DHCP Scope split

Hi

I'm planning to use 80/20 method to distribute our IP addresses on the
clients. in the same time I need to use the reservation for all assigned IPs
to the clients (i.e. all client on the network will have static IP not
dynamic).

does the reservation work properly with 80/20 method? if you, how to
configure the scopes ranges and the reservation?

thanks in advanced.

Before I answer your question, two of mine:

If you have less than 120 LAN clients why do you plan to use 80/20 instead
of the intuitively obvious 50/50?
And if you have more, how does 80/20 help?

But this is almost irrelevant if you are going to use reservations.
Because a Win2k3 DHCP server can assign a reserved lease whose IP address is
in a part of the scope excluded from that DHCP server address pool.

So on our network the reservations are defined on both DHCP servers with the
same IP addresses; in the DHCP pool of the PDC emulator, but out of the pool
of our second DC.
But when clients request extension of their lease, either DC can grant it.
Since the lease is renewed half-way through, this can result in both DHCP
servers marking the lease as active and imagining they are managing it.
But since that IP address can never be granted to another client this is not
a problem.

Assuming this works if the reservation is out of the pool of both DHCP
servers, perhaps the best design for you is 20% spare address pool on each
servers, and 60% for identical reservations on both servers.
--
Regards,
Newell White


"Fahad" wrote:

> Hi
>
> I'm planning to use 80/20 method to distribute our IP addresses on the
> clients. in the same time I need to use the reservation for all assigned IPs
> to the clients (i.e. all client on the network will have static IP not
> dynamic).
>
> does the reservation work properly with 80/20 method? if you, how to
> configure the scopes ranges and the reservation?
>
> thanks in advanced.

thanks Newell

here is the full picture about our scenario....

Dear All

we have 2 DHCP 2003 servers & we are planning to use 80/20 method to
distribute the IP addresses on the clients. in the same time we need to use
the reservation for all assigned IPs to the clients (i.e. all clients on the
network will have static IP not dynamic).

the scopes as follow:
172.96.90.1 - 172.96.90.30 mask /27 exclusion: 172.96.90.28 -
172.96.90.31
172.96.90.33 - 172.96.90.62 mask /27 exclusion: 172.96.90.60 -
172.96.90.63
172.96.90.65 - 172.96.90.94 mask /27 exclusion: 172.96.90.92 -
172.96.90.95

172.96.91.1 - 172.96.91.30 mask /27 exclusion: 172.96.91.28 -
172.96.91.31
172.96.91.33 - 172.96.91.62 mask /27 exclusion: 172.96.91.60 -
172.96.91.63
:
:
etc
each VLAN consist of 30 IP address available for clients (by reserve the
required IP for the new client). we need to block the remaining IP addresses
in each VLAN after the initail assignment (i.e. if the VLAN have 10 clients,
we'll reserve 10 IP to those clients and create a new exclusion range to
block unassigned IPs from this range. if anew client come, we will change the
exclusion range and add new reservation for this client).

we want to achieve high availability by using 80/20 method. my questions are:

1- how can I make the split method and the reservation works together (since
we don't have dynamic assignment)?
2- how this scenario achieve high availability (if primary server down,
backup server should cover all clients served by server1)?
3- most of our VLANs have clients more than 80% of the full range, how can
backup server serve the clients served by primary server in case the primary
down?


"Newell White" wrote:

> Before I answer your question, two of mine:
>
> If you have less than 120 LAN clients why do you plan to use 80/20 instead
> of the intuitively obvious 50/50?
> And if you have more, how does 80/20 help?
>
> But this is almost irrelevant if you are going to use reservations.
> Because a Win2k3 DHCP server can assign a reserved lease whose IP address is
> in a part of the scope excluded from that DHCP server address pool.
>
> So on our network the reservations are defined on both DHCP servers with the
> same IP addresses; in the DHCP pool of the PDC emulator, but out of the pool
> of our second DC.
> But when clients request extension of their lease, either DC can grant it.
> Since the lease is renewed half-way through, this can result in both DHCP
> servers marking the lease as active and imagining they are managing it.
> But since that IP address can never be granted to another client this is not
> a problem.
>
> Assuming this works if the reservation is out of the pool of both DHCP
> servers, perhaps the best design for you is 20% spare address pool on each
> servers, and 60% for identical reservations on both servers.
> --
> Regards,
> Newell White
>
>
> "Fahad" wrote:
>
> > Hi
> >
> > I'm planning to use 80/20 method to distribute our IP addresses on the
> > clients. in the same time I need to use the reservation for all assigned IPs
> > to the clients (i.e. all client on the network will have static IP not
> > dynamic).
> >
> > does the reservation work properly with 80/20 method? if you, how to
> > configure the scopes ranges and the reservation?
> >
> > thanks in advanced.

