26 March 2012

DHCP considerations for Servers

Assigning DHCP IP addresses for ever single last server in your environment is probably not a great idea.  Servers like domain controller and Network load balanced sevrer or failover clusters should be configured with static IPs.  However there are relatively few places where a static IP is actually mandatory.  Using DHCP can greatly reduce a number of issues associated with manual IP configuration.

Defining DHCP for Clients and server are essentially the same but considering the different environments you can optimize the DHCP configuration to best suite the requirement.  As an example a DHCP scope for WiFi clients are typically very dynamic with loads of different machines coming and going all the time.  This is compared to a DHCP scope for a particular VLAN in a data-center where changes are rare and machines tend to stay running 24x7.

To understand why the recommendation are what they are, you need to have an understanding on how the DHCP lease process works.  IF you want more detail check out:

http://technet.microsoft.com/en-us/library/cc958935.aspx
http://technet.microsoft.com/en-us/library/dd183602(WS.10).aspx


I will also be covering ways to avoid certain problems that could crop up.

Use the correct DHCP server configuration
Generally the biggest problem with DHCP is if it is not available.  So when deploying DHCP make sure you are using decent kit.  Unline your dekstop environement  you essentially want your servers to always be assigned the same IP you need to server the DHCP requests from a single scope.  The best ways to do this is to use a fail-over DHCP configuration (available in Windows Server 8)

Using a split scope will work in-case a single DHCP server fails but you will not be able to renew it's lease on the existing IP address.

When creating the scope you can use the following setting server side to ensure the client are configured correctly.

Longer DHCP leases
The DHCP lease cycle is pretty important.  If the cycle is too long you could run out of available IPs.  Changes to the scope would take very too long to be applied to the clients.  Making it too short will result in unnecessary broadcast chatter.  It could also cause issues should DHCP availability becomes compromised.

When a DCHP client starts up and receives a lease the clock starts ticking.
When 50% of the lease has expired the client will attempt to renew the lease. If successful the the lease period is renewed. And any changes made to the scope are applied.

If the lease renewal fails the clock keeps ticking till it gets to 87.5% of the lease time.  At this point it will rebroadcast to all DHCP servers for a new lease.

If at this also fails the clock will keep ticking this the lease expires.  At this point the DHCP client process start from scratch.
If there is no DHCP server available it will grab an IP from the APIPA range (Automatic Private IP Addressing) Unless there is a Alternative Configuration specified.

While using the APIPA or Alternative Configuration the client will still periodically attempt the establish a DHCP lease


Conflict detection attempts
The DHCP server can be configured to check for potential conflicts before issuing an IP for a lease.  This is not enabled by default.  This could be a very useful safeguard especially in environments where some machines are configured manually and others are via DHCP.

The DHCP server attempts to ping the IP it want to assign, if it gets a reply it select and tests another IP before assigning one that does not conflict.

To enable this

  • Open the DHCP management console
  • Expand the server - IPv4
  • Right Click - Properties
  • Select the Advanced Tab
  • Assign a value bigger than 0 to "Conflict detection attempts"





Scope Exclusions
If you are deploying DHCP for a subnet where there are manually configured clients, you should consider exclusions and exclusion ranges.  Essentially this prevents the DHCP server from issuing these IPs to any clients.  Exclusions should be made for machines that will always have static configuration.


To enable this

  • Open the DHCP management console
  • Expand the server - IPv4
  • Expand the relevant scope
  • Select Address Pool and right click - New Exclusion Range
  • Enter the range of IPs you want to exclude



Reservations
Reservations instructs the DHCP server to reserve an IP for a specified MAC address and never issue it to any other MAC.  Reservation should be made for server that need to retain the same IP address.  Reservations can be made prior or during use of a lease.


To configure a lease ahead of time

  • Open the DHCP management console
  • Expand the server - IPv4
  • Expand the relevant scope
  • Select Reservations - Right Click - New Reservation
  • Specify the DNS name
  • Specify the IP address to reserve
  • Specify the MAC of the client machine




You can use the getmac utility to retrieve your local mac, but you can also get the MAC from a remote machine by using the following command:

getmac /s <servername>

To configure a reservation for an existing lease
(The method you would probabaly use most often)

  • Open the DHCP management console
  • Expand the server - IPv4
  • Expand the relevant scope
  • Select Address Leases
  • Select the lease of the server you want to reserver
  • Right Click - Add  to reservation





DHCP client configurations

There are a few things that you can define on the client side to also mitigate a DHCP outage.  The biggest problem you would normally associate with DHCP is if the there is no DHCP available when a  lease needs renewal or when the DHCP client starts up

Windows Vista and 2008 Server by default would not retain their DHCP IP if there was no DHCP server available when the client restarts.  You can fix this behavior with the following

http://support.microsoft.com/kb/958336


Alternative Configuration
If no DHCP server is available the DHCP client will revenrt to Either an APIPA addreess or if one is specified it will use the Alternative Configuration.   Essentially you can configure this as a failback, shoudl there be a serious DHCP outage.

To configure and Alternate Configuration

  • Open Network and Sharing Centre
  • Change adapter settings
  • Select the relevant NIC
  • Right Click  - Properties
  • Select TCP/IP v4 - Properties
  • Select the Alternate Configuration tab
  • Specify your desired configuration





Conclusion
There are many steps you can take to mitigate DHCP failure, but as you would have noticed, a few things need to go wrong at the same time.  For most server environments simply setting a reasonable lease duration on a Windows Server 8 fail-over DHCP deployment would be all that is needed.

The sequence I would recommend is as follow:


  1. Use Windows Server 8 Failover DHCP Scopes
  2. Enable Conflict detection
  3. Set reservation for running machines
  4. Specify alternative configuration on the client (optional)





No comments:

Post a Comment