Best practice on removing IP Scopes(subnets)

Jerimiah Cole jcole at
Fri Apr 24 15:46:39 UTC 2009

Jeremy Phillips wrote:
>   We are currently in the process of moving our IP space.  I’m trying to 
> remove the old IP subnets from the dhcp server without effecting

> Customers or having our helpdesk have 1000’s of calls from customers 
> that need to get a new IP.  Essentially we will be moving 20+ class C’s.
> I was just wondering how some of you went about this very procedure 
> without effecting service. 

Do you mean moving from the old IP space to new space?  If so, basically:

   - Reduce lease times incrementally leading up to the cut activity. 
This minimizes the amount of time it takes for a client to acquire the 
new lease after you cut.   I like 5 minutes.  This is less important if 
you maintain connectivity to the old net.
   - Configure the new pool at the server.
   - Renumber the L3 boundary interface.  This could be your router/BRAS 
(relay agent) or the dhcp server itself, i.e. whatever interface is 
actually hearing the broadcasts.
   - Reestablish the old interface IP as a secondary.  This keeps 
clients with old leases from losing connectivity until they get a lease 
in the new network.  This is not always possible, which is why we reduce 
the lease times.
   - Remove the old pool from the server config.
   - Wait.  As clients try and renew, the server will ignore (or send 
DHCPNAK, I can't remember) since the pool is no longer configured. 
Eventually the lease expires and the client gives up (or gets NAK?) and 
starts DISCOVERing again, obtaining a lease in the new pool.

The outages using this method are limited to the time between 
renumbering and establishing the secondary (a couple of seconds) and the 
  time between lease expiry and new lease acquisition (a couple hundred 

The latter will cause connection resets because the client IP actually 
changes, breaking interactive and streaming applications until a new 
connection is established.

If you can't establish a secondary for some reason, the outage is 
typically half the lease time.

(*) Some clients have very badly implemented DHCP logic and don't handle 
this case gracefully.  Firewall software will some times freak out 
because the IP changes.  Genearlly, CPE resets or PC reboots handle 
these cases.


More information about the dhcp-users mailing list