This is not well explained in any book and I have only just found out myself
because I had to!

DHCP server (in Win2k3) sees the world as consisting of 2 types of clients
and 3 types of IP address:

Clients are:
Reserved clients, recognised by MAC number, who must always be given a lease
on their reserved IP whenever they request.
First-come-first-served clients who are given any frre IP from the Pool when
they request - if no Pool IP is free the request is ignored.

Addresses are:
Out-of-scope, the DHCP server is not allowed to assign these.
Pool addresses, all those within the scope but not excluded. Any free pool
address can be given to a requesting client.
Excluded addresses (within scope). These can only be given to a client which
has a reservation on the address which is registered with the DHCP server.

Within these rules you have complete freedom to design your address structure.
Best practice 1: No DHCP server shall have a pool address in the pool range
of another server. This avoids IP conflict.
Best practice 2: No client MAC shall have different IPs reserved for it on
different DHCP servers. This avoids waste of IP addresses and meets our
intuitive understanding of a 'Reservation'.

So in the structure you outline you don't strictly need any pool addresses.
You could exclude the entire scope and distribute all used IPs as
reservations defined on all DHCP servers.
Now only clients with MAC address defined by you can access the LAN.
This is very secure.

But in practice, I would leave a small pool of first-come-first-served
addresses for important visitors. In my experience telling the CEO he can't
plug his laptop in because you designed the system to thwart him can be bad
for career prospects.

--
Regards,
Newell White


"Fahad" wrote:

> thanks Newell
>
> here is the full picture about our scenario....
>
> Dear All
>
> we have 2 DHCP 2003 servers & we are planning to use 80/20 method to
> distribute the IP addresses on the clients. in the same time we need to use
> the reservation for all assigned IPs to the clients (i.e. all clients on the
> network will have static IP not dynamic).
>
> the scopes as follow:
> 172.96.90.1 - 172.96.90.30 mask /27 exclusion: 172.96.90.28 -
> 172.96.90.31
> 172.96.90.33 - 172.96.90.62 mask /27 exclusion: 172.96.90.60 -
> 172.96.90.63
> 172.96.90.65 - 172.96.90.94 mask /27 exclusion: 172.96.90.92 -
> 172.96.90.95
>
> 172.96.91.1 - 172.96.91.30 mask /27 exclusion: 172.96.91.28 -
> 172.96.91.31
> 172.96.91.33 - 172.96.91.62 mask /27 exclusion: 172.96.91.60 -
> 172.96.91.63
> :
> :
> etc
> each VLAN consist of 30 IP address available for clients (by reserve the
> required IP for the new client). we need to block the remaining IP addresses
> in each VLAN after the initail assignment (i.e. if the VLAN have 10 clients,
> we'll reserve 10 IP to those clients and create a new exclusion range to
> block unassigned IPs from this range. if anew client come, we will change the
> exclusion range and add new reservation for this client).
>
> we want to achieve high availability by using 80/20 method. my questions are:
>
> 1- how can I make the split method and the reservation works together (since
> we don't have dynamic assignment)?
> 2- how this scenario achieve high availability (if primary server down,
> backup server should cover all clients served by server1)?
> 3- most of our VLANs have clients more than 80% of the full range, how can
> backup server serve the clients served by primary server in case the primary
> down?
>
>
> "Newell White" wrote:
>
> > Before I answer your question, two of mine:
> >
> > If you have less than 120 LAN clients why do you plan to use 80/20 instead
> > of the intuitively obvious 50/50?
> > And if you have more, how does 80/20 help?
> >
> > But this is almost irrelevant if you are going to use reservations.
> > Because a Win2k3 DHCP server can assign a reserved lease whose IP address is
> > in a part of the scope excluded from that DHCP server address pool.
> >
> > So on our network the reservations are defined on both DHCP servers with the
> > same IP addresses; in the DHCP pool of the PDC emulator, but out of the pool
> > of our second DC.
> > But when clients request extension of their lease, either DC can grant it.
> > Since the lease is renewed half-way through, this can result in both DHCP
> > servers marking the lease as active and imagining they are managing it.
> > But since that IP address can never be granted to another client this is not
> > a problem.
> >
> > Assuming this works if the reservation is out of the pool of both DHCP
> > servers, perhaps the best design for you is 20% spare address pool on each
> > servers, and 60% for identical reservations on both servers.
> > --
> > Regards,
> > Newell White
> >
> >
> > "Fahad" wrote:
> >
> > > Hi
> > >
> > > I'm planning to use 80/20 method to distribute our IP addresses on the
> > > clients. in the same time I need to use the reservation for all assigned IPs
> > > to the clients (i.e. all client on the network will have static IP not
> > > dynamic).
> > >
> > > does the reservation work properly with 80/20 method? if you, how to
> > > configure the scopes ranges and the reservation?
> > >
> > > thanks in advanced.

