Re: [dhcwg] Load Balancing for DHCPv6

Andre Kostur <> Tue, 18 September 2012 16:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 44E1C21F860D for <>; Tue, 18 Sep 2012 09:42:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.977
X-Spam-Status: No, score=-5.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ilmUe7ZaNar2 for <>; Tue, 18 Sep 2012 09:42:46 -0700 (PDT)
Received: from ( []) by (Postfix) with SMTP id 9048621F8600 for <>; Tue, 18 Sep 2012 09:42:45 -0700 (PDT)
Received: from ([]) (using TLSv1) by ([]) with SMTP ID; Tue, 18 Sep 2012 09:42:46 PDT
Received: by qadz3 with SMTP id z3so186986qad.10 for <>; Tue, 18 Sep 2012 09:42:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=RUYIXZJXocoG3z8gJwSIlemnJ59yALUhwFHmpVIXDdg=; b=W5h0rkMHcyYTu8YBnBL1Eu0sX0z+piV9RjmJUoIGK9VcjZKaVi4lvCddJzL9Z3eD28 oT+qmAMeRqhlbxfik7VInDCmZTgOoCtl+ZJjV2sgfpQB0Jugau13ASf1gZBgsUx0Lfa9 29dc6XImUCQu+eGpH+ZSuro9/MkD2R3gzEsCQzuv46tU3rTbiGYMWs2Zze1mIvDbmHYE ZxOOqKMquxRhgVA6fKv3blnx6QCIU4iVz9z1Tug8xhdGhQiB7BEXSB03Q7z0Wq+U5aO2 qOTKhQxWGNK92KuMQnFJKdRw9R9zvajTQ2qgPyRCOgyDLp+D4/r0L7CislAgB/fC9CgM eNQw==
MIME-Version: 1.0
Received: by with SMTP id bx6mr725204qab.79.1347986564185; Tue, 18 Sep 2012 09:42:44 -0700 (PDT)
Received: by with HTTP; Tue, 18 Sep 2012 09:42:44 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Tue, 18 Sep 2012 09:42:44 -0700
Message-ID: <>
From: Andre Kostur <>
To: "Bernie Volz (volz)" <>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQmSI6+i0y93Vuw8WGjmxilAL1zD+rw9w9kmh0bsvJQ9pXWWpx0CGHc3OBDhDJ3CH8Qa0uNp
Cc: "" <>, Ted Lemon <>
Subject: Re: [dhcwg] Load Balancing for DHCPv6
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 18 Sep 2012 16:42:47 -0000

On Tue, Sep 18, 2012 at 9:24 AM, Bernie Volz (volz) <> wrote:
> First, I think this would be a rather bad change to DHCPv6 operation.
> Client may be checking the server-identifier option they get back and so
> you would have to lie about that in the response which just seems like a
> very bad thing to do. (I don't believe RFC 3315 actually ever states the
> clients should be checking the server-identifier, but I could be wrong --
> section 15 does say they check for the presence of the option, but do not
> check the contents). One could also think of situations where a relay
> agent might forward the packet to explicit destinations based on the
> server identifier (though again, I doubt anyone does this) -- much like
> switches limit traffic based on mac-addresses.

Note that I didn't suggest that server A preemptively answer the Renew
coming in from the client (or impersonate server B).  Under my
suggestion, the Renew would arrive at both servers A and B.  B would
ignore it due to load balancing, and A would also ignore it due to the
server ID.  The client continues to retry the Renews for the
appropriate time, until it is time to Rebind.  At that point server B
is still ignoring the client, but now A can answer the client as the
Rebind isn't carrying a Server ID.  (And if we are talking about a
Failover pair, then server A would already have a lease record for
this client, and can extend that same lease.)

For the relay piece, it would still need to forward the Rebind to both servers.


> Anyway, I think this needs to be thought through much more carefully as to
> the potential consequences and I think the best is to keep it simple -
> once a client has 'bound' to a server, it stays with that server until it
> issues a request message which does not contain a server-identifier option.

My scenario doesn't result in a client switching servers except under
already defined RFC 3315 behaviour when the client has transitioned
into Rebind.

One piece that may have funny consequences is if the pair of DHCP
servers aren't in some sort of cooperation mode, and this scenario
would result in the client possibly changing IP addresses.  Client has
to rebind, and server A does the DHCPv6 equivalent of a NAK and forces
the client to come back to get a new IP.    Perhaps a server MAY skip
the load balancing if the packet contains a Server ID (or even
limiting it to the server's Server ID)?

Andre Kostur