Binding DHCP Scope to Network

The DHCP server in Windows 2000 lets you bind the server to one or more
adapters / networks. What I would really rather do is bind my DHCP scope
to the adapter / network, not the server.

Do later versions of the Microsoft DHCP server give you this extra
granularity?

--
Will

It is meaningless.
There is no point in it.
It doesn't work like that anyway.

The binding simply establishes which nic the DHCP Serivce listens for
Requests.

The correct Scope for a Request is determined by what physical or logical IP
segment the request originated from.

Since you are Multi-Netting (the conclusion I came to in your other post),
there is *no* distinction of segments to determine where the Request came
from so there is no way to choose a correct scope,....

.....Therefore....

You have to use a SuperScope and place your other Scopes into it. The
Superscope will make the multiple Scopes behave as if they are one single
Scope and the client can randomly receive an address from any of the
scopes,...which means,...a client can randomly be part of any "IP Segment"
at any point in time,...which means,....it isn't supposed to matter which
segment they are a part of at any given time. Which means,...if it does
matter to you,...then you have to stop Multi-Netting and either run multiple
physical "wires" or break them into multiple "logical wires" by using VLANs.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com



"Will" <westes-(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> The DHCP server in Windows 2000 lets you bind the server to one or more
> adapters / networks. What I would really rather do is bind my DHCP
scope
> to the adapter / network, not the server.
>
> Do later versions of the Microsoft DHCP server give you this extra
> granularity?
>
> --
> Will
>
>

After I created the superscope it works fine, and as a matter of fact
Windows is binding the DHCP scope to the specific ethernet adapter that
binds to the class C addresses in the scope. It appears that this binding
is done for you automatically however and doesn't require me to set anything
explicitly.

As a general comment, if I can speak the requirement as a sentence that has
meaning, then by definition it isn't meaningless. I think you are being
too quick to dismiss things you don't like as meaningless. It's okay to say
you don't think it should work that way. It's not okay to say the concept
itself means nothing when it clearly does.

Premise: I have two class C networks
Premise: I have two ethernet cards in one DHCP server
Premise: Each ethernet card binds to one and only one Class C network
Premise: Each class C network has some DHCP scope associated with it.

If each DHCP scope is properly associated with one Class C network, how is
it meaningless to want a feature that binds the DHCP scope to one and only
one ethernet card / Class C? Now you may not want the feature to operate
that way. But you can't say it is meaningless if it describes a feature
that could be implemented.

And, to my great surprise, it already works the way I wanted but Microsoft
is doing it automatically. The superscope doesn't solve the problem if you
try to multinet *a single ethernet card*. But if you take the time to
install additional ethernet cards / ports - one per IP network, then you can
definitely support two different Class C networks on a single wire.
Microsoft's documentation says it is a requirement to have scopes that
support different networks be on different ethernet cards/ports.

To make it work, you need to restrict *all* of the IPs in one of the two
Class C networks in its DHCP scope, then use just reservations to grab IPs
in that DHCP scope. All the assignments to machines without reservations
then go to the other scope, and it appears to work with quite good
performance.

--
Will



"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> It is meaningless.
> There is no point in it.
> It doesn't work like that anyway.
>
> The binding simply establishes which nic the DHCP Serivce listens for
> Requests.
>
> The correct Scope for a Request is determined by what physical or logical
IP
> segment the request originated from.
>
> Since you are Multi-Netting (the conclusion I came to in your other post),
> there is *no* distinction of segments to determine where the Request came
> from so there is no way to choose a correct scope,....
>
> ....Therefore....
>
> You have to use a SuperScope and place your other Scopes into it. The
> Superscope will make the multiple Scopes behave as if they are one single
> Scope and the client can randomly receive an address from any of the
> scopes,...which means,...a client can randomly be part of any "IP Segment"
> at any point in time,...which means,....it isn't supposed to matter which
> segment they are a part of at any given time. Which means,...if it does
> matter to you,...then you have to stop Multi-Netting and either run
multiple
> physical "wires" or break them into multiple "logical wires" by using
VLANs.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com

"Will" <westes-(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> After I created the superscope it works fine, and as a matter of fact
> Windows is binding the DHCP scope to the specific ethernet adapter that
> binds to the class C addresses in the scope. It appears that this
binding
> is done for you automatically however and doesn't require me to set
anything
> explicitly.
>
> As a general comment, if I can speak the requirement as a sentence that
has
> meaning, then by definition it isn't meaningless.

No. People say things all the time that aren't accurate. People most often
speak according to what they are thinking and most problems stem from
people's incorrect thinking which is reflected in what they say when they
describe things. So I try to adjust, or steer, people's thinking into the
correct direction, because if peoples's thinking is correct and pointed in
the right direction the problems they have will most often take care of
themselves because the solution become obvious.

> I think you are being
> too quick to dismiss things you don't like as meaningless.

I am saying that in the context of how the running DHCP service "views"
things.

> If each DHCP scope is properly associated with one Class C network, how is
> it meaningless to want a feature that binds the DHCP scope to one and only
> one ethernet card / Class C?

