Accommodate a DHCPv6 failover-like mechanism
Currently, the ISC DHCPv6 daemon doesn't support failover, instead they recommend that unique pools be run independently on different servers.
We have a couple options that we can use to make this somewhat easier, such as adding a checkbox option to activate a CARP check, similar to OpenVPN clients, that only runs the DHCPv6 server if the CARP interface is in a MASTER state and kills it if it is in a BACKUP state. Using that method the same pool could run on both nodes, however it would not support a mix of CARP and non-CARP subnets on the two nodes, and it would not share leases.
#2 Updated by Neal Harrington almost 2 years ago
A tick box to detect if the DHCPv6 server should be running based on interface CARP state and copy of the reservations etc over to the slave would work well for us. It may also be worth having separate DHCP range boxes which are automatically applied to the slave to avoid lease conflicts if the ranges are small enough for a collision to happen. If the second range is only editable when the "Enable HA failover DHCPv6 server" tick box is selected it should be reasonably clear what it is for.
We are using DHCPv6 to allocate static IPv6 addresses to servers behind a HA pair of SG-8860's and I had a surprise when I upgraded the slave to 2.4.2 and disabled the CARP on the master. I had not noticed that DHCPv6 failover was not implemented until I was verifying the slave was happy... Especially unexpected that when the master has its CARP disabled the DHCPv4 starts being provided by the slave pfSense box, but the DHCPv6 is still provided by the master even though the RA interface is set to the CARP address which should no longer be active on the master.
IETF has a proposed standard for DHCPv6 failover but I have no idea how long before it becomes a reality https://datatracker.ietf.org/doc/rfc8156/. In the mean time it would be nice to get something in place which is better than the current master only setup for HA environments.