ISC DHCP Users

Shriking ranges that are already in use??

classic Classic list List threaded Threaded
5 messages Options
project722
Reply | Threaded
Open this post in threaded view
|

Shriking ranges that are already in use??

project722
Hey all, 

We have a few scopes in DHCP that were made according to inaccurate projections. Now we are being forced to shrink these ranges. 

For instance, all of our /25's will need to become /27's. We have a legitimate concern that the gateway for the new /27's may already/will probably be leased out from the original /25. 

What can we do to make this a smooth transition and are there any other considerations that we need to be aware of?



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Simon Hobson
Reply | Threaded
Open this post in threaded view
|

Re: Shriking ranges that are already in use??

Simon Hobson
project722 <[hidden email]> wrote:

> We have a few scopes in DHCP that were made according to inaccurate projections. Now we are being forced to shrink these ranges.
>
> For instance, all of our /25's will need to become /27's. We have a legitimate concern that the gateway for the new /27's may already/will probably be leased out from the original /25.
>
> What can we do to make this a smooth transition and are there any other considerations that we need to be aware of?

First off, ignore the spaced that will be freed up by the shrinking (for now).


Then in advance, you will want to shorten your max lease time. If your max lease time is (say) 14 days then you cannot guarantee any step is complete until 14 days after you make the change. But if you shorten it, then you will only have to wait out the full time once, and then it will be the shorter time you have to wait. For long lease times, you can balance load/stability vs convenience by a stepped reduction - eg reduce from 14 days to 7 days, wait 7 days, reduce to 3 days, wait 4 days, reduce to 1 day, wait 2 days. Now you will have no leases valid for more than 1 day - you can go shorter if needed.

Make sure that all your routers will have an address in the shrunk ranges.
Eg, if you have used 172.16.0.0/25 and put the router at 172.16.1.254 then that will not be within 172.16.0.0/27. But if you've used 172.16.0.1 then that will be OK. If you need to change the router address, add the new one as a secondary address and change the routers option in the DHCP config.

Also change any fixed addresses and all your ranges so that they will fit within the new reduced size subnet.

Wait 1 day (or whatever time you have set) and now all your clients will have suitable addresses and be using the right router address.

You can now change the subnet mask in the DHCP config and wait another day (or time you set). After this, all the clients will be using the new shrunk subnet.

You can now remove the old address from the router (if it changed), and the freed up space is now available to use.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
project722
Reply | Threaded
Open this post in threaded view
|

Re: Shriking ranges that are already in use??

project722
Thanks Simon for the very detailed write up. So, if I am understanding you correctly, lets say we used 172.16.0.0/25 and set a router address of 172.16.0.1. Next we wanted to shrink that to 172.16.0.0/27. Will I need to use a secondary router in the option router line in this case? I'm a bit confused on this part. When would we need to actually use a secondary router and what would the option line look like? Something like this:

option routers 172.16.0.1 172.16.0.2;

If we do this what determines which router address gets assigned to the client? ( I'm assuming it can only have one)



On Mon, Jan 8, 2018 at 12:11 PM, Simon Hobson <[hidden email]> wrote:
project722 <[hidden email]> wrote:

> We have a few scopes in DHCP that were made according to inaccurate projections. Now we are being forced to shrink these ranges.
>
> For instance, all of our /25's will need to become /27's. We have a legitimate concern that the gateway for the new /27's may already/will probably be leased out from the original /25.
>
> What can we do to make this a smooth transition and are there any other considerations that we need to be aware of?

First off, ignore the spaced that will be freed up by the shrinking (for now).


Then in advance, you will want to shorten your max lease time. If your max lease time is (say) 14 days then you cannot guarantee any step is complete until 14 days after you make the change. But if you shorten it, then you will only have to wait out the full time once, and then it will be the shorter time you have to wait. For long lease times, you can balance load/stability vs convenience by a stepped reduction - eg reduce from 14 days to 7 days, wait 7 days, reduce to 3 days, wait 4 days, reduce to 1 day, wait 2 days. Now you will have no leases valid for more than 1 day - you can go shorter if needed.

Make sure that all your routers will have an address in the shrunk ranges.
Eg, if you have used 172.16.0.0/25 and put the router at 172.16.1.254 then that will not be within 172.16.0.0/27. But if you've used 172.16.0.1 then that will be OK. If you need to change the router address, add the new one as a secondary address and change the routers option in the DHCP config.

Also change any fixed addresses and all your ranges so that they will fit within the new reduced size subnet.

