RE: [ActiveDir] overlapping IP space in AD sites?
See the Distributed Systems Guide of the W2K Server Resource Kit. The topic in Chapter 3 titled "Mapping IP Addresses to Site Names" (page 163 in my book) says: "NetLogon looks up the client UP address in its subnet-to-site mapping table by finding the subnet object that _most closely matches_ the client IP address ..." FWIW the mapping table is an in-memory structure and searching it is likely to a very efficient operation. -gil Gil Kirkpatrick CTO, NetPro -Original Message- From: Hagberg Lars [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 3:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] overlapping IP space in AD sites? Hi It should work; based on my experience AD selects the smallest subnet that covers the IP address IP addresses 10.10.0.1 - 10.10.255.254 is site 1 except for 10.10.88.1 - 126 that is in site 2 in your example Have anybody seen any documentation about this? //Best Regards Lars -Original Message- From: Thommes, Michael M. [mailto:[EMAIL PROTECTED] Sent: den 27 augusti 2003 17:10 To: Active Directory Mailing List (E-mail) Subject: [ActiveDir] overlapping IP space in AD sites? Hi, We have a pretty complex IP structure with various types of access. As we develop AD sites for low bandwidth connected remote offices, I was wondering how AD handles site subnet definitions that might overlap one another. For example: 10.10.0.0/16 = Site 1 10.10.88.0/25 = Site 2 The AD Sites and Services mmc allows (doesn't complain) about overlapping subnets. As always, any comments or experiences in this area are appreciated! Mike Thommes Argonne National Laboratory List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] overlapping IP space in AD sites?
Hmmm... We're using /13 networks for a hub and spoke topology, with the hub spoke being a /16, carved into /23 and /24 blocks. Each spoke site generally /23 or /24 segment as well. As each /13 is basically designated as an AD site, it would make sense to then add a /13 masked catchall subnet to the design, associated with that site. Looks like I might be adding to the site topology soon... -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Rick Kingslan [mailto:[EMAIL PROTECTED] > Sent: Friday, August 29, 2003 11:31 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > Roger, > > Yeah - it will, through sorting through the subnets available - end up > grabbing the most specific subnet that the client is on. So, > if you have a > /25 and a /24 (real-life - from our environment) the client > being on the > /24, the eventual selection of subnet and site associated > will be to the > most specific. > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Friday, August 29, 2003 10:07 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > You answered my question - I apparently left out 'impact' > from the original > statement. > > I guess at some point I figured that there would be a > performance hit for > trying to ascertain the most specific subnet. It does grab > the most specific > subnet, right? > > -- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Joe [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 28, 2003 11:17 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > > > > I don't think I understand your question Roger... I will > give it a try > > anyway... > > > > I haven't noticed a performance impact due to having the additional > > subnets if that is what you are asking. Then I wouldn't > really expect > > it since it should be implemented as a simple btree search. > > > > The main reason I did it years ago was because contrary to > > documentation new DC's that were promoed that weren't on a defined > > subnet DID NOT go into Default First Site. They would go into some > > other site defined by some logic that I failed to ascertain > which was > > a pain since we have several hundred sites. > > > > Additionally when we have clients come up on undefined subnets we > > would rather they get directed to our corporate datacenters versus > > randomly picking some site somewhere. This makes sense since we are > > basically three interconnected geographic hub and spokes > networks with > > the interconnections between the hubs. The way the data > center and the > > sorting sites (sites with the class-a's) and site links are defined > > the sorting sites end up using the data centers for DC coverage. It > > works out well. We, of course, would rather have all of the subnets > > and sites defined properly, but we understand reality and know it > > won't happen so we try to reduce pain felt by unsuspecting users by > > crutching as best as possible. > > > > > > joe > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Roger > > Seielstad > > Sent: Thursday, August 28, 2003 7:09 AM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > > > > Is there any significant performance that you can discern from that > > scheme? > > > > -- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -Original Message- > > > From: Joe [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, August 27, 2003 6:37 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > > > > > > > This is fine. We
RE: [ActiveDir] overlapping IP space in AD sites?
