dhcpd restart takes almost 7 minutes in CentOS7 (Was: dhcp-users Digest, Vol 133, Issue 4)

Simon Hobson dhcp1 at thehobsons.co.uk
Mon Nov 11 20:16:28 UTC 2019


Please don't top post, and PLEASE set the subject back to what it should be. It's really annoying an impolite to just use the Digest title as it means nothing at all to anyone.

Cayab, Jefrey E. <jcayab at gmail.com> wrote:

> # No service will be given on this subnet, but declaring it helps the
> # DHCP server to understand the network topology.
> 
> subnet 0.0.0.0 netmask 0.0.0.0 {
> }
> 
> It was taken from the comment above it; I thought I could just put anything - I'd appreciate if someone can give me what's the proper Subnet/Netmask to put there. Does the comment above means that if my dhcp server is in 10.16.5.0/24 - this is the subnet and netmask I need to put there?

Yes, it would normally be the subnet for the server's interface - if not elsewhere defined.

> Please refer to the attached file for the dhcpd.conf

> # FCC1-1 - VLAN165
> subnet 10.151.0.0 netmask 255.255.0.0 {
>   default-lease-time 28800;
>   max-lease-time 86400;
>   option domain-name-servers 10.16.5.106;
>   option routers 10.151.0.1;
>   option broadcast-address 10.151.255.255;
>   range 10.151.0.2 10.151.255.254;
> }

And as already mentioned, your problem is immediately obvious - you WILL have slow server startup with that config. It's a known issue.
I count something like 95 subnets with 65k pools, that makes over 6.1 millions addresses.

When the server is loading the config, it builds data tables containing a lease record for every address included in a pool - whether used or not. This takes both memory (have you looked at memory usage ?) and time - hence your 7 minute startup time. I would suggest you take another look at the network configuration and see if there is any scope for reducing the number of addresses in use. You said that some events could attract 60k visitors - is there scope for only provisioning that number of addresses when needed ?

Also, I don't know the details, but there are some optimisations you should make for handling such large IP lists. The internal tables are hashed, and the hashing is configured for more typical list sizes. IIRC there are compile time options to configure the hashing to be more efficient for very large lists.


There is another issue you need to address or it will bite you in the backside sooner or later.
> # WiFi-Gold - VLAN282
> subnet 10.254.0.0 netmask 255.254.0.0 {
>   default-lease-time 28800;
>   max-lease-time 86400;
>   option domain-name-servers 10.16.5.106;
>   option routers 10.254.0.1;
>   option broadcast-address 10.255.255.255;
>   range 10.254.0.2 10.255.255.254;
>   group {
>     host first { hardware ethernet 24:ee:9a:5c:58:78; fixed-address 10.255.255.252; }
>     host second { hardware ethernet 24:ee:9a:5c:ca:b5; fixed-address 10.255.255.253; }
>     host third { hardware ethernet dc:71:96:70:51:16; fixed-address 10.255.255.254; }
>   }
> }

Host statements are ALWAYS global in scope regardless of where you define them. You have posted log entries showing a warning about this.
What happens is that a device can connect to a different subnet, matches the host statement, but the fixed-address isn't valid. The device will get a dynamic address appropriate to the subnet to which it is connected - but it will inherit options from where it is defined, something that AFAIK no-one has come up with a use case for !
So move all your host declarations to the global scope and avoid the problems it could cause you in the future.




More information about the dhcp-users mailing list