DHCP scope is too small for network: possible ways to resolve

[Guest]

Hello Everyone,

Please help to find the best way to resolve the situation:
Windows 2000 domain, one DC, DCHCP server is running on DC, scope is
10.10.10.0/24. The problem is that this scope became too small for us and we
are going to run out of available IP addresses pretty soon.

I can see three ways to resolve this problem:
first - change the subnet mask (so I'll get for example 10.10.10.0/20). It
looks like the easiest way but also can create other problems like changing
static IP addresses including address on DC (things that I really want to
avoid). I am affraid also that increasing number of machine in the network
(we are growing very fast) will increase number of broadcast request in the
network and can affect our DC which is overloaded already.
Second way - add second scope to DHCP (for example 10.10.20.0/24) and use
router with dhcp relay support.
Third way is similar to the second but I can add second DHCP server and use
regular router (without dhcp relay)

Whay is your opinion which way is more appropriate for fast growing network?
Did I miss any other possibilities? I would select third way but I really
would like to know the opinions of network guru!!!

Thank you and sorry for so long post,

Sova

 

[Phillip Windell]

Hello Everyone,

Please help to find the best way to resolve the situation:
Windows 2000 domain, one DC, DCHCP server is running on DC, scope is
10.10.10.0/24. The problem is that this scope became too small for us and
we
are going to run out of available IP addresses pretty soon.

I can see three ways to resolve this problem:
first - change the subnet mask (so I'll get for example 10.10.10.0/20). It

No.
You add another distinct 24bit subnet. It doesn't matter if you have DHCP
or not, it is still the same thing. For the DHCP you just add another
Normal Scope for the new segment in the DHCP Server's config and set the
router between the segments to forward the DHCP Queries. The DHCP Server is
already smart enough to know which Scope to give the user's IP# from.

Ethernet becomes inefficient above 250-300 host,...do not make your segments
bigger than that,...the 24bit-254 Host segment is the perfect size. Just add
a new segment.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------

 

[Guest]

Thank you for reply, Phillip. It's what I thought - second scope and router
that can forward DHCP query. But our DHCP server is already overloaded by
some other applications running on DC, and according MS documentation "DHCP
causes frequent and intensive activity on server hard disks". That's why I
was thinking to setup separate DHCP server for second subnet (and if possible
use second DHCP server as backup if router support DHCP relay).

Thanks again,

Sova

Hello Everyone,

Please help to find the best way to resolve the situation:
Windows 2000 domain, one DC, DCHCP server is running on DC, scope is
10.10.10.0/24. The problem is that this scope became too small for us and
we
are going to run out of available IP addresses pretty soon.

I can see three ways to resolve this problem:
first - change the subnet mask (so I'll get for example 10.10.10.0/20). It

No.
You add another distinct 24bit subnet. It doesn't matter if you have DHCP
or not, it is still the same thing. For the DHCP you just add another
Normal Scope for the new segment in the DHCP Server's config and set the
router between the segments to forward the DHCP Queries. The DHCP Server is
already smart enough to know which Scope to give the user's IP# from.

Ethernet becomes inefficient above 250-300 host,...do not make your segments
bigger than that,...the 24bit-254 Host segment is the perfect size. Just add
a new segment.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx

 

[Phillip Windell]

Thank you for reply, Phillip. It's what I thought - second scope and
router
that can forward DHCP query. But our DHCP server is already overloaded by
some other applications running on DC, and according MS documentation
"DHCP
causes frequent and intensive activity on server hard disks". That's why I
was thinking to setup separate DHCP server for second subnet (and if
possible
use second DHCP server as backup if router support DHCP relay).

You can do that if you want, but I really doubt it is overloaded. Any decent
HD can keep up with that. A lot of things create "frequent and intensive
activity on server hard disks", not just DHCP.

If you go with a second DHCP then:
1. Leave the old one like it is, don't touch it
2. Don't bother the router,..don't set it to forward DHCP queries
3. Place the new DHCP on the New segment and configure it only with the
Scope for that one segment and leave it.

 

[Guest]

Phillip,

Thank you very much.

Sova

You can do that if you want, but I really doubt it is overloaded. Any decent
HD can keep up with that. A lot of things create "frequent and intensive
activity on server hard disks", not just DHCP.

If you go with a second DHCP then:
1. Leave the old one like it is, don't touch it
2. Don't bother the router,..don't set it to forward DHCP queries
3. Place the new DHCP on the New segment and configure it only with the
Scope for that one segment and leave it.

 

[Kurt]

I can see three ways to resolve this problem:
first - change the subnet mask (so I'll get for example 10.10.10.0/20). It
looks like the easiest way but also can create other problems like
changing
static IP addresses including address on DC (things that I really want to
avoid). I am affraid also that increasing number of machine in the
network
(we are growing very fast) will increase number of broadcast request in
the
network and can affect our DC which is overloaded already.

If you are expecting continued growth, this could be an issue. I can tell
you that 500 computers on a single (100Mb) subnet doesn't generate a huge
amount of broadcast traffic (well, it's a lot of broadcasts, but network
overhead is really not all that great). You wouldn't need to change the IP
addresses of anything, just the subnet masks. If your DC is overloaded, I'd
consider going with this plan for now and put the price of a good router
(and backup spare) toward another DC.

Second way - add second scope to DHCP (for example 10.10.20.0/24) and use
router with dhcp relay support.

This is a tried and true method. It is exactly what I have set up at my
company between our two sites. You can add additional scopes as necessary.
generally speaking, I think most people wold say that /24 boundaries are
the most logical place to break up broadcast domains. If I were voting, I'd
say this is the best way, but you still need a second DC, so.......

Third way is similar to the second but I can add second DHCP server and
use
regular router (without dhcp relay)

You can do this, but it's not really necessary. Even cheapo routers nowadays
will do DHCP relay. And anything reliable enough for your business is sure
to have that capability (if it doesn't, don't buy it).

 

[Guest]

I am curious, how are you exceeding 16 million ip addresses?

 

[Phillip Windell]

It was 10.10.10.0/24, not 10.10.10.0/8
That is only 254 hosts