DHCP redundancy

[Ya_know]

I have been planning for DHCP redundancy over a NT4.0 network, and wanted to get some input. This is a single site network of about 60 PC’s, 4 servers, and 6 printers, so it seems that having two non-overlapping scopes, one on each of two servers, would be the best solution.

Can anyone provide more insight into this scenario, or suggest alternatives. Also, what would be done in a much larger enterprise situation, just for curiosity?

[kato2274]

alas we just brainstormed this in active directory class and came up with a pretty decent solution, but since win2k and NT4 reservations and stuff don't work the same, it really wouldn't apply.

[Ya_know]

Originally posted by kato2274
alas we just brainstormed this in active directory class and came up with a pretty decent solution, but since win2k and NT4 reservations and stuff don't work the same, it really wouldn't apply.

Please, expound all you wish. I have AD at home, and can experiment with any Idea. I want to see this from all angles, in both NT4 and 2K.

So everyone, please don't be shy!

[kato2274]

well since 2 DHCP servers can have the same reservations without any problems in win2k here is what we figured.

2 DHCP servers. each server has a scope of say 192.168.100.1 - 192.168.100.254
DHCP server 1 excludes the second half of the scope say from 127 to 254
DHCP server 2 excludes the 1st half of the scope 1 to 126

both DHCP servers can have the exact same server and printer reservations.
activate them both and run them in Parallel
so if one server goes down - no problem. you still have plenty of addresses in the pool to pass out and all your printers and computers that need specific IP addresses will get them without any problem because both servers will have the needed reservation. and you don't have to worry about them conflicting with each other since though they are operating out of the same scope they aren't working with the same address pool.

we did this in Lab with 4 DHCP servers and simulated them going down and special reservation machines renewing their lease, and it worked like a charm.

[Matridom]

Ya_Know, create two scopes on each server. make these two server be on seperate subnets.

now your two scopes will be deviced 80/20

so you'll end up with four scopes.

Scope 1a will be 80%
Scope 1b will be 20%
(= 100% of IP's on subnet 1)

Scope 2a will be 80%
Scope 2b will be 20%
(=100% of IP's on subnet 2)

when you setup up the servers, server one will have scope 1a and 2b, server 2 will have scope 2a and 1b. now, on each network setup DHCP forwarding to the other subnet.

Now what will happen is when a client get's and IP, it will usualy get it from the local DHCP (80% section) the other DHCP will get the request, but since the client will accept the first IP giving, the delay to the second server will exclude that IP from being giving.

Now, do this on both sides. So if one server goes down, you have a 20% chunk of IP's that can still be giving out, so that will give you time to fix the other server...

If you want a better explanation, I'll try to explain it better.

[Ya_know]

Originally posted by Matridom
Ya_Know, create two scopes on each server. make these two server be on seperate subnets.

I think I understand what you are saying, but you lost me at the two subnets. Why would I want to do that?

[silencio]

60 Users, prolly not worth it for you. On the other hand, it may be a foot in the door to clustered services.

Clustering DHCP Servers


Windows Clustering allows two servers to be managed as a single system. The
Windows 2000 (Advanced Server only) clustering service can be used for DHCP
servers to provide higher availability, easier manageability, and greater
scalability.

Windows Clustering can automatically detect the failure of an application or
server and quickly restart it on a surviving server, with users only
experiencing a momentary pause in service. With Windows Clustering,
administrators can quickly inspect the status of all cluster resources and
easily move workloads around onto different servers within the cluster. This
is useful for manual load balancing and for performing rolling updates on
the servers without taking important data and applications offline.

Windows Clustering allows DHCP servers to be virtualized so that if one of
the clustered nodes crashes, the namespace and all the services are
transparently reconstituted to the second node. This means no changes are
visible to the client, which sees the same IP address for the clustered DHCP
servers.

Without clustering, network administrators might split scopes between
servers, so if one server goes down, at least half of the available
addresses remain available. Clustering uses IP addresses efficiently by
removing the need to split scopes. A database stored on a remote disk tracks
address assignment and other activity so that if the active cluster node
goes down, the second node becomes the DHCP server, with complete knowledge
of what has been assigned and access to the complete scope of addresses.
Only one node at a time runs as a DHCP server, with the Windows 2000
clustering database providing transparent transition when needed.


Example of Clustered DHCP Servers


Figure 4.15 is a generic example of clustered DHCP servers. DHCP Server 1 is
the active DHCP server, and DHCP Server 2 is the backup DHCP server.


If your browser does not support inline frames, click
<http://www.microsoft.com/TechNet/pro...reskit/tcpip/p
art2/images/TCCH0415.GIF> here to view on a separate page.

Figure 4.15 Clustered DHCP Servers

In Figure 4.15:

* DHCP Server 1 and DHCP Server 2 have Windows 2000 DHCP
and Windows Clustering services installed.