Thanks for your cooperation...

then what is the best scenario to achieve full redundancy on our DHCP servers?
shall we use clustering or splitting?

"Newell White" wrote:

> This is not well explained in any book and I have only just found out myself
> because I had to!
>
> DHCP server (in Win2k3) sees the world as consisting of 2 types of clients
> and 3 types of IP address:
>
> Clients are:
> Reserved clients, recognised by MAC number, who must always be given a lease
> on their reserved IP whenever they request.
> First-come-first-served clients who are given any frre IP from the Pool when
> they request - if no Pool IP is free the request is ignored.
>
> Addresses are:
> Out-of-scope, the DHCP server is not allowed to assign these.
> Pool addresses, all those within the scope but not excluded. Any free pool
> address can be given to a requesting client.
> Excluded addresses (within scope). These can only be given to a client which
> has a reservation on the address which is registered with the DHCP server.
>
> Within these rules you have complete freedom to design your address structure.
> Best practice 1: No DHCP server shall have a pool address in the pool range
> of another server. This avoids IP conflict.
> Best practice 2: No client MAC shall have different IPs reserved for it on
> different DHCP servers. This avoids waste of IP addresses and meets our
> intuitive understanding of a 'Reservation'.
>
> So in the structure you outline you don't strictly need any pool addresses.
> You could exclude the entire scope and distribute all used IPs as
> reservations defined on all DHCP servers.
> Now only clients with MAC address defined by you can access the LAN.
> This is very secure.
>
> But in practice, I would leave a small pool of first-come-first-served
> addresses for important visitors. In my experience telling the CEO he can't
> plug his laptop in because you designed the system to thwart him can be bad
> for career prospects.
>
> --
> Regards,
> Newell White
>
>
> "Fahad" wrote:
>
> > thanks Newell
> >
> > here is the full picture about our scenario....
> >
> > Dear All
> >
> > we have 2 DHCP 2003 servers & we are planning to use 80/20 method to
> > distribute the IP addresses on the clients. in the same time we need to use
> > the reservation for all assigned IPs to the clients (i.e. all clients on the
> > network will have static IP not dynamic).
> >
> > the scopes as follow:
> > 172.96.90.1 - 172.96.90.30 mask /27 exclusion: 172.96.90.28 -
> > 172.96.90.31
> > 172.96.90.33 - 172.96.90.62 mask /27 exclusion: 172.96.90.60 -
> > 172.96.90.63
> > 172.96.90.65 - 172.96.90.94 mask /27 exclusion: 172.96.90.92 -
> > 172.96.90.95
> >
> > 172.96.91.1 - 172.96.91.30 mask /27 exclusion: 172.96.91.28 -
> > 172.96.91.31
> > 172.96.91.33 - 172.96.91.62 mask /27 exclusion: 172.96.91.60 -
> > 172.96.91.63
> > :
> > :
> > etc
> > each VLAN consist of 30 IP address available for clients (by reserve the
> > required IP for the new client). we need to block the remaining IP addresses
> > in each VLAN after the initail assignment (i.e. if the VLAN have 10 clients,
> > we'll reserve 10 IP to those clients and create a new exclusion range to
> > block unassigned IPs from this range. if anew client come, we will change the
> > exclusion range and add new reservation for this client).
> >
> > we want to achieve high availability by using 80/20 method. my questions are:
> >
> > 1- how can I make the split method and the reservation works together (since
> > we don't have dynamic assignment)?
> > 2- how this scenario achieve high availability (if primary server down,
> > backup server should cover all clients served by server1)?
> > 3- most of our VLANs have clients more than 80% of the full range, how can
> > backup server serve the clients served by primary server in case the primary
> > down?
> >
> >
> > "Newell White" wrote:
> >
> > > Before I answer your question, two of mine:
> > >
> > > If you have less than 120 LAN clients why do you plan to use 80/20 instead
> > > of the intuitively obvious 50/50?
> > > And if you have more, how does 80/20 help?
> > >
> > > But this is almost irrelevant if you are going to use reservations.
> > > Because a Win2k3 DHCP server can assign a reserved lease whose IP address is
> > > in a part of the scope excluded from that DHCP server address pool.
> > >
> > > So on our network the reservations are defined on both DHCP servers with the
> > > same IP addresses; in the DHCP pool of the PDC emulator, but out of the pool
> > > of our second DC.
> > > But when clients request extension of their lease, either DC can grant it.
> > > Since the lease is renewed half-way through, this can result in both DHCP
> > > servers marking the lease as active and imagining they are managing it.
> > > But since that IP address can never be granted to another client this is not
> > > a problem.
> > >
> > > Assuming this works if the reservation is out of the pool of both DHCP
> > > servers, perhaps the best design for you is 20% spare address pool on each
> > > servers, and 60% for identical reservations on both servers.
> > > --
> > > Regards,
> > > Newell White
> > >
> > >
> > > "Fahad" wrote:
> > >
> > > > Hi
> > > >
> > > > I'm planning to use 80/20 method to distribute our IP addresses on the
> > > > clients. in the same time I need to use the reservation for all assigned IPs
> > > > to the clients (i.e. all client on the network will have static IP not
> > > > dynamic).
> > > >
> > > > does the reservation work properly with 80/20 method? if you, how to
> > > > configure the scopes ranges and the reservation?
> > > >
> > > > thanks in advanced.

