Module 3: DHCP As a
Solution for IP
Configuration

The increasing complexity of network infrastructures
demonstrates the need for an automated and centrally
managed Internet Protocol (IP) configuration scheme.
The DHCP service in Microsoft® Windows® 2000
provides an automated IP addressing service and
centralized management of Transmission Control
Protocol/Internet Protocol (TCP/IP) configuration
parameters.
At the end of this module, you will be able to:

Recognize DHCP as a solution for the IP configuration
needs of an organization.

Evaluate and create a DHCP solution for nonrouted
networks, routed networks, and various client types.

Select the appropriate strategies to secure a DHCP
solution.

Select the appropriate strategies to improve the
availability of a DHCP design.

Select the appropriate strategies to improve the
performance of a DHCP design.
Overview

Introducing DHCP

Designing a Functional DHCP Solution

Securing a DHCP Solution

Enhancing a DHCP Design for Availability

Enhancing a DHCP Design for Performance

As an IP configuration scheme increases in size and in the number
of configuration options used, it becomes increasingly difficult to
manage the manual configuration of network hosts. The DHCP
service in Windows 2000 provides automation for host IP
configuration by supporting multiple subnets with unique
configuration options and IP address ranges.
The Dynamic Host Configuration Protocol (DHCP) is a messagedriven protocol that allows hosts on the network to acquire an IP
address and TCP/IP client option information from a DHCP server.
There are two components to DHCP in Windows 2000, a DHCP
Server service and a DHCP Client.

Note: DHCP Server and DHCP Client, with capital S and capital C,
respectively, are used throughout the module to indicate a server or
client running the DHCP Server service in Windows 2000 or a
Microsoft Windows-based DHCP Client.
When designing a DHCP solution, the network designer
must:

Define the requirements for a DHCP solution for the
network.

Identify the features provided by DHCP and how these
features support the design requirements for the DHCP
solution.

Identify the benefits of integration between DHCP and
other Windows 2000 services.
Introducing DHCP

Design Decisions

DHCP Features

Integration Benefits
Design Decisions
Segment 1

Number of Hosts?

Number of Subnets?

Network Configuration?
Router
Segment 2

To develop a DHCP solution, you must determine the
host population, the number of subnets, and the
configuration of the network. This information
establishes the subnets you must define and the DHCP
Client options that must be supplied by the DHCP
service to allow successful DHCP Client operation on
the IP network.
In an IP network that uses DHCP, you must allocate each
DHCP Client an IP address and configuration
information to enable IP communication. The DHCP
Server maintains a database that includes available and
allocated IP addresses for defined subnets and the
client TCP/IP options.
DHCP Features

RFC Compliance
 Scopes
 Superscopes
 TCP/IP Options

DNS Integration

Active Directory Integration

Microsoft’s Vendor-Specific Options

Microsoft Support for Multicast IP Address Allocation

To design an effective DHCP service infrastructure, you
must understand the features of the DHCP service and
how these features solve the IP configuration
requirements of an organization.
RFC Compliance
The DHCP service in Windows 2000 complies with RFCs 951, 2131,
and 2132.
The three primary management features that DHCP supports are:

Scopes. A range of IP address that are offered on any particular
subnet.

Superscopes. A collection of scopes being offered for the same
physical subnet. Superscopes allow easy extension of the IP
address range being offered to a subnet, particularly if the range
offered is noncontiguous.

TCP/IP options. The additional configuration information that can
be passed to the DHCP Client.

Note: For each DHCP Server, the TCP/IP options can be defined by
using default (global) server options; or for each scope by using
scope options, class options, and reserved options.
DNS Integration

DHCP and DNS integration allows earlier versions of
Windows-based clients, and non-Microsoft DHCP
clients, to have their records automatically updated in
the DNS database by the DHCP Server.
Active Directory Integration

The integration of the DHCP service with the Active
Directory™ directory service allows DHCP Servers to be
authorized within Active Directory. Windows 2000-based
DHCP Servers do not start unless authorized.
Microsoft's Vendor-Specific Options
In addition to RFC 2131-compliant DHCP options, Microsoft
supports several vendor-specific options. Defined in RFC 2132,
these vendor options in the DHCP service in Windows 2000 include:

Disable NetBIOS over TCP/IP (NetBT). Used to enable or disable
NetBT on Windows 2000 DHCP Clients. Earlier Windows clients
require NetBT; therefore, they do not support this option.

