Alright, /r/networking. Help me out here. I'm usually pretty adept at networking, but I'm a bit stumped on this one. I was hired last year as IT Manager/System and Network Admin. The previous guy in my position had some really weird stuff set up that I'm working through, and a lot of it isn't up to standards. This might be one of them.
TL;DR: I'm trying to figure out what's telling my DHCP server which scope to hand out an address from.
Now, everything is working as far as DHCP goes, but I'm honestly not sure how. Here's the setup:
Windows Server 2012 R2 DHCP server, almost exclusively HP/Aruba switches. My Server 2012 box is running about 10 DHCP scopes. I'll focus on just a few of them:
Scope 1
- 10.1.0.1/16
- Pool 10.1.101.1-10.1.102.254
- Router 10.1.0.1
- DNS 10.1.2.1, 10.1.2.2
Scope 2
- 10.2.202.0/23
- Pool 10.2.202.2-10.2.203.240
- Router 10.2.202.1
- DNS 8.8.8.8, 8.8.4.4
Scope 3
- 10.2.204.0/23
- Pool 10.2.204.2-10.2.205.240
- Router 10.2.204.1
- DNS 8.8.8.8, 8.8.4.4
All three of those router addresses belong to the same two switches, which share them as VRRP addresses on different VLANs. For example:
vlan 204
name "204-WLAN_OSH_AUTHENTICATED"
ip address 10.2.205.253 255.255.254.0
ip helper-address 10.1.2.1
ip rip 10.2.205.253
vrrp vrid 204
virtual-ip-address 10.2.204.1
priority 254
enable
exit
exit
The "ip helper-address" there, 10.1.2.1, is my Server 2012 box running DHCP. That's the only IP address assigned to it. Other servers are also in the 10.1.2.0 range. The management interfaces of my network equipment are on 10.1.254.0. For example, the two switches sharing the VRRP addresses are HP 5606zl models on 10.1.254.110 and .115. My actual router/firewall is 10.1.254.245, which those switches have set as their gateway.
**The Question:**
What exactly is telling my DHCP server which scope to hand out an IP address from? Is it based on the virtual IP address of the VLAN interface on the switch?
So far I've just kind of left everything as-is, but I hate the way the network is currently laid out physically, and I'm going to be changing it up. Probably 3/4 fiber runs to other network closets in the building run to the 5406zl in my datacenter (10.1.254.110). The others run to the 5406zl in my largest network closet (10.1.254.115). Again, these two switches share all the VRRP addresses, including the primary gateway for most devices on the network, 10.1.0.1. There are two 1Gb fiber runs between the two switches running in LACP.
What I'd like to do is move away from the shared IP addresses between the two, and move all my fiber runs to a new pair of stacked Aruba 3810 16 SFP+ switches. I'm going to upgrade the link between the DC and network closet to 10Gb using LRM modules and that'll free up a fiber pair. I've already tested it and it's just waiting for me to switch to it. I'm going to move all my fiber links from the 5406zl in the DC to the 3810 stack. I'll take the fiber runs from the 5406zl in the network closet and patch them through the 12-strand fiber to the DC, again to the 3810 stack. I'll then replace the 5406zl in the DC with several stacked 48-port switches and link that to the 3810 stack with DAC cables. I'll then assign all those shared IP addresses to the 3810 stack appropriately.
I just want to make sure I understand how everything is working right now and that I don't screw anything up. Thoughts?
No comments:
Post a Comment