Setting up a DHCP Server - Failover

Hello All.
My question requires a little explanation then hopefully someone can help me.

WE have 2 Domain Controllers here. DC and DC1
DC is the RID, Schema and Operations Master.  DC1 is the replica that we would like to make the failover available on.
On DC here is the part that I am unsure about.

The DC IP is
10.0.0.20
255.255.255.0
10.0.0.122 - Firewall
10.0.0.20 DNS

Now here is where things get crazy because apparently we had run out of IP's before my time, so someone configured rollover on the same DC to be
10.0.100.1 - 254
10.0.101.1 - 254
10.0.102.1 - 254
10.0.103.1 - 254
WE do not have a router so I dont understand how this works?

Part 2:
On the weekend we copied the DHCP database over to DC1. We then shut down DC, and we couldn't log in.  
We then split the IP range on DC to 10.0.0.1-10.0.0.100 and on DC1 to 10.0.0.101-254
and nothing.

My 2 questions are this.
How is it that multple scopes with different subnets exists without a router
How can I setup the failover to happen?
b) How can I setup another subnet to be the failover i.e. DC1 Fails everyone to 10.0.102.25
LVL 2
camoITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jillmjonesCommented:
Is DHCP server #2 authorized?
camoITAuthor Commented:
Yes it was when we were trying to fail it over.
jillmjonesCommented:
If you have a subnet mask of 255.255.255.0 and have no router (therefore no gateway) How can the servers/PCs communicate with each other if the scope of DC1 is in 255.255.254.0? DC1 would be able to communcaite with DC but not vice-versa.
SolarWinds® IP Control Bundle (IPCB)

Combines SolarWinds IP Address Manager and User Device Tracker to help detect IP conflicts, quickly identify affected systems, and help your team take near instantaneous action. Help improve visibility and enhance reliability with SolarWinds IP Control Bundle.

camoITAuthor Commented:
This is my whole point.
 For some reason if I set my IP to i.e. 10.0.102.25 with a SM 255.255.252.0 I can browse, send receive etc.

But my question is..How was this setup?
At the origin of DHCP server the primary scope ( for lack of better words) is 10.0.0.X Servers 10.0.100.x Clients.

But 2 years ago they ran out of IP's and some how (which I dont know) they created 3 more scopes in the DHCP server like this
10.0.101.x, 10.0.102.x. 10.0.103.x  
So what we are trying to do is make DC1 just serve IP's from 10.0.0x and 10.0.100.x as failoover.

Is it possible to setup those other subnets on DHCP without a routing appliance?
thatmarkguyCommented:
If this is a small to medium network -- Just do a full backup of the first server, and "restore" it to the second. start the service, authorize it. They'll be "identical". A client will send out a discover packet and generate a response from both servers, whichever response the client gets first it will respond to, and ignore the other.

This is bad for load balancing, since one server might end up doing all the work.
This is great for full fail over. At least in my situation (mostly reservations, 100+ clients)
jillmjonesCommented:
Something HAS to be routing or your clients would never talk to the DC since the are in different subnets and with a mask of 255.255.255.0 they will not see anything outside of their own subnet unless they go to a gateway. What is the setting of the gateway for the scopes? This will clue you into what is routing the subnets.
I would guess that the firewall is routing for you or the domain controller is multi-homed. (Check the network cards to see if there is a secondary NIC with a client subnet IP)
My recommendation would be to create one large scope to include both server and clients. Set the scope to be 10.0.0.0/21 (255.255.248.0) This will give you 6 subnets 10.0.0.X - 10.0.5.X. You can then use the 10.0.0.X VLan for the servers, and the remaining for the clients, by excluding 10.0.0.0-10.0.0.255 from the scope and assigning static IPs to your servers. Be sure to change the subnet mask of the all the servers statically assigned to 255.255.248.0.
You can then create a copy of the scope on the other server and leave it unauthorized until you need it. If both are delivering IPs, then you could have a mess on your hands unles you split the scopes between the 2 servers.
camoITAuthor Commented:
Thanks for the replies everyone.  I have read and understood your recommendations, however I still do not understand what is happening fully.

See - I know that our DHCP server which is sitting on DC is handing out both 10.0.0.x (servers) and 10.0.100.x (Clients) - THis is separated by a managed Switch - This is what I am good up to.

Now I have never seen the real complexity of DHCP having more subnets.  So apparently the subnet can be changed from 255.255.255.0 (Current) for 10.0.0.x and 10.0.100.x TO 10.0.101.x to 10.0.103.x on a 255.255.252.0 Subnet mask.  
First question - does this seem correct to anyone reading it?  I dont have the experience with this detail of DHCP.

Second - How should I set up the failover server?  Now Jim, I know you touched on it above, but I dont want to go changing things around when IP's are no longer an issue.  It is more to have the second server fail over and keep everything moving smoothly.

We ran a test to turn DC off, and power up DC1 with a scope of 10.0.102.1-10.0.102.254 as a failover.(p.s. this wasnt my idea seeing that the servers are on 10.0.0.x subnet) Needless to say it fdidnt work.  I didnt get any IP on anything .

Someone help?
bfasonCommented:
What is the model/brand switch? It may be that it's a layer 3 switch and certain ports are configuredfor different vlans and the switch is taking care of routing between vlans. It could then forward dhcp requests for multiple subnets to a single server.

Hope this helps.
Todd GerbertIT ConsultantCommented:
You said you have a managed switch; are there actually VLANs configured on that switch? Can you verify whether or not your clients' default gateway is also routing to 10.0.0.0/255.255.255.0?
Under "simple" circumstances (i.e. what I would do in my relatively small network), a single IP network would be used, e.g. 10.0.0.0/255.255.0.0. I would statically assign all of my servers addresses between 10.0.1.0 and 10.0.1.255.  Servers will not use DHCP. On DHCP server 1 I would configure a scope to hand out addresses between 10.0.100.0 and 10.0.200.255; on DHCP server 2 I'd configure it to hand out addresses between 10.0.300.0 and 10.0.400.255. Both DHCP servers would always be running.
Jim P.Commented:
                                               Start       End                         No. of addresses
24-bit Block (/8 prefix, 1 x A)       10.0.0.0       10.255.255.255       16,777,216
REF: http://en.wikipedia.org/wiki/IP_address

A 10.x network is over 16 million addresses. If you have the whole range available I would go this way:

Your servers all have static addresses in the 10.1.0.x to 10.2.255.255 range. (Or break it up into servers, printers, routers/switches, etc.).

Then your DC1 is the authorized DHCP for the 10.3.0.0 to 10.3.255.255 range and your DC2  is the authorized DHCP for the 10.4.0.0 to 10.4.255.255 range. The two zones are one VLAN that you manage via the switch. They both have a 255.255.254.0 gateway. You then control the zones via the switch(es). Repeat as needed for VLAN and various access to servers, WAN, internet, etc.

You have achieved failover by giving IP subnet to about 500 IP addresses with the same two DC/DHCP servers.

The only time a router need to be involved is a WAN situation. In that case then you will need a local DHCP server at each location.

I may be speaking out of turn, but that is essentially how we did it at my last company -- we had a 1000 IP addy range, and made smaller subnets, but we pulled it off in a similar fashion.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
TCP/IP

From novice to tech pro — start learning today.