Recently I encountered an issue with subnet boundaries in SCCM 2007. Personally I rather not use subnet boundaries, but rather IP ranges or AD sites. In this case the client felt more comfortable with subnet, since they used them successfully in the past and did not want to change that. In preparation for a new location, boundaries needed to be put in SCCM and one of the boundaries was a supernet 10.129.0.0/19 (subnet mask 255.255.224.0). If you enter a this information in SCCM 2007, SCCM will create a subnet ID of 10.129.0.0 and treat this as a /24 range. See pictures below
Making a /24 subnet (IP adress 10.129.0.1 – 10.129.0.254) instead left us short of a couple of subnets that are in the /19 subnet. In reality the supernet (/19 subnet) has 5 bits extra which make up 1+2+4+8+16 = 31 subnets (IP address 10.129.0.1 – 10.129.31.254). Needless to say that things did not work properly. In this case the 31 subnet had to be added separately.
Looking a SCCM 2012 I foresee less problems, especially since you have Forest discovery that can be enabled. Forest discovery uses AD sites and services to get the boundaries to SCCM. Basically when AD sites and services is configured properly, boundaries in SCCM can be created automatically. Just to see how that works I decided to take the supernet from above as an example and see how this would be discovered in SCCM 2012. Below is a picture of how Forest discovery has been configured in my test lab.
I automatically create the boundaries, however you can choose yourself to do that or not. So I added the /19 range to AD sites and services and started the Forest discovery. Below you can see the result.
As you can see the discovered /19 range is added as an IP Range covering the 31 subnets. It is good to see that this is better arranged in SCCM 2012 and another reason to upgrade to SCCM 2012.
Comments
Are there also known issues in SCCM 2012 when using a Site definition as a boundary (added to a boundary group with site systems/distributionpoints) , and the site definition contains a supernet to cover a range of subnets?
Say you have an environment with class C networks in the range 10.12.0.0/24 — 10.12.100.0/24 and in the AD site – lets call it ‘contoso’ – a supernet 10.12.0.0/16 is defined, covering all these subnets.
I’d say that if the client ‘tells’ the SCCM MP that it’s in Site ‘contoso’, it’s needless to do any further matching on subnets to determine which distribution point is to be used.
If you use AD sites for boundaries there is no issues when there is a supernet defined in AD sites and services, at least I haven’t seen or heard of it.
AD site boundaries can off course be used, however if AD sites and services is not maintained properly you can get some problems. I have seen a company that had an AD site that spanned several physical locations and clients would get the content over the wan link because AD sites were used for boundaries. If they would have used IP ranges for boundaries they could have avoided that. So my preferred method is IP ranges for boundaries, then again it is also depending on the situation.