[Dnsmasq-discuss] dnsmasq on large scale network

[Geert Stappers]

On Thu, Dec 09, 2021 at 03:28:40AM +0100, Petr Menšík wrote:
> On 12/5/21 19:44, Fabian Druschke wrote:
> > Hey friends, i hope you all are doing fine.
> >
> > Currently i'm facing a little challenge. I have a large network with
> > more or less 30k clients, and i need a router for NAT from the LAN
> > subnets, in the 10.0.0.0/8 address space to the outside WAN public ip
> > address. So it's a quite simple scenario.
> >
> > I've purchased a Juniper MX150 router already, but it was the wrong
> > choice due to the lack of NAT support at all. So i wanted to use
> > OpenWrt for this scenario, because it is really really simple to set
> > up for this use.
> >
> > What i'm struggeling with, is the DHCP server included on OpenWrt. By
> > default it's dnsmasq, and it's easy to configure through the LuCi web
> > interface. Before going into production i'd like to make sure if
> > dnsmasq is designed or capable to handle this amount of clients (peak
> > 30k / 5 requests per second).
> >
> > Does someone have experience with such a scenario, and is there a
> > proper tool to benchmark DHCP ?
> >
> 
> Interesting, I am just debugging situation when multiple instances start
> and request DHCP at similar time. Without no-ping option, it works quite
> bad. Even starting 16 instances at the same time does not work reliably
> to us with ping enabled. It seems our 2.79 version is broken, 2.81 were
> fixed. But if you have 5 requests per seconds, I would use more heavy
> server. Dnsmasq is great for small networks, but I think it has no
> design for high performance. It does not scale well with hundreds or
> thousands clients.
> 
> Make sure you use no-ping for good performance. Ping code does just one
> at a time, which makes it quite slow if enabled. I would try dhcp-server
> or kea, it seems you have big enough network.

I would avoid single points of failure.
 

Groeten
Geert Stappers
-- 
Silence is hard to parse