<div dir="auto">sorry to hijack this thread. i often read about the memory usage when one uses larger subnets/ranges.<div dir="auto"><br></div><div dir="auto">what are larger subnets? <br><div dir="auto"><br></div><div dir="auto">at $dayjob we use lots of /24, several hundreds /30 and about two dozens /20. the memory usage on a recent server is ignorable and the startup times are also way below one minute...</div><div dir="auto"><br></div><div dir="auto">how is it with dhcpv6? there we have even larger pools with ia-na, -pd and -ta. is the memory "setup" different?</div><div dir="auto"><br></div><div dir="auto">tia</div><div dir="auto">philippe </div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Simon Hobson <<a href="mailto:dhcp1@thehobsons.co.uk">dhcp1@thehobsons.co.uk</a>> schrieb am Mi., 12. Mai 2021, 14:22:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Louis Garcia <<a href="mailto:louisgtwo@gmail.com" target="_blank" rel="noreferrer">louisgtwo@gmail.com</a>> wrote:<br>
<br>
>> According to standards set forth in Internet Engineering Task Force<br>
>> (IETF) document RFC-1918, the following IPv4 address ranges are reserved by the IANA for private internets,<br>
>> <br>
>> <a href="http://10.0.0.0/8" rel="noreferrer noreferrer" target="_blank">10.0.0.0/8</a> IP addresses: 10.0.0.0 – 10.255.255.255<br>
>> <a href="http://172.16.0.0/12" rel="noreferrer noreferrer" target="_blank">172.16.0.0/12</a> IP addresses: 172.16.0.0 – 172.31.255.255<br>
>> <a href="http://192.168.0.0/16" rel="noreferrer noreferrer" target="_blank">192.168.0.0/16</a> IP addresses: 192.168.0.0 – 192.168.255.255<br>
<br>
Correct.<br>
But just because <a href="http://172.16.0.0/12" rel="noreferrer noreferrer" target="_blank">172.16.0.0/12</a> is reserved doesn't mean you have to use all 1,048,576 addresses in that block, and you don't have to use /12 as your mask. The /12 here simply tells you that everything from 172.16.0.0 to 172.31.255.255 is in that reserved space.<br>
The DHCP server will not allocate anything you haven't told it to, and your border routers (and certainly your ISP) should be filtering any of these RFC1918 address out - "nothing out, nothing in" should be the policy for them.<br>
Also, because of the way the server works, it's a really bad idea to create large blocks (though I think relates to ranges, rather than subnets) as it makes in-memory tables huge.<br>
<br>
<br>
>> dhcpd does not seem to like subnet/mask combination.<br>
>> <br>
>> authoritative;<br>
>> default-lease-time 600;<br>
>> max-lease-time 7200;<br>
>> subnet 172.16.4.0 netmask 255.240.0.0 {<br>
>> option domain-name-servers 172.16.4.1;<br>
>> option broadcast-address 172.31.255.255;<br>
>> option routers 172.16.4.1;<br>
>> option ntp-servers 172.16.4.1;<br>
>> range 172.16.4.50 172.16.4.254;<br>
>> }<br>
<br>
Yes, as already mentioned, that's not a valid address & mask.<br>
<br>
<br>
> Currently I have three networks <a href="http://172.16.2.0/24" rel="noreferrer noreferrer" target="_blank">172.16.2.0/24</a> <a href="http://172.16.3.0/24" rel="noreferrer noreferrer" target="_blank">172.16.3.0/24</a><br>
> <a href="http://172.16.4.0/24" rel="noreferrer noreferrer" target="_blank">172.16.4.0/24</a>. I read that not all of 172.16.0.0 is private, only<br>
> <a href="http://172.16.0.0/12" rel="noreferrer noreferrer" target="_blank">172.16.0.0/12</a>. I am trying to not have public routable IPs on my<br>
> network. Please let me know if this setup is fine.<br>
> <br>
> # DHCP Server Configuration file.<br>
> <br>
> authoritative;<br>
> default-lease-time 600;<br>
> max-lease-time 7200;<br>
> <br>
> # Client system architecture type: RFC4578<br>
> option arch code 93 = unsigned integer 16;<br>
> <br>
> subnet 172.16.2.0 netmask 255.255.255.0 {<br>
> option domain-name-servers 172.16.2.1;<br>
> option broadcast-address 172.16.2.255;<br>
> option routers 172.16.2.1;<br>
> option ntp-servers 172.16.2.1;<br>
> range 172.16.2.50 172.16.2.254;<br>
> if option arch = 00:07 {<br>
> filename "/grub/shim.efi";<br>
> }<br>
> next-server 172.16.2.5;<br>
> }<br>
> <br>
> subnet 172.16.3.0 netmask 255.255.255.0 {<br>
> option domain-name-servers 172.16.3.1;<br>
> option broadcast-address 172.16.3.255;<br>
> option routers 172.16.3.1;<br>
> option ntp-servers 172.16.3.1;<br>
> range 172.16.3.50 172.16.3.254;<br>
> }<br>
> <br>
> subnet 172.16.4.0 netmask 255.255.255.0 {<br>
> option domain-name-servers 172.16.4.1;<br>
> option broadcast-address 172.16.4.255;<br>
> option routers 172.16.4.1;<br>
> option ntp-servers 172.16.4.1;<br>
> range 172.16.4.50 172.16.4.254;<br>
> }<br>
<br>
Yes, that's just fine.<br>
<br>
<br>
<br>
Simon<br>
<br>
_______________________________________________<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
dhcp-users mailing list<br>
<a href="mailto:dhcp-users@lists.isc.org" target="_blank" rel="noreferrer">dhcp-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" rel="noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
</blockquote></div>