DHCPREQUEST flooding
Alex Moen
alexm at ndtel.com
Thu May 5 15:00:45 UTC 2016
On 05/05/2016 09:56 AM, Bob Harold wrote:
>
> On Thu, May 5, 2016 at 10:51 AM, Patrick Trapp <ptrapp at nex-tech.com
> <mailto:ptrapp at nex-tech.com>> wrote:
>
> Do the 300-ish devices share anything in particular in their
> configurations? Is the configuration you shared pertinent to some of
> your culprits?
>
> Can you confirm that the ACK are reaching the devices? Do any of the
> devices lose their address entirely and have to be rebooted to get
> back on the network or is this issue literally only apparent to you
> and your logs?
>
> Patrick
>
> ________________________________________
> From: dhcp-users-bounces at lists.isc.org
> <mailto:dhcp-users-bounces at lists.isc.org>
> [dhcp-users-bounces at lists.isc.org
> <mailto:dhcp-users-bounces at lists.isc.org>] on behalf of Alex Moen
> [alexm at ndtel.com <mailto:alexm at ndtel.com>]
> Sent: Thursday, May 05, 2016 9:40 AM
> To: dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
> Subject: DHCPREQUEST flooding
>
> I am running a 4.2.5 ISC DHCP server (up-to-date via Centos 7
> repository) for our ISP business. We have around 7000 subscribers; most
> with an el-cheapo router, a few with no router at all. Most of our
> customers are using a variant of Linksys router (Linksys, Cisco-Linksys,
> Belkin, etc) because that is what we provide if they ask for a router.
> However, this issue is not only a Linksys issue, as we are also seeing
> PCs exhibiting the same behavior.
>
> The issue is that we have a fairly large number of devices (around 300)
> that are issuing DHCPREQUESTs at extremely short intervals (the worst, a
> few second apart). In the last 6 hours, some of these devices have
> REQUESTed over 2000 times. They are all being ACKed.
>
> Is this a common problem that everyone sees, or do I have a config
> issue? This has actually been going on for a long, long time, and I am
> just tired of the large log file sizes. Since we're an ISP, we have to
> keep our logs for a few years time, so the log file size can become an
> issue.
>
> A typical network stanza looks like:
>
> subnet 76.10.94.0 netmask 255.255.254.0 {
> pool {
> authoritative;
> range 76.10.94.20 76.10.95.200;
> min-lease-time 129600;
> max-lease-time 259200;
> default-lease-time 259200;
> option subnet-mask 255.255.254.0;
> option broadcast-address 76.10.95.255;
> option routers 76.10.94.1;
> }
> }
>
> Thanks for any input!!
>
> Alex
> _______________________________________________
>
>
> Are you using failover? In failover mode, the first lease will be a
> shorter (mclt) time, but that should not affect renewals.
>
> --
> Bob Harold
>
No failover; standalone configuration.
--
Alex Moen
NSTII
North Dakota Telephone Company
701-662-6481
More information about the dhcp-users
mailing list