Planning a new DHCP implementation or revamping your existing DHCP implementation requires a good understanding of how DHCP works. You need to know the following information:
How DHCP messages are sent and received
How DHCP relay agents are used
How multiple servers should be configured
When a DHCP client is started, it uses network broadcasts to obtain or renew a lease from a DHCP server. These broadcasts are in the form of DHCP messages. A client obtains its initial lease as shown in Figure 25-1. Here, the client broadcasts a DHCP Discover message. All DHCP servers on the network respond to the broadcast with a DHCP Offer message, which offers the client an IP lease. The client accepts the first offer received by sending a DHCP Request message back to the server. The server accepts the request by sending the client a DHCP Acknowledgment message.
DHCP clients must renew their leases periodically, either at each restart or when 50 percent of the lease time has passed. If the renewal process fails, the client tries to renew the lease again when 87.5 percent of the lease time has passed. Renewing the lease involves the client sending the DHCP server a DHCP Request and the server accepting the request by sending a DHCP Acknowledgment. This streamlined communication process is shown in Figure 25-2.
If a DHCP client is unable to reach a DHCP server at startup or to renew its lease, it pings the the default gateway that was previously assigned. If the default gateway responds, the client assumes it is on the subnet from which the lease was originally obtained and continues to use the lease. If the default gateway doesn't respond, the client assumes it has been moved to a new subnet and that there is no DHCP server on this subnet. It then configures itself to use an automatic private address. The client will continue to check for a DHCP server when it is autoconfigured. By default, it does this by sending a DHCP Discover message every five minutes. If the client gets a DHCP Offer back from a DHCP server, it sends a DHCP Request to the server. When it gets back a DHCP Acknowledgment, it abandons its autoconfiguration and uses the address and other configuration settings sent by the DHCP server.
Typically, the messages sent by DHCP clients and servers are limited by the logical boundaries of the network. As a result, DHCP client broadcasts aren't routed and stay on only the originating network. In this configuration, you need at least one DHCP server per subnet.
To reduce the number of DHCP servers needed for your organization, you can configure a DHCP relay agent on any subnet that has no DHCP server. This relay agent is a router or a computer on the network that is configured to listen for DHCP broadcasts from clients on the local subnet and forward them as appropriate to a DHCP server on a different subnet. A router that supports BOOTP can be configured as a relay agent. You can also configure Windows Server 2003 computers on the network to act as DHCP relay agents.
Tip
Relay agents are best for LANs
Relay agents work best in local area network (LAN) environments where subnets are all in the same geographic location. In a wide area network (WAN) environment where you are forwarding broadcasts across links, you might not want to use relay agents. If a WAN link goes down, clients won't be able to obtain or renew leases, and this could cause the clients to use Automatic Private IP Addressing (APIPA).
As part of planning, you must consider how many DHCP servers should be made available on the network. In most cases, you'll want to configure at least two DHCP servers. If they are configured properly, having multiple DHCP servers increases reliability and allows for fault tolerance.
In a large enterprise, a server cluster can be your primary technique for ensuring DHCP availability and providing for fault tolerance. Here, if a DHCP server fails, the DHCP Server service can be failed over to another server in the cluster, allowing for seamless transition of DHCP services.
Although you can configure the DHCP Server service for failover on a cluster, much simpler and less expensive fault-tolerance implementations are available, and these implementations work with large networks as well as small and medium networks. The implementations include the following:
50/50 failover approach
80/20 failover approach
100/100 failover approach
By configuring the 50/50 failover approach, you use two DHCP servers to make an equal amount of IP addresses available to clients for leasing. Here, each DHCP server is configured with an identical scope range but with different exclusions within that range. The first server gets the first half of the scope's IP address range and excludes the second half. The second server gets the second half of the scope's IP address range and excludes the first half.
To see how this would be implemented, consider the following example. The organization has two DHCP servers:
Server A's primary scope is configured to use the IP address range 192.168.10.1 to 192.168.10.254 and has an exclusion range of 192.168.10.125 to 192.168.10.254.
Server B's primary scope is configured to use the IP address range 192.168.10.1 to 192.168.10.254 and has an exclusion range of 192.168.10.1 to 192.168.10.124.
