Windows Server 2008 R2 Unleashed (75 page)

192.168.1.1 to 192.168.1.254 defined in the included address pool, but the excluded

address range would be 192.168.1.101 to 192.168.1.254. With this configuration, the

second DHCP server would lease addresses from 192.168.1.1 to 192.168.1.100. With a split-

scope configuration, if a single DHCP server becomes unavailable, the secondary DHCP

server can still provide DHCP leases on the network to which the split scope applies.

Historically, a split-scope configuration needed to be manually created by DHCP adminis-

trators, but starting with Windows Server 2008 R2, Microsoft now includes a DHCP Split-

Scope Configuration Wizard. This wizard allows a DHCP administrator to take an existing

scope on the primary DHCP server and run the wizard to duplicate the scope on a desig-

nated secondary DHCP server and define how the addresses will be split among the two

servers. This wizard will make the necessary changes to both of the DHCP servers, leaving

less room for user error. But before the DHCP Split-Scope Configuration Wizard can be

run, a DHCP administrator must consider how the scope will be split, and the following

section describes three common split-scope configurations that should be considered. The

process of splitting an existing DHCP scope is detailed later in this chapter.

Examining the 50/50 Split-Scope Configuration

The 50/50 split-scope configuration includes two DHCP servers, in which each DHCP

server is configured with the same address range for the address pool, but each must have

a different excluded IP address and the total number of addresses is split in half or 50/50.

352

CHAPTER 11

DHCP/WINS/Domain Controllers

Figure 11.8 illustrates the 50/50 split-scope configuration. As indicated in the diagram, the

network has 200 clients defined by 192.168.1.0/24. Each DHCP server contains a scope to

cover the entire specific client subnet. Server1’s scope is configured with exclusions for all

IP addresses except for the range of 192.168.1.1–192.168.1.125. Server2’s scope is config-

ured with exclusions for the first half and a client lease range of

192.168.1.126–192.168.1.254.

192.168.1.0/24 Subnet

200 Clients

Scope Name:

First Scope

50% Scope Range:
192.168.1.1-192.168.1.254

Exclusions:

192.168.1.126-192.168.1.254

Server1

Scope Name:

Second Scope

50% Scope Range:
192.168.1.1-192.168.1.254

Exclusions:

192.168.1.1-192.168.1.126

Server2

ptg

FIGURE 11.8

Examining the 50/50 failover approach.

Upon requesting a client IP address, the first server to respond to a request will be

accepted, thus roughly balancing the load between the two servers, except for one thing:

There is no way to determine which DHCP server will respond first and serve the client

requests, so there is a chance that one DHCP server will run out of IP addresses before all

IP addresses are used. Also, another issue with this configuration is that both DHCP

servers would respond to lease requests and a DHCP administrator would need to review

both servers to troubleshoot and determine what the true number of available IP addresses

are, when clients are having issues getting an IP address lease.

Exploring the 80/20 Failover Approach to DHCP Fault Tolerance

The 80/20 failover approach is similar to the 50/50 approach, except that the effective

scope range on the server designated as the backup DHCP server contains only 20% of the

available client IP range. The server with 80% of the range would be considered the

primary DHCP server, and the 20% server would be considered the secondary. In the event

of primary server failure, the secondary server would have enough IP addresses to provide

leases until the primary server could be fixed and returned to operation. This is the best-

practice split-scope configuration, but until Windows Server 2008 R2, this configuration

frequently resulted in the secondary server running out of IP addresses during regular

operation because it can respond to client requests as fast as the primary server—and the

first server to respond wins!

Understanding the 100/100 Failover Approach to DHCP Fault Tolerance

The 100/100 split-scope configuration in Windows Server 2008 R2 DHCP can be the most

effective means of achieving high availability out of a DHCP environment. The 100/100

Implementing Redundant DHCP Services

353

split-scope configuration, in its simplest form, is the same as the 50/50 except that the

total scope range contains at least twice the number of total DHCP clients.

11

In Figure 11.9, the 10.2.0.0/16 subnet has a total of 750 clients. This subnet is serviced by

two DHCP servers, each of which has a scope for the subnet. Each server has a scope with

addresses from 10.2.1.1 through 10.2.8.254. The scope on Server1 excludes all IP addresses

except those in the range of 10.2.1.1 through 10.2.4.254. The scope on Server2 excludes

all IP addresses except those in the range from 10.2.5.1 through 10.2.8.254. Each effective

range is subsequently large enough to handle 1,000 clients, which is more than enough

for every machine on the network.

