Possible skipped standby server synchronization after temporary communication interruption
Consider the following scenario. There are two HA partners in the hot-standby mode. Communication between them is interrupted but they still run. The primary transitions to the partner-down state quickly because it does not monitor the DHCP traffic directed to standby. The standby is not supposed to respond to any traffic. The primary gets to the partner-down state and the standby is still in hot-standby state. When the communication is re-established, it is possible that the primary first spots that the standby is in the hot-standby state. In that case, the primary may transition to the hot-standby state. The standby would see the primary in the hot-standby state and would assume that they operate normally. As a result, the standby won't synchronize its lease database, and will lose the leases allocated by the primary in the partner-down state.
The proposed solution is to modify the state machine, so that the primary remains in the partner-down state when he spots that the standby is in the hot-standby state. This should force the standby to transition to the waiting state and synchronize.