IPv6 configurations? As long as the subnet is
large enough -- maybe /96 or bigger -- the chance of a collision
between two DHCPv6 servers is so tiny as to be irrelevant.
- Do something else?
Related branches
- Mike Pontillo (community): Approve
-
Diff: 208 lines (+131/-12)5 files modifiedsrc/maasserver/models/iprange.py (+4/-0)
src/maasserver/models/tests/test_iprange.py (+14/-0)
src/provisioningserver/dhcp/config.py (+45/-10)
src/provisioningserver/dhcp/tests/test_config.py (+66/-0)
src/provisioningserver/templates/dhcp/dhcpd6.conf.template (+2/-2)
tags: | added: maas-ipv6 |
summary: |
- Failover peers must be IPv4 for use with ISC dhcpd + [2.1] Failover peers must be IPv4 for use with ISC dhcpd |
Changed in maas: | |
milestone: | none → 2.1.0 |
tags: |
added: ipv6 removed: maas-ipv6 |
Changed in maas: | |
milestone: | 2.1.0 → 2.1.1 |
Changed in maas: | |
status: | Incomplete → Fix Committed |
Changed in maas: | |
assignee: | nobody → LaMont Jones (lamont) |
Changed in maas: | |
status: | Fix Committed → Fix Released |
The DHCPv6 service appears to hand out leases in an unpredictable order
but it is not random. From dhcpd.conf(5):
The DHCP server generates the list of available IP addresses from a
hash table. This means that the addresses are not sorted in any
particular order, and so it is not possible to predict the order in
which the DHCP server will allocate IP addresses.
This seems to imply that we need active cooperation between multiple
DHCPv6 servers on a network.
However, there might be another approach.
IPv6 subnet ranges are typically vast. We could split the IPv6 ranges
allocated to a network between those DHCPv6 servers participating on
that segment and still expect to never exhaust these sub-ranges.
There would still be a problem where a primary DHCPv6 server fails and
the secondary is promoted: DHCP negotiation would result in each node on
the network getting a different address.
Which is better: split the ranges or insist on IPv4 connectivity between
DHCPv6 servers on the same network segment?