Here, 254 IP addresses are available, which could be used to service 200 or more clients. When a client starts up on the network, both DHCP servers respond. The client accepts the first IP address offered, which could be on either Server A or Server B and which is often the server that is closest to the client. Because both servers are configured to use the same IP address range, both servers can service clients on that subnet. If one of the servers fails, a client using an IP address in the excluded range of the remaining server would be allowed to obtain a new lease. Why? The DHCP server is on the same subnet and its scope is configured for IP addresses in this range. It sees the exclusion and knows that IP addresses in this range cannot be assigned, but it can assign the client an IP address from the nonexcluded range. Thus, you achieve basic fault tolerance and availability.
Although this approach is designed to provide some redundancy and fault tolerance, it is possible that one of the servers would assign more IP addresses than the other. This could lead to a situation in which one of the servers doesn't have any available IP addresses, and if it is the other server that fails, no IP addresses would be available to clients seeking new leases and they would be configured to use APIPA.
By configuring the 80/20 failover approach, you use two DHCP servers to make a disproportionate amount of IP addresses available to clients for leasing. Here, you have a primary DHCP server that is configured with 80 percent of the available IP addresses and a backup DHCP server that is configured with 20 percent of the available IP addresses. This situation is ideal when the DHCP servers are separated from each other, such as when the primary DHCP server is on the primary subnet and the backup DHCP server is on a smaller remote subnet.
To see how this would be implemented, consider the following example. The organization has two DHCP servers, as follows:
Server A's primary scope is configured to use the IP address range 192.168.10.1 to 192.168.10.254 and has an exclusion range of 192.168.10.203 to 192.168.10.254.
Server B's primary scope is configured to use the IP address range 192.168.10.1 to 192.168.10.254 and has an exclusion range of 192.168.10.1 to 192.168.10.202.
Here, 254 IP addresses are again available, which could be used to service 200 or more clients—the bulk of which are located on the primary subnet. You are using the remote DHCP server on a smaller subnet as a backup. If the primary server were to go down, the backup could respond to client requests and handle their leases. When the primary came back online, it would handle the majority of client leases because it is located on the primary subnet closer to the bulk of the client computers. Again, you achieve basic fault tolerance and availability.
Although this approach is designed to provide some redundancy and fault tolerance, it is possible that the primary would be offline too long and the backup DHCP server would run out of available IP addresses. If this were to happen, no IP addresses would be available to clients seeking new leases, and they would be configured to use APIPA.
By configuring the 100/100 failover approach, you make twice as many IP addresses available as are needed. Thus, if you must provide DHCP services for 200 clients, you make at least 400 IP addresses available to those clients. As with 50/50 failover, each DHCP server is configured with an identical scope range but with different exclusions within that range. The first server gets the first half of the scope's IP address range and excludes the second half. The second server gets the second half of the scope's IP address range and excludes the first half.
To make twice as many IP addresses available as are needed, you must think carefully about the IP address class you use and would most likely want to use a Class A or Class B network. With this in mind, the organization's two DHCP servers might be configured as follows:
Server A's primary scope is configured to use the IP address range 10.0.1.1 to 10.0.10.254 and has an exclusion range of 10.0.6.1 to 10.0.10.254. You also must block the potential broadcast addresses in the nonexcluded range, so you also exclude 10.0.1.255, 10.0.2.255, 10.0.3.255, 10.0.4.255, and 10.0.5.255.
Server B's primary scope is configured to use the IP address range 10.0.1.1 to 10.0.10.254 and has an exclusion range of 10.0.1.1 to 10.0.5.254. You also must block the potential broadcast addresses in the nonexcluded range, so you also exclude 10.0.6.255, 10.0.7.255, 10.0.8.255, 10.0.9.255, and 10.0.10.255.
Here, over 2,500 IP addresses are again available, which is more than two times what is needed to service the network's 1,000 clients. When a client starts up on the network, both DHCP servers respond. The client accepts the first IP address offered, which could be on either Server A or Server B and which is often the server that is closest to the client. Because both servers are configured to use the same IP address range, both servers can service clients on that subnet. If one of the servers fails, a client using an IP address in the excluded range of the remaining server would be allowed to obtain a new lease.
Because more than two times as many IP addresses are available, every client on the network can obtain a lease even if one of the DHCP servers goes offline. Not only does this approach offer availability and fault tolerance, it gives you flexibility. You are able to take one of the DHCP servers offline and perform maintenance or upgrades without worrying about running out of available IP addresses.