Solved

dhcp best practices

Posted on 2010-09-22
5
363 Views
Last Modified: 2012-05-10
1st off don't laugh. this is an embarrassment to the IT World

So i just started working at this company and man i have to say their network is jacked up.

they have 2 DHCP scopes running on two different servers

the DHCP scope has no reservation allocated for the networking gear or the servers

their servers have 2 active nics (some 3) on the same network - no sub-netting.  

they have a slew of ip-conflicts weekly (attributed by the servers being in the same pool as the dhcp scope)

What i would like to know is this
1. by removing the homing nics will it increase performance?
2. how is this setup bad?  

sorry just ranting and looking for good answers
0
Comment
Question by:johnkesoglou
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
InteraX earned 500 total points
ID: 33737158
If the servers have multiple nics on the same vlan, I would look at teaming them for redundancy/performance increase. Removing them isn't necessary as long as they are both the same make or support the same teaming software. If they don't try diabling one of them or giving them different IP's. DNS round robin should sort out the rest for name resolution etc.

Assuming the DHCP scopes are both the same, if the DHCP servers are set to ping the target clients before allocating an address, this may not be a problem, but what we do at my place is have the scopes split so that one server gives out the lower half of the IP range and the other the upper half. Then you will not get IP address conflict at all.
Our servers and other infrastructure equipment is not in the scope range. (in fact they are on a totally different VLAN)

Whilst there are no worngs or rights, the above can be considered bad because you are experiencing IP address conflict. What is worse is that this is being experienced by the servers.

Action plan:

Re-create the DHCP scopes without including the servers IPs. (move the servers & infrastructure IP's to the beginning or the end of the subnet if possible)
Team the NIC's if possible.
0
 

Author Closing Comment

by:johnkesoglou
ID: 33739463
i was looking for a more constructive way to tell the client that there was something wrong with the current setup.  you gave a great answer but i indicated that i knew the answer.

thanks anyway
0
 
LVL 16

Expert Comment

by:InteraX
ID: 33741804
As for a more constructive way to tell the client they have a bad setup, tell them that are expeirncing porblems and issues right now. Until this is sorted out, they will cary on experiencing problems.

If they want to see MS best practices, see http://technet.microsoft.com/en-us/library/cc780311(WS.10).aspx & http://technet.microsoft.com/en-us/library/cc776596(WS.10).aspx

One thing MS haven't included on their DHCP server is DHCP server clustering which is now in the spec, but MS want you to buy their enterprise version of Windows and cluster DHCP using windows clustering. 3 times the cost.
0
 

Author Comment

by:johnkesoglou
ID: 33744739
hi guys


i appreciate the feedback, this PIX seems to have some sort of issue outside of the configuration.  the only thing i did outside of the config was upgrade the firewall pdm software.  The other line items regarding http .0.0.0.0 and telnet 0.0.0.0  :)  i was unable to hit the pdm from the outside (assuming i could use telnet on ethernet0 - and that we must use SSH on the public interface.)  

so once i get everything cleared up, i will remove these and take care of everything internally from one of the servers using rdp.

i really appreciate the feedback.

i did notice that each time i put a command in place it takes the firewall several minutes to "turn on" or "turn off" ... i.e. i add a NAT rule and it is inaccessible for several minutes.  i know the device is old but i am using this in the interim until i can get myself a decent ASA 5505
0
 

Author Comment

by:johnkesoglou
ID: 33744827
lol - disregard my last post intended for another issue

thanks for your feedback :)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now