locked
Overlapping subnets in AD Sites and Services and ConfigMgr Boundary impact RRS feed

  • Question

  • It's time again for yet another boundary question...

    Putting aside all the recent debate on IP Range > AD Site for CIDR networks, I have a question about overlapping subnets in AD S&S and their impact on automatically creating IP Ranges using Forest discovery.

    Example:

    Within AD the following sites are configured with the relevant subnets.
    172.16.1.16/28 - Site A
    172.16.1.48/28 - Site B
    172.16.1.80/28 - Site C
    172.16.1.96/28 - Site D
    172.16.1.112/28 - Site E
    172.16.1.128/28 - Site F
    172.16.1.144/28 - Site G
    172.16.1.160/28 - Site H
    172.16.1.208/28 - Site I
    172.16.1.0/24 - Site J

    The intent is to enable the option to automatically create IP Ranges based on discovered information from the AD Forest Discovery.
    This should give 10 IP Range boundaries

    172.16.1.16 - 172.16.1.31 - Site A
    172.16.1.48 - 172.16.1.63 - Site B
    172.16.1.80 - 172.16.1.95 - Site C
    172.16.1.96 - 172.16.1.111 - Site D
    172.16.1.112 - 172.16.1.127 - Site E
    172.16.1.128 - 172.16.1.143 - Site F
    172.16.1.144 - 172.16.1.159 - Site G
    172.16.1.160 - 172.16.1.175 - Site H
    172.16.1.208 - 172.16.1.223 - Site I
    172.16.1.0 - 172.16.1.255 - Site J

    What I'm concerned about is what the impact will be with Site J. To me this is an overlapping boundary.

    For site assignment this isn't a problem as there will only be a single site, however the intention is to use protected distribution points due to the varying link speeds and separate physical locations.

    With the IP range created by Site J, I'm pretty sure this will cause an issue, but would like to confirm that.

    The overlapping subnet in AD is as a catch all, which is fine in AD as it will give preference to a smaller matching subnet for site assignment.  As far as I'm aware, this isn't the case for ConfigMgr?

    In summary:
    Am I right in thinking that Site J will cause a problem with protected distribution points when created as an IP range automatically?

    On a side note, has a consensus been reached yet as to whether AD Site Boundaries could be used with subnets like this or are IP Ranges the way to go.
    I've seen the "SQL Performance hits with IP Ranges" quoted, but I'm still unclear on just what type of impact I'm likely to see on a site with say 8,000 clients.

    Thanks in advance,
    Steve

     

     


    My System Center Blog

    Wednesday, May 29, 2013 1:37 PM

All replies

  • Since my colleague already nit-picked I'll clarify the above before someone points out that protected DP's don't exist in 2012.

    By protected DP, I mean preferred DP's assigned to boundary groups.


    My System Center Blog

    Wednesday, May 29, 2013 3:13 PM