Roger, Yeah - it will, through sorting through the subnets available - end up grabbing the most specific subnet that the client is on. So, if you have a /25 and a /24 (real-life - from our environment) the client being on the /24, the eventual selection of subnet and site associated will be to the most specific. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Friday, August 29, 2003 10:07 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] overlapping IP space in AD sites? You answered my question - I apparently left out 'impact' from the original statement. I guess at some point I figured that there would be a performance hit for trying to ascertain the most specific subnet. It does grab the most specific subnet, right? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Joe [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 28, 2003 11:17 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > I don't think I understand your question Roger... I will give it a try > anyway... > > I haven't noticed a performance impact due to having the additional > subnets if that is what you are asking. Then I wouldn't really expect > it since it should be implemented as a simple btree search. > > The main reason I did it years ago was because contrary to > documentation new DC's that were promoed that weren't on a defined > subnet DID NOT go into Default First Site. They would go into some > other site defined by some logic that I failed to ascertain which was > a pain since we have several hundred sites. > > Additionally when we have clients come up on undefined subnets we > would rather they get directed to our corporate datacenters versus > randomly picking some site somewhere. This makes sense since we are > basically three interconnected geographic hub and spokes networks with > the interconnections between the hubs. The way the data center and the > sorting sites (sites with the class-a's) and site links are defined > the sorting sites end up using the data centers for DC coverage. It > works out well. We, of course, would rather have all of the subnets > and sites defined properly, but we understand reality and know it > won't happen so we try to reduce pain felt by unsuspecting users by > crutching as best as possible. > > > joe > > > > -Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Roger > Seielstad > Sent: Thursday, August 28, 2003 7:09 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > Is there any significant performance that you can discern from that > scheme? > > -- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -Original Message- > > From: Joe [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 27, 2003 6:37 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > > > > This is fine. We actually have a couple of class A subnets > defined and > > > the subdefine those to more specific sites. > > > > I.E. Class A points to an overall company site. Many 24 bit > mask or 23 > > > bit mask subnets are then defined to further refine the site the > > clients should use. The clients will chase through the > logic and find > > the subnet > > that most closely matches it and use that site. > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, > > Michael M. > > Sent: Wednesday, August 27, 2003 11:10 AM > > To: Active Directory Mailing List (E-mail) > > Subject: [ActiveDir] overlapping IP space in AD sites? > > > > > > Hi, > >We have a pretty complex IP structure with various types > of access. > > > As we develop AD sites for low bandwidth connected remote > offices, I > > was wondering how AD handles site subnet definitions that might > > overlap one another. For example: > > > > 10.10.0.0/16 = Site 1 > > 10.10.88.0/25 = Site 2 > > > > The AD Sites and Services mmc allows (doesn't complain) about > > over
RE: [ActiveDir] overlapping IP space in AD sites?
You answered my question - I apparently left out 'impact' from the original statement. I guess at some point I figured that there would be a performance hit for trying to ascertain the most specific subnet. It does grab the most specific subnet, right? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Joe [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 28, 2003 11:17 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > I don't think I understand your question Roger... I will give it a try > anyway... > > I haven't noticed a performance impact due to having the additional > subnets if that is what you are asking. Then I wouldn't > really expect it > since it should be implemented as a simple btree search. > > The main reason I did it years ago was because contrary to > documentation > new DC's that were promoed that weren't on a defined subnet DID NOT go > into Default First Site. They would go into some other site defined by > some logic that I failed to ascertain which was a pain since we have > several hundred sites. > > Additionally when we have clients come up on undefined > subnets we would > rather they get directed to our corporate datacenters versus randomly > picking some site somewhere. This makes sense since we are basically > three interconnected geographic hub and spokes networks with the > interconnections between the hubs. The way the data center and the > sorting sites (sites with the class-a's) and site links are > defined the > sorting sites end up using the data centers for DC coverage. It works > out well. We, of course, would rather have all of the subnets > and sites > defined properly, but we understand reality and know it won't > happen so > we try to reduce pain felt by unsuspecting users by crutching > as best as > possible. > > > joe > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Thursday, August 28, 2003 7:09 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > Is there any significant performance that you can discern from that > scheme? > > -- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -Original Message- > > From: Joe [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 27, 2003 6:37 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > > > > This is fine. We actually have a couple of class A subnets > defined and > > > the subdefine those to more specific sites. > > > > I.E. Class A points to an overall company site. Many 24 bit > mask or 23 > > > bit mask subnets are then defined to further refine the site the > > clients should use. The clients will chase through the > logic and find > > the subnet > > that most closely matches it and use that site. > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, > > Michael M. > > Sent: Wednesday, August 27, 2003 11:10 AM > > To: Active Directory Mailing List (E-mail) > > Subject: [ActiveDir] overlapping IP space in AD sites? > > > > > > Hi, > >We have a pretty complex IP structure with various types > of access. > > > As we develop AD sites for low bandwidth connected remote > offices, I > > was wondering how AD handles site subnet definitions that might > > overlap one > > another. For example: > > > > 10.10.0.0/16 = Site 1 > > 10.10.88.0/25 = Site 2 > > > > The AD Sites and Services mmc allows (doesn't complain) about > > overlapping subnets. As always, any comments or > experiences in this > > area are appreciated! > > > > Mike Thommes > > Argonne National Laboratory > > List info : http://www.activedir.org/mail_list.htm > > List FAQ: http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ: http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] overlapping IP space in AD sites?
