*** From dhcp-server -- To unsubscribe, see the end of
this message. ***
sorry .. did a quick google.. the syntax would be
ip helper-address 192.168.1.255
ip helper-address 172.16.1.255
>>>dhcp thehobsons.co.uk 02/17/06 2:52 pm
>>>
*** From dhcp-server -- To unsubscribe, see the end of this
message.
Gordon A. Lang wrote:
>>To summarise :
>>
>>You want to distribute DHCP servers around the
network.
>>You want to be able to move/change the servers
without reprogramming
>>all the routers.
>
>That is a fair summary, but the so-called
"complicated" aspect of it is
>entirely rooted in my desire to that I want painless
flexibility. And
>painless flexibility, in my experience, is generally
good. 
>
>
>>First question has to be, realistically, how often
to you expect to
>>move your DHCP service.
>
>After the initial deployment of two servers at
headquarters next month,
>"moves" will occur as follows:
>(1) later this year when we add a pair of servers at
major remote site
>(2) some time next year when we add a server to another
remote site
>(3) some time next year when we add a server to yet
another remote site
>(4) any time an active server needs to be taken down for
maintenance
>
>So, initially all helper addresses will be routed to the
single pair
>of dhcp servers, and then after the second pair of
servers is added,
>the remote site DHCP traffic will be routed to their
local servers,
>and so forth.
Might I suggest that two servers at each site is overkill ?
How about one server at HQ, and one at each of 3 remote
sites. If HQ
disappears, the others can function without (but two at each
main
site will work just fine).
Make the HQ master for everything, and the remotes peers for
those
subnets they are local to. Believe me, DHCP traffic is not a
lot of
bandwidth, and it does run quite fine over wan links. If you
have to
take down any single server, then that's no problem at all,
simply
set it's peer(s) into partner down state as you take it
down and the
peer(s) will take care of the clients.
If you were to set (say) 4 week lease times, then the
absence of a
dhcp server would be unnoticable to many clients for 2 weeks
or more
- so in the event of a total dhcp failure, no-one will
notice
straight away. Only those devices booted or plugged in after
failure
will be without an address - been there, got the tee-shirt
>Changing dozens of helper addresses on the routers
>each time is far more work than you can imagine because
of our
>extremely slow and painful change control bureaucracy.
Hmm, I've been spared such pains
>>You don't say how many sites you have, and how much
redundancy. As
>>long as you have connectivity in the event of a main
link failure,
>>then you can still provide DHCP service from a
single location - the
>>bandwidth required is minimal and even a single ISDN
channel will be
>>more than adequate.
>>
>>Also, the nature of the network may mean that if you
lose a link, the
>>clients will lose other essential services so the
loss of DHCP
>>doesn't neccessarily mean additional problems.
Client already with an
>>address with continue to use it, it will only affect
clients starting
>>up without an address - but what use is an address
if the client
>>can't access file/mail/whatever servers ?
>
>Our redundancy requirements are to have no loss of
functionality with
>respect to DHCP (and other things) in the event of our
headquarters
>being destroyed. We have multiple DS3's
interconnecting sites, and
>redundant layer-3 switches at every site.
Ahh, what it must be like to have management that pays more
than lip
service to business continuity.
>>Then of course, there is the failover facility. You
could have a
>>master at your central NOC (if you have one), and
distribute the
>>peers around the network. A server can have multiple
peers - but only
>>one peer at a time for any subnet.
>
>Eventually, to the extent possible, I want both dhcp
servers of every
>failover paris to be local to the VLAN's they are
serving, keeping
>DHCP traffic strictly local, except when it becomes
necessary to send
>DHCP traffic over the WAN.
>
>
>I could easily compromise by changing a static route
instead of using
>RIPv2 when DHCP functionality gets moved. That would be
a hell of a
>lot better than changing all of helper address
configurations for all
>the affected VLAN's. The RIPv2 would be most of the
"complication,"
>so elminating it would reduce my challenge to simply
supporting
>multiple ip addresses on the same DHCP server.
OK, a suggestion for you ...
Set up a number of small subnets, they only need be /29s and
can be
in private address space. Give your dhcp servers secondary
interfaces
in these small subnets (one server/one subnet).
Through your routing tables you can then route the traffic
to
anywhere in the network - it sounds like routing tables are
easier to
change than helper addresses. Add as many helper addresses
as you
think you'll need - bear in mind that the broadcast traffic
really
isn't great - renewals are done by unicast.
As you add or move servers, simply alter the routing to make
the
packets go to them. If you are using dynamic routing, then
that's a
matter of adding the right secondary address on the router
local to
the server and telling the router to propagate that route.
It might be as well to set up something that can at least
accept and
discard packets sent to non-existant servers so you don't
get "no
route" or "host unreachable" responses all
the time.
If the servers are serving clients on their local real
subnets, then
don't forget that the real subnet and this small 'dhcp
only' subnet
are a shared network (check man dhcpd.conf for details).
------------------------------------------------------------
-----------
List Archives : http://www.isc.org/ops/
lists/
Unsubscribe : http://www.
isc.org/sw/dhcp/dhcp-lists.php
-or- : mailto:dhcp-server-requestisc.org?Subject=unsubscribe
------------------------------------------------------------
-----------
------------------------------------------------------------
-----------
List Archives : http://www.isc.org/ops/
lists/
Unsubscribe : http://www.
isc.org/sw/dhcp/dhcp-lists.php
-or- : mailto:dhcp-server-requestisc.org?Subject=unsubscribe
------------------------------------------------------------
-----------
|