IPv4 Private Address Space
Philippe Maechler
plcmaechler at gmail.com
Wed May 12 19:05:56 UTC 2021
sorry to hijack this thread. i often read about the memory usage when one
uses larger subnets/ranges.
what are larger subnets?
at $dayjob we use lots of /24, several hundreds /30 and about two dozens
/20. the memory usage on a recent server is ignorable and the startup times
are also way below one minute...
how is it with dhcpv6? there we have even larger pools with ia-na, -pd and
-ta. is the memory "setup" different?
tia
philippe
Simon Hobson <dhcp1 at thehobsons.co.uk> schrieb am Mi., 12. Mai 2021, 14:22:
> Louis Garcia <louisgtwo at gmail.com> wrote:
>
> >> According to standards set forth in Internet Engineering Task Force
> >> (IETF) document RFC-1918, the following IPv4 address ranges are
> reserved by the IANA for private internets,
> >>
> >> 10.0.0.0/8 IP addresses: 10.0.0.0 – 10.255.255.255
> >> 172.16.0.0/12 IP addresses: 172.16.0.0 – 172.31.255.255
> >> 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255
>
> Correct.
> But just because 172.16.0.0/12 is reserved doesn't mean you have to use
> all 1,048,576 addresses in that block, and you don't have to use /12 as
> your mask. The /12 here simply tells you that everything from 172.16.0.0 to
> 172.31.255.255 is in that reserved space.
> The DHCP server will not allocate anything you haven't told it to, and
> your border routers (and certainly your ISP) should be filtering any of
> these RFC1918 address out - "nothing out, nothing in" should be the policy
> for them.
> Also, because of the way the server works, it's a really bad idea to
> create large blocks (though I think relates to ranges, rather than subnets)
> as it makes in-memory tables huge.
>
>
> >> dhcpd does not seem to like subnet/mask combination.
> >>
> >> authoritative;
> >> default-lease-time 600;
> >> max-lease-time 7200;
> >> subnet 172.16.4.0 netmask 255.240.0.0 {
> >> option domain-name-servers 172.16.4.1;
> >> option broadcast-address 172.31.255.255;
> >> option routers 172.16.4.1;
> >> option ntp-servers 172.16.4.1;
> >> range 172.16.4.50 172.16.4.254;
> >> }
>
> Yes, as already mentioned, that's not a valid address & mask.
>
>
> > Currently I have three networks 172.16.2.0/24 172.16.3.0/24
> > 172.16.4.0/24. I read that not all of 172.16.0.0 is private, only
> > 172.16.0.0/12. I am trying to not have public routable IPs on my
> > network. Please let me know if this setup is fine.
> >
> > # DHCP Server Configuration file.
> >
> > authoritative;
> > default-lease-time 600;
> > max-lease-time 7200;
> >
> > # Client system architecture type: RFC4578
> > option arch code 93 = unsigned integer 16;
> >
> > subnet 172.16.2.0 netmask 255.255.255.0 {
> > option domain-name-servers 172.16.2.1;
> > option broadcast-address 172.16.2.255;
> > option routers 172.16.2.1;
> > option ntp-servers 172.16.2.1;
> > range 172.16.2.50 172.16.2.254;
> > if option arch = 00:07 {
> > filename "/grub/shim.efi";
> > }
> > next-server 172.16.2.5;
> > }
> >
> > subnet 172.16.3.0 netmask 255.255.255.0 {
> > option domain-name-servers 172.16.3.1;
> > option broadcast-address 172.16.3.255;
> > option routers 172.16.3.1;
> > option ntp-servers 172.16.3.1;
> > range 172.16.3.50 172.16.3.254;
> > }
> >
> > subnet 172.16.4.0 netmask 255.255.255.0 {
> > option domain-name-servers 172.16.4.1;
> > option broadcast-address 172.16.4.255;
> > option routers 172.16.4.1;
> > option ntp-servers 172.16.4.1;
> > range 172.16.4.50 172.16.4.254;
> > }
>
> Yes, that's just fine.
>
>
>
> Simon
>
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20210512/473b4178/attachment.htm>
More information about the dhcp-users
mailing list