Which ports are recommended for high availability?
I have found inconsistencies between the dhcpd
manpages and ISC's blog.
This ISC document by @sgoldlust contains the following (shortened) example for the primary server of a HA pair:
failover peer "failover-partner" {
primary;
port 519;
peer port 520;
}
The manpages for dhcpd.conf 4.4 say the same:
failover peer "foo" {
primary;
port 519;
peer port 520;
}
include "/etc/dhcpd.master";
But, the manpages say that the IANA assigned port 647 is used by default for both the local port
and peer port
. This conflicts with the aforementioned examples in that it both claims that the default is 647, and not 519, and that the local and peer ports are the same by default (implying that setting different ports for both is not recommended).
In addition, see the following output on Almalinux 8.6:
$ rpm -qa | grep dhcp
dhcp-client-4.3.6-47.el8.x86_64
dhcp-common-4.3.6-47.el8.noarch
dhcp-libs-4.3.6-47.el8.x86_64
dhcp-server-4.3.6-47.el8.x86_64
Ports 647 and 847 are accounted for by the dhcpd_port_t
type:
$ sudo semanage port -l | grep dhcp
dhcpc_port_t tcp 68, 546, 5546
dhcpc_port_t udp 68, 546, 5546
dhcpd_port_t tcp 547, 548, 647, 847, 7911
dhcpd_port_t udp 67, 547, 548, 647, 847
But, 519 and 520 are not:
$ sudo semanage port -l | grep -E '(519|520)'
efs_port_t tcp 520
router_port_t udp 520, 521
Given this, it appears that ports 519 and 520 should not be used, despite the examples on the manpage and documentation.
So:
- Should 519 and 520 be used for HA configuration? Why were these ports used in the documentation?
- Should both the local server and peer share one port (i.e. 647 for DHCPv4 on both servers and 847 for DHCPv6 on both servers) as according to the default for these config options? Or, should both be used (i.e. 647 for local HA port on primary and 847 on peer) as according to the manpage and documentation examples?
Thank you.