Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2022-11-02T15:08:43Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/133Discussion about ordering in configurations.2022-11-02T15:08:43ZFrancis DupontDiscussion about ordering in configurations.It concerns mainly subnets and client classes but most of this is generic, e.g. can be applied to shared networks:
- memory representation must use a multi index container with a sequenced or random access index to implement the order, ...It concerns mainly subnets and client classes but most of this is generic, e.g. can be applied to shared networks:
- memory representation must use a multi index container with a sequenced or random access index to implement the order, in particular we must to not add previous or next field to objects themselves.
- database representation must use previous and next columns in rows to implement a double linked list. First and last rows have a reserved previous or next value (e.g. id 0 for subnets).
- command hooks must add a before or after to insert command (vs always nsert at the end) and an easy way to get the order itself, e.g. the order list of entries used as index (subnet id, client class name, ...).
- optionally (i.e. not in 1.5) we can add a relocate command.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/257Improve doxygen for IfaceMgr2022-11-02T15:08:44ZThomas MarkwalderImprove doxygen for IfaceMgrThe class commentary for IfaceMgr is extremely terse and needs to be expanded.The class commentary for IfaceMgr is extremely terse and needs to be expanded.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/301Report a hook DSO version when it is loaded2022-11-02T15:08:41ZThomas MarkwalderReport a hook DSO version when it is loadedIt would be useful, if Hook DSO versions were emitted when they are loaded, or if they were included in response to the version report command.It would be useful, if Hook DSO versions were emitted when they are loaded, or if they were included in response to the version report command.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/328Using a model which is installed but unknown.2022-11-02T15:08:42ZFrancis DupontUsing a model which is installed but unknown.This issue is about the third case in this method called with the model for a managed server entry:
```
bool
NetconfAgent::checkModule(const string& module_name) const {
if (module_name.empty()) {
return (true);
}
auto modul...This issue is about the third case in this method called with the model for a managed server entry:
```
bool
NetconfAgent::checkModule(const string& module_name) const {
if (module_name.empty()) {
return (true);
}
auto module = modules_.find(module_name);
if (module == modules_.end()) {
LOG_ERROR(netconf_logger, NETCONF_MODULE_MISSING_ERR)
.arg(module_name);
return (false);
}
auto modrev = YANG_REVISIONS.find(module_name);
if (modrev == YANG_REVISIONS.end()) {
// Can't check revision?!
// It can happen only with a module which is not in
// YANG_REVISIONS but installed so likely on purpose.
return (true);
}
if (modrev->second != module->second) {
LOG_ERROR(netconf_logger, NETCONF_MODULE_REVISION_ERR)
.arg(module_name)
.arg(modrev->second)
.arg(module->second);
return (false);
}
return (true);
}
```
Tomek requested a warning, I added the comment after ```Can't check revision?!``` and answered:
No warning. In fact it means the module is installed but is not in yang revisions so either it is on purpose and the check was simply disabled, or it is a real error and the translator will raise a better error.
I am creating an issue in the case a better option could be found.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/472Documentation about congestion recovery2020-09-10T15:52:00ZFrancis DupontDocumentation about congestion recoveryTwo points:
- make clearer that the congestion recovery is not congestion avoidance (or any variant in terms which can suggest it) in the documentation
- findings about the impact on performance of the congestion recovery.Two points:
- make clearer that the congestion recovery is not congestion avoidance (or any variant in terms which can suggest it) in the documentation
- findings about the impact on performance of the congestion recovery.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1028New classification design.2023-07-31T11:54:22ZFrancis DupontNew classification design.Some proposals for a new classification design:
- replace the list+set by a multi-index
- replace the required-xxx by a more direct add-client-classes.
- add this new add-client-classes to host reservations as an alias of the existing...Some proposals for a new classification design:
- replace the list+set by a multi-index
- replace the required-xxx by a more direct add-client-classes.
- add this new add-client-classes to host reservations as an alias of the existing client-classes (same entry with the same behavior for all objects which add a class to the query)
- complete the list of class evaluation points:
* new points after the deferred unpack, pkt*_receive hook, etc
* make clear in the doc that which a classification point is for:
+ dependency on a packet procession phase (e.g. KNOWN/UNKNOWN)
+ usage for the next packet processing step (e.g. subnet selection, pool guard, output option)
* add an enum (vs a few flags) for the point where a class must be evaluated
* add a meta-data with the value of its enum and make it visible to users
- same rules on dependency (use of member in expression):
* no forward reference (the user class in a member clause must be already defined)
* get the last classification point
* perhaps a new built-in class for instance for the pkt*_receive hook
- document the way to switch from expired-* to this new stuff (but do not develop a tool to translate configurations)
- (next steps?) new uses of classes (e.g. lifetime), new expressions (e.g. in the response vs the query): in almost all cases this means new classification pointsnext-stable-3.0https://gitlab.isc.org/isc-projects/kea/-/issues/1345Ability to always-respond to all requests in HA active-active mode to support...2021-01-22T13:30:51ZEwald van GeffenAbility to always-respond to all requests in HA active-active mode to support anycast DHCPMy impression is that ISC KEA doesn't always respond to all requests. I think this is due to the 1/n split.
I run two KEA instances sharing a single BGP anycast /32 IP prefix. DHCP Requests get routed via a DHCP relay towards the closes...My impression is that ISC KEA doesn't always respond to all requests. I think this is due to the 1/n split.
I run two KEA instances sharing a single BGP anycast /32 IP prefix. DHCP Requests get routed via a DHCP relay towards the closest ISC KEA instance according to BGP. Load balancing is externally handled. This means KEA should respond to all requests it receives and not impose any load-balancing logic.
I think this is where the magic happens [1]
From my understanding active_servers needs to reflect the current server instance id (pri,sec).
[1] https://github.com/isc-projects/kea/blob/457111f9db051723ff9f8e7fb621872d0aa10363/src/hooks/dhcp/high_availability/query_filter.cc#L316outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/3302Is Host Cache required for RADIUS?2024-03-28T16:15:48ZFrancis DupontIs Host Cache required for RADIUS?The Host Cache was designed for RADIUS in order to not perform an access/auth exchange with the RADIUS server for each query: when the query comes from an already seen client (same RADIUS idenfier) the answer from the RADIUS server is av...The Host Cache was designed for RADIUS in order to not perform an access/auth exchange with the RADIUS server for each query: when the query comes from an already seen client (same RADIUS idenfier) the answer from the RADIUS server is available from the host cache. This was critical when both were designed because the access/auth exchange was synchronous (i.e. blocking until the answer is received) and single threaded (i.e. blocking the whole DHCP service). Perhaps it is less true today but the host cache is in memory when RADIUS exchanges are over the network so far slower, and the Host Cache also handles negative answers so covers (excepting for the bug described in #3269) all cases.
The Host Cache has a second function for RADIUS: when the RADIUS server returns an address (vs a pool name which is translated into a client class name directly added to the query object) a host entry for this reserved address is inserted in the Host Cache. The idea is the host lookup will be able to find it. This is not essential: the host entry can be attached to the callout handle associated to the query and got back latter as the current code does for the [re]selected subnet.kea2.6.0