[SOLVED] Guest devices not getting IP DHCP at around 400 devices

Hi, im having problems with DHCP in a site with 1000+ devices, im testing a openwrt 18.x.1 (last stable) x64 on a i3 8300 pc as a router. When i reboot the machine everything seeems fine, devices get ip and can get to internet. but there is a problem latter and "new" devices dont get ip anymore, but "old" ones can still navigate with no problems, cpu usage is low and wan fiber is like 400mbps used so no problems there.

seems a dhcp limitation

this is my /etc/config/dhcp

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option leasetime '12h'
        option limit '30000'
        option force '1'

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

and this is my lan interface:

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ip6assign '60'
        option _orig_ifname 'eth0'
        option _orig_bridge 'true'
        option ipaddr '10.6.0.1'
        option netmask '255.255.0.0'
        option dns '8.8.8.8 8.8.4.4'
        option ifname 'eth0'

I cant see any errors on logs, just a ton of dhcp request and offers.

Can you help me? thank you.

Looks like an issue with DNSMASQ.

You can increase the verbosity of DNSMASQ, and see the full exchange of requests and responses. Or, if you do not see those requests, perhaps your firewall is configured to limit the amount of DHCP traffic.

Ok, thank you for the responses, the firewall is just the default Openwrt one, with no changes.

I just checked the logs and the problem is that there are no leases left!

but i did changed the limit to 30k, how is this possible? is there another hard cap somewhere?

is my first openwrt router, sorry if im a bit noob. And thank you.

log error looks like: DHCPNAK(br-lan) 10.6.x.xxx xx:c2:f1:xx:xx:xx no leases left

When dnsmasq starts up, it prints the effective DHCP lease range into the syslog in the form Wed Oct 3 15:39:43 2018 daemon.info dnsmasq-dhcp[3808]: DHCP, IP range 10.11.12.100 -- 10.11.12.249, lease time 12h - what is it reporting for you?

Internally, the dnsmasq init script performs the following calculation to obtain the effective range:

# ipcalc.sh 10.6.0.1 255.255.0.0 100 30000
IP=10.6.0.1
NETMASK=255.255.0.0
BROADCAST=10.6.255.255
NETWORK=10.6.0.0
PREFIX=16
START=10.6.0.100
END=10.6.117.148

So your dnsmasq should serve addresses from 10.6.0.100 to 10.6.117.148

Thank you jow, this shows the log after a /etc/init.d/dnsmasq restart

Wed Oct  3 15:42:05 2018 daemon.info dnsmasq-dhcp[11048]: DHCPNAK(br-lan) 10.6.x.x xx:xx:xx no leases left
Wed Oct  3 15:42:05 2018 daemon.info dnsmasq[11048]: exiting on receipt of SIGTERM
Wed Oct  3 15:42:05 2018 daemon.info dnsmasq[3167]: started, version 2.80test3 cachesize 150
Wed Oct  3 15:42:05 2018 daemon.info dnsmasq[3167]: DNS service limited to local subnets
Wed Oct  3 15:42:05 2018 daemon.info dnsmasq[3167]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Oct  3 15:42:05 2018 daemon.info dnsmasq-dhcp[3167]: DHCP, IP range 10.6.0.100 -- 10.6.117.147, lease time 12h

the range seems fine to me. :thinking:

Mmmm, the "hardcap" seems to be at 1000 dhcp leases,

i just did a vim on /tmp/dhcp.leases and there is like 1000 registers.

This looks just like what im seeing in the real world scenario, everything works until arround 1k devices, how can i increase this limit?

thank you.

Not terribly surprising as a /24 only has 256 addresses in it. "Dnsmasq provides network infrastructure for small networks" and wasn't designed for "enterprise" use. (Not many "small networks" have "1000+ devices" on them.)

I'd look at kea for your DHCP server, rather than trying to patch/hack dnsmasq.

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q3/009871.html

3 Likes

Thats it, Thank you so much lleachii, so the fix is just edit /etc/dnsmasq.conf

and add: dhcp-lease-max=5000

restart dnsmasq and no "no leases left" errors anymore.

thank you guys, apreciated.

lets see how performs on this scenario next days. cu

edit: just looking at /tmp/dhcp.leases is now showing 1300+ registers now.

2 Likes

Better use built-in instruments:

uci set dhcp.@dnsmasq[0].dhcp_lease_max='N'
uci commit dhcp
service dnsmasq reload

Because it will help to backup and survive reflash without additional issues.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.