Discussion:
[Dnsmasq-discuss] How small is a 'small network'?
Norman Gray
2015-11-16 22:05:40 UTC
Permalink
Greetings.

The dnsmasq documentation stresses that it's a good solution for 'small
networks', but how small is small? The overview seems to give as
examples home networks, or mentions dnsmasq running in a router
(implicitly a SOHO router).

I have what I'd call a medium-sized network of machines to look after,
which -- depending on how I/we organise the network -- could represent
between 500 and 1000 machines. I'd like to provide DHCP and caching DNS
to a good fraction of them, and provide authoritative (intranet) records
for perhaps half. Dnsmasq looks like it would be very convenient to use
for that, but would those numbers tax dnsmasq unduly?

I would guess that DNS and DHCP wouldn't necessarily imply a huge load
on a machine, but I'd guess also that the load would scale roughly with
the square of the number of machines being served (or perhaps linearly
both with the number of machines being served and with the number of
authoritative local records).

The machines are heterogenous in use, as opposed to being a compute
farm, or something else which would suggest that cache hits would be
unusually common.

The manpage mentions that 'Dnsmasq is capable of handling DNS and DHCP
for at least a thousand clients.' That's about the number of clients
I'm thinking of, so that's good, but is there a 'with ease' elided
there, or a 'without overwhelming pain'? Would I, in short, be storing
up trouble for myself?

I couldn't find discussion of this in a quick search of the list
archives, but I wasn't really sure what best to search for.

Thanks for any advice.

Best wishes,

Norman
--
Norman Gray : https://nxg.me.uk
SUPA School of Physics and Astronomy, University of Glasgow, UK
Jonathan S. Fisher
2015-11-17 01:00:49 UTC
Permalink
DnsMasq authors, please explain this better than I can... but here's my
understanding: The limit on number of clients on your network will be
bounded by DnsMasq's concurrency rate, not necessarily the sheer number of
clients. DnsMasq is single threaded and uses a simple select() fd_set loop (
http://daniel.haxx.se/docs/poll-vs-select.html) which means it takes a
bunch of file sockets in (I assume each UDP request is a socket) then it
processes them all and returns control to the OS. 1024 seems to be the
limit on linux, so I imagine once you approach that many concurrent
requests I imagine packets will simply be dropped since it's UDP.

With a network of 400 average business users, we see spikes to 200+ UDP
pps, steady state is around 70-80 pps.
Post by Norman Gray
Greetings.
The dnsmasq documentation stresses that it's a good solution for 'small
networks', but how small is small? The overview seems to give as examples
home networks, or mentions dnsmasq running in a router (implicitly a SOHO
router).
I have what I'd call a medium-sized network of machines to look after,
which -- depending on how I/we organise the network -- could represent
between 500 and 1000 machines. I'd like to provide DHCP and caching DNS to
a good fraction of them, and provide authoritative (intranet) records for
perhaps half. Dnsmasq looks like it would be very convenient to use for
that, but would those numbers tax dnsmasq unduly?
I would guess that DNS and DHCP wouldn't necessarily imply a huge load on
a machine, but I'd guess also that the load would scale roughly with the
square of the number of machines being served (or perhaps linearly both
with the number of machines being served and with the number of
authoritative local records).
The machines are heterogenous in use, as opposed to being a compute farm,
or something else which would suggest that cache hits would be unusually
common.
The manpage mentions that 'Dnsmasq is capable of handling DNS and DHCP for
at least a thousand clients.' That's about the number of clients I'm
thinking of, so that's good, but is there a 'with ease' elided there, or a
'without overwhelming pain'? Would I, in short, be storing up trouble for
myself?
I couldn't find discussion of this in a quick search of the list archives,
but I wasn't really sure what best to search for.
Thanks for any advice.
Best wishes,
Norman
--
Norman Gray : https://nxg.me.uk
SUPA School of Physics and Astronomy, University of Glasgow, UK
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
--
Email Confidentiality Notice: The information contained in this
transmission is confidential, proprietary or privileged and may be subject
to protection under the law, including the Health Insurance Portability and
Accountability Act (HIPAA). The message is intended for the sole use of the
individual or entity to whom it is addressed. If you are not the intended
recipient, you are notified that any use, distribution or copying of the
message is strictly prohibited and may subject you to criminal or civil
penalties. If you received this transmission in error, please contact the
sender immediately by replying to this email and delete the material from
any computer.
Simon Kelley
2015-11-17 17:51:09 UTC
Permalink
It's more complex than number of sockets available to a process. The
number of clients is not limited by the number of sockets. Talking to
clients, one (or a few) sockets handles many clients. Talking
upstream, you need to create a new socket for each query to randomise
the source port, but the code handles that fine: if too many sockets
are in use, it starts to re-use them. The randomness of the source
port falls a bit, but it still keeps working.

