Best practice on removing IP Scopes(subnets)
jcole at tbtc.net
Fri Apr 24 15:46:39 UTC 2009
Jeremy Phillips wrote:
> We are currently in the process of moving our IP space. I’m trying to
> remove the old IP subnets from the dhcp server without effecting
> Customers or having our helpdesk have 1000’s of calls from customers
> that need to get a new IP. Essentially we will be moving 20+ class C’s.
> I was just wondering how some of you went about this very procedure
> without effecting service.
Do you mean moving from the old IP space to new space? If so, basically:
- Reduce lease times incrementally leading up to the cut activity.
This minimizes the amount of time it takes for a client to acquire the
new lease after you cut. I like 5 minutes. This is less important if
you maintain connectivity to the old net.
- Configure the new pool at the server.
- Renumber the L3 boundary interface. This could be your router/BRAS
(relay agent) or the dhcp server itself, i.e. whatever interface is
actually hearing the broadcasts.
- Reestablish the old interface IP as a secondary. This keeps
clients with old leases from losing connectivity until they get a lease
in the new network. This is not always possible, which is why we reduce
the lease times.
- Remove the old pool from the server config.
- Wait. As clients try and renew, the server will ignore (or send
DHCPNAK, I can't remember) since the pool is no longer configured.
Eventually the lease expires and the client gives up (or gets NAK?) and
starts DISCOVERing again, obtaining a lease in the new pool.
The outages using this method are limited to the time between
renumbering and establishing the secondary (a couple of seconds) and the
time between lease expiry and new lease acquisition (a couple hundred
The latter will cause connection resets because the client IP actually
changes, breaking interactive and streaming applications until a new
connection is established.
If you can't establish a secondary for some reason, the outage is
typically half the lease time.
(*) Some clients have very badly implemented DHCP logic and don't handle
this case gracefully. Firewall software will some times freak out
because the IP changes. Genearlly, CPE resets or PC reboots handle
More information about the dhcp-users