greetings everyone.. I'm so excited to [hopefully] be contributing to the project!
I am trying to use the DCHP failover (DHCP-FO) features in VyOS 1.3, and I am doing it for multiple subnets.
The current mechanism for establishing DHCP-FO is as the subnet level. You specify your IP, the remote peer, whether you are "primary" or "secondary" and a "name" that is supposed to be unique across your installation.
So the following example configuration:
set service dhcp-server shared-network-name sfo1-server authoritative set service dhcp-server shared-network-name sfo1-server description 'SFO1 - Server Subnet' set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 default-router '10.3.30.1' set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 failover local-address '10.3.30.15' set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 failover name 'sfo1-server' set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 failover peer-address '10.3.30.16' set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 failover status 'primary' set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 range 10.3.30.0 start '10.3.30.100' set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 range 10.3.30.0 stop '10.3.30.254' set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 subnet-parameters 'ping-check true;' set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 subnet-parameters 'ping-timeout 3;' set service dhcp-server shared-network-name sfo1-desktop authoritative set service dhcp-server shared-network-name sfo1-desktop description 'SFO1 - Desktop Subnet' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 default-router '10.3.50.1' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 failover local-address '10.3.30.15' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 failover name 'sfo1-desktop' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 failover peer-address '10.3.30.16' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 failover status 'primary' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 range 10.3.50.0 start '10.3.50.100' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 range 10.3.50.0 stop '10.3.50.254' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 subnet-parameters 'ping-check true;' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 subnet-parameters 'ping-timeout 3;'
will yield the following lines in the resulting /run/dhcp-server/dhcpd.conf:
# Failover configuration for 10.3.50.0/24 failover peer "sfo1-desktop" { primary; mclt 1800; split 128; address 10.3.30.15; port 520; peer address 10.3.30.16; peer port 520; max-response-delay 30; max-unacked-updates 10; load balance max seconds 3; } # Failover configuration for 10.3.30.0/24 failover peer "sfo1-server" { primary; mclt 1800; split 128; address 10.3.30.15; port 520; peer address 10.3.30.16; peer port 520; max-response-delay 30; max-unacked-updates 10; load balance max seconds 3; }
The problem is that this is an erroneous configuration as only the first failover peer defintion takes effect, and binds to the ports. It would appear no one actually uses the DHCP-FO functionality on multiple subnets simultaneously, as it does not actually work!
I would submit to you that this is not in fact the way the ISC DHCPd failover mechanism is designed to work, as demonstraed in the following document: https://kb.isc.org/docs/aa-00502
The failover partner definition should be globally defined, and that name should then be referenced inside each "pool" statement where it is intended to be used. Not only is this consistent with how the dhcpd.conf file is structured normally, but it requires a lot less duplication of data which keeps the VyOS configuration cleaner.
I am proposing a change to the configuration commands for this service/feature.
Perhaps something like this makes sense:
set service dhcp-server failover sfo1-failover local-address '10.3.30.15' set service dhcp-server failover sfo1-failover peer-address '10.3.30.16' set service dhcp-server failover sfo1-failover status 'primary' set service dhcp-server shared-network-name sfo1-desktop subnet 10.3.50.0/24 failover sfo1-failover set service dhcp-server shared-network-name sfo1-server subnet 10.3.30.0/24 failover sfo1-failover
This is something I believe that I am capable of contributing, but this will be my first time contributing to the VyOS project - so I want to make sure I follow all of the proper procedures.
Thank you in advance!
- Joel C