Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2005-11-24) How To Distribute DHCP Scopes Among Multiple DHCP Servers?

Posted by Jorge on 2005-11-24


For distributing scopes among multiple DHCP servers two well-known rules are available.

Google for (only the text before the =):
50/50 dhcp = (central setup)
and
80/20 dhcp = (local and remote setup)

You should make sure only one DHCP servers leases a certain IP address otherwise you could get IP conflicts. DHCP Servers do not share the DHCP db, only when clustered.

If one or more DHCP servers service the same set of clients you should, if applicable:
(1) configure reservations on all those DHCP servers
(2) Distribute available addresses among the DHCP servers

AD(1)
if you have clients that use DHCP reservations and you also have multiple DHCP servers that service those clients, you need to configure the DHCP reservations on all DHCP servers that service those clients as you want to make sure that independed of the DHCP server the client gets its reserved IP address

AD(2)
Depending on the distribution factor as mentioned above you need to make sure IP addresses are not leased more than once to any other client. Let me give me an example….
Lets say you have a scope with the following AVAILABLE IP addresses…. A B C D E F G H I J (from A to J) and you have server DHCP1 and server DHCP2 as DHCP servers.
You have the following possibilities:
(A) configure the complete scope "A B C D E F G H I J" and enable it on both DHCP servers DHCP1 and DHCP2 and enable conflict detection so that each DHCP server first checks a certain IP address has not been leased by the OTHER DHCP server. (This is not a best practice and thus not recommended)
(B) configure the complete scope "A B C D E F G H I J" and enable it on DHCP server DHCP1 and disable the scope on DHCP server DHCP2 (and enable conflict on the DHCP server that is made the servicing DHCP server while the other is not because it is unavailable or so) (this will work but if the first DHCP server becomes unavailable you need to enable conflict detection on the other DHCP servers and enable all of its scopes manually)
(C) If you use the 50/50 rule (otherwise configure accordingly),configure half of the scope "A B C D E" on the DHCP server DHCP1 and configure the other half on DHCP server DHCP2 "F G H I J" and enable the scopes. Conflict detection is not needed here. The problem with this is that if the client switches from DHCP server the other DHCP server will issue a NACK because the client if trying to renew an unknown IP address to that DHCP server.
(D) configure the complete scope "A B C D E F G H I J" and enable it on both DHCP servers DHCP1 and DHCP2.Conflict detection is not needed here. If you use the 50/50 rule (otherwise configure accordingly), on the first DHCP server DHCP1 exclude "A B C D E" and on the second DHCP server DHCP2 exclude "F G H I J" If the client switches from DHCP server the other DHCP server will not issue a NACK because it knows of the IP address although excluded (This is my preferred configuration and if also a best practice)


Also remember:
If secure DDNS updates are done by the DHCP server on behalf of the clients and more than 1 DHCP server services the same clients make sure each DHCP server is able to update the records. For this configure credentials on the DHCP server to acchieve this.
If DHCP service is hosted on a DC, for security purposes you should configure DHCP with additional credentials to register records on behalf of the clients.

If it is a W2K DHCP server you can only use the command line to configure credentials (NETSH DHCP…)

If it is a W2K3 DHCP server you can use the command line and the GUI to configure credentials

For more info see:
*
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/d0e19b57-c368-46c2-b017-caf25ae150ec.mspx

* http://www.jsifaq.com/SUBN/tip6900/rh6941.htm

* http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/179d4f6c-9482-4dac-8f03-74bd78b7d263.mspx

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: