Running out of IP addressees in the WiFi Subnet, connection problems of the clients.

Mehmet Ozturk mehmetozturk.corporate at gmail.com
Thu Dec 21 09:32:08 UTC 2023 

Hi,

We are having a hard time with our ISC DHCPd version 4.4.1 server, which is
running on Ubuntu 22.04LTS. Using the configuration below (details removed
for security purposes), the WiFi pool runs out of IP addresses. The WiFi
Access points are 70+ units of Ruckus R550, R500, T310S, R510, with the
Controller Ruckus ZoneDirector ZD1200.

When this problem occurs, we see plenty of IP addresses in the Leases list
with unknown MAC addresses, all for 24 hours.

###############################################################
###############################################################

option tcode "Asia/Ankara";
option time-offset 10800;
option ntp-servers X.X.X.X;
option time-servers X.X.X.X;

db-time-format local;

option domain-name "xxx.com.tr";

option domain-name-servers 10.0.0.9, 10.0.0.46;

default-lease-time 3600;
max-lease-time 7200;

# Allow each client to have exactly one lease, and expire old leases if a
new DHCPDISCOVER occurs
one-lease-per-client true;

# Tell the server to look up the host name in DNS
# get-lease-hostnames true;

# Ping the IP address that is being offered to make sure it isn't
# configured on another node. This has some potential repercussions
# for clients that don't like delays.
# ping-check true;

# deny declines;
# deny bootp;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# A1 Building
subnet X.X.X.X netmask 255.255.255.0 {
authoritative;
range X.X.X.X X.X.X.X;
option domain-name-servers X.X.X.X , X.X.X.X;
option routers X.X.X.X;
option domain-name "xxx.com.tr";
}


# XXX HALL
subnet X.X.X.X netmask 255.255.255.0 {
authoritative;
range X.X.X.X 1X.X.X.X;
option domain-name-servers X.X.X.X , X.X.X.X;
option routers X.X.X.X;
option domain-name "xxx.com.tr";
host TEST-NUC {
hardware ethernet ZZ:ZZ:ZZ:ZZ:ZZ:ZZ;
fixed-address X.X.X.X;
}
}

# XXX-NET_WIFI_PUBLIC
subnet 172.16.128.0 netmask 255.255.224.0 {
  # Set default lease time to600 seconds (10 minutes)
  default-lease-time 600;

  # Set maximum lease time to 3600 seconds (2 hour)
  max-lease-time 7200;

  # Enable DHCPv4 authoritative mode
  authoritative;

  # Provide domain name servers for DNS resolution
  option domain-name-servers 10.0.0.46, 10.0.0.9;

  # Set default gateway to 172.16.128.1
  option routers 172.16.128.1;

  # Set domain name for hosts on this subnet
  option domain-name "xxx.com.tr";

  # Set address-range-1 for DHCP clients
   range 172.16.128.2 172.16.128.254;
.
.
.
  # Set address-range-x for DHCP clients
   range 172.16.159.1 172.16.159.254;


  # Set subnet mask explicitly
  option subnet-mask 255.255.224.0;

  # Set broadcast address for the subnet
  option broadcast-address 172.16.159.255;

  # Configure NTP servers for time synchronization
  option ntp-servers 10.0.0.46;

  # Enable ping check to verify client connectivity
  ping-check true;

  # Set ping timeout to 5 seconds for DHCP client checks
  ping-timeout 5;

  # Deny duplicate IP address assignments
  deny duplicates;

  # Limit the number of concurrent requests from a client to 5
  # This helps prevent abuse and resource exhaustion
  one-lease-per-client true;

  # Configure logging to monitor DHCP server activities
  log-facility local7;


  # Limit dynamic DNS updates
  ddns-update-style none;

  # Restrict dynamic updates to only known clients
  ignore client-updates;
  deny client-updates;

  # Disable BOOTP support
  allow bootp;
  deny bootp;
}

class "black-hole" {
    match substring (hardware, 1, 6);
    # deny booting;
    ignore booting;
}
subclass "black-hole" AA:AA:AA:AAAA:AA; #USER-1
subclass "black-hole" BB:BB:BB:BB:BB:BB; #USER-2
subclass "black-hole" CC:CC:CC:CC:CC:CC; #USER-3

###############################################################
###############################################################


The "/var/lib/dhcp/dhcpd.leases" file includes the details below regarding
those Unknown-MAC-Address leases ;