In your scenario, where all (or almost all) client addresses are reserved,
then separate DHCP servers will be fine.

AD and DNS replication work, so I have never had to think about the learning
curve and expense of clustering to get our second DC to a state which ensures
continuity of the LAN in case PDC emulator fails.
--
Regards,
Newell White


"Fahad" wrote:

> Thanks for your cooperation...
>
> then what is the best scenario to achieve full redundancy on our DHCP servers?
> shall we use clustering or splitting?
>
> "Newell White" wrote:
>
> > This is not well explained in any book and I have only just found out myself
> > because I had to!
> >
> > DHCP server (in Win2k3) sees the world as consisting of 2 types of clients
> > and 3 types of IP address:
> >
> > Clients are:
> > Reserved clients, recognised by MAC number, who must always be given a lease
> > on their reserved IP whenever they request.
> > First-come-first-served clients who are given any frre IP from the Pool when
> > they request - if no Pool IP is free the request is ignored.
> >
> > Addresses are:
> > Out-of-scope, the DHCP server is not allowed to assign these.
> > Pool addresses, all those within the scope but not excluded. Any free pool
> > address can be given to a requesting client.
> > Excluded addresses (within scope). These can only be given to a client which
> > has a reservation on the address which is registered with the DHCP server.
> >
> > Within these rules you have complete freedom to design your address structure.
> > Best practice 1: No DHCP server shall have a pool address in the pool range
> > of another server. This avoids IP conflict.
> > Best practice 2: No client MAC shall have different IPs reserved for it on
> > different DHCP servers. This avoids waste of IP addresses and meets our
> > intuitive understanding of a 'Reservation'.
> >
> > So in the structure you outline you don't strictly need any pool addresses.
> > You could exclude the entire scope and distribute all used IPs as
> > reservations defined on all DHCP servers.
> > Now only clients with MAC address defined by you can access the LAN.
> > This is very secure.
> >
> > But in practice, I would leave a small pool of first-come-first-served
> > addresses for important visitors. In my experience telling the CEO he can't
> > plug his laptop in because you designed the system to thwart him can be bad
> > for career prospects.
> >
> > --
> > Regards,
> > Newell White
> >
> >
> > "Fahad" wrote:
> >
> > > thanks Newell
> > >
> > > here is the full picture about our scenario....
> > >
> > > Dear All
> > >
> > > we have 2 DHCP 2003 servers & we are planning to use 80/20 method to
> > > distribute the IP addresses on the clients. in the same time we need to use
> > > the reservation for all assigned IPs to the clients (i.e. all clients on the
> > > network will have static IP not dynamic).
> > >
> > > the scopes as follow:
> > > 172.96.90.1 - 172.96.90.30 mask /27 exclusion: 172.96.90.28 -
> > > 172.96.90.31
> > > 172.96.90.33 - 172.96.90.62 mask /27 exclusion: 172.96.90.60 -
> > > 172.96.90.63
> > > 172.96.90.65 - 172.96.90.94 mask /27 exclusion: 172.96.90.92 -
> > > 172.96.90.95
> > >
> > > 172.96.91.1 - 172.96.91.30 mask /27 exclusion: 172.96.91.28 -
> > > 172.96.91.31
> > > 172.96.91.33 - 172.96.91.62 mask /27 exclusion: 172.96.91.60 -
> > > 172.96.91.63
> > > :
> > > :
> > > etc
> > > each VLAN consist of 30 IP address available for clients (by reserve the
> > > required IP for the new client). we need to block the remaining IP addresses
> > > in each VLAN after the initail assignment (i.e. if the VLAN have 10 clients,
> > > we'll reserve 10 IP to those clients and create a new exclusion range to
> > > block unassigned IPs from this range. if anew client come, we will change the
> > > exclusion range and add new reservation for this client).
> > >
> > > we want to achieve high availability by using 80/20 method. my questions are:
> > >
> > > 1- how can I make the split method and the reservation works together (since
> > > we don't have dynamic assignment)?
> > > 2- how this scenario achieve high availability (if primary server down,
> > > backup server should cover all clients served by server1)?
> > > 3- most of our VLANs have clients more than 80% of the full range, how can
> > > backup server serve the clients served by primary server in case the primary
> > > down?
> > >
> > >

