DHCP - Advice moving from public to private IP scope. 1

[LuMBoY]

I have two Win2k DC's.
DC1 (GC) Currently running DNS & DHCP (DNS AD integrated using ISP's IP scope 216.x.x.x/24).
DC2 Currently running DNS, eventually will be running DHCP with 192.168.x.x/24.
All servers have static IP's assigned, and have at least 2 NIC's.
I plan on setting the IP leases to expire at a certain time on DC1 then activate the private IP scope on DC2. I know that I will have to /release/renew the IP's on the clients to obtain the new scope from DC2. I know that DNS will have to be configured to accomodate the new scope and also the router/gateway.

Seeing that my company plans on this change taking affect in the next few weeks, can I take steps now to preconfigure this? Such as assigning all servers (currently 216.X.X.X/24)with their eventual private (192.x.x.x/24). Are there any problems assigning 2 IP's (public and eventual private IP address) to one NIC, or would you recommend assigning the private IP to the 2nd NIC. Any advice is welcome. Thanks in advance.
LUM

 

[GiaBetiu]

For blueprint:
1. split your IP addresses (192.168.x.x) in two, assigning each part of a scope to the two DHCP servers.
2. I suppose that you have two adresses from your provider, not a range, and you are using those connection to the internet to give access to the internet to your LAN.
so, configure the servers to have NAT.
3. Distribute the functions of those servers. Use DC1 as DHCP just as backup. In this way DC2 will be involved in routing and DHCP, and DC2 in DNS, AD and backup DHCP.
4. Have you a registerd domain also? Then:
a. create an internal DNS zone, using the public name (domain already registerd)
b. that internal DNS should be a non root one (remove "." zone if you have it in the forward zone)
c. if you are keeping your external records also, then use a differnt DNS server, connected directly to the Internet, that will own a domain name the same like the internal one. In this way you will have same name structure, and you will keep confidential your internal DNS records.
d. set your internal DNS to forward unknown requests to the external DNS
e. of course all your internal computers (servers too) will use as DNS server just the internal DNS.

As about that policy for expiration and moving to another DHCP server after, I don't understand why you want this. The second DHCP should have just a backup rol!

Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K

 

[LuMBoY]

Thanks for your quick response Gia, your responses helped out alot.

So I would divide the scopes into 2.
DC1 would lease .129-.254 (Now DHCP backup)
DC2 would lease .1-.128 (Now Primary)with exception of exclusion range .1-.50 (static) for servers, switches, and routers. I imagine that I would just de-activate the 216.x.x.x scope. Then /release/renew the clients.


I initially want our firewall appliance w/CheckPoint to handle NAT. It has 4 interfaces. However, it is a single point of hardware failure. So NAT on Win2k interests me. How much, if any, would NAT affect server performance?

 

[GiaBetiu]

I cannot answer to your question. I don't know, how musch will affect server performance. But, as I said, distribute the functions between the two servers that you have.
If you have a router that can do this, could be better then to used it for making NAT. Is a hardware machine designed for such operations, so should be faster.
Ok,. i can just imagine what youhave there in your network.
Try to follow my guidelines, and see which solution is best suited for you.

Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K