Wireless Access

Reply
Regular Contributor I
Posts: 241
Registered: ‎04-03-2007

DHCP lease utilization not matching connected devices

We continue to need to allocate more ip addresses to wireless clients than are actually needed for network connections. We currently have 27,000 allocated, and there’s nowhere near that many concurrent wireless network connections doing real work.

 

We use ISC DHCP (infoblox) to hand out leases. We have two SSIDs. Our open SSID has 6k leases available with a 12wk high water mark of 4.7k devices. Our .1x SSID has 21k leases available with a 12wk high water mark of 15.7k devices. During peak times we are getting alerts that our lease pools are hitting 95% utilization.

 

Is close to a 30% lease overhead normal, acceptable and standard? Is this what other folks are seeing?

 

Thanks,

Mike

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: DHCP lease utilization not matching connected devices

mldickson,

 

I will let others discuss their lease percentages.  The big question is, how long are your leases?  We all know about the drive-bys that never authenticate, but associate to an open network and do nothing...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 241
Registered: ‎04-03-2007

Re: DHCP lease utilization not matching connected devices

Our lease times are 30 minutes.
Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: DHCP lease utilization not matching connected devices

mldickson,

 

Think about it this way:

 

Two users who never intended on getting on your network will use up an hour of lease time..

 

I would drop it to 15 minutes and re-measure.  I would also push for 802.1x use where you can.

 

Decreasing the lease time does make devices request a dhcp address more frequently and if you are using drop broadcast and multicast, it amounts to a unicast request, traffic wise...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 241
Registered: ‎04-03-2007

Re: DHCP lease utilization not matching connected devices


cjoseph wrote:

mldickson,

 

Think about it this way:

 

Two users who never intended on getting on your network will use up an hour of lease time..

 

I would drop it to 15 minutes and re-measure.  I would also push for 802.1x use where you can.

 

Decreasing the lease time does make devices request a dhcp address more frequently and if you are using drop broadcast and multicast, it amounts to a unicast request, traffic wise...


We are using drop broadcast and multicast.

 

Our user idle timeout is currently set for 15 minutes. If we drop the DHCP lease time from 30 to 15 minutes should we change this as well? To what value? Would anything need to get changed? I seem to recall that we tried lowering lease times in the past but backed out for some reason.

 

Are other large-ish deployments using lease times lower than 30 minutes with no issues?

 

Thanks for the info.

Regular Contributor I
Posts: 241
Registered: ‎04-03-2007

Re: DHCP lease utilization not matching connected devices

I *think* I recall that when we tried lowering DHCP lease times to 15 minutes we also lowered user idle timeout to (5 minutes?). I believe user idle timeout MUST be lower than lease time by some amount, right? Anyway, I think the issue was either that our open ssid (captive portal) users were getting frustrated with the short time to log in, or it was that DHCP server were becoming overwhelmed.

 

We are also looking at putting encryption in front of the open ssid to lower the drive-by factor.

 

Mike

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: DHCP lease utilization not matching connected devices

[ Edited ]

mldickson,

 

You just need to make sure that your lease time is longer than your idle-timeout.  (so your lease can be 16).



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: