High ram-usage with multiple /16 ipv4 networks

Ruben Wisniewski ruben at freifunk-nrw.de
Mon Apr 27 15:03:21 UTC 2015 

Hi Simon,


Am Mon, 27 Apr 2015 15:41:29 +0100
schrieb Simon Hobson <dhcp1 at thehobsons.co.uk>:

> Ruben Wisniewski <ruben at freifunk-nrw.de> wrote:
> 
> >> Sounds like a bit of a "sort of broken" setup - and I wonder if it
> >> wouldn't work with smaller subnets. The fact that the client is
> >> being forced to change address suggests that the network isn't as
> >> flat as stated.
> > Well the problem is, that we need one big subnet, because the
> > routingprotocol is L2. Else all clients have to fit in one
> > lease-range. Since we use many gateways, this seem to be the only
> > solution for this.
> 
> I think what I was getting at is that you can run multiple subnets
> over one L2 network. Traditionally you'd need to configure a
> "shared-network" stanza for DHCP to cope with this - but in your case
> your L2 routing will do the necessary isolation.
This is not possible, since we got no straight Node A in the Network is
using Gateway A and Serving Gateway A's IP-Addresses, it more like:

Node A, Z, F is using Gateway A
Node C, X, R is using Gateway B

While Node G, H, I has just changed from Gateway A to B, while all
clients still useses Gateways A's IPs.

Isolation is supported by the routing-protocol but is not well tested
nor very performant, because traffic for neighbor-nodes has to be
submitted to the internet-gateways, which are behind a crappy
DSL-Upload...


> Put another way, if a segment of the network is configured to use
> gateway A, then could you assign just a smaller subnet to those
> devices using gateway A. Similarly, another set of clients on a
> different bit of the network will use a different subnet and gateway
> B. The DHCP servers only need configuring for the set of clients they
> will serve.
> 
> When a client moves from zone A to sone B, it doesn't keep it's IP
> address - so moving to a different subnet (while on the same
> (segmented) L2 network doesn't matter.
Well this causes much martian traffic or need vlans or isolations ...
and split the network, this is something we don't want.

We still talking about an acl-issue in isc-dhcpd, so for this issue we
don't change our complete network infrastructure.

> > Would this still give the right broadcast-address and subnetmask to
> > clients?
> 
> I think so as long as you set the option values within the subnet
> declaration rather than relying on the automatic calculation &
> assignment. You'll need to test it.
We gonna test this solution.


Best regards


Ruben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150427/dc3b7b6f/attachment.bin>

More information about the dhcp-users mailing list