Posted: Sat Jun 07, 2025 2:07 Post subject: Large DHCP Lease Pool
Hello All,
I am trying to set up a DD-WRT PC (x86_64 build, most recent version), paid version. It is running on an AMD Phenom(tm) II X4 840T Processor with 16GB of RAM and an SSD. 2 PCI-E Ethernet cards are installed as well. 1 is four-port, 1 is one-port.
I need to subnet the network so that there is a DHCP Lease Pool of about 10,000 or so. 1,000 addresses might work with a really low lease time of 1 hour or something.
Attached a screenshot of the current DHCP settings that I have tried. I can't put a number larger than 254 in the maximum IP address block.
You may be able to set up 10 or more bridges on different IPs and assign a dhcp server for each one. You will probably also want to enable the recently added ARPd service. _________________ - Linksys EA8500: I-Gateway, WAP/VAP 5ghz only. Features: VLANs, Samba, WG, Entware - r60xxx
- Linksys EA8500: 802.11s Secondary w/VLAN Trunk over 5ghz - r60xxx
- Linksys MX4300: 802.11s Primary w/VLAN Trunk over 5ghz. 2.4ghz WAP/VAP only - r60xxx
- Linksys MX4300: (WAP/VAP (7)) Multiple VLANs over single trunk port. Entware/Samba r60xxx
- Linksys MR7350: WDS Station for extended Ethernet r60xxx
- Linksys MR7500, MX8500: None in production. Just testing. r60xxx
- OSes: Fedora 40, 10 RPis (2,3,4,5), 23 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.
- Forum member #248
I just did some quick testing. I set up one additional bridge br1 and assigned the IP of 10.0.0.1/17. I then created a new dhcp server for br1 with a start IP of 2 and a max of 10000. Note, I did this on a router, not a x86 PC, but should work the same regardless.
I assigned wlan0.1 to br1 to test by connecting via my phone. I got an IP of 10.0.35.70 so it appears to be working. Also, the 254 limit doesn't seem to exist on additionally created dhcp servers under the Networking tab, as it does on the Basic Setup tab.
So it looks like you will only need to create one bridge and one new dhcp server attached to it to make this work.
EDIT: Also tested on a spare lan port on my pc and got an IP of 10.0.22.140/17. I simply assigned lan3 on the router to br1 to test this. _________________ - Linksys EA8500: I-Gateway, WAP/VAP 5ghz only. Features: VLANs, Samba, WG, Entware - r60xxx
- Linksys EA8500: 802.11s Secondary w/VLAN Trunk over 5ghz - r60xxx
- Linksys MX4300: 802.11s Primary w/VLAN Trunk over 5ghz. 2.4ghz WAP/VAP only - r60xxx
- Linksys MX4300: (WAP/VAP (7)) Multiple VLANs over single trunk port. Entware/Samba r60xxx
- Linksys MR7350: WDS Station for extended Ethernet r60xxx
- Linksys MR7500, MX8500: None in production. Just testing. r60xxx
- OSes: Fedora 40, 10 RPis (2,3,4,5), 23 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.
- Forum member #248
You are talking about an installation with 10000 concurrent users and want to put them in one broadcast domain?
You must be joking.
I suggest you hire professional help and use professional equipment for that kind of installations
This is quite a task for sure and not likely to work with dd-wrt in any configuration, scalable or not. You could not use dd-wrt as a gateway device for sure, for 10k connections at any speed. It was great fun to test and see if the dhcp server could handle it. Of course I cannot test 10000 connections, but at least the dhcp server randomly assigned IP addresses over the full subnet. I'm pretty sure Pi-Hole could handle that too for that matter...but pretty impressive still imo. While dd-wrt may very well be able to handle the dhcp server for 10000 connections, it would require professional equipment and a huge pipe to allow any bandwidth into VERY fat (multiple) gateways. _________________ - Linksys EA8500: I-Gateway, WAP/VAP 5ghz only. Features: VLANs, Samba, WG, Entware - r60xxx
- Linksys EA8500: 802.11s Secondary w/VLAN Trunk over 5ghz - r60xxx
- Linksys MX4300: 802.11s Primary w/VLAN Trunk over 5ghz. 2.4ghz WAP/VAP only - r60xxx
- Linksys MX4300: (WAP/VAP (7)) Multiple VLANs over single trunk port. Entware/Samba r60xxx
- Linksys MR7350: WDS Station for extended Ethernet r60xxx
- Linksys MR7500, MX8500: None in production. Just testing. r60xxx
- OSes: Fedora 40, 10 RPis (2,3,4,5), 23 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.
- Forum member #248
Posted: Sun Jun 08, 2025 23:27 Post subject: Some more assistance
OK, progress.
I was able to do what Lexridge suggested about creating br1, the Ethernet ports are then unbridged from the main bridge (br0) and assigning a bunch of my Ethernet ports to it, br1. Then creating a second DHCP server for br1. The problem is, I tested the setup with 2 different computers.
br0 - IP 192.168.128.1 / 17, DHCP range start IP: 192.168.250.1 - 192.168.250.254
br1 - IP 192.168.128.1 / 17, DHCP range start IP: 192.168.129.2 - 192.168.130 ++, I didn't calculate it exactly but 4000 addresses total. To make it easier to tell, I also changed the lease time on br1 to 120 minutes.
The weird part is both computers get an IP address, but one is from the DHCP pool for br0 and the other from br1. They are both plugged into ports that should be getting IPs from br1.
Also, small GUI issue, can't see the Root MAC in br1, it is a � symbol or some other character, changes when the page reloads.
Joined: 15 Aug 2016 Posts: 291 Location: Melbourne, Australia
Posted: Mon Jun 09, 2025 2:12 Post subject:
Without fully understanding the issues involved, my first reaction to the stated overlapping networks in br0 and br1 would be a network design vulnerable to complications and confusions down the track.
While in theory a network of /17 would give you some 32,768 usable IP addresses, practical limitations RAMs and CPU power on a consumer-grade router, may result in its developers placing restrictions on the router's OS. Unbeknown to users.
It's simply a case of 'Horses for Courses'.
I note you are configuring it on a PC hardware platform, it runs on DDWRT. No necessarily designed for industrial usage. I may be wrong here.
As egc suggested, you may need professional help for scoping cover. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
___________________________________________________
2x Netgear R9000 & 2x XR700 Features:
- Gateway
- Overclocked -2000MHz
- SmartDNS, DDNS
- Both 5GHz & 2.4GHz using DDWRT (not Vanilla component)
- Private Home network on default br0 bridge together with vlan1 + wlan0 & 1
- Isolated port-based VLANS, placed on bridges + vAPs (wlan0.1 & 1.1) for guests & IoT devs)
- WireGuard Server for secure on-the-road access & remote control of devices @home
- OpenVPN Client for incognito & o/seas based programs
- 10G SFP+ connected to RB5009 (via optical fiber)
- QoS - HFSC/FQ_CODEL deployed on ISP's 500/50mbps connection
Posted: Mon Jun 09, 2025 4:55 Post subject: Re: Some more assistance
ian5142 wrote:
The weird part is both computers get an IP address, but one is from the DHCP pool for br0 and the other from br1. They are both plugged into ports that should be getting IPs from br1.
@kp69 is correct. You need to have br1 on a completely different subnet from br0.
ian5142 wrote:
Also, small GUI issue, can't see the Root MAC in br1, it is a � symbol or some other character, changes when the page reloads.
This is a known issue that will hopefully get fixed soon. Seems to be cosmetic only which is good. The bridges do indeed get a valid MAC addresses as doing an ifconfig or ip a clearly shows but the webui does not.
Edit: Also, a /17 subnet give you plus 32k addresses. Why not go with /18 instead which give you 16k+ addresses. /19 gives less than 10k but how many do you really need? This could work with dd-wrt if you are wanting to monitor 10K sensors with low bandwidth and don't need Internet access. With 10k actual human users, you would need BIG stuff to do this. _________________ - Linksys EA8500: I-Gateway, WAP/VAP 5ghz only. Features: VLANs, Samba, WG, Entware - r60xxx
- Linksys EA8500: 802.11s Secondary w/VLAN Trunk over 5ghz - r60xxx
- Linksys MX4300: 802.11s Primary w/VLAN Trunk over 5ghz. 2.4ghz WAP/VAP only - r60xxx
- Linksys MX4300: (WAP/VAP (7)) Multiple VLANs over single trunk port. Entware/Samba r60xxx
- Linksys MR7350: WDS Station for extended Ethernet r60xxx
- Linksys MR7500, MX8500: None in production. Just testing. r60xxx
- OSes: Fedora 40, 10 RPis (2,3,4,5), 23 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.
- Forum member #248
Joined: 16 Nov 2015 Posts: 7114 Location: UK, London, just across the river..
Posted: Mon Jun 09, 2025 7:16 Post subject:
once you make it with the DHCP, than you have to fiddle with
Administration > Maximum Connections on my Dynalink are 24576 by default...but if you ve
30k addresses you may need to make it up high ---max is 1048576
same goes for DNSmasq if you use it..you'd need to increase
Maximum Concurrent Requests -- default is 150 but, you may need way more than that...i had a case where i needed to up the number to 350, i think with DNSmasq max is 500..and this is very busy network....with 30k clients..not very sure if DNSmasq can handle such a network...
I guess with decent CPU and lots of ram and good WAN pipe(SFP) you can handle the enterprise network....but, im curious for how long ... and what will be the overall performance... _________________ Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 -DD-WRT 63600 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 62606 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 62606 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 62606
Broadcom
Netgear R7000 --DD-WRT 63790 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
With 10k actual human users, you would need BIG stuff to do this.