DHCPREQUEST flooding

Alex Moen alexm at ndtel.com
Thu May 5 15:00:45 UTC 2016 

On 05/05/2016 09:56 AM, Bob Harold wrote:
>
> On Thu, May 5, 2016 at 10:51 AM, Patrick Trapp <ptrapp at nex-tech.com
> <mailto:ptrapp at nex-tech.com>> wrote:
>
>     Do the 300-ish devices share anything in particular in their
>     configurations? Is the configuration you shared pertinent to some of
>     your culprits?
>
>     Can you confirm that the ACK are reaching the devices? Do any of the
>     devices lose their address entirely and have to be rebooted to get
>     back on the network or is this issue literally only apparent to you
>     and your logs?
>
>     Patrick
>
>     ________________________________________
>     From: dhcp-users-bounces at lists.isc.org
>     <mailto:dhcp-users-bounces at lists.isc.org>
>     [dhcp-users-bounces at lists.isc.org
>     <mailto:dhcp-users-bounces at lists.isc.org>] on behalf of Alex Moen
>     [alexm at ndtel.com <mailto:alexm at ndtel.com>]
>     Sent: Thursday, May 05, 2016 9:40 AM
>     To: dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>     Subject: DHCPREQUEST flooding
>
>     I am running a 4.2.5 ISC DHCP server (up-to-date via Centos 7
>     repository) for our ISP business.  We have around 7000 subscribers; most
>     with an el-cheapo router, a few with no router at all.  Most of our
>     customers are using a variant of Linksys router (Linksys, Cisco-Linksys,
>     Belkin, etc) because that is what we provide if they ask for a router.
>     However, this issue is not only a Linksys issue, as we are also seeing
>     PCs exhibiting the same behavior.
>
>     The issue is that we have a fairly large number of devices (around 300)
>     that are issuing DHCPREQUESTs at extremely short intervals (the worst, a
>     few second apart).  In the last 6 hours, some of these devices have
>     REQUESTed over 2000 times.  They are all being ACKed.
>
>     Is this a common problem that everyone sees, or do I have a config
>     issue?  This has actually been going on for a long, long time, and I am
>     just tired of the large log file sizes.  Since we're an ISP, we have to
>     keep our logs for a few years time, so the log file size can become an
>     issue.
>
>     A typical network stanza looks like:
>
>               subnet 76.10.94.0 netmask 255.255.254.0 {
>               pool {
>                     authoritative;
>                     range 76.10.94.20 76.10.95.200;
>                     min-lease-time 129600;
>                     max-lease-time 259200;
>                     default-lease-time 259200;
>                     option subnet-mask 255.255.254.0;
>                     option broadcast-address 76.10.95.255;
>                     option routers 76.10.94.1;
>                     }
>               }
>
>     Thanks for any input!!
>
>     Alex
>     _______________________________________________
>
>
> Are you using failover?  In failover mode, the first lease will be a
> shorter (mclt) time, but that should not affect renewals.
>
> --
> Bob Harold
>

No failover; standalone configuration.

-- 
Alex Moen
NSTII
North Dakota Telephone Company
701-662-6481

More information about the dhcp-users mailing list