I don't think I understand your question Roger... I will give it a try anyway... I haven't noticed a performance impact due to having the additional subnets if that is what you are asking. Then I wouldn't really expect it since it should be implemented as a simple btree search. The main reason I did it years ago was because contrary to documentation new DC's that were promoed that weren't on a defined subnet DID NOT go into Default First Site. They would go into some other site defined by some logic that I failed to ascertain which was a pain since we have several hundred sites. Additionally when we have clients come up on undefined subnets we would rather they get directed to our corporate datacenters versus randomly picking some site somewhere. This makes sense since we are basically three interconnected geographic hub and spokes networks with the interconnections between the hubs. The way the data center and the sorting sites (sites with the class-a's) and site links are defined the sorting sites end up using the data centers for DC coverage. It works out well. We, of course, would rather have all of the subnets and sites defined properly, but we understand reality and know it won't happen so we try to reduce pain felt by unsuspecting users by crutching as best as possible. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Thursday, August 28, 2003 7:09 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] overlapping IP space in AD sites? Is there any significant performance that you can discern from that scheme? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Joe [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 27, 2003 6:37 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > This is fine. We actually have a couple of class A subnets defined and > the subdefine those to more specific sites. > > I.E. Class A points to an overall company site. Many 24 bit mask or 23 > bit mask subnets are then defined to further refine the site the > clients should use. The clients will chase through the logic and find > the subnet > that most closely matches it and use that site. > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, > Michael M. > Sent: Wednesday, August 27, 2003 11:10 AM > To: Active Directory Mailing List (E-mail) > Subject: [ActiveDir] overlapping IP space in AD sites? > > > Hi, >We have a pretty complex IP structure with various types of access. > As we develop AD sites for low bandwidth connected remote offices, I > was wondering how AD handles site subnet definitions that might > overlap one > another. For example: > > 10.10.0.0/16 = Site 1 > 10.10.88.0/25 = Site 2 > > The AD Sites and Services mmc allows (doesn't complain) about > overlapping subnets. As always, any comments or experiences in this > area are appreciated! > > Mike Thommes > Argonne National Laboratory > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] overlapping IP space in AD sites?
Is there any significant performance that you can discern from that scheme? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Joe [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 27, 2003 6:37 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] overlapping IP space in AD sites? > > > This is fine. We actually have a couple of class A subnets defined and > the subdefine those to more specific sites. > > I.E. Class A points to an overall company site. Many 24 bit mask or 23 > bit mask subnets are then defined to further refine the site > the clients > should use. The clients will chase through the logic and find > the subnet > that most closely matches it and use that site. > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, > Michael M. > Sent: Wednesday, August 27, 2003 11:10 AM > To: Active Directory Mailing List (E-mail) > Subject: [ActiveDir] overlapping IP space in AD sites? > > > Hi, >We have a pretty complex IP structure with various types of access. > As we develop AD sites for low bandwidth connected remote > offices, I was > wondering how AD handles site subnet definitions that might > overlap one > another. For example: > > 10.10.0.0/16 = Site 1 > 10.10.88.0/25 = Site 2 > > The AD Sites and Services mmc allows (doesn't complain) about > overlapping subnets. As always, any comments or experiences in this > area are appreciated! > > Mike Thommes > Argonne National Laboratory > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] overlapping IP space in AD sites?
Hi It should work; based on my experience AD selects the smallest subnet that covers the IP address IP addresses 10.10.0.1 - 10.10.255.254 is site 1 except for 10.10.88.1 - 126 that is in site 2 in your example Have anybody seen any documentation about this? //Best Regards Lars -Original Message- From: Thommes, Michael M. [mailto:[EMAIL PROTECTED] Sent: den 27 augusti 2003 17:10 To: Active Directory Mailing List (E-mail) Subject: [ActiveDir] overlapping IP space in AD sites? Hi, We have a pretty complex IP structure with various types of access. As we develop AD sites for low bandwidth connected remote offices, I was wondering how AD handles site subnet definitions that might overlap one another. For example: 10.10.0.0/16 = Site 1 10.10.88.0/25 = Site 2 The AD Sites and Services mmc allows (doesn't complain) about overlapping subnets. As always, any comments or experiences in this area are appreciated! Mike Thommes Argonne National Laboratory List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] overlapping IP space in AD sites?
This is fine. We actually have a couple of class A subnets defined and the subdefine those to more specific sites. I.E. Class A points to an overall company site. Many 24 bit mask or 23 bit mask subnets are then defined to further refine the site the clients should use. The clients will chase through the logic and find the subnet that most closely matches it and use that site. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Wednesday, August 27, 2003 11:10 AM To: Active Directory Mailing List (E-mail) Subject: [ActiveDir] overlapping IP space in AD sites? Hi, We have a pretty complex IP structure with various types of access. As we develop AD sites for low bandwidth connected remote offices, I was wondering how AD handles site subnet definitions that might overlap one another. For example: 10.10.0.0/16 = Site 1 10.10.88.0/25 = Site 2 The AD Sites and Services mmc allows (doesn't complain) about overlapping subnets. As always, any comments or experiences in this area are appreciated! Mike Thommes Argonne National Laboratory List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