Wait 1 day (or whatever time you have set) and now all your clients will have suitable addresses and be using the right router address.

You can now change the subnet mask in the DHCP config and wait another day (or time you set). After this, all the clients will be using the new shrunk subnet.

You can now remove the old address from the router (if it changed), and the freed up space is now available to use.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Simon Hobson
Reply | Threaded
Open this post in threaded view
|

Re: Shriking ranges that are already in use??

Simon Hobson

On 8 Jan 2018, at 18:50, project722 <[hidden email]> wrote:

> Thanks Simon for the very detailed write up. So, if I am understanding you correctly, lets say we used 172.16.0.0/25 and set a router address of 172.16.0.1. Next we wanted to shrink that to 172.16.0.0/27. Will I need to use a secondary router in the option router line in this case?

No, because 172.16.0.1 is a valid address in the 172.16.0.0/27 subnet.

Had you used (say) 172.16.1.254 then that would NOT be valid in the 172.16.0.0/27 subnet - and so you'd need to change it. Since you can't "just change it" without breaking clients for a while, it's best to add the new address as a secondary address on the router* so that clients with old leases will carry on working until they get new settings via DHCP.

* Ah, reading it over I see the confusion. It's not about adding a second router address in the DHCP config, it's about adding it on the router itself. On a Linux box something like :
> ip addr add 172.16.0.1/25 dev eth0

on a Cisco box something like :
> int gi0/0
> ip address 172.16.0.1 255.255.255.128 secondary

That way, clients still configured to use 172.16.1.254 will continue working, when things get their new config then they'll switch to using 172.16.0.1. When everything has been reconfigured, you can remove the 172.16.1.254 address from the router and make 172.16.0.1 the primary (and probably, only) IPv4 address.


I did miss one step BTW - when all the clients have been reconfigured, the router will need reconfiguring - if it originally had 172.16.0.1/25 then it will need changing to 172.16.0.1/27.


Reconfiguring the network is never something you could call fun - I've done it a couple of times :-( Assume that you'll have missed something - a device you didn't realise was manually configured, a device configured to talk to a PC at a particular address (common when third parties install things like access control systems or multi-funcion copier/scanners), and so on.
Given the number of outfits I've come across who just still don't understand IPv4 basics, I hate to think how they'll cope with IPv6 8-0

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
project722
Reply | Threaded
Open this post in threaded view
|

Re: Shriking ranges that are already in use??

project722
OK I'm with you now. I think we'll be OK. These are fairly new subnets so not that many clients on them to break :-). 

Thanks again for the help.


On Mon, Jan 8, 2018 at 1:24 PM, Simon Hobson <[hidden email]> wrote:

On 8 Jan 2018, at 18:50, project722 <[hidden email]> wrote:

> Thanks Simon for the very detailed write up. So, if I am understanding you correctly, lets say we used 172.16.0.0/25 and set a router address of 172.16.0.1. Next we wanted to shrink that to 172.16.0.0/27. Will I need to use a secondary router in the option router line in this case?

No, because 172.16.0.1 is a valid address in the 172.16.0.0/27 subnet.

Had you used (say) 172.16.1.254 then that would NOT be valid in the 172.16.0.0/27 subnet - and so you'd need to change it. Since you can't "just change it" without breaking clients for a while, it's best to add the new address as a secondary address on the router* so that clients with old leases will carry on working until they get new settings via DHCP.

* Ah, reading it over I see the confusion. It's not about adding a second router address in the DHCP config, it's about adding it on the router itself. On a Linux box something like :
> ip addr add 172.16.0.1/25 dev eth0

on a Cisco box something like :
> int gi0/0
> ip address 172.16.0.1 255.255.255.128 secondary

That way, clients still configured to use 172.16.1.254 will continue working, when things get their new config then they'll switch to using 172.16.0.1. When everything has been reconfigured, you can remove the 172.16.1.254 address from the router and make 172.16.0.1 the primary (and probably, only) IPv4 address.


I did miss one step BTW - when all the clients have been reconfigured, the router will need reconfiguring - if it originally had 172.16.0.1/25 then it will need changing to 172.16.0.1/27.


Reconfiguring the network is never something you could call fun - I've done it a couple of times :-( Assume that you'll have missed something - a device you didn't realise was manually configured, a device configured to talk to a PC at a particular address (common when third parties install things like access control systems or multi-funcion copier/scanners), and so on.
Given the number of outfits I've come across who just still don't understand IPv4 basics, I hate to think how they'll cope with IPv6 8-0

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Free forum by Nabble Edit this page