Release DHCP lease on shutdown. Used to control whether DHCP
Server-enabled computers send a release for their current DHCP
lease to the DHCP Server when the computer shuts down.

Default Router Metric base. If set, the DHCP client uses the value
configured here as the base metric for its default gateways.

Note: For more information on MADCAP and support for multicast
groups, see RFC 2730, Multicast Address Dynamic Client Allocation
Protocol (MADCAP).
Microsoft Support for Multicast IP Address Allocation

The DHCP service in Windows 2000 supports the
Multicast Address Dynamic Client Allocation Protocol
(MADCAP), in addition to DHCP. These protocols are
supported independently by the DHCP service.
MADCAP is used to enable multicast clients to join
multicast groups. The DHCP service in Windows 2000
supports multicast scopes independently of the DHCP
scopes.

Valid addresses for a multicast scope are in the
following ranges:
239.255.0.0 to 239.255.255.255
239.254.0.0 to 239.254.255.255
239.253.0.0 to 239.253.255.255

Note: For more information on MADCAP and support for
multicast groups, see the IETF draft: "Multicast Address
Dynamic Client Allocation Protocol (MADCAP)", dated
May 24, 1999, or the latest revision, which is available at
ftp://www.ietf.org/internet-drafts/draft-ietf-mallocmadcap-07.txt
Integration Benefits
Routing
and Remote
Access Server
DNS
Server
Active
Directory
IP Address
DHCP
Server
Name Registration

Routing and Remote Access

DNS

Active Directory
Server Authorization

To extend service capabilities and reduce network
management, the DHCP service integrates with other
Windows 2000 networking services.
Routing and Remote Access Integration

The integration of Routing and Remote Access and DHCP allows a
remote access server to obtain IP address leases from DHCP. These
address leases are then assigned to remote access clients
connecting to the server. Upon initialization, the remote access
server contacts the DHCP Server and requests IP addresses-one
used internally and ten for issue to clients. As the number of
simultaneous access clients increases, remote the server requests
additional IP addresses from the DHCP Server in blocks of ten.

If the remote access server is configured to use the DHCP Relay
Agent, all DHCP configuration information is provided to the remote
access clients. If the DHCP Relay Agent is not configured on the
remote access server, the remote access clients receive only the IP
address and subnet mask provided by the DHCP Server.
DNS Integration

For clients with dynamically allocated IP addresses, you
cannot manually update the client name information in
DNS. The integration of DHCP with DNS allows you to
configure the DHCP Server to update the client records
in DNS when an IP address is leased.
DHCP and DNS integration allows non-Active Directory,
previous versions of Windows-based clients, and nonMicrosoft DHCP clients, to have their records
automatically updated in the DNS database by the DHCP
Server. Windows 2000-based DHCP Clients
automatically update their own records in DNS, but you
must enable the DHCP Server to update the DNS
database for other clients, if required.
Active Directory Integration

Non-authorized DHCP servers have the potential to
disrupt network operation by issuing incorrect IP
addresses or option information to clients. The
integration of the DHCP service with Active Directory
allows DHCP Servers to be authorized within Active
Directory. Non-authorized Windows 2000-based DHCP
Servers will not start, which eliminates the potential for
disruption of IP address leases on a network.

Note: The authorization of DHCP servers in Active
Directory functions only with Windows 2000-based
DHCP Servers. At least one DHCP Server must be
installed on an Active Directory domain controller, or
server, to allow authorization to work.
Designing a Functional DHCP Solution

Designing a DHCP Service for a LAN

Designing a DHCP Service for a Routed Network

Providing DHCP Service to Non-Microsoft Hosts

Discussion: Evaluating DHCP Functional Requirements

You can design an IP configuration service by using
DHCP to support various types of hosts in simple,
routed, and dial-up networks. You can design the DHCP
service to integrate with other Windows 2000 services,
such as DNS, to simplify the name registration of hosts
that have dynamically allocated IP addresses.
In this lesson you will learn about the following topics:

Designing a DHCP service for a LAN

Designing a DHCP service for a routed network

Providing DHCP service to non-Microsoft Hosts
Designing a DHCP Service for a LAN
DHCP 1
DHCP 2
Scope A
Active
Scope X
Active
Reserved
TCP/IP
Options
Class
Scope
Global
Scope B
Active
“Portable”
Scope Y
Active
Reserved
Class
SuperScope 1 SuperScope 2
Configuration for 2 DHCP Servers


Scope
Global
Server Placement
LAN TCP/IP Options
“Desktop”
Designing a DHCP Service for a LAN

A single DHCP Server can potentially support the DHCP
service for several thousand DHCP clients in a
nonrouted local area network (LAN). Many small to
medium-sized LANs are built by using ISO layer 2
switches, thereby allowing large client counts on a
single logical subnet.

Caution: A DHCP service for switched environments
with multiple broadcast domains may require DHCP
Relay Agents even though the network is not routed.
Placement of DHCP Servers

With a single DHCP Server, DHCP Client requests are
allocated from a single scope. This single scope defines
all addresses and TCP/IP options offered for the LAN.
With multiple DHCP Servers, it is unknown which server
will answer a DHCP Client broadcast first. In this case,
share the IP address range equally between the DHCP
scopes. For each server, define a superscope that
includes all scopes for the subnet. Scopes are enabled
only in the server issuing IP addresses from that scope.
Selecting TCP/IP Options for a LAN
In a nonrouted LAN configuration where the computer population is
stable or invariant, the following options reduce and control the
DHCP traffic:

Set DHCP leases to extended times.
Tip: If your network is subject to frequent reconfiguration, you
may need to reduce the lease time. DHCP Clients renew their lease
at startup and 50 percent of lease time, so this is the shortest time
to update TCP/IP options.

Use DHCP classes to customize DHCP scope options, and use
names such as "Portable" and "Desktop" to describe the
collections of options used for a particular scope.
Designing a DHCP Service for a Routed Network
DHCP Client
Non-DHCP
Client
No BOOTP
Forwarding
Subnet 1
DHCP
Relay Agent
Router
DHCP
Clients
With BOOTP
Forwarding
Subnet 2
Router
DHCP
Client
DHCP
Server
Subnet 3

DHCP Relay Agent

DHCP Server Placement

In a routed network, the broadcast domains are restricted. As such,
any DHCP solution must allow the broadcast traffic from the DHCP
Clients on the subnets to reach a DHCP Server. Windows 2000
provides a DHCP Relay Agent to forward client requests to a DHCP
Server. You can place the DHCP Relay Agent in a subnet anywhere
in the routed network.
DHCP Clients and Servers initially establish DHCP leases by using
media access control and IP broadcast packets. However, in most
networking environments, broadcast packets do not propagate
through routers, thus limiting the effective range of a DHCP Server
to the subnet to which it is connected. To provide IP configuration
to clients on multiple subnets, you must install a relay agent for
DHCP or configure IP routers to support DHCP/Bootstrap Protocol
(BOOTP) forwarding.
DHCP Relay Agent

The RFC 1542-compliant DHCP Relay Agent provided
with Windows 2000 acts as an intermediary between
DHCP Clients and DHCP Servers located across routers.
The DHCP Client communicates with the relay agent by
using the dynamic host configuration protocol. The
DHCP Relay Agent uses unicast packets to
communicate with a DHCP Server. The DHCP Relay
Agent is transparent to a DHCP Client.
Caution: The DHCP service and DHCP Relay Agent use
the same User Datagram Protocol (UDP) ports. Neither
service works reliably if you install them both on the
same computer.
For a routed network, use DHCP Relay Agents on each
subnet if:

There is no DHCP Server with an interface on the
subnet.

There are computers available to use as DHCP Relay
Agents.

There are no routers that support DHCP/BOOTP
forwarding.

Note: You can design a solution that does not require
DHCP Relay Agents by turning on BOOTP/DHCP
forwarding on the network routers.
Designing a DHCP Service for a Routed Network

You can configure the DHCP Relay Agent to delay
forwarding requests to a DHCP Server so that local
DHCP Servers can respond to the request. You can also
configure the DHCP Relay Agent to forward requests to
multiple DHCP Servers. To prevent multiple requests
from flooding the DHCP Servers, configure the
forwarding delay if using multiple DHCP Relay Agents,
or if including relay agents on a subnet with a DHCP
Server.
DHCP Server Placement

DHCP Servers need to be placed in a way that provides
the best client performance and service availability. The
decision to use single or multiple server solutions
depends on the routing configuration, the network
configuration, and the server hardware architecture.
Single Server DHCP Solution

You must place a single server on the subnet with the
largest client population. All other subnets will use
either DHCP Relay Agents, or have BOOTP/DHCP
forwarding activated on the routers. A mutilhomed
DHCP Server will reduce or eliminate the requirement
for DHCP Relay Agents or BOOTP/DHCP forwarding.
The following table lists the considerations and
requirements for a single server solution.
When considering
A single server solution requires
Routing configuration
Relay agents or routers forwarding subnet
broadcasts to support a routed network.
Network configuration
High-speed, persistent connections.
Server hardware
architecture
A single server if the hardware can support
the client count. A single server can support
many thousands of clients, but hardware
architecture limitations can limit the client
count.
Multiple Server DHCP Solutions

Include multiple DHCP Servers if the number of clients
exceeds the capabilities of a single server, if you
anticipate increases in DHCP Server-based traffic
across subnets, or if your DHCP solution includes wide
area network (WAN) links or nonpersistent connections
between locations. Use multiple servers if your solution
must accommodate expansion and increased
availability. The following table lists the configurations
required to provide a multiple server solution.
When considering
A multiple server solution
Routing configuration
Requires relay agents or routers forwarding
broadcasts to provide total coverage, as
determined by the number of servers and
subnets.
Network configuration
Permits a DHCP Server at each location. This
allows you to service DHCP Clients locally if
you have slower WAN links, dial-up links, or
a geographically dispersed network.
Server hardware
architecture
Allows you to scale the design to support
any number of clients and subnets.
Providing DHCP Service to Non-Microsoft Hosts
Non-DHCP
Client
DHCP
Server
Non-Microsoft
DHCP Client
Diskless
Workstation
BOOTP Client

Non-Microsoft DHCP Clients

BOOTP Clients

Non-DHCP Clients
IP Address1
IP Address2
DHCP Database
IP Address1
IP Address2
IP Address3

A heterogeneous network may include non-Windowsbased hosts that require dynamically allocated IP
address and option information. DHCP supports both
non-Microsoft DHCP clients and BOOTP clients. When
IP addresses are issued, DHCP Clients retain the
address for a lease period. BOOTP clients, as used in
many diskless workstations, do not support IP address
leases.

Note: The DHCP service in Windows 2000 supports any
clients that are compliant with RFCs 951, 2131, and
2132.
Non-Microsoft DHCP Clients

Always test the support required by non-Microsoft
clients to ensure that the clients are compatible with the
DHCP service in Windows 2000. These clients may
require support for non-mandatory features or for
vendor-specific options. In addition, these clients may
not support Microsoft-specific vendor extensions that
are implemented on the DHCP Server. For example, nonMicrosoft DHCP clients may not recognize the base cost
provided for the default gateways (Default Router Metric
base) TCP/IP option.
BOOTP Clients

The BOOTP client requests an address each time it starts because
it does not recognize an IP lease. BOOTP client support in previous
implementations of DHCP required an explicit client reservation to
be made for each BOOTP client. This IP allocation was marked as
an infinite lease or reserved IP address in the DHCP Server scope.
You could not reclaim these addresses, which created IP address
management problems.
The DHCP service in Windows 2000 supports RFC 951-compliant
BOOTP clients and can be configured to reclaim the IP addresses
when you remove clients from the network or turn them off. BOOTP
clients are assigned dynamic IP addresses from a pool of
addresses designated specifically for BOOTP clients. The DHCP
Server reclaims these addresses after the lease time has elapsed
and it has verified that the address is not still in use by the BOOTP
client.
Non-DHCP Clients

You configure IP addresses for non-DHCP clients
manually. You can document these addresses in the
DHCP scope by manually entering them as reserved
addresses. DHCP does not issue or reclaim these
reserved addresses.

To provide a functional DHCP-based solution for IP
configuration, you must decide how many servers are
required, whether or not relay agents are needed, and
the necessary number of scopes and superscopes.
The following scenario describes an organization's
current network configuration.
Instructions: Read the scenario and answer the
questions that follow.
Scenario

An organization has decided to restructure an existing network to
include DHCP services. You are assigned the task of evaluating
how DHCP can provide an automated solution for host IP
configuration.
The current network configuration provides:

Intranet access to all shared folders and Web-based applications at
all locations.

Access to the Internet from all locations.

Support for the existing infrastructure by using the manual
allocation of host IP addresses.

DHCP/ BOOTP forwarding enabled on all routers.

Support for a mission-critical Web-based application that requires
24-hours-a-day, 7-days-a-week operation.

Isolation of the organization's network from the Internet by using a
firewall and proxy server.
Securing a DHCP Solution

Securing the DHCP Service

Preventing Unauthorized DHCP Servers

Using DHCP in Screened Subnets
To prevent disruptions in DHCP service, it is essential to
ensure that only authorized servers are started, and that
only authorized personnel can alter server
configurations. To secure the administration and
authorization of the DHCP Servers, and to limit access
to the service by unauthorized hosts, you can:

Secure the DHCP service.

Prevent unauthorized servers on your network.

Include a DHCP Server in a screened subnet.
Securing the DHCP Service
Active
Directory
DHCPServer
Object
Authorized
List
ADSI
Authorized
List
DHCP
Server
Servers Running
Windows 2000

Authorize DHCP Servers in Active Directory

Using Windows 2000 Groups to Secure Management
DHCP
Server
The security of the DHCP service in Windows 2000 is
achieved through the integration of the DHCP service
with Active Directory. The DHCP service is secured by:

Authorizing DHCP Servers in Active Directory.

Using Windows 2000 groups to control access to DHCP
Server configuration.
Authorizing DHCP Servers in Active Directory

Implementing DHCP Server
authorization mandates the use of all Windows 2000based DHCP Servers. At least one Active Directoryenabled DHCP Server must exist to allow access to the
server authorization list, which is stored within Active
Directory in the DHCP Server object. For example, if a
network is using non-Windows 2000-based DHCP
servers, these servers do not request the authorized list
of servers, and they start whether authorized or not.
Using Windows 2000 Groups to Secure Management

DHCP in Windows 2000 supports a secure management
strategy. Only accounts with membership in special
Windows 2000 groups can reconfigure or view a DHCP
Server configuration. DHCP Administrators is a Domain
Local Group with permissions to administer the DHCP
Server; DHCP Users is a special local group that
permits read-only access. Membership in these groups
provides administrative or read-only access to DHCP
configuration information. Although this group
membership allows an authorized user to view
information and properties on a specific DHCP Server, it
can prevent unauthorized changes to the DHCP
configuration.
Preventing Unauthorized DHCP Servers
DHCPServer
Object
Authorized
List
In authorized list
(Start up)
Active Directory
Not in authorized list
(Shut down)
DHCP Service
DHCPINFORM
DHCPINFORM
Authorized
Windows 2000
DHCP Server

Using DHCP Servers in Windows 2000

Authorizing DHCP Servers in Active Directory
Unauthorized
Windows 2000
DHCP Server

Network functionality may be lost if an unauthorized
DHCP Server is introduced into the network, because
clients may be issued incorrect IP addresses and
configuration information. The implementation of the
DHCP service in Windows 2000 supports server
authorization, and the service shuts down if not
authorized.

The DHCP service requests access to the authorized
server list:
 When the service is starting.
 Every five minutes when the service is running.

When designing a DHCP service that supports server
authorization, you must:
 Use only DHCP Servers in Windows 2000
 Authorize DHCP Servers in Active Directory
Using DHCP Servers in Windows 2000

The DHCP service in Windows 2000 can access Active
Directory by using Active Directory Service Interfaces
(ADSI), which enables Active Directory to support DHCP
Server authorization. Other implementations of DHCP
might not support this feature.
Note: For more information on DHCP Server
authorization, see RFC 2131.
Authorizing DHCP Servers in Active Directory

DHCP Servers in Windows 2000 must be included in the
DHCP Server object authorized server list in Active
Directory to allow the server to start.
When a DHCP Server is starting, or, periodically while it
is running, the server queries Active Directory for a list
of authorized DHCP Servers. The server's IP address is
compared with the list of authorized servers. If a match
is not found, the server either does not start or is
automatically shut down.

If your solution includes multiple DHCP Servers, and
you plan to use server authorization, the first DHCP
Server must be installed on a Windows 2000 domain
controller or member server. DHCP Servers in Windows
2000 communicate by using broadcast-based
DHCPINFORM messages. These messages include the
information required to access the authorized server list
in Active Directory, and as long as one DHCP Server can
access the Active Directory DHCP Server object, the
authorized list is available.
Important: Your design requires DHCP Relay Agents to
allow the DHCPINFORM messages between DHCP
Servers on separate subnets, if the servers are not
installed on domain controllers or member servers.
Using DHCP in Screened Subnets
External
Firewall
Shared
Resource
Server
DHCP
Server
Internet
Internal
Firewall
Private
Network
Web and Shared
Resource Server
Screened Subnet
DHCP
Server

Making DHCP-allocated addresses available in a
screened subnet or outside of a single firewall poses
security risks. If a valid IP address is allocated to an
unauthorized client, access to your network resources
without authorization might occur.
If a DHCP Server is installed in a screened subnet or outside of
your firewall, you can minimize the security risks by:

Manually reserving IP addresses in the scope. This allows the IP
address to be mapped directly to the media access control address
of the client, thereby decreasing the likelihood of an unauthorized
host being allocated the address.

Setting extended lease times. This decreases the likelihood of an
unauthorized host capturing the IP address by reducing the number
of lease requests made.

Minimizing the address range available. This allows only enough
addresses in the scope to meet the needs for the screened subnet.
 Enhancing a DHCP Design for Availability
Single Computer
DHCP Server
Distributed
Scopes
DHCP Server
Cluster
Single Computer
DHCP Server

Using Distributed Scopes

Using Windows Clustering

Discussion: Evaluating DHCP
Availability Requirements
DHCP Server Cluster
IP Address
Cluster-based
DHCP Server
Enhancing DHCP Availability with Windows
Clustering

Using a Windows Clustering solution increases the
availability of an individual DHCP Server. The DHCP
Server is a cluster-aware service that you can install on
a cluster to provide immediate recovery in the event of
hardware or service failure.
Windows Clustering provides a higher level of
availability for individual servers; however, you must
consider that this solution generally requires more
computing resources than multiple DHCP Servers with
distributed scopes.
By configuring DHCP with Windows Clustering, you can:

Provide automatic failover and restart in the event of a
failure.

Restore failed servers sooner, because a single DHCP
database is used.

Eliminate the need for distributed scopes, which
reduces management overhead.

Note: Windows Clustering provides a solution that is
appropriate for solving availability issues associated
with a single DHCP Server. Windows 2000-based
servers that belong to the same cluster require
persistent, high-speed connections between all servers
in the cluster.
Enhancing DHCP Availability with Distributed Scopes
Scope for
172.81.X.X/20
defined in both
DHCP Servers
Active Addresses
Reserved Addresses
DHCP Server
Reserved Addresses
Active Addresses
DHCP Server

To increase DHCP service availability for a subnet, you
can use multiple DHCP Servers to provide IP addresses
to the subnet. Using distributed scopes to share the
available address range for a subnet that is between
multiple servers enhances DHCP service availability.
Multiple servers with distributed scopes provide DHCP
Server redundancy and share the DHCP Client load. You
must distribute the address range between the servers
based on their network location.
If multiple DHCP Servers provide service to a network
segment, or if all subnets use DHCP Relay Agents, you
can allocate equal portions of the address range for the
subnet to each server.

For example, if you have two DHCP Servers, one on the
subnet and the other using a DHCP Relay Agent,
allocate between 50 and 80 percent of the IP address
range to the DHCP Server on the subnet, and the
remaining addresses to the other server. Because one
DHCP Server resides directly on the network segment,
allocating the majority of addresses to that server
reduces DHCP traffic across the subnets. If either server
fails, the remaining server continues to respond to
DHCP requests.
Enhancing DHCP Availability with Windows Clustering
Multiple Physical Computers
DHCP Server
Cluster
DHCP Server Cluster
IP Address
Single Logical
DHCP Server
Enhancing DHCP Availability with Windows
Clustering

Using a Windows Clustering solution increases the
availability of an individual DHCP Server. The DHCP
Server is a cluster-aware service that you can install on
a cluster to provide immediate recovery in the event of
hardware or service failure.
Windows Clustering provides a higher level of
availability for individual servers; however, you must
consider that this solution generally requires more
computing resources than multiple DHCP Servers with
distributed scopes.
By configuring DHCP with Windows Clustering, you can:

Provide automatic failover and restart in the event of a failure.

Restore failed servers sooner, because a single DHCP database is
used.

Eliminate the need for distributed scopes, which reduces
management overhead.

Note: Windows Clustering provides a solution that is appropriate
for solving availability issues associated with a single DHCP Server.
Windows 2000-based servers that belong to the same cluster
require persistent, high-speed connections between all servers in
the cluster.
Discussion: Evaluating DHCP Availability
Requirements
Proxy
Server
Link to Internet
Subnet A1
Subnet A2
Router A1
Router A2
Subnet B1
DHCP Server
with 4 scopes
Router A3
Subnet A3

To enhance the availability of a DHCP solution, you
must decide how many servers are required, whether to
use relay agents, and how many scopes and
superscopes you need.
The following scenario describes an organization's
current network configuration.
Instructions: Read the scenario and answer the
questions that follow.
Scenario

An organization has decided to restructure an existing DHCP-based
network. You are assigned the task of evaluating how to enhance
the availability of the DHCP service.
The current network configuration provides:

Intranet access to all shared folders and Web-based applications at
all locations.

Access to the Internet from all locations.

Support for the existing infrastructure as shown in the preceding
diagram.

DHCP/BOOTP forwarding enabled on all routers.

Support for a mission-critical Web-based application that requires
24-hours-a-day, 7-days-a-week operation.

Isolation of the organization's network from the Internet by using a
firewall and proxy server.
 Enhancing a DHCP Design for Performance



Enhancing DHCP Performance of a Single Server
Enhancing DHCP Performance by Using Multiple Servers
Improving DHCP Performance by Modifying Lease
Length
You can enhance the performance of a DHCP service to
provide the fastest possible response to DHCP Client
requests. You can address the performance of the DHCP
service from the following perspectives:

Improving the response of a single DHCP Server.

Improving the DHCP service response by using multiple
servers with DHCP distributed scopes.

Modifying DHCP lease lengths.
Enhancing DHCP Performance of a Single Server

The DHCP Server response time to requests from DHCP
Clients is the indicator of server performance.
Optimizing the performance of the DHCP Server
minimizes the response time for client requests for
addresses.
DHCP in Windows 2000 enhances performance by
supporting:

Multiple CPUs that the multithreaded DHCP service can
use.

An optimized database to provide the best query
response times.
Multihomed DHCP Server

A multihomed DHCP Server can provide high
performance IP configuration for multiple network
subnets without introducing any additional traffic
overhead. A multihomed DHCP Server is configured
with multiple network adapters. Each network interface
is connected to a different network segment.
Note: All interfaces in a Windows 2000-based DHCP
Server that are enabled for the DHCP service must use
fixed IP addresses.
Enhancing DHCP Performance of a Single Server
Memory
CPUs
Disk
Network Cards
DHCP
Server

Multihomed DHCP Server

Improving DHCP Server Response Times
DHCP
Client
Improving DHCP Server Response Times
You can improve the performance of a DHCP Server by:

Adding multiple CPUs.

Providing ample memory to support the DHCP service.

Providing high performance disks.

Using a high bandwidth network card or multiple
network cards.
Enhancing DHCP Performance By Using Multiple Servers
DHCP
Clients
DHCP
Servers
with
Distributed Scopes
Multihomed
DHCP Server
Router
New York
Sydney
Router
Router
DHCP
Clients
DHCP
Clients
WAN
Connection
If a single DHCP Server does not achieve the DHCP
design requirements for performance, additional DHCP
Servers are required.
When enhancing a DHCP design by adding additional
servers, use:

Distributed scopes to share the address range between
servers.

DHCP Servers on subnets with the highest DHCP Client
populations.

DHCP Servers on both sides of WAN links.

Multihomed DHCP Servers to reduce DHCP traffic
across subnets.
Improving DHCP Performance by Modifying Lease Length
As Lease Length Network Traffic
IP Addresses Release
Later
Sooner

If you have clients that leave the network for extended periods of
time without releasing their IP address, these addresses are
unavailable for allocation to other DHCP Clients. The addresses
cannot be reused until the lease expires, or the allocation is
manually deleted from the DHCP Server database.
Modifying the DHCP lease length adjusts the frequency with which
a DHCP Client contacts a DHCP Server for lease renewal. Modifying
the lease adjusts the time before DHCP automatically makes the IP
address available to other DHCP Clients if the original lease is not
renewed.
For example, decreasing the lease length shortens the elapsed
time, but increases network traffic and the load on the DHCP
Server.
The following table summarizes the effect of DHCP lease length on
network traffic and IP address release.