10.2.0.0/16 Subnet

750 Clients

Scope Name:

Scope A

100% Scope Range:
10.2.1.1-10.2.8.254

Exclusions:

10.2.4.255-10.2.8.254

10.2.1.255

Server1

10.2.2.255

10.2.3.255

ptg

Scope Name:

Scope B

100% Scope Range:
10.2.1.1-10.2.8.254

Exclusions:

10.2.1.1-10.2.4.255

10.2.5.255

Server2

10.2.6.255

10.2.7.255

FIGURE 11.9

The 100/100 failover approach.

If one of the DHCP servers experiences an interruption in service, and it no longer

responds, the second server will take over, responding to clients and enabling them to

change their IP addresses to the IP addresses available in the separate range. With this

configuration, extended downtime of a single DHCP server can be tolerated without much

loss of functionality.

The main caveat to this approach is that a large number of IP addresses must be available

for clients, more than twice the number than would normally be available. This might

prove to be difficult, if not impossible, in many networks that have a limited IP range to

work with, and is especially true when deploying new DHCP services on existing or estab-

lished networks. However, in organizations with a larger IP range, such as those offered by

private Class A network configurations (10.x.x.x and so on), this type of configuration

might be ideal.

354

CHAPTER 11

DHCP/WINS/Domain Controllers

As you can see in Figure 11.9, both servers are configured with the same IP address range

but even with the exclusion range, each server individually contains enough IP addresses

to serve the entire DHCP client base.

Windows Server 2008 R2 Delay Configuration Setting

Starting with Windows Server 2008 R2, the DHCP Server service now includes an IPv4

scope setting named Delay Configuration. The Delay Configuration setting is configured

on the Advanced Scope Properties page and allows a DHCP administrator to delay the

response from a DHCP server, to ensure that the desired primary DHCP server answers all

DHCP lease requests, unless it is out of service. With this new setting alone, DHCP admin-

istrators can simplify the management of a split-scope DHCP configuration; as during

normal operation, all leases should be only on the primary server. The Delay

Configuration setting should be set up on secondary DHCP server scope properties. With

this setting, the 80/20 best-practice split scope can be used confidently. To enable the

Delay Configuration setting on a secondary DHCP server scope, simply open the scope

properties from the DHCP server console, select the Advanced tab, and near the bottom of

the window, type in the number of milliseconds the DHCP server should wait before

responding to a client lease request, as shown in Figure 11.10.

ptg

FIGURE 11.10

Setting the DHCP scope Delay Configuration setting.

DHCP Split-Scope Configuration Wizard

When deploying multiple DHCP servers in a split-scope configuration is desired, it is

recommended to use the new DHCP Split-Scope Configuration Wizard. The DHCP Split-

Scope Configuration Wizard will create the new scope on the secondary DHCP server and

will even copy client scope reservations that are already defined. Link Layer Filter Allow

and Deny lists, however, will not be copied over. As a best practice, before running the

Implementing Redundant DHCP Services

355

DHCP Split-Scope Configuration Wizard, create all the necessary reservations on the

primary DHCP server scope and manually copy over any Link Layer Filter lists. Ensure that

11

if Link Layer Filtering for either Allow or Deny or both is enabled on the primary server,

that the Link Layer Filtering configuration on the secondary DHCP server matches this

configuration. To deploy a split-scope configuration—for this example, in an 80/20 split—

follow these steps:

1. Install the DHCP service on two servers. For this example, we will use Server10 as

the primary and Server60 as the secondary.

2. On the primary server, create a new DHCP scope that contains the entire scope

range and DHCP options for that scope.

3. On the secondary server, do not create any scopes.

4. Open the DHCP server console on the primary server, and expand the server node in

the tree pane to reveal the IPv4 and IPv6 nodes.

5. Add the secondary server to the console by right-clicking on the DHCP node at the

top of the tree pane and selecting Add Server.

6. In the Add Server window, type in the secondary server name or choose it from the

managed authorized server list and click OK to complete this task.

7. After both servers are listed in the console, select and expand the primary server

ptg

IPv4 node to display the desired IPv4 scope that will be split for this example.

8. Select and right-click the desired IPv4 scope on the primary DHCP server, select

Advanced, and then click on Split-Scope, as shown in Figure 11.11.

FIGURE 11.11

Initiating the DHCP Split-Scope Configuration Wizard.

356

CHAPTER 11

DHCP/WINS/Domain Controllers