Wireless Access

Reply
Regular Contributor I

DHCP lease utilization not matching connected devices

We continue to need to allocate more ip addresses to wireless clients than are actually needed for network connections. We currently have 27,000 allocated, and there’s nowhere near that many concurrent wireless network connections doing real work.

 

We use ISC DHCP (infoblox) to hand out leases. We have two SSIDs. Our open SSID has 6k leases available with a 12wk high water mark of 4.7k devices. Our .1x SSID has 21k leases available with a 12wk high water mark of 15.7k devices. During peak times we are getting alerts that our lease pools are hitting 95% utilization.

 

Is close to a 30% lease overhead normal, acceptable and standard? Is this what other folks are seeing?

 

Thanks,

Mike

Guru Elite

Re: DHCP lease utilization not matching connected devices

mldickson,

 

I will let others discuss their lease percentages.  The big question is, how long are your leases?  We all know about the drive-bys that never authenticate, but associate to an open network and do nothing...

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Regular Contributor I

Re: DHCP lease utilization not matching connected devices

Our lease times are 30 minutes.
Guru Elite

Re: DHCP lease utilization not matching connected devices

mldickson,

 

Think about it this way:

 

Two users who never intended on getting on your network will use up an hour of lease time..

 

I would drop it to 15 minutes and re-measure.  I would also push for 802.1x use where you can.

 

Decreasing the lease time does make devices request a dhcp address more frequently and if you are using drop broadcast and multicast, it amounts to a unicast request, traffic wise...

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Regular Contributor I

Re: DHCP lease utilization not matching connected devices


cjoseph wrote:

mldickson,

 

Think about it this way:

 

Two users who never intended on getting on your network will use up an hour of lease time..

 

I would drop it to 15 minutes and re-measure.  I would also push for 802.1x use where you can.

 

Decreasing the lease time does make devices request a dhcp address more frequently and if you are using drop broadcast and multicast, it amounts to a unicast request, traffic wise...


We are using drop broadcast and multicast.

 

Our user idle timeout is currently set for 15 minutes. If we drop the DHCP lease time from 30 to 15 minutes should we change this as well? To what value? Would anything need to get changed? I seem to recall that we tried lowering lease times in the past but backed out for some reason.

 

Are other large-ish deployments using lease times lower than 30 minutes with no issues?

 

Thanks for the info.

Regular Contributor I

Re: DHCP lease utilization not matching connected devices

I *think* I recall that when we tried lowering DHCP lease times to 15 minutes we also lowered user idle timeout to (5 minutes?). I believe user idle timeout MUST be lower than lease time by some amount, right? Anyway, I think the issue was either that our open ssid (captive portal) users were getting frustrated with the short time to log in, or it was that DHCP server were becoming overwhelmed.

 

We are also looking at putting encryption in front of the open ssid to lower the drive-by factor.

 

Mike

Guru Elite

Re: DHCP lease utilization not matching connected devices

mldickson,

 

You just need to make sure that your lease time is longer than your idle-timeout.  (so your lease can be 16).

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: