[Kea-users] Best practice recommendation for reserving/blocking out VIPs?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kea-users] Best practice recommendation for reserving/blocking out VIPs?

Klaus Steden

Hi everyone,

We had a new (for us) problem come up, and I wanted to poll the community informally to see how everyone else has approached the issue.

We have a Windows cluster that uses L3 HA and passes a VIP back and forth between two or more physical hosts.

To ensure that a Linux machine doesn't claim any of these addresses during our standard provisioning procedure, we blocked out the IPs for these physical hosts using reservations with the primary MACs of the machines themselves, but we weren't sure what to do to then block out the VIP.

We settled on blocking out the VIP by creating a reservation using the MAC address of an unused NIC on one of the physical machines, but that seems like a bit of a kludge.

If you've had to deal with this problem out there in Kea-land, how did you approach it?

cheers,
Klaus


_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] Best practice recommendation for reserving/blocking out VIPs?

Francis Dupont
I don't fully understand your problem but:
 - the simplest is to not have addresses you want reserve in a pool

 - using host reservations work too but with a performance penalty
  (cf out-of-pool text in the doc) and with a hairy but handle case
  if you change dynamically the config (cf conflict text in the doc).

Note you do not need to use an existing MAC in a host reservation,
the only constraint is to use a different MAC (or identifier in general)
between host reservations.

Regards

Francis Dupont <[hidden email]>
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] Best practice recommendation for reserving/blocking out VIPs?

Klaus Steden

Hi Francis,

Thanks for the feedback. Your first point seems like the best practice implementation, although in practice just using a dummy MAC for a blocked-out address will work well enough.

We manage reservations through an external application talking to MySQL directly, and so don't store reservations in the config file itself.

cheers,
Klaus

On Fri, Jun 15, 2018 at 12:38 AM, Francis Dupont <[hidden email]> wrote:
I don't fully understand your problem but:
 - the simplest is to not have addresses you want reserve in a pool

 - using host reservations work too but with a performance penalty
  (cf out-of-pool text in the doc) and with a hairy but handle case
  if you change dynamically the config (cf conflict text in the doc).

Note you do not need to use an existing MAC in a host reservation,
the only constraint is to use a different MAC (or identifier in general)
between host reservations.

Regards

Francis Dupont <[hidden email]>


_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users