Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Guru Elite

Re: DHCP scope are all oversubsribed


@nointerference wrote:

Hi,

 

Always surprises with new ARUBA codes now a days, I am in a bad shape with the new issue i am facing with 6000, now the box is with 6.3.0.2, we have DHCP with scopes enabled for 4000 ips, however during morning DHCP lease out all ips even though the number of users are not more than 1600, vlan-assignment count and dhcp lease count are not matching at all, also noted that DHCP report shows that users getting multiple ip for same device, contacted ARUBA support, they suggested to change the hash algorithm to even, no luck, then fast age enabled, removed vlan pool name and added vlans manually, now waiting for the next day, realy a nightmare situation evry morning, could someone come up with an advise.

 

Thank you

 

 


Nointerference,

 

There is no direct connection between the controller and how many leases are provided via the DHCP server.  The controller can attempt to hash clients via the mac address, or load balance them via "even" pools, but there are a number of factors that can affect that balance.  The controller, after user derivation or pooling determines that a user belongs in a VLAN and just bridges that traffic to that VLAN.  After that, your underlying network and clients do  more to determine what goes on with address depletion.

 

Here are factors that can influence DHCP depletion:

 

- DHCP server having reserved leases - That will lead to unbalanced DHCP addresses.

- DHCP server scopes having uneven lease times - That would mean some VLANs would get utilized before others, because leases would not be released evenly.

- DHCP scopes having uneven sizes - This would mean some VLANs get utilized before others, because the controllers assumes that all VLANs are the same size.

- DHCP scope lease time that is shorter than the user-idle-timeout on the controller - This would mean that the controller would keep users in the user table longer than the scope will.  Which means that if a DHCP address is released, but the ip address of that user is still in the user table, the controller will flag it as a duplicate ip address and possibly not let it connect.

- User or server derivation rules that place users in specific VLANS, depleting DHCP scopes, but falling outside of load balancing mechanisms - The controller does not count users that are placed in VLANs in this manner in the "even" load balancing scheme.

- DHCP scopes shared among more than one Virtual AP - Each Virtual AP has its own balancing mechanism, and it does not account for other Virtual APs using the same VLANS.  Load balancing is only kept track of within the specific Virtual AP that it is assigned from.

 

To keep your VLANs even you should:

 

- Not share VLANs between wired and wireless devices

- Do not share VLANs between virtual APs

- Do not share VLANs between controllers

- Use EVEN balancing with the Named VLAN feature

- Do not use user derivation or server derivation to put users in VLANs that are already in Virtual APs that you want to remain balanced

- Make sure VLAN sizes are all identical within the single Virtual AP

- Make sure all VLANs have the same lease lengths

- Use "Enforce DHCP" on the AAA profile so that "Ghost Addresses" like phone WAN addresses or VMWARE addresses do not end up in the user table

- Manually clear out ALL leases on all scopes to ensure that you start from scratch.  Make sure no clients are on the WLAN at that time, or take the WLAN out of service before you clear.

- Make sure that you have no DHCP reservations

 

Outside of DHCP depletion, in general:

- TEST all versions of code and configurations in a lab, before you upgrade.  Aruba makes changes and outlines the changes in the release notes, but not every possibility is tested before code is released.  That means there will be design decisions made by users that Aruba is not aware of, or did not test and does not understand the impact of changes.  It falls on the Network Administrator to test new code to ensure that his/her custom design continues to work as intended.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: DHCP scope are all oversubsribed

Thank you for the post which is very much helpful for anyone who visits this community.

 

I need to get clarified with few things.

 

How can I resolve the issue with hash algorithm which oversubscribe some scopes in DHCP where most of them are not even 50% utilized.

 

Then we tried even with preserve vlan, and also without preserve vlan setting. We had issue of oversubscribing all vlans by each device having multiple ips.

 

Thank you.

Highlighted
Guru Elite

Re: DHCP scope are all oversubsribed


@nointerference wrote:

Thank you for the post which is very much helpful for anyone who visits this community.

 

I need to get clarified with few things.

 

How can I resolve the issue with hash algorithm which oversubscribe some scopes in DHCP where most of them are not even 50% utilized.

 

Then we tried even with preserve vlan, and also without preserve vlan setting. We had issue of oversubscribing all vlans by each device having multiple ips.

 

Thank you.


I just posted a whole list of things that you can check, to see if it is affecting your situation.  Some of the things are in the Aruba configuration and other things are in your infrastructure.  Please check through all carefully to see if any contribute to your issue.

 

"Preserve VLAN" will only complicate your situation and should not be used, so that you can get to the bottom of your issue.

 

If you are using HASH, statistically there will be wasted ip addresses and you need to provide enough addresses and VLANs to account for that.  The distribution will NOT be even.  

 

Ultimately, you might have to get a consultant to come into your environment and work with TAC to determine what is the issue.  TAC cannot know everything about your network over the phone...

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: DHCP scope are all oversubsribed

COuld you expalin little more about Use EVEN balancing with the Named VLAN feature.

 

I always appreciate TAC for their support, they are very much helpful.After all i do believe it is the network administrator who is accountable for the local setup.

Highlighted
Guru Elite

Re: DHCP scope are all oversubsribed

There is nothing additional to explain.  Even will distribute clients in a Virtual access point evenly between the VLANs defined.

 

I listed things before, that even if you have EVEN vlans configured, will make it uneven.  You need to check to see if you have any of those situations...


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
All-Decade MVP 2020

Re: DHCP scope are all oversubsribed

nointerference,

 

Regarding multiple IPs per client, please re-read what I posted earlier:

 

2. If I'm a client and receive IP-1, then immediately send out a DHCPDISCOVER packet, the dhcp server (per the RFC) will send a DHCPOFFER ...UNLESS your vendor (MS) has a "one lease per client" option. Can you verify there are discovers from clients within the max lease time window after they've already received an address?

 So, can you look into your DHCP server to restrict this?

==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Highlighted
Guru Elite

Re: DHCP scope are all oversubsribed


@Ryan wrote:

nointerference,

 

Regarding multiple IPs per client, please re-read what I posted earlier:

 

2. If I'm a client and receive IP-1, then immediately send out a DHCPDISCOVER packet, the dhcp server (per the RFC) will send a DHCPOFFER ...UNLESS your vendor (MS) has a "one lease per client" option. Can you verify there are discovers from clients within the max lease time window after they've already received an address?

 So, can you look into your DHCP server to restrict this?


Ryan,

 

Do you have any screenshots of your DHCP server where this restriction is configured?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
All-Decade MVP 2020

Re: DHCP scope are all oversubsribed

I?m not using MS DHCP service like you are. We?re using Bluecat?s IPAM solution for DNS/DHCP. There?s a deployment option for ?one lease per client?. I would look through Microsoft?s documentation to see if there?s an equivalent.
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: