Message-ID: Content-Type: text/plain; charset="utf-8" Subject: Better handle moving pool from one DHCP failover association to another From: cathya@isc.org MIME-Version: 1.0 X-RT-Interface: Web Date: Wed, 04 Jul 2018 13:47:33 +0000 Content-Transfer-Encoding: binary To: dhcp-suggest@isc.org Content-Disposition: inline X-Mailer: MIME-tools 5.508 (Entity 5.508) X-RT-Original-Encoding: utf-8 Content-Length: 1560 As requested: There appears to be a bug in the ISC failover code. I've tried this out with 4.3.6-P1 and reviewed the current release notes and don't see any newer patches that would address it. If a server (A) is participating in two failover associations (one each to two other servers (B & C)) and a pool is moved from one FA (AB) to the second FA (AC) the server's knowledge of the state of the free and backup pools will be inconsistent with the new peer. That is A will think that it has a certain number of free & backup leases, while C will not have this information. When C requests a pool re-balance A will believe the pools are properly balanced and will not send any updates. To demonstrate this issue create three severs A, B and C with two failover associations AB and AC. In the config file for A include three subnets and pools 17.16.131.0/24, 17.16.132.0/24 and 172.16.133.0/24 with reasonable ranges. Associate two ranges with AB and one with AC. Start all three servers and let them sync and balance. At this point A & B will each have half of their two pools and A & C will each have half of their one pool. Now stop all three servers and move one pool from AB to AC. When A reads it's lease file it will still have half of all three of it's pools and will think it's peers have the other half. When C reads it's lease file it will have half of the first pool it had but will not have any leases from the new pool. It will request a pool rebalance from A but as far as A can tell it already has half of the available leases.