High ram-usage with multiple /16 ipv4 networks

Ruben Wisniewski ruben at freifunk-nrw.de
Mon Apr 27 14:30:31 UTC 2015

Hi Simon,

Am Tue, 21 Apr 2015 14:42:46 +0100
schrieb Simon Hobson <simon at thehobsons.co.uk>:

> Peter Rathlev <peter at rathlev.dk> wrote:
> > With 1.5 million leases you use 533 Mbytes memory, with just 2558
> > leases you use 35 Mbytes memory. That's not a bug.
> > 
> > What you want sounds like some way of actively denying clients with
> > specific addresses without creating leases for them. I can't from
> > the top of my head think of such a way with ISC DHCP, but I'll give
> > it a try.
> Sounds like a bit of a "sort of broken" setup - and I wonder if it
> wouldn't work with smaller subnets. The fact that the client is being
> forced to change address suggests that the network isn't as flat as
> stated.
Well the problem is, that we need one big subnet, because the
routingprotocol is L2. Else all clients have to fit in one lease-range.
Since we use many gateways, this seem to be the only solution for this.

The routing-protocol does reroute the dhcp-requests because it have
more information about the quality of the links and the actual free
bandwitdth of each gateway. So turning off this feature will reduce the
overall network speed, because we have no loadbalancing based on free
bandwidth anymore.

> But one way of "fudging" DHCP might be to lie to it about the subnets.
> Looking back, the example given was an "active" range of
> to That fits in the subnet which covers
> to Thus the ranges needing to be actively
> denied are much smaller - and by adjusting the ranges used, can be
> reduced a lot smaller still (or even eliminated). Eg, to
> fits within the subnet (ie 1/4 the size
> again) but still offers over 2k leases.
> Then (IIRC) you just need to specify the subnet mask option to
> override the default derived from the subnet declaration.
> A request for an address outside of the server's declared subnet will
> get a NAK without creating a lease table entry - the server will just
> treat it as "not valid for this network".
> As I say, it's something of a fudge, but worth trying.
Would this still give the right broadcast-address and subnetmask to

Best regards

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150427/5b6a4390/attachment.bin>

More information about the dhcp-users mailing list