High ram-usage with multiple /16 ipv4 networks

Simon Hobson dhcp1 at thehobsons.co.uk
Mon Apr 27 14:41:29 UTC 2015


Ruben Wisniewski <ruben at freifunk-nrw.de> wrote:

>> Sounds like a bit of a "sort of broken" setup - and I wonder if it
>> wouldn't work with smaller subnets. The fact that the client is being
>> forced to change address suggests that the network isn't as flat as
>> stated.
> Well the problem is, that we need one big subnet, because the
> routingprotocol is L2. Else all clients have to fit in one lease-range.
> Since we use many gateways, this seem to be the only solution for this.

I think what I was getting at is that you can run multiple subnets over one L2 network. Traditionally you'd need to configure a "shared-network" stanza for DHCP to cope with this - but in your case your L2 routing will do the necessary isolation.

Put another way, if a segment of the network is configured to use gateway A, then could you assign just a smaller subnet to those devices using gateway A. Similarly, another set of clients on a different bit of the network will use a different subnet and gateway B. The DHCP servers only need configuring for the set of clients they will serve.

When a client moves from zone A to sone B, it doesn't keep it's IP address - so moving to a different subnet (while on the same (segmented) L2 network doesn't matter.


>> But one way of "fudging" DHCP might be to lie to it about the subnets.
>> 
>> Looking back, the example given was an "active" range of 10.66.11.1
>> to 10.66.20.255. That fits in the 10.66.0.0/19 subnet which covers
>> 10.66.0.0 to 10.66.31.255 Thus the ranges needing to be actively
>> denied are much smaller - and by adjusting the ranges used, can be
>> reduced a lot smaller still (or even eliminated). Eg, 10.66.16.1 to
>> 10.66.23.255 fits within the 10.66.16.0/21 subnet (ie 1/4 the size
>> again) but still offers over 2k leases.
>> 
>> Then (IIRC) you just need to specify the subnet mask option to
>> override the default derived from the subnet declaration.
>> 
>> A request for an address outside of the server's declared subnet will
>> get a NAK without creating a lease table entry - the server will just
>> treat it as "not valid for this network".
>> 
>> As I say, it's something of a fudge, but worth trying.

> Would this still give the right broadcast-address and subnetmask to
> clients?

I think so as long as you set the option values within the subnet declaration rather than relying on the automatic calculation & assignment. You'll need to test it.





More information about the dhcp-users mailing list