Competing DHCP Servers

[CubanCorona]

If you have competing DHCP servers on a network, what will happen?

Is there any way to force a host to listen to one preferentially over the other?

 

[kevnich2]

You don't want multiple DHCP servers on a network. Only 1 DHCP server. If you have two, well, things will get very messed up, very quickly. If there issuing IP's in the same subnet, you'll have IP conflicts. If it's not in the same subnet, you'll have multiple networks. Computers won't be able to see all of the other computers, servers can't handle things, etc.

 

[CubanCorona]

Right, I understand that.

I'm asking hypothetically what would happen... how would a given host decide which DHCP to listen to? Fastest response?

And again, is there any way to have a host listen to one DHCP server preferentially over the other?

 

[netsysadmin]

You can run two DHCP servers on the same segment, especially for the purpose of redundancy. What you do is split the scope that you are handing out between the two servers.

John

 

[robmurphy]

I've worked on very large network instalations and they all had at least 2 DHCP servers. As stated provided each server has its own range of IP addresses its not a problem. The ranges of IP addresses can be on the same subnet as well. The DHCP protocol deals with multiple servers quite well. There is also software to manage multiple DHCP servers, although I have no experience of it. The software the project I was working on was going to use Men and Mice.

Rob Murphy

 

[spidey07]

Originally posted by: CubanCorona
Right, I understand that.

I'm asking hypothetically what would happen... how would a given host decide which DHCP to listen to? Fastest response?

And again, is there any way to have a host listen to one DHCP server preferentially over the other?

No way to force it or preference. It's whatever offer packet is received first.

 

[her209]

So what happens when the "faster" server runs out of IP addresses to hand out? Does it send back a "no more IP addresses available" message back to the requesting client despite the second server having free IP addresses but is slower in response?

 

[robmurphy]

Spidey will no doubt give the definitive answer to this.

Basicaly if the DHCP server does not have an IP address to offer it will not make an offer. The DHCP client broadcasts when it is trying to get an IP address. The broadcast can reach multiple DHCP servers. If they have an IP to offer they will offer it in an offer message. If they do not then they do not send a message. The client then accepts the IP address and returns an accept response to the DHCP server the offer came from.

If the DHCP server is running out of IP addresses (and they do) it often means the lease time for the IP address has been set to long. E.g. laptop users being given an IP address for a week, when they are only on site for a day.

Rob Murphy.

 

[CubanCorona]

Great, thanks guys--you've conceptually cleared this up for me. Definitely would still like to hear from Spidey.

 

[spidey07]

robmurphy has it pretty dead on. However each DHCP server will respond. I'm not quite sure on the exact messages but it goes something like this. C=client, S=Server

C-broadcast
S1 - decline (I don't have any addresses for you)
S2 - offer (here's an IP address)
C-S1 - ACK
C-S2 - ACK/accept

Eitherway, the client hears both messages and only has one response it wants. It's been a while since I've looked at DHCP, but that's the jist of it.

Google around for "dhcp message types" for tons of information

 

[realEZE]

If you have access to the gateway router, you can control where the DHCP broadcast is relayed. But if it is all on the same broadcast segment, as others have mentioned, it is first server to respond.

 

[CubanCorona]

So I set it up... two DHCP servers in the same broadcast domain.

One giving out 10.1.10.x
Other 192.168.1.x

Windows XP machine takes a long period of time to get an address, and 7/10 times it says the operation has failed (computer does not get an address).

 

[netsysadmin]

CubanCarona...both DHCP server should be handing out adresses in the same subnet not different ones. Here is an example below

DHCPServer1 Scope - 192.168.1.1 to 192.168.1.127
DHCPServer2 Scope - 192.168.1.128 to 192.168.1.254

John

 

[CubanCorona]

I know this is hard to explain... but I actually want them to be handing out addresses in different subnets. I don't see why that should cause a problem if the computers on the different subnets are not trying to communicate with each other and are using separate gateways.

So from what I can see, the XP host won't take the first offer... it locks up.

 

[spidey07]

multinetting is bad mojo. Don't have two IP subnets on the same broadcast domain. It causes all sorts of weird stuff to happen.

there is no good reason to do this.

 

[CubanCorona]

Alright, I can definitely accept that weird stuff will happen... although I have to admit, I don't see any reason right away why it would cause problems. Seems like everyone would just ignore traffic not on their subnet. Actually now that I think about it, it's been working fine for me notwithstanding the DHCP problem (static IP's).

So final conclusion: a host does not know how to handle multiple DHCP servers in the same broadcast domain unless they are handing out IP addresses in the same subnet?

 

[spidey07]

I don't have space on this board to describe the problems it can cause.

The little one you are seeing is just one of them.

 

[kevnich2]

How can you not see that it would cause problems? Honestly, your just going to have a lot of network communication problems, you'll just have to run with it and when you can't stand it anymore, unplug the other DHCP server.

 

[cmetz]

CubanCorona, you can run multiple DHCP servers on the same broadcast domain. It is an advanced configuration and fraught with peril. Most of the time folks have multiple on the same subnet, it's an error, and it causes a whole mess of trouble.

One of the DHCP flags to pay attention to is the "authoritative" one - you probably would want that to be off.

You can also run multiple IP subnets on the same broadcast domain. It's also an advanced configuration and fraught with peril.

There are a lot of things in computing that you can do, but proably shouldn't. Sometimes, a wacky problem scenario makes it so you have to do something wacky to make things work. But as a general rule, if you have to ask, you shouldn't be doing these things. That doesn't mean they can't be done, and certainly doesn't mean you won't ever see them done, but it does mean that if you do see them done the person who did it either really knows what they're doing... or really doesn't.

 

[sieistganzfett]

CubanCorona, it sounds like vlans are what you want, at least that is what i gathered from your last posts. what is your goal anyway? what resources are the clients that you dont want to see each other going to share? nothing? something like a server or printer? are you simplying trying to do it to learn stuff or you didnt want the clients to see each other on the network?

 

[MercenaryForHire]

When I clicked this, I thought it was just going to be a "what happens/why doesn't this work" thing ... not a suicide note. Like spidey said, just stay the hell away from multinet unless you don't care in the slightest about network performance, stability, or even basic functionality.

What exactly are you aiming to accomplish by doing this? There has to be an easier solution though: If your switches have VLAN capability, do that and shuffle ports on an as-needed basis. If they don't, segment the network.

- M4H

 

[CubanCorona]

Thanks for all the input guys--cmetz especially. Sorry for the late response, but I've been away for a few days.

sieist, merc: What I was trying to do was pretty much a vlan without any specialized hardware.

Haha, now I am going to describe what my situation was. Let me say again, I do know what I am doing, and I definitely realize that this is not the best (or even a good) way to go about this. This post was more of an academical inquiry than a request for comments.

Internet connection #1
--------------------------
Cable modem with integrated NAT router (and 4 port switch) handing out 10.1.10.x

Internet connection #2
--------------------------
DSL modem -> Netgear wireless NAT router (and 4 port switch) handing out 192.168.1.x


Sooo, I had a necessarily wireless client that I wanted to set up as a DMZ host for internet connection #1. The problem, of course, was that I did not have an access point to use with network 1. So, on a whim, I decided to get creative and uplink the switches, thus creating one big broadcast domain with multiple subnet. Yes, I know this is never a good idea, but I wanted to see if I could make it work. Anyway, as long as all the hosts are assigned static IP's, everything works fine!! The problem is that we have two DHCP servers handing out IP addresses in two different subnets, and the clients don't know which one to listen to.

So that is how this post got started--I just wanted to know what a host would do in such a situation, and whether you could configure a host to listen preferentially to one DHCP server.

Again, yes this is a horrible mess, but I wanted to get to the nitty gritty here and figure out the technical details.

 

[realEZE]

Originally posted by: spidey07
multinetting is bad mojo. Don't have two IP subnets on the same broadcast domain. It causes all sorts of weird stuff to happen.

there is no good reason to do this.

What weird stuff can happen?

It should be perfectly fine, you can even have different protocols running in the same broadcast domain and as long as Cisco et al. did their homework, it will work.

Multinetting is a feature, only thing is, not all routers will support it.

 

[realEZE]

Originally posted by: azzlikr

Originally posted by: spidey07
multinetting is bad mojo. Don't have two IP subnets on the same broadcast domain. It causes all sorts of weird stuff to happen.

there is no good reason to do this.

What weird stuff can happen?

It should be perfectly fine, you can even have different protocols running in the same broadcast domain and as long as Cisco et al. did their homework, it will work.

Multinetting is a feature, only thing is, not all routers will support it.

Forget what I said.
We're not dealing with enterprise level equipment nor technical knowledge.

Don't multinet, don't have two DHCP servers.

Maybe you can run DD-WRT or OpenWRT on your Netgear... should let you do VLANs...

 

[nweaver]

Running a real DHCP server would help...

I would multinet the server (IP on each subnet) and then make the scope with 0 addresses, (or maybe 1-2 in one of the scopes) and then reservations for all the hosts.

But really, you DON'T want to do this with the gear you have...I'll bet a quick sniff would show some bad stuff...