Solved

Simple tcp/ip question.

Posted on 2004-08-08
10
200 Views
Last Modified: 2013-11-29
Simple tcp/ip question.
I was informed that my DHCP server is attributing more traffic that it should.  I have a client/server, domain network that has a normal internal DHCP setup.  The scope is set for start 192.168.1.2 and ending at 192.168.1.255, which is allows 253 clients with a subnet mask of 255.255.0.0.  There are 5 clients on the network.  The server and gateway are excluded

Now the argument is: would there be less traffic if the scope was only 10 or 20 static IP’s instead of 253.  The way I understand it is that the client will broadcast out to the network for an IP and when the server receives it an IP will be issued.  

Any responses on this?
0
Comment
Question by:mheinemannt
10 Comments
 
LVL 4

Accepted Solution

by:
net_sec_guru earned 25 total points
Comment Utility
net mask is 255.255.255.0 not 255.255.0.0

you can get by with 255.255.255.224 (gives you plenty of room to grow)

DHCP traffic does not use significant network bandwidth during normal periods of usage. Typical DHCP traffic does not exceed 1 percent of overall network traffic. However, there are two phases of DHCP client configuration that generate some network traffic load. These phases are IP address lease and IP address renewal.

When a client initializes TCP/IP for the first time (and is configured as a DHCP client), its first step is to acquire an IP address using DHCP. This process, as described earlier, results in a conversation between the DHCP client and server consisting of four packets, the first of which is the client computer broadcasting a DHCPDiscover packet in an attempt to locate a DHCP server.

The entire process of acquiring an IP address lease through DHCP takes a total of four packets, each varying between 342 and 590 bytes in size. This process, on a clean network (when no other network traffic is using bandwidth), takes less than 1 second (about 300 milliseconds) on 10BaseT media. Results depend on media type in use.

I like narrowing the range down so I can pretty much guess what my range of addresses would be... but traffic wise I don't know how it would make much of a difference.

0
 
LVL 15

Expert Comment

by:Cyber-Dude
Comment Utility
Try to check for lease renewal configurations...

How many users does the DHCP server serves?

Cyber
0
 

Expert Comment

by:TheBlackFire
Comment Utility
Maybe (for some strange reason) you have got a very short lease time. Check it out, as Cyber-Dude says...
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Assisted Solution

by:fatlad
fatlad earned 25 total points
Comment Utility
Lowering the scope of addresses will not alter the amount of traffic, this is entirely dependant on the number of client machines, and their lease times.

Not sure how Net Sec Guru managed to work out that your mask was wrong, or where he saying it was just set incorrectly for the size of the network?
0
 
LVL 27

Assisted Solution

by:pseudocyber
pseudocyber earned 25 total points
Comment Utility
Like net sec guru said, the mask should probably be 255.255.255.0.

5 clients on the network reserving an IP or renewing is NOT going to be causing any problems on your network.  If the source of the information about the DHCP server causing traffic ... it could very well be some other type of traffic and not just DHCP traffic.  Is it running any other services/daemons?  Can you do some simple analysis of the traffic out the port with netmon and see what it's doing?

Here's an article on netmon:

Description of the Network Monitor Capture Utility

http://support.microsoft.com/default.aspx?scid=kb;en-us;310875&Product=winxp

SUMMARY

This article describes how to use the Network Monitor Capture Utility (Netcap.exe) that you can use to capture network traffic in Network Monitor.
0
 
LVL 8

Assisted Solution

by:Jeff Rodgers
Jeff Rodgers earned 25 total points
Comment Utility
The DHCP traffic on a subnet is dictated by the number of clients requesting IP addresses.  The size of the scope is irrelevant so long as their are sufficient IP addresses available.

As a client logs onto the network it broadcasts a request demanding an IP address.

The DHCP server receives the request, looks at its database, sees what is available, and then Offers an IP address to the client.  If the Client likes the IP address and all is good the CLient then requests that IP address.  The DHCP server assigns it and responds with an Acknowledgement.  The Cleint then accepts it and moves on.

The only adjustment that is made ont he DHCP server that can impact network traffice is the length of the DHCP lease.  By default a client will attempt to renew its lease at 50% then again at 75% and 87.5% of the lease time (assuming it wasn't successful at 50% in renewing its lease (I.E. DHCP server unavailable) Therefore the longer you make the lease, the less traffic you will have.

5 Clients on a subnet will not generate enough traffic to degrade network performance unless of course you set the lease to a rediculously low number.

Good Luck
0
 
LVL 11

Assisted Solution

by:PennGwyn
PennGwyn earned 25 total points
Comment Utility
Your scope should not go all the way to .255 .  You risk issuing an address that isn't valid, especially if you correct the mask as suggested to 255.255.255.0

The amount of DHCP traffic is a product of the number of clients and the lease duration.  Lease durations of 8-168 hours are common; if yours is set to seconds, that will have a big impact.



0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now