The latest release of dnsmasq uses poll() instead of select()
specifically so that it works, and works efficiently, in situations
where the per-process socket limit has been increased above 1024.

The limits with many clients are more on the DHCP side, see my reply
to OP.

Cheers,

Simon.
Post by Jonathan S. Fisher
DnsMasq authors, please explain this better than I can... but
here's my understanding: The limit on number of clients on your
network will be bounded by DnsMasq's concurrency rate, not
necessarily the sheer number of clients. DnsMasq is single threaded
and uses a simple select() fd_set loop (
http://daniel.haxx.se/docs/poll-vs-select.html) which means it
takes a bunch of file sockets in (I assume each UDP request is a
socket) then it processes them all and returns control to the OS.
1024 seems to be the limit on linux, so I imagine once you approach
that many concurrent requests I imagine packets will simply be
dropped since it's UDP.
With a network of 400 average business users, we see spikes to 200+
UDP pps, steady state is around 70-80 pps.
On Mon, Nov 16, 2015 at 4:05 PM, Norman Gray
Post by Norman Gray
Greetings.
The dnsmasq documentation stresses that it's a good solution for
'small networks', but how small is small? The overview seems to
give as examples home networks, or mentions dnsmasq running in a
router (implicitly a SOHO router).
I have what I'd call a medium-sized network of machines to look
after, which -- depending on how I/we organise the network --
could represent between 500 and 1000 machines. I'd like to
provide DHCP and caching DNS to a good fraction of them, and
provide authoritative (intranet) records for perhaps half.
Dnsmasq looks like it would be very convenient to use for that,
but would those numbers tax dnsmasq unduly?
I would guess that DNS and DHCP wouldn't necessarily imply a huge
load on a machine, but I'd guess also that the load would scale
roughly with the square of the number of machines being served
(or perhaps linearly both with the number of machines being
served and with the number of authoritative local records).
The machines are heterogenous in use, as opposed to being a
compute farm, or something else which would suggest that cache
hits would be unusually common.
The manpage mentions that 'Dnsmasq is capable of handling DNS and
DHCP for at least a thousand clients.' That's about the number
of clients I'm thinking of, so that's good, but is there a 'with
ease' elided there, or a 'without overwhelming pain'? Would I,
in short, be storing up trouble for myself?
I couldn't find discussion of this in a quick search of the list
archives, but I wasn't really sure what best to search for.
Thanks for any advice.
Best wishes,
Norman
-- Norman Gray : https://nxg.me.uk SUPA School of Physics and
Astronomy, University of Glasgow, UK
_______________________________________________ Dnsmasq-discuss
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
_______________________________________________ Dnsmasq-discuss
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Simon Kelley
2015-11-17 17:44:31 UTC
Permalink
Post by Norman Gray
Greetings.
The dnsmasq documentation stresses that it's a good solution for
'small networks', but how small is small? The overview seems to
give as examples home networks, or mentions dnsmasq running in a
router (implicitly a SOHO router).
I have what I'd call a medium-sized network of machines to look
after, which -- depending on how I/we organise the network -- could
represent between 500 and 1000 machines. I'd like to provide DHCP
and caching DNS to a good fraction of them, and provide
authoritative (intranet) records for perhaps half. Dnsmasq looks
like it would be very convenient to use for that, but would those
numbers tax dnsmasq unduly?
Yes, if you run dnsmasq on a small plastic router, not if you run it
on a decent server.

The DNS side is no problem at all for these numbers: increase the
cache size by an order of magintude from the default and it will be fine
.

DHCP is slighly more complex: dnsmasq maintains the DHCP lease
database in memory, and every time it changes (lease added, lease
expires, lease removed) then the whole lot gets written out to a file
for persistence. With good hardware and fast disks, that's no problem
at all. With a little router using flash or a USB drive, it might be.
The rate of writing, long term, depends on lease length as well. If
you're using day or week long leases, no problem. If you have huge
turnover of clients and a shortage of IP addresses and have to use
short leases, then the load will be greater.

A final wrinkle with DHCP is that one part of the DHCP protocol
implementation is single threaded, so there's a 3-4 second window when
a new client arrives where no other clients can arrive. That can be a
problem for racks of machines in a datacentre which all get turned on
at the same time. There is a workaround (--no-ping)
Post by Norman Gray
I would guess that DNS and DHCP wouldn't necessarily imply a huge
load on a machine, but I'd guess also that the load would scale
roughly with the square of the number of machines being served (or
perhaps linearly both with the number of machines being served and
with the number of authoritative local records).
The machines are heterogenous in use, as opposed to being a
compute farm, or something else which would suggest that cache hits
would be unusually common.
The manpage mentions that 'Dnsmasq is capable of handling DNS and
DHCP for at least a thousand clients.' That's about the number of
clients I'm thinking of, so that's good, but is there a 'with ease'
elided there, or a 'without overwhelming pain'? Would I, in short,
be storing up trouble for myself?
On a decent server, you'll be fine.

One last thing to consider. Dnsmasq doesn't do DHCP failover, so if
you think you really need high availability, you should look a
dhcpcd/BIND.


Cheers,

Simon.
Post by Norman Gray
I couldn't find discussion of this in a quick search of the list
archives, but I wasn't really sure what best to search for.
Thanks for any advice.
Best wishes,
Norman
Norman Gray
2015-11-18 15:24:07 UTC
Permalink
Simon and Jonathan, hello.
Post by Simon Kelley
Post by Norman Gray
Greetings.
The dnsmasq documentation stresses that it's a good solution for
'small networks', but how small is small? The overview seems to
give as examples home networks, or mentions dnsmasq running in a
router (implicitly a SOHO router).
Many thanks to you both for both the reassurance and the advice.
Post by Simon Kelley
DHCP is slighly more complex: dnsmasq maintains the DHCP lease
database in memory, and every time it changes (lease added, lease
expires, lease removed) then the whole lot gets written out to a file
for persistence. With good hardware and fast disks, that's no problem
at all. With a little router using flash or a USB drive, it might be.
The rate of writing, long term, depends on lease length as well. If
you're using day or week long leases, no problem. If you have huge
turnover of clients and a shortage of IP addresses and have to use
short leases, then the load will be greater.
The majority of the assignments will be static, so long leases, and the
machines on these networks will be essentially office machines, so
without major correlation in switch-on times.

We're using private networks and plan to experiment with IPv6, so we're
not too short of addresses.
Post by Simon Kelley
Post by Norman Gray
The manpage mentions that 'Dnsmasq is capable of handling DNS and
DHCP for at least a thousand clients.' That's about the number of
clients I'm thinking of, so that's good, but is there a 'with ease'
elided there, or a 'without overwhelming pain'? Would I, in short,
be storing up trouble for myself?
On a decent server, you'll be fine.
Excellent.
Post by Simon Kelley
One last thing to consider. Dnsmasq doesn't do DHCP failover, so if
you think you really need high availability, you should look a
dhcpcd/BIND.
I don't _think_ we'll need that, but I'll keep the advice in mind.

Thanks again. Best wishes,

Norman
--
Norman Gray : https://nxg.me.uk
SUPA School of Physics and Astronomy, University of Glasgow, UK
Loading...