DHCP on branch offices

[Marlon Brown]

I have about 5,000+ workstations in my organization, 20 branch offices
connected via T1. I am planning to put together Win2003 DHCP servers in the
main site configured as 80/20 rule.

In case my T1 connection goes down on branch offices (it does not happen
very often), what would be best way to setup DHCP locally ? I mean, I am
trying to avoid deploying an additional server at each location (I have
Win2003 file & print servers) at each branch office that operate under very
low utilization. Is it recommended make file & print servers DHCP servers ?

 

[Phillip Windell]

I have about 5,000+ workstations in my organization, 20 branch offices
connected via T1. I am planning to put together Win2003 DHCP servers in the
main site configured as 80/20 rule.

80/20 is the old theory. The new theory is 50/50 (if two servers). Three
servers would be 33/33/33. In other words divide it up equally between the
number of servers.

But that is when they are all servicing the same subnet. You have to keep in
mind the dynamic brought into the picture by multiple subnets. Obvously
5000+ machines aren't going to be in the same subnet. It is also possible
that you place a DHCP in each subnet to serve only that one subnet,...the
router between the subnet would not forward the queries in such a case.

In case my T1 connection goes down on branch offices (it does not happen
very often), what would be best way to setup DHCP locally ?
Absolutely

trying to avoid deploying an additional server at each location

Why avoid it? It is the best way. You don't want to bring down the whole
5000+ network because your one or two DHCP servers at the main office quit
or the VPN went down.

Win2003 file & print servers) at each branch office that operate under very
low utilization. Is it recommended make file & print servers DHCP servers

?

That is fine. DHCP does not create much load. All of my DCs run DNS, WINS,
and DHCP, so that any one of them can run the network if another DC totally
dies.

 

[Marlon Brown]

Very good Phillip.
Let me confirm:
I set my Branch1DC(DNS-ADI) to run DHCP server as well. Now let's say the
Branch1DC goes down. DHCP service would go down as well.

Which DHCP server would the clients pick and how would they detect the DHCP
server again ? Suppose "nearest" DHCP would be located in my head office.

 

[Phillip Windell]

I set my Branch1DC(DNS-ADI) to run DHCP server as well. Now let's say the
Branch1DC goes down. DHCP service would go down as well.

If it was the only DHCP available to them, they would not be able to get an
addresses when the lease expired. They also would not have a Domain
Controller so they couldn't log in to begin with anyway. That is a lot less
likely to happen then havng a failure because you put a DHCP across a VPN
link and then crossed you fingers and hoped and prayed that the VPN
(undependable by nature) didn't go down, ...and then it did. Sooner of
later a VPN *will* go down, count on it, expect it,...and it will happen a
lot more than having a DC/DNS/DHCP machine go down.

Which DHCP server would the clients pick and how would they detect the DHCP
server again ? Suppose "nearest" DHCP would be located in my head office.

They don't "pick one". They send out a "blind" query. Whatever DHCP recieves
it answers it. It is by broadcast, therefore it only works within the same
subnet unless a router is specially configured to forward the queries
somewhere else.

 

[Marlon Brown]

Correct, machines would broadcast looking for a DHCP server.
Then imagine that I have my local DHCPDNSDC on branch office.
Do you know whether if I let my router in the branch office still pass the
broadcasts necessary to reach DHCP server in the mainoffice (just for
redundancy reasons looking for DHCP server), since the branch office is the
nearest DHCP server, do you think the vast majority of local machines would
reach the "local" DHCP ? Is that a recommended configuration, let the router
pass the DHCP requests when I have the local DHCP server available ?

 

[Phillip Windell]

Correct, machines would broadcast looking for a DHCP server.
Then imagine that I have my local DHCPDNSDC on branch office.
Do you know whether if I let my router in the branch office still pass the
broadcasts necessary to reach DHCP server in the mainoffice (just for
redundancy reasons looking for DHCP server), since the branch office is the
nearest DHCP server, do you think the vast majority of local machines would
reach the "local" DHCP ? Is that a recommended configuration, let the router
pass the DHCP requests when I have the local DHCP server available ?

It might work, but I don't think I would do it. You would also have to
create Exclusions and coordinate the two DHCPs so that they do not give out
the same IP#. Redundant DHCPs still cannot give out the same
addresses,...you have to split you available address range in half and let
each one give out one half. The remove DHCP across the VPN link would
probably never be used so the addresses it contains would sit there useless.

Your better off with just the local DHCP. Since it also runs AD & DNS how
long do you expect it to be left down of it goes down? Not long I would
think. A Default DHCP lease is about 8 days,...a client is not going to
instantly fall over dead if the DHCP goes down,...but then remember that it
also won't have AD and DNS either (they're all on the same box),...so what
difference would it make if it also didn't have DHCP?