DHCP scopes are not "bound" to anything at all. The DHCP Service recieves a
DHCP Request,..it checks the request to see what IP Segment the request was
initiated from and makes a DHCP Offer using an IP config that matches the
originating segment. There is no "binding". You can have a Query from one
segment be recieved and properly answered when the Nic it was received on
doens't even match the Segment of the request. That is why you can have one
DHCP server with a single nic and single IP config still supply addressing
for multple segments. The only thing that ever gets "bound" is the running
DHCP Service itself,...not the Scopes within it.

> And, to my great surprise, it already works the way I wanted but Microsoft
> is doing it automatically. The superscope doesn't solve the problem if
you
> try to multinet *a single ethernet card*.
> Microsoft's documentation says it is a requirement to have scopes that
> support different networks be on different ethernet cards/ports.

It isn't that simple,...and the exact scenario context matters. I have 9
IP segments,..one single Nic in the DHCP servers,...no Super Scopes,...
these are 2 DHCP server configured as "redundant servers" and it all works
flawlessly and I don't have to do anything "special" nor jump through any
"hoops".

> To make it work, you need to restrict *all* of the IPs in one of the two
> Class C networks in its DHCP scope, then use just reservations to grab IPs
> in that DHCP scope. All the assignments to machines without
reservations
> then go to the other scope, and it appears to work with quite good
> performance.

Never heard of having to do any of that. It is amazing how people can take
something that works in such a simple way and turn it into such a complex
thing, I see this happen over and over in these groups. Get rid of the
Multi-Net by either reconfiguring the physical cabling or do it via VLANing
and life will be better, the sky will be bluer, the clouds will be puffier,
the birds will be chirpier, and all will be well.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I spent enough time looking at the sniffer trace to acknowledge you are
right DHCP Server in Windows 2000 is not binding the scope to any NIC. As
you said, the binding to NICs is only for the service.

In a situation where you have two networks 172.16.1.x and 172.16.3.x on two
NICs and you have independent DHCP scopes for each network, how do you
guarantee that DHCP requests going to the port that is on the 172.16.1.x
network, for example, will only hand out IPs from a scope that uses
addresses in that network? If the scope for 172.16.3.x exists on the same
DHCP server, and the NIC for 172.16.3.x binds to the server, and any NIC can
hand out addresses from any scope, then the DHCP client request coming in on
172.16.1.x might be handed an IP from 172.16.3.x scope? Is the purist
solution to have each DHCP server be responsible for just one network?

Without getting into every pro and con for using multinets (I'm clear that
you never like them and are willing to work pretty hard to avoid them), the
point I would make is that in my experience multinets can be really buggy
and problematic in Windows when you provide multiple IPs for a single NIC.
If you take the time to assign only one IP to each NIC, and have multiple
NICs on the same server that all attach to the same switch, multinets can be
very reliable and predictable.

--
Will

"Will" <westes-(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> In a situation where you have two networks 172.16.1.x and 172.16.3.x on
two
> NICs and you have independent DHCP scopes for each network, how do you
> guarantee that DHCP requests going to the port that is on the 172.16.1.x
> network, for example, will only hand out IPs from a scope that uses
> addresses in that network?

If it is not a Multi-net, the wires are separate,...so the Request can only
possibly come in on the Nic that represents the segment the client is on.
Since the DHCP Service knows what segment the receiving nic "lives" on it
pulls a config from the proper scope that matches that.

If the DHCP Server only has one nic (the best way) but serves multiple
segments, the Request are forwarded to the DHCP Server by the LAN Router
using DHCP Relay. The router incudes the proper information in the forwarded
Request so that the DHCP Server knows which is the proper Scope to get the
config from and sends it back to the router which sends it back to the
client.

> Without getting into every pro and con for using multinets (I'm clear that
> you never like them and are willing to work pretty hard to avoid them),
the
> point I would make is that in my experience multinets can be really buggy
> and problematic in Windows when you provide multiple IPs for a single NIC.
> If you take the time to assign only one IP to each NIC, and have multiple
> NICs on the same server that all attach to the same switch, multinets can
be
> very reliable and predictable.

Yes, that is correct. But you are also right in that I am never going to say
that multi-nets are a "good" thing. They are sometimes usefull during a
re-addressing project where a network is being re-addresses and has to deal
with a transitiion period. Other than that, multi-nets should never have
been invented,...there isn't anything good, anything effiecient about them
that I will ever admit to.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> Yes, that is correct. But you are also right in that I am never going to
say
> that multi-nets are a "good" thing. They are sometimes usefull during a
> re-addressing project where a network is being re-addresses and has to
deal
> with a transitiion period. Other than that, multi-nets should never have
> been invented,...there isn't anything good, anything effiecient about them
> that I will ever admit to.

And this was exactly our case: readdressing and reconfiguration of a
network for a transition period. So we are living with an evil
configuration, hopefully for just a few months.

--
Will

"Will" <westes-(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> > that multi-nets are a "good" thing. They are sometimes usefull during a
> > re-addressing project where a network is being re-addresses and has to
> deal
> > with a transitiion period. Other than that, multi-nets should never
have
> > been invented,...there isn't anything good, anything effiecient about
them
> > that I will ever admit to.
>
> And this was exactly our case: readdressing and reconfiguration of a
> network for a transition period. So we are living with an evil
> configuration, hopefully for just a few months.

Ok. Good enough for me :-)

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------