Opened 3 years ago

Last modified 3 years ago

#5028 new enhancement

memfile / loading of expired leases on startup

Reported by: nicolas.chaigneau Owned by:
Priority: medium Milestone: Outstanding Tasks
Component: Unclassified Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

This is a proposal for the following change:

Add a configuration flag to allow ignoring expired leases on startup.
(instead of loading them, and having them being reclaimed later on)

This would be useful in the specific case where nothing needs to be done on lease reclaim.
(ie no DNS update and/or hook execution...)

My initial post on kea-dev:

Upon startup, leases (using memfile) are loaded from disk, even if they are expired.
So if Kea is shut down for maintenance for example, and restarted after all the leases are expired, they are loaded anyway. This entails that the reclaim mechanism will have to catch up, and depending on configuration this can take quite a long time.

This causes two issues:

  • Until the reclaim mechanism has finally caught up, the statistics will not be accurate.
  • And this is lots of unnecessary work for this mechanism (hence for Kea), that could be avoided.

Proposed evolution: upon startup, when loading leases from disk, check if a given lease is expired. If so... don't load it.

Well, it's probably slightly more complicated than that. With lease affinity, maybe something like:

If <lease expiry> + hold-reclaimed-time > now : then load this lease If not, then just ignore this lease.

Marcin's reply:

There are different ways of looking at the issue you have raised. There are a couple of things that happen when a lease is expired and
reclaimed: DDNS, hooks invocation, database updates and finally statistics. From what you're saying, it seems that in your use case you just want to "forget" the expired leases after temporary down time of the server. But, in a general case, people may want to take actions upon expired leases even after the temporary downtime of the server. What about the case when the server crashed for any reason and has been brought up back? The short interruption of the server shouldn't cause us to not clean up DNS, and/or execute hooks? Or it should? It may depend on the use case. Say... you've had a server running for a while and you shut it down for a day. Maybe after a day it doesn't make sense to perform lease expirations? Or it does?

We took a "safe" approach to not make any assumptions. We load whatever have been in the lease database prior to server shut down and let the server deal with this situation using lease expiration mechanisms. Now, I suppose we could maybe perform lease reclamation while leases are loaded from a file (and while the server is starting up) but that would rather delay the startup of your server because not only would you have to load leases from file but also reclaim them.

On the other hand, maybe it is worth considering to add a configuration flag to disable reclamation of leases on startup when the specific use case doesn't need reclamation?

Subtickets

Change History (1)

comment:1 Changed 3 years ago by hschempf

  • Milestone changed from Kea-proposed to Outstanding Tasks

Per Kea team meeting Oct 20, decision to place this ticket in the outstanding queue

Note: See TracTickets for help on using tickets.