[openstack-dev] [neutron] high dhcp lease times in neutron deployments considered harmful (or not???)

Ihar Hrachyshka ihrachys at redhat.com
Fri Mar 13 11:05:19 UTC 2015

Hash: SHA1

(Sorry for reviving an old thread.)

On 01/28/2015 02:55 PM, Ihar Hrachyshka wrote:
> On 01/28/2015 09:50 AM, Kevin Benton wrote:
>> Hi,
>> Approximately a year and a half ago, the default DHCP lease time
>> in Neutron was increased from 120 seconds to 86400 seconds.[1]
>> This was done with the goal of reducing DHCP traffic with very
>> little discussion (based on what I can see in the review and bug
>> report). While it it does indeed reduce DHCP traffic, I don't
>> think any bug reports were filed showing that a 120 second lease
>> time resulted in too much traffic or that a jump all of the way
>> to 86400 seconds was required instead of a value in the same
>> order of magnitude.
> I guess that would be a good case for FORCERENEW DHCP extension
> [1] though after digging thru dnsmasq code a bit, I doubt it
> supports the extension (though e.g. systemd dhcp client/server from
> networkd module do). Le sigh.
> [1]: https://tools.ietf.org/html/rfc3203

Note that DHCPv6 has Reconfigure message type exactly for the case of
pushing new configuration to clients that still possess valid IA_ID
configuration. It's defined in RFC3315, section 19 [1].

The only problem with the message type is that DHCP authentication is
mandatory for this type of messages, to avoid potential DoS attacks
(concern that is probably not relevant in our isolated setup).

I haven't had any experience with authN for DHCP before, but afaik it
does not involve any prior data injection into clients. Correct me if
I am wrong.

[1]: http://tools.ietf.org/html/rfc3315#section-19

Version: GnuPG v1


More information about the OpenStack-dev mailing list