Announcement

Collapse
No announcement yet.

Multiple DHCP server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple DHCP server

    Having multiple DHCP servers (Win2k3 2k, all authorized within the same subnet with scopes that don't overlap how does a client choose one of them? Is it whichever responds first? What happens when a lease expires? Does it start over or does it have some preference?

  • #2
    Re: Multiple DHCP server

    All DHCP is by broadcast so for the initial address, many servers may respond, and the client (IIRC) will broadcast which address it wants.
    For a renewal, again the client broadcasts, with its current IP, and (again IIRC) the server with the lease will reply preferentially.

    DORA to get more information on the process
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Multiple DHCP server

      But when the client brodcasts ARP with it's MAC for the first time it's only got 0.0.0.0 as it's IP doesn't it? I'm guessing it will get an IP whichever server it ACKs. I'm trying to figure out if there is a way to make the main DHCP server (if you can call it this way) respond first and if it's down or whatever only then another DHCP to offer an IP. Since it's all broadcast it most likely won't work

      Comment


      • #4
        Re: Multiple DHCP server

        In addition, if your DHCP server is on a remote segment, you'll need to have the DHCP Relay Agent configured on the client's gateway so that the broadcast packets can be directed to the DHCP server(s). The relay agent updates the GIADDR informatino in the packet so that the DHCP knows which segment the request came from. If the DHCP server has a scope configured for that segment, it will offer an IP lease.
        JM @ IT Training & Consulting
        http://www.itgeared.com

        Comment


        • #5
          Re: Multiple DHCP server

          JM i heard about Relay Agents but never really got to using or configuring one. Are you saying that it would allow me to set up subnets based say on room numbers or floors and my DHCP server would know then where the request came from and assing an IP accordingly? Would be quite usefull if so

          Comment


          • #6
            Re: Multiple DHCP server

            Ok, so two suggestions... Ossian recommended that you google DORA. If you are not familiar with that, it is basically short for the 4 types of packets typically exchanged during the lease process: Discovery, Offer, Request, Acknowledgement. There is alot of info out there to get you quickly up to speed on this process. check this high level summary for more info: http://itgeared.com/dhcp-process-negotiating-lease.

            Now with regard to the Relay Agent and scopes.. The relay agent is just one part of the equation. For you to set up what you are asking for (multiple floors), my suggestion is that you first set up and configure the VLANs, possibly one VLAN per floor as an example. The router(s) that service those floors would need to have the Relay Agent configured (also known as IP Helper) and the relay agent points to one or more DHCP servers. The relay agent will convert the broadcast packets into unicast packets sent directly to the DHCP servers. If both DHCP servers are able to respond, they will, and the client will respond back, typically to the first offer. Again, see the DORA process.

            Without the VLANs and Relay AGent, multiple scopes are going to be a challenge for you to set up. The only other method (which I am not suggesting) if VLANs are not an option is to have the DHCP server configured with mulitple NICs and it would have to be plugged into each segment that you plan to service. Of course, you would never use this option on a modern network. Suggestion is to to use VLANs and Relay Agent.
            JM @ IT Training & Consulting
            http://www.itgeared.com

            Comment


            • #7
              Re: Multiple DHCP server

              Or just read the RFC...
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Multiple DHCP server

                Unfortunatelly it's a small network with one server serving 2 companies where the second decided they want to have their own Internet connection but still access the server. Thanks guys for your input. Will get me to do some reading this evening.

                Comment


                • #9
                  Re: Multiple DHCP server

                  Originally posted by yaro137 View Post
                  But when the client brodcasts ARP with it's MAC for the first time it's only got 0.0.0.0 as it's IP doesn't it? I'm guessing it will get an IP whichever server it ACKs. I'm trying to figure out if there is a way to make the main DHCP server (if you can call it this way) respond first and if it's down or whatever only then another DHCP to offer an IP. Since it's all broadcast it most likely won't work
                  unfortunately, you can't do this.. you can't have a 'main" dhcp server.
                  there's just dhcp servers.. and if they're on a subnet, they'll broadcast.

                  Here's a quick wireshark dump of how DORA works..
                  https://learningnetwork.cisco.com/se...DHCP+local.JPG

                  #18 - client broadcasts discover request to 255.255.255.255
                  #20 - server offers address to broadcast 255.255.255.255
                  #21 and 22, is the acknowledgement part.

                  So, anything else in that broadcast domain that responds quicker, will issue the address..

                  Originally posted by yaro137
                  Unfortunatelly it's a small network with one server serving 2 companies where the second decided they want to have their own Internet connection but still access the server. Thanks guys for your input. Will get me to do some reading this evening.
                  basically, you'd need to put them on a separate vlan, to prevent the DHCP from broadcasting. And obviously, appropriate acls and routing between the two
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment

                  Working...
                  X