* Each DHCP server has a unique server name and IP
address.

* Each DHCP server has two network interfaces-one for
the cluster identity and the connection to the enterprise network and the
second for server-to-server communication. This is a private link only for
cluster communication. The wire runs directly between the two servers.

* Both DHCP servers are configured with identical
scopes. However, on Server 2, the scopes are not activated because Server 2
is not currently functioning as the active DHCP server. DHCP Server 2 can
function as a hot spare, ready in the event of a shutdown of DHCP Server 1.

* To facilitate clustering and the sharing of resources,
the DHCP servers are connected to an external disk system that holds the
DHCP database and log files. This allows DHCP Server 2 to access the DHCP
database files if it needs to take over as the active DHCP server. The
clustering service installed on each DHCP server prevents one server from
trying to exclusively claim the external disk and prevent sharing of the
disk system between the DHCP servers.

* The cluster itself has a unique name and IP address,
so that DHCP clients can use the cluster name and IP address to connect to
the cluster and request DHCP services. This prevents rejected DHCP client
requests if one of the DHCP servers is turned off. For example, if the
client was configured with a specific DHCP server name and IP address
instead of the cluster address, the client would not receive DHCP services.
However, by configuring the DHCP clients with the cluster name and IP
address, the client is able to communicate with the active DHCP server in
the cluster.

Before implementing a similar scenario, consider the following
recommendations:

* On each DHCP server in the cluster (whether backup or
primary), install the DHCP service before you install the clustering
service.

* Keep the second DHCP server turned off until the first
server has the clustering service installed and is configured with a new
cluster name and address. When the second server is turned on (and
configured with DHCP and clustering services), it joins the existing
cluster.

* The cluster name and IP address must be statically
configured-they cannot be configured dynamically by another DHCP server.

* If a DHCP cluster is using an external disk system to
store the DHCP database files, the DatabasePath and BackupDatabasePath
registry entries must be configured on both DHCP servers in the cluster. The
registry entries are located in

HKLM\SYSTEM\CurrentControlSet\Services\DhcpServer\ Parameters

These registry entries must specify the path to the external disk system.

* Permissions: Any backup DHCP servers in the cluster
will not be able to successfully take over DHCP tasks if the appropriate
security permissions have not been enabled. Administrators must create a new
domain security group to which the servers belong. This group must have
permissions of Full Control for the DNS zone object in Active Directory
where DHCP clients have their A and PTR records registered and updated.
Alternatively, administrators can add the second server to the
DNSUpdateProxyGroup for the domain. Otherwise, name resolution failures will
result.

* Use the 80/20 rule when implementing clustered DHCP
servers to provide additionally enhanced "failover" (hot-spare) services.
The combination of clustering DHCP servers and using the 80/20 rule to
manage scopes between the clustered server enables an enhanced failover
solution. See the sections "80/20 Rule" and "Best Practices" for details in
specifying scopes using the 80/20 rule.

For more information, see "Windows Clustering" in the MicrosoftR WindowsR
2000 Distributed Systems Guide.

[Matridom]

Originally posted by Ya_know
I think I understand what you are saying, but you lost me at the two subnets. Why would I want to do that?

Well for several reasons. First you get smaller collision domains, 2 you have smaller broadcast domains, with smaller broadcast domains, you have less traffic, creating less collisions. Remember, to receive a DHCP lease you have 4 broadcasts that go out:
DHCP Discover
DHCP Offer
DHCP Request
DHCP Ack.

Now those are broadcasted to the IP of 255.255.255.255, mac addy of FF:FF:FF:FF:FF:FF:FF:FF, that means that EVERY computer on the subnet picks up the packet and looks at it, that means, for the workstations, you get waisted bandwith, waisted CPU cycled (the computer picks up the packet and looks at it, see's it's DHCP then tosses it) and the possibility for morr collisions.

So smaller subnets allow you to keep network traffic down. It's also easier to manage IP's. you may also want to consider making a longer lease time (several weeks or months dependant on how things change) A DHCP renew is unicast to the DHCP server (the computer already knows the IP address of the server). Again, this lowers network traffic.

[Rô©kHøµñÐ]

Not if you have a lease period of say 60 days then the broadcasts would be negligable.

If he only has 1 subnet then it would be great because e wouldnt have to worry about someone with a laptop moving from subnet to subnet.

Also he doesnt have to deal with older computers getting moved from one department to another,ending up on a new subnet and pulling the old IP from the DHCP server.

I have one site that has a total of like 12 subnets, once I prepped a computer on one subnet and went to set it up at the clients desk on a different subnet it kept pulling the IP from subnet 1 until i deleted the lease from the server.

About the scopes i eould just cut the total range in half and put one on each server.