High ram-usage with multiple /16 ipv4 networks

Ruben Wisniewski ruben at freifunk-nrw.de
Tue Apr 21 11:07:36 UTC 2015

Am Mon, 20 Apr 2015 18:48:12 +0200
schrieb Peter Rathlev <peter at rathlev.dk>:

> Hmm... I'm not sure I understand the configuration:
> On Mon, 2015-04-20 at 17:14 +0200, Ruben Wisniewski wrote:
> > subnet netmask {
> >     range; #main
> >     pool {
> >         range;
> >         deny all clients;
> >     }
> >     pool {
> >         range;
> >         deny all clients;
> >     }
> Wouldn't the "deny all clients" statements make those ranges a no-op?
> So each subnet has just 2558 available leases? But maybe this is just
> testing?
We need this deny all clients statement because of our routing-protocol.

The protocol is rerouting all dhcp traffic to the dhcpd-server which
have the best connection. So all other dhcp-servers does not get the
DHCPINFORM/DHCPREQUEST. So we need to activly deny the
other ranges, because no other dhcp-server will respond to the querys.


The client knows the network, and had the the
last time.

Our routing-protocol is routing the DHCPREQUEST to the server we
discuss about.

The dhcpd get an DHCPREQUEST for which is out of his range
but in the subnet-definition and silently ignore the request, because
he thinks he is not responsible for this requests.

Since we know, no other dhcpd will get this client-packages, we need to
activly respond with DHCPNAK to change the client's status about his

Now the client ask for a new lease and the dhcpd respond with an
ip-address out of his range.

If we remove this "deny all clients" rule out of our configs, the
clients ask several times for the old ip-address, destroy any roaming
in the network. Any reconnect takes 12-15 seconds, depend on the
client's implementation of dhcpd. With this rule we got an ip in under
1 second.

> What part is it that you see constantly increasing in that graph? I
> see the swap doing something that looks like an asymptotic increase
> towards some number around 1 GBytes or thereabout. Similar for
> "committed", whatever that is in this context.
"committed" is not used but reserved memory and can be ignored.

I think the part which is constantly increasing is the nameserver's

> Is this a failover setup? The configuration doesn't say that, but in a
> failover setup the servers always create all leases from the
> beginning. The only thing that make the memory usage grow is whatever
> extra information is added to the leases, and there might even
> already be memory reserved for some of that in advance.
Well not in the dhcpd-meaning. Each dhcp-server has it's range and just
got requests for the clients he has to care about, which got be
determined by routing protocol.

 > I'd say it looks normal. Running a DHCP server for 1.5 million leases
> is no small feat. Running a server at all with just 512 MBytes of RAM
> sounds like asking for trouble anyway. (RAM inflation, I know, but RAM
> is cheap these days.)
Actually we just use the 2558 leases, not the 1.5 million ones. Since
the config says, that no client will ever use the other pool.

Best regards


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 303 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150421/fcb82b3e/attachment.bin>

More information about the dhcp-users mailing list