First, a little bit about what we're trying to do.
- We are migrating from being multiple LANs (multiple subnets) connected over slow VPN links to a single MAN (single subnet) connected with gigabit fiber
- We are going to VLAN each site to control cross-site "chatter"
- We have a single "datacenter" that will host the servers for all sites
- The networks will NOT be routed and, again, will be a single subnet
- Our switches support DHCP helper
- Our DHCP server is a Windows box running Server 2003, but may be upgraded to 2008
So, my question is this:
With DHCP helper on the switches forwarding DHCP requests, is the address that the DHCP server returns based off of subnet or scope?
So, for instance, if I configured multiple scopes like this:
- scope 1: 10.1.0.1 through 10.1.20.254
- scope 2: 10.2.0.1 through 10.2.20.254
and both of these scopes were in the same subnet (mask of 255.0.0.0), would the DHCP server hand out an IP to a machine from either scope at random because the subnet is the same, or would it hand out an IP from, say, scope 1 because the DHCP request was forwarded from a switch with an IP that falls within scope 1?
I've read conflicting information on this topic, some say scope while others say subnet (sometimes using them interchangeably in the same reply)
Any help would be appreciated.
Best Answer
Woah, there. What you're saying contradicts itself. You say "single subnet" in one point, but then "VLAN each site" in the second point. Then you say "the networks will NOT be routed". Are you sure you know what you're saying here?
Typically 802.1q VLANs are deployed in a one-to-one relationship with IP subnets. Each 802.1q VLAN acts as an independent Ethernet broadcast domain and, as such, broadcasts from one VLAN (like, say, a machine ARP'ing for another machine in the local subnet) won't be forwarded between the VLANs. Splitting a single IP subnet across multiple VLANs requires a "smart" bridge that can do proxy ARP.
How are you planning to get ARP to work between these various VLANs?
If you really want to eliminate "cross-site 'chatter'" then what you really want is a subnet for each physical location, a router at each location connected to the "MAN" to route traffic to the other locations, and "ip-helper" functionality in each router to forward DHCP requests from the various locations to the central DHCP server.
What it sounds like you don't want is a single big subnet with a bunch of bridges running proxy ARP, in my opinion. Your DHCP inquiry really, really speaks to an underlying desire (though you don't know it) to have per-location subnets with DHCP scopes for each.
To speak to your question specifically re: DHCP: A DHCP "scope" is a range of IP addresses and options that a DHCP server will "hand out". The DHCP server chooses the scope to choose an address based on either the network interface the request is received from (if it's a broadcast request) or the address of the DHCP relay agent (if it's a relayed request).
Some background: Best way to segment traffic, VLAN or subnet?