##################################################################################
lease 172.16.129.99 {
  starts epoch 1702534536; # Thu Dec 14 08:15:36 2023
  ends epoch 1702620938; # Fri Dec 15 08:15:38 2023
  tstp epoch 1702620938; # Fri Dec 15 08:15:38 2023
  cltt epoch 1702534536; # Thu Dec 14 08:15:36 2023
  binding state abandoned;
  next binding state free;
  rewind binding state free;
}

lease 172.16.159.232 {
  starts epoch 1702534594; # Thu Dec 14 08:16:34 2023
  ends epoch 1702620996; # Fri Dec 15 08:16:36 2023
  tstp epoch 1702620996; # Fri Dec 15 08:16:36 2023
  cltt epoch 1702534594; # Thu Dec 14 08:16:34 2023
  binding state abandoned;
  next binding state free;
  rewind binding state free;
}
##################################################################################

The "/var/log/syslog" file includes the log lines below regarding the
Leases;

##################################################################################
Dec 14 08:15:30 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:30 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:31 dd dhcpd[118025]: message repeated 11 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:31 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:31 dd dhcpd[118025]: message repeated 3 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:31 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:32 dd dhcpd[118025]: message repeated 44 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:32 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:32 dd dhcpd[118025]: message repeated 3 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:32 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:32 dd dhcpd[118025]: message repeated 19 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:32 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:33 dd dhcpd[118025]: message repeated 13 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:33 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:33 dd dhcpd[118025]: message repeated 10 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:33 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:33 dd dhcpd[118025]: message repeated 2 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:35 dd dhcpd[118025]: DHCPOFFER on 172.16.129.99 to
fe:02:fa:00:d8:02 via 172.16.128.1
Dec 14 08:15:35 dd dhcpd[118025]: DHCPOFFER on 172.16.129.99 to
02:7d:d5:93:89:1a via 172.16.128.1
Dec 14 08:15:36 dd dhcpd[118025]: DHCPREQUEST for 172.16.129.99 (10.0.0.9)
from fe:02:fa:00:d8:02 via 172.16.128.1
Dec 14 08:15:36 dd dhcpd[118025]: DHCPACK on 172.16.129.99 to
fe:02:fa:00:d8:02 via 172.16.128.1
Dec 14 08:15:36 dd dhcpd[118025]: DHCPREQUEST for 172.16.129.99 (10.0.0.9)
from 02:7d:d5:93:89:1a via 172.16.128.1: lease 172.16.129.99 unavailable.
Dec 14 08:15:36 dd dhcpd[118025]: DHCPNAK on 172.16.129.99 to
02:7d:d5:93:89:1a via 172.16.128.1
Dec 14 08:15:38 dd dhcpd[118025]: Abandoning IP address 172.16.129.99:
declined.
Dec 14 08:15:38 dd dhcpd[118025]: DHCPDECLINE of 172.16.129.99 from
fe:02:fa:00:d8:02 via 172.16.128.1: abandoned

Dec 14 08:16:33 dd dhcpd[121304]: DHCPOFFER on 172.16.159.232 to
fe:f7:0d:d9:de:2f via 172.16.128.1
Dec 14 08:16:34 dd dhcpd[121304]: DHCPREQUEST for 172.16.159.232 (10.0.0.9)
from fe:f7:0d:d9:de:2f via 172.16.128.1
Dec 14 08:16:34 dd dhcpd[121304]: DHCPACK on 172.16.159.232 to
fe:f7:0d:d9:de:2f via 172.16.128.1
Dec 14 08:16:36 dd dhcpd[121304]: Abandoning IP address 172.16.159.232:
declined.
Dec 14 08:16:36 dd dhcpd[121304]: DHCPDECLINE of 172.16.159.232 from
fe:f7:0d:d9:de:2f via 172.16.128.1: abandoned
##################################################################################

In order to prevent this happening, we added the lines below;

###############################################################
ddns-update-style none;
deny declines;
deny bootp;
###############################################################

But this time, the users started complaining about not being able to
connect. When checked, we saw plenty of error lines like below in the
syslog file;

###############################################################
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.134.41 from
9a:ab:a2:7c:99:65 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.155.171 from
46:71:ed:54:a6:c6 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.140.207 from
ae:0d:7b:f5:29:50 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.158.14 from
6a:6f:94:cd:04:b8 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.150.178 from
5e:44:2a:d6:3c:6a via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.158.203 from
62:fb:21:37:0a:e5 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.150.19 from
0a:76:41:7c:41:b6 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.154.160 from
f2:14:c3:9d:08:3d via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.144.224 from
52:a4:78:23:13:97 via 172.16.128.1: ignored
###############################################################

The DHCP server/service on the Ruckus Controller has a very limited
capacity in terms of IP address to be handled, so we can't use it.

Any suggestions ?

Mehmet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20231221/c2a76faf/attachment.htm>

More information about the dhcp-users mailing list