That's what I do...

I have identical reservations on both of my DHCP servers...

I split mine more on the 60/40 scheme as I have more clients in the
main office than I do the branch and I would prefer less traffic on
the WAN.


---
Jeffrey Randow
(E-Mail Removed)
Windows Networking MVP 2001-2006
http://www.networkblog.net



On Tue, 30 Oct 2007 03:28:02 -0700, Newell White
<(E-Mail Removed)> wrote:

>Before I answer your question, two of mine:
>
>If you have less than 120 LAN clients why do you plan to use 80/20 instead
>of the intuitively obvious 50/50?
>And if you have more, how does 80/20 help?
>
>But this is almost irrelevant if you are going to use reservations.
>Because a Win2k3 DHCP server can assign a reserved lease whose IP address is
>in a part of the scope excluded from that DHCP server address pool.
>
>So on our network the reservations are defined on both DHCP servers with the
>same IP addresses; in the DHCP pool of the PDC emulator, but out of the pool
>of our second DC.
>But when clients request extension of their lease, either DC can grant it.
>Since the lease is renewed half-way through, this can result in both DHCP
>servers marking the lease as active and imagining they are managing it.
>But since that IP address can never be granted to another client this is not
>a problem.
>
>Assuming this works if the reservation is out of the pool of both DHCP
>servers, perhaps the best design for you is 20% spare address pool on each
>servers, and 60% for identical reservations on both servers.

Thanks Jeffrey.
I run a one-site LAN, so it had not occurred to me that there is sometimes a
case for other than 50/50.
--
Regards,
Newell White


"Jeffrey Randow" wrote:

> That's what I do...
>
> I have identical reservations on both of my DHCP servers...
>
> I split mine more on the 60/40 scheme as I have more clients in the
> main office than I do the branch and I would prefer less traffic on
> the WAN.
>
>
> ---
> Jeffrey Randow
> (E-Mail Removed)
> Windows Networking MVP 2001-2006
> http://www.networkblog.net
>
>
>
> On Tue, 30 Oct 2007 03:28:02 -0700, Newell White
> <(E-Mail Removed)> wrote:
>
> >Before I answer your question, two of mine:
> >
> >If you have less than 120 LAN clients why do you plan to use 80/20 instead
> >of the intuitively obvious 50/50?
> >And if you have more, how does 80/20 help?
> >
> >But this is almost irrelevant if you are going to use reservations.
> >Because a Win2k3 DHCP server can assign a reserved lease whose IP address is
> >in a part of the scope excluded from that DHCP server address pool.
> >
> >So on our network the reservations are defined on both DHCP servers with the
> >same IP addresses; in the DHCP pool of the PDC emulator, but out of the pool
> >of our second DC.
> >But when clients request extension of their lease, either DC can grant it.
> >Since the lease is renewed half-way through, this can result in both DHCP
> >servers marking the lease as active and imagining they are managing it.
> >But since that IP address can never be granted to another client this is not
> >a problem.
> >
> >Assuming this works if the reservation is out of the pool of both DHCP
> >servers, perhaps the best design for you is 20% spare address pool on each
> >servers, and 60% for identical reservations on both servers.
>