Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: IPv4 Private Address Space (Simon Hobson)
2. Re: IPv4 Private Address Space (Philippe Maechler)
3. dhcrelay prints these logs and doesn't live normally. [Can't
initialize context: not enough free resources.] (???)
----------------------------------------------------------------------
Message: 1
Date: Wed, 12 May 2021 13:22:10 +0100
From: Simon Hobson <dh...@thehobsons.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: IPv4 Private Address Space
Message-ID: <122c964e-88ac-4478-accb-04759fdae...@thehobsons.co.uk>
Content-Type: text/plain; charset=utf-8
Louis Garcia <louisg...@gmail.com> wrote:
>> According to standards set forth in Internet Engineering Task Force
>> (IETF) document RFC-1918, the following IPv4 address ranges are reserved by
>> the IANA for private internets,
>>
>> 10.0.0.0/8 IP addresses: 10.0.0.0 ? 10.255.255.255
>> 172.16.0.0/12 IP addresses: 172.16.0.0 ? 172.31.255.255
>> 192.168.0.0/16 IP addresses: 192.168.0.0 ? 192.168.255.255
Correct.
But just because 172.16.0.0/12 is reserved doesn't mean you have to use all
1,048,576 addresses in that block, and you don't have to use /12 as your mask.
The /12 here simply tells you that everything from 172.16.0.0 to 172.31.255.255
is in that reserved space.
The DHCP server will not allocate anything you haven't told it to, and your
border routers (and certainly your ISP) should be filtering any of these
RFC1918 address out - "nothing out, nothing in" should be the policy for them.
Also, because of the way the server works, it's a really bad idea to create
large blocks (though I think relates to ranges, rather than subnets) as it
makes in-memory tables huge.
>> dhcpd does not seem to like subnet/mask combination.
>>
>> authoritative;
>> default-lease-time 600;
>> max-lease-time 7200;
>> subnet 172.16.4.0 netmask 255.240.0.0 {
>> option domain-name-servers 172.16.4.1;
>> option broadcast-address 172.31.255.255;
>> option routers 172.16.4.1;
>> option ntp-servers 172.16.4.1;
>> range 172.16.4.50 172.16.4.254;
>> }
Yes, as already mentioned, that's not a valid address & mask.
> Currently I have three networks 172.16.2.0/24 172.16.3.0/24
> 172.16.4.0/24. I read that not all of 172.16.0.0 is private, only
> 172.16.0.0/12. I am trying to not have public routable IPs on my
> network. Please let me know if this setup is fine.
>
> # DHCP Server Configuration file.
>
> authoritative;
> default-lease-time 600;
> max-lease-time 7200;
>
> # Client system architecture type: RFC4578
> option arch code 93 = unsigned integer 16;
>
> subnet 172.16.2.0 netmask 255.255.255.0 {
> option domain-name-servers 172.16.2.1;
> option broadcast-address 172.16.2.255;
> option routers 172.16.2.1;
> option ntp-servers 172.16.2.1;
> range 172.16.2.50 172.16.2.254;
> if option arch = 00:07 {
> filename "/grub/shim.efi";
> }
> next-server 172.16.2.5;
> }
>
> subnet 172.16.3.0 netmask 255.255.255.0 {
> option domain-name-servers 172.16.3.1;
> option broadcast-address 172.16.3.255;
> option routers 172.16.3.1;
> option ntp-servers 172.16.3.1;
> range 172.16.3.50 172.16.3.254;
> }
>
> subnet 172.16.4.0 netmask 255.255.255.0 {
> option domain-name-servers 172.16.4.1;
> option broadcast-address 172.16.4.255;
> option routers 172.16.4.1;
> option ntp-servers 172.16.4.1;
> range 172.16.4.50 172.16.4.254;
> }
Yes, that's just fine.
Simon
------------------------------
Message: 2
Date: Wed, 12 May 2021 21:05:56 +0200
From: Philippe Maechler <plcmaech...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: IPv4 Private Address Space
Message-ID:
<caphukgajltobtkz4ppgv1r2mw_3maepu_obukwxwrxbpzgk...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
sorry to hijack this thread. i often read about the memory usage when one
uses larger subnets/ranges.
what are larger subnets?
at $dayjob we use lots of /24, several hundreds /30 and about two dozens
/20. the memory usage on a recent server is ignorable and the startup times
are also way below one minute...
how is it with dhcpv6? there we have even larger pools with ia-na, -pd and
-ta. is the memory "setup" different?
tia
philippe
Simon Hobson <dh...@thehobsons.co.uk> schrieb am Mi., 12. Mai 2021, 14:22:
> Louis Garcia <louisg...@gmail.com> wrote:
>
> >> According to standards set forth in Internet Engineering Task Force
> >> (IETF) document RFC-1918, the following IPv4 address ranges are
> reserved by the IANA for private internets,
> >>
> >> 10.0.0.0/8 IP addresses: 10.0.0.0 ? 10.255.255.255
> >> 172.16.0.0/12 IP addresses: 172.16.0.0 ? 172.31.255.255
> >> 192.168.0.0/16 IP addresses: 192.168.0.0 ? 192.168.255.255
>
> Correct.
> But just because 172.16.0.0/12 is reserved doesn't mean you have to use
> all 1,048,576 addresses in that block, and you don't have to use /12 as
> your mask. The /12 here simply tells you that everything from 172.16.0.0 to
> 172.31.255.255 is in that reserved space.
> The DHCP server will not allocate anything you haven't told it to, and
> your border routers (and certainly your ISP) should be filtering any of
> these RFC1918 address out - "nothing out, nothing in" should be the policy
> for them.
> Also, because of the way the server works, it's a really bad idea to
> create large blocks (though I think relates to ranges, rather than subnets)
> as it makes in-memory tables huge.
>
>
> >> dhcpd does not seem to like subnet/mask combination.
> >>
> >> authoritative;
> >> default-lease-time 600;
> >> max-lease-time 7200;
> >> subnet 172.16.4.0 netmask 255.240.0.0 {
> >> option domain-name-servers 172.16.4.1;
> >> option broadcast-address 172.31.255.255;
> >> option routers 172.16.4.1;
> >> option ntp-servers 172.16.4.1;
> >> range 172.16.4.50 172.16.4.254;
> >> }
>
> Yes, as already mentioned, that's not a valid address & mask.
>
>
> > Currently I have three networks 172.16.2.0/24 172.16.3.0/24
> > 172.16.4.0/24. I read that not all of 172.16.0.0 is private, only
> > 172.16.0.0/12. I am trying to not have public routable IPs on my
> > network. Please let me know if this setup is fine.
> >
> > # DHCP Server Configuration file.
> >
> > authoritative;
> > default-lease-time 600;
> > max-lease-time 7200;
> >
> > # Client system architecture type: RFC4578
> > option arch code 93 = unsigned integer 16;
> >
> > subnet 172.16.2.0 netmask 255.255.255.0 {
> > option domain-name-servers 172.16.2.1;
> > option broadcast-address 172.16.2.255;
> > option routers 172.16.2.1;
> > option ntp-servers 172.16.2.1;
> > range 172.16.2.50 172.16.2.254;
> > if option arch = 00:07 {
> > filename "/grub/shim.efi";
> > }
> > next-server 172.16.2.5;
> > }
> >
> > subnet 172.16.3.0 netmask 255.255.255.0 {
> > option domain-name-servers 172.16.3.1;
> > option broadcast-address 172.16.3.255;
> > option routers 172.16.3.1;
> > option ntp-servers 172.16.3.1;
> > range 172.16.3.50 172.16.3.254;
> > }
> >
> > subnet 172.16.4.0 netmask 255.255.255.0 {
> > option domain-name-servers 172.16.4.1;
> > option broadcast-address 172.16.4.255;
> > option routers 172.16.4.1;
> > option ntp-servers 172.16.4.1;
> > range 172.16.4.50 172.16.4.254;
> > }
>
> Yes, that's just fine.
>
>
>
> Simon
>
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20210512/473b4178/attachment-0001.htm>
------------------------------
Message: 3
Date: Thu, 13 May 2021 16:28:44 +0900
From: ??? <pkd...@naver.com>
To: <dhcp-users@lists.isc.org>
Subject: dhcrelay prints these logs and doesn't live normally. [Can't
initialize context: not enough free resources.]
Message-ID: <c35489639b38ecccd7e6a380da...@cweb007.nm.nfra.io>
Content-Type: text/plain; charset="utf-8"
Hi, all.
It's my first time using this email list, so please understand that I'm not
familiar with it.
dhcp version is 4.2.6.
The dhcrelay daemon does not live normally, printing the message below.
Why this problem happend? Which part should I check?
Does anyone know what problems can cause this kind of message?
=> daemon.err>dhcrelay: Can't initialize context: not enough free resources
Thanks.
pkd.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20210513/954922ca/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 151, Issue 5
******************************************