As lease length
Network traffic
IP addresses release
Increases
Decreases
Later
Decreases
Increases
Sooner

Note: To immediately reclaim DHCP resources, you can configure
Windows 2000 DHCP Clients to automatically release their IP
address on shutdown. If you do not enable this feature, and DHCP
Clients are to be permanently removed from the network, plan
procedures to manually release the IP address.
Lab A: Designing a DHCP Solution
Objectives
After completing this lab, you will be able to:

Evaluate an existing DHCP-based network
infrastructure.

Design a DHCP solution for the given scenario.
Prerequisites
Before working on this lab, you must have:

Knowledge of DHCP features and functionality.

Knowledge of DHCP strategies for enhancing security,
availability, and performance.
Exercise 1: Designing a DHCP Solution

In this exercise, you are presented with the task of
creating a DHCP solution for an organization that wants
to restructure its existing network. You will design a
DHCP solution that will support the organization's IP
configuration requirements.
You will record your solution on a Design Worksheet.
Review the scenario, diagrams, and design limitations
and requirements. Follow the Design Worksheet
instructions to complete the Design Worksheet.
Scenario

An organization has decided to restructure an existing DHCP-based
network. As a consultant, you have been retained to redesign the network
infrastructure.
The current network configuration provides:

Intranet access to all shared folders and Web-based applications at all
locations.

Access to the Internet from all locations.

Three locations: LocationA, LocationB, and LocationC. Links exist between
LocationA and LocationB, LocationA and LocationC, and LocationA and
the Internet.

Support for a remote access server at LocationA, which provides VPN
access for the Internet.

No support on routers for DHCP and BOOTP forwarding.

A mission-critical Web-based application available on a 24-hours-a-day, 7days-a-week scale. No provisions exist for ensuring high availability.

Isolation of the organization's network from the Internet with a proxy server
and a firewall, both situated at LocationA.
Design Limitations and Requirements

Your assessment of the existing network configuration,
and your investigation of the future configuration
requirements, reveal the design requirements that you
must meet in your DHCP solution. The requirements
include:
Existing configuration information
In the existing network:

BOOTP/DHCP forwarding is not turned on for any routers.

All DHCP clients are equally distributed on segments in each
location. No DHCP clients exist on Segment A2A at LocationA.

Company policy mandates that client computers are turned off
when not in use, but servers and other network-related devices are
left on.

Each location houses the servers, routers, and cable plant in an
equipment room; any required DHCP Servers are installed there.

Windows 2000-based computers exist on each segment that can
support the DHCP Relay Agent, if this is required.
Future configuration requirements
The redesigned network must ensure that:

All DHCP clients will be able to obtain addresses, even if a single link
between locations fails.

All DHCP clients will be able to obtain addresses, even if a single DHCP
Server fails.

All DHCP clients will be automatically configured for network
communication across segments, and to allow NetBIOS name registration.

All IP addresses on Segment A2A of LocationA will be manually allocated.
No DHCP services are required on this segment.

Unless equipment or link failures occur, DHCP requests will result in traffic
only on the segment where the request is made.

Private addressing will be used and each segment is allocated addresses
such that no more than 50 percent of the addresses will be required to
support current needs.

Single-function rack-mount computers will be used for the DHCP Servers.
No other network services will be installed on these computers. The DHCP
Servers will provide adequate performance for up to 2,500 clients.
Design Worksheet Instructions
To complete the Design Worksheet found below, you must:

Plan the minimum number of DHCP Servers required to meet the
requirements, and designate the segment(s) on which they are
positioned.

Plan the minimum number of DHCP Relay Agents required to meet
the requirements, and designate the segments(s) on which they are
positioned.

Plan the scopes and, if required, superscopes, for each DHCP
Server.

Designate the minimum number of TCP/IP options required for each
scope.

Describe the options for increasing the availability of the DHCP
services.
Review

Introducing DHCP

Designing a Functional DHCP Solution

Securing a DHCP Solution

Enhancing a DHCP Design for Availability

Enhancing a DHCP Design for Performance