PVE SDN DHCP/DNS questions

A

alexskysilk

Distinguished Member
Oct 16, 2015
1,872
386
153
Chatsworth, CA
www.skysilk.com
I have some questions regarding this feature within pve8.1; Please forgive me if this is addressed somewhere and I have not found it.

1. DHCP- How is HA achieved/handled? the documentation mentions that config files for dnsmasq would be written to /etc/dnsmasq.d which make it appear to not be shared between nodes.
2. DHCP- Is there (will there be?) a mechanism for ip static mapping assignments?
3. DNS- similar to q1, is there a mechanism for dns ha?
4. DNS- can it have multiple scopes (eg, different records per zone)

If HA is not a feature, is it in planning or out of scope?
 
1. currently they are no HA/failover, as dnsmasq is local to each node. (leases are infinite, so it'll impact start of new vm only if dnsmasq is down)

2. yes, in ipam section

3/4. dns resolver is not yet integrated (but I think that the feature is not disabled from dnsmasq currently, but nothing is configured)


about HA, i think a systemd auto service restart in case of crash should be enough ?
 
Last edited:
spirit said:
about HA, i think a systemd auto service restart in case of crash should be enough ?
Click to expand...
the issue is less about the service status, its about having partner servers (dhcp/dns.) This is potentially achievable by pointing the dnsmasq.conf stuff in /etc/pve although this does pose all manner of issues, eg which is the master node for updates, how to reload zones on all member servers, etc.

Are there plans on integrating other dhcp servers (eg, isc dhcp)?
 
alexskysilk said:
the issue is less about the service status, its about having partner servers (dhcp/dns.) This is potentially achievable by pointing the dnsmasq.conf stuff in /etc/pve although this does pose all manner of issues, eg which is the master node for updates, how to reload zones on all member servers, etc.
Click to expand...
Currently, the dnsmasq are autonomous on each node, with static leases generated from ipam. (through mac-ip reserveration on local dnsmasq when the vm is starting). you can seem the ipam databases (which use /etc/pve or an external ipam), as the ""master"" node to manage ips.
Dnsmasq is just here to respond to dhcp requests of local vm, but don't manage itself the dynamic leases. (to avoid cluster lock lease database or interaction with other dnsmasq).


alexskysilk said:
Are there plans on integrating other dhcp servers (eg, isc dhcp)?
Click to expand...
Technically, they are a plugin system, but dnsmasq is first implementation (and seeem to fill all the cases for ipv4/ipv6 currently)
 
Thanks @spirit for both all the work you've done and your patience with my questions :)

spirit said:
Dnsmasq is just here to respond to dhcp requests of local vm, but don't manage itself the dynamic leases.
Click to expand...
How is this accomplished? is it required to keep each node on a separate vlan?

I was initially very excited and optimistic about rollout of dhcp/dns that can be controlled via pve api calls, but my use case requires more robust service survival; moreover, the flat text file nature of dnsmasq doesn't lend itself to scaling. My current implementation is locationwide pairs serving kea-dhcp atop a mysql cluster- but I would give that up for api uniformity as long as it be hardened/scalable/HA...
 
alexskysilk said:
Thanks @spirit for both all the work you've done and your patience with my questions :)


How is this accomplished? is it required to keep each node on a separate vlan?

I was initially very excited and optimistic about rollout of dhcp/dns that can be controlled via pve api calls, but my use case requires more robust service survival; moreover, the flat text file nature of dnsmasq doesn't lend itself to scaling. My current implementation is locationwide pairs serving kea-dhcp atop a mysql cluster- but I would give that up for api uniformity as long as it be hardened/scalable/HA...
Click to expand...
Well, currently, it's only managed in simple zone (so automous bridge or snat bridge),
but we are going to extend it to vlan && other zone.in coming week.

as dhcp server need an ip in the subnet to distribute ip, for the vlan implement (and other layer2 network) will deploy the same /32 ip address on each host, and I'll respond only to local vms. (without any conflict with the real network).

For routed network (where the vnet is the gateway), we use this ip for the dhcp server

See that like a distributed dhcp server, wereh each dhcp server is local only manage local vm. (so we don't have scalability problem).
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom