High ram-usage with multiple /16 ipv4 networks

[Simon Hobson]

Peter Rathlev <peter at rathlev.dk> wrote:

> With 1.5 million leases you use 533 Mbytes memory, with just 2558 leases
> you use 35 Mbytes memory. That's not a bug.
> 
> What you want sounds like some way of actively denying clients with
> specific addresses without creating leases for them. I can't from the
> top of my head think of such a way with ISC DHCP, but I'll give it a
> try.

Sounds like a bit of a "sort of broken" setup - and I wonder if it wouldn't work with smaller subnets. The fact that the client is being forced to change address suggests that the network isn't as flat as stated.

But one way of "fudging" DHCP might be to lie to it about the subnets.

Looking back, the example given was an "active" range of 10.66.11.1 to 10.66.20.255. That fits in the 10.66.0.0/19 subnet which covers 10.66.0.0 to 10.66.31.255
Thus the ranges needing to be actively denied are much smaller - and by adjusting the ranges used, can be reduced a lot smaller still (or even eliminated). Eg, 10.66.16.1 to 10.66.23.255 fits within the 10.66.16.0/21 subnet (ie 1/4 the size again) but still offers over 2k leases.

Then (IIRC) you just need to specify the subnet mask option to override the default derived from the subnet declaration.

A request for an address outside of the server's declared subnet will get a NAK without creating a lease table entry - the server will just treat it as "not valid for this network".

As I say, it's something of a fudge, but worth trying.