[Dnsmasq-discuss] Dnsmasq's upper limit for DHCP clients
simon at thekelleys.org.uk
Thu Dec 11 23:06:31 GMT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Dnsmasq imposes a hard limit on the number of DHCP leases, to avoid
DoS attacks. Old releases used to default this to 150, I think.
Current releases have the default at 1000. The limit can be changed
with the dhcp-lease-max config parameter.
The practical maximum number of leases before things break is not well
characterised. I suspect that there are some loops which are O(n^2) on
the number of leases, so that will eventually eat too much CPU, but
only at very large values of n. Probably what will get you first is
the iops to write the lease file. That gets (re-)written, all of it,
whenever any lease is created, renewed, or destroyed. It's also synced
to real disk each time, so the writes have to make it to the spinning
rust. Eventually you'll be using too much disk bandwidth. Of course
that can be worked around keeping it on a RAM disk or SSD or not using
a lease file (either because you don't care about persisting leases,
or you're using an external database engine, which would be much more
I be surprised to see problems with less than 10000 leases on
enterprise hardware (fast CPU, plenty of memory, fast disks).
The DNS aspect shouldn't be a problem: as far as the DNS subsystem is
concerned, a DHCP lease is equivalent to a DNS cache entry, and that
easily scales to hundred of thousands.
Do you have any numbers on what works?
On 11/12/14 22:49, Vikram Hosakote (vhosakot) wrote:
> Hi Simon,
> This is Vikram at Cisco Systems. I have recently been scaling DHCP
> with dnsmasq.
> I see this scale info in the manual page of dnsmasq (man dnsmasq)
> under the LIMITS section.
> Dnsmasq is capable of handling DNS and DHCP for at least a
> thousand clients.
> Is there an upper limit for the maximum number of DHCP clients
> dnsmasq can handle with and without DNS ?
> Thanks a lot!
> Regards, Vikram Hosakote OpenStack Software Engineer |
> vhosakot at cisco.com Cloud and Virtualization Group | Cisco
> Systems Boxborough MA | Work :
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss