Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2022-11-02T15:08:42Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/245ISC DHCP users specify interfaces on the command line2022-11-02T15:08:42ZFrancis DupontISC DHCP users specify interfaces on the command lineThere is a real risk when converting an ISC DHCP server config to Kea to end with a config without interfaces. Note to add a wildcard interface does not really help...
As it is a difference in models there is nothing which can be done o...There is a real risk when converting an ISC DHCP server config to Kea to end with a config without interfaces. Note to add a wildcard interface does not really help...
As it is a difference in models there is nothing which can be done other to be aware.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/244ISC DHCP server hostname (vs IPv4 address) in option data2022-11-02T15:08:44ZFrancis DupontISC DHCP server hostname (vs IPv4 address) in option dataWhen it parses an IPv4 address the ISC DHCP parser accepts a DNS hostname which it resolves dynamically (i.e. when the value is used, not when it is parsed) into an address or a list of addresses.
This feature seems convenient at the fi...When it parses an IPv4 address the ISC DHCP parser accepts a DNS hostname which it resolves dynamically (i.e. when the value is used, not when it is parsed) into an address or a list of addresses.
This feature seems convenient at the first view but in fact is not, in particular for option values.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/243duplicate in ISC DHCP configuration2023-07-17T19:08:12ZFrancis Dupontduplicate in ISC DHCP configurationISC DHCP support a lot of duplications in config file, e.g. from Dan's sample:
- multiple class definitions (note the ISC DHCP parser merges definitions with the same class name so the MA does the same as it shares this code)
- multiple...ISC DHCP support a lot of duplications in config file, e.g. from Dan's sample:
- multiple class definitions (note the ISC DHCP parser merges definitions with the same class name so the MA does the same as it shares this code)
- multiple option definitions
- multiple host (aka reservation) definitions sharing the same address
The last two are IMHO errors so I commented them out. In conclusion the problem is more on the ISC DHCP side and to accept less duplication in Kea is both right and should be spread.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/242ISC DHCP server config option server-id-check2023-07-17T19:04:26ZFrancis DupontISC DHCP server config option server-id-check>>>
The server-id-check statement
**server-id-check** flag;
The server-id-check statement is used to control whether or not a
server, participating in failover, verifies that the value of the
dhcp-server-identifier option in received D...>>>
The server-id-check statement
**server-id-check** flag;
The server-id-check statement is used to control whether or not a
server, participating in failover, verifies that the value of the
dhcp-server-identifier option in received DHCP REQUESTs match the
server's id before processing the request. Server id checking is
disabled by default. Setting this flag enables id checking and
thereafter the server will only process requests that match. Note
the flag setting should be consistent between failover partners.
Unless overridden by use of the server-identifier statement, the
value the server uses as its id will be the first IP address asso-
ciated with the physical network interface on which the request
arrived.
In order to reduce runtime overhead the server only checks for a
server id option in the global and subnet scopes. Complicated
configurations may result in different server ids for this check
and when the server id for a reply packet is determined, which
would prohibit the server from responding.
The primary use for this option is when a client broadcasts a
request but requires that the response come from a specific
failover peer. An example of this would be when a client reboots
while its lease is still active - in this case both servers will
normally respond. Most of the time the client won't check the
server id and can use either of the responses. However if the
client does check the server id it may reject the response if it
came from the wrong peer. If the timing is such that the "wrong"
peer responds first most of the time the client may not get an
address for some time.
Care should be taken before enabling this option.
>>>
Dubious idea: for documentation purpose only.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/241ISC DHCP server config option always-broadcast2022-11-02T15:08:44ZFrancis DupontISC DHCP server config option always-broadcast>>>
The always-broadcast statement
**always-broadcast** flag;
The DHCP and BOOTP protocols both require DHCP and BOOTP clients to
set the broadcast bit in the flags field of the BOOTP message header.
Unfortunately, some DHCP and BOOTP ...>>>
The always-broadcast statement
**always-broadcast** flag;
The DHCP and BOOTP protocols both require DHCP and BOOTP clients to
set the broadcast bit in the flags field of the BOOTP message header.
Unfortunately, some DHCP and BOOTP clients do not do this, and there-
fore may not receive responses from the DHCP server. The DHCP server
can be made to always broadcast its responses to clients by setting
this flag to 'on' for the relevant scope; relevant scopes would be
inside a conditional statement, as a parameter for a class, or as a
parameter for a host declaration. To avoid creating excess broadcast
traffic on your network, we recommend that you restrict the use of
this option to as few clients as possible. For example, the
Microsoft DHCP client is known not to have this problem, as are the
OpenTransport and ISC DHCP clients.
>>>
Dubious idea in particular if there is no broken client requiring this hack. For documentation purpose only.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/240ISC DHCP server config option get-lease-hostnames2022-11-02T15:08:44ZFrancis DupontISC DHCP server config option get-lease-hostnames>>>
The get-lease-hostnames statement
**get-lease-hostnames** flag;
The get-lease-hostnames statement is used to tell dhcpd whether or
not to look up the domain name corresponding to the IP address of
each address in the lease pool and...>>>
The get-lease-hostnames statement
**get-lease-hostnames** flag;
The get-lease-hostnames statement is used to tell dhcpd whether or
not to look up the domain name corresponding to the IP address of
each address in the lease pool and use that address for the DHCP
hostname option. If flag is true, then this lookup is done for all
addresses in the current scope. By default, or if flag is false, no
lookups are done.
>>>
The idea is to perform a reverse DNS lookup to find the corresponding hostname in place of the provisioning system or the client... For documentation purpose only.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/239ISC DHCP server config booting keyword2023-07-17T18:59:35ZFrancis DupontISC DHCP server config booting keyword>>>
The booting keyword
**allow booting;**
**deny booting;**
**ignore booting;**
The booting flag is used to tell dhcpd whether or not to respond to
queries from a particular client. This keyword only has meaning when
it appears in a...>>>
The booting keyword
**allow booting;**
**deny booting;**
**ignore booting;**
The booting flag is used to tell dhcpd whether or not to respond to
queries from a particular client. This keyword only has meaning when
it appears in a host declaration. By default, booting is allowed, but
if it is disabled for a particular client, then that client will not be
able to get an address from the DHCP server.
>>>
It looks like an indirect way to add a reservation without address. The only action should be to check Kea supports this case?backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/238ISC DHCP server config option one-lease-per-client2023-07-13T18:45:31ZFrancis DupontISC DHCP server config option one-lease-per-client>>>
The one-lease-per-client statement
one-lease-per-client flag;
If this flag is enabled, whenever a client sends a DHCPREQUEST for a
particular lease, the server will automatically free any other leases
the client holds. This presume...>>>
The one-lease-per-client statement
one-lease-per-client flag;
If this flag is enabled, whenever a client sends a DHCPREQUEST for a
particular lease, the server will automatically free any other leases
the client holds. This presumes that when the client sends a DHCPRE-
QUEST, it has forgotten any lease not mentioned in the DHCPREQUEST -
i.e., the client has only a single network interface and it does not
remember leases it's holding on networks to which it is not currently
attached. Neither of these assumptions are guaranteed or provable,
so we urge caution in the use of this statement.
>>>
Dubious utility: put here only for documentation purpose.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/237ISC DHCP per class lease limit2023-07-13T18:35:36ZFrancis DupontISC DHCP per class lease limitQuote from ISC DHCP 1dhcpd.conf.5`
>>>
PER-CLASS LIMITS ON DYNAMIC ADDRESS ALLOCATION
You may specify a limit to the number of clients in a class that can be
assigned leases. The effect of this will be to make it difficul...Quote from ISC DHCP 1dhcpd.conf.5`
>>>
PER-CLASS LIMITS ON DYNAMIC ADDRESS ALLOCATION
You may specify a limit to the number of clients in a class that can be
assigned leases. The effect of this will be to make it difficult for a
new client in a class to get an address. Once a class with such a
limit has reached its limit, the only way a new client in that class
can get a lease is for an existing client to relinquish its lease,
either by letting it expire, or by sending a DHCPRELEASE packet.
Classes with lease limits are specified as follows:
class "limited-1" {
lease limit 4;
}
This will produce a class in which a maximum of four members may hold a
lease at one time.
>>>
Often associated with cloned classes. Requested by a customer but a priori not easy to implement.
Note that in Kea lease assignment is done before calling setReservedClientClasses.
Support tickets: [support#18293](https://support.isc.org/Ticket/Display.html?id=18293), [support#17523](https://support.isc.org/Ticket/Display.html?id=17523), [support#19968](https://support.isc.org/Ticket/Display.html?id=19968)
Being implemented in Kea.ISC DHCP Migrationhttps://gitlab.isc.org/isc-projects/kea/-/issues/236ISC DHCP and Kea shared-networks are not the same2023-07-13T18:42:08ZFrancis DupontISC DHCP and Kea shared-networks are not the sameThis ticket documents differences between ISC DHCP and Kea shared-networks:
- in ISC DHCP any subnet is a member of a shared-network, e.g. the config parser creates an anonymous one when it finds a "plain" subnet
- in ISC DHCP localizat...This ticket documents differences between ISC DHCP and Kea shared-networks:
- in ISC DHCP any subnet is a member of a shared-network, e.g. the config parser creates an anonymous one when it finds a "plain" subnet
- in ISC DHCP localization aka subnet selection in fact selects a shared-network. In Kea the selected subnet has some kind of priority over its siblings in the shared-network
- Kea shared-networks come with a performance penalty for resources to access at the shared-network level vs the selected subnet
To be reference by the MA for shared-networks with more than one subnet (with one subnet the shared-network is removed).backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/235ISC DHCP "class-like" if statements2023-07-17T18:49:15ZFrancis DupontISC DHCP "class-like" if statementsThis ticket is about how to convert this ISC DHCP config style:
```
subnet 10.208.0.0 netmask 255.255.128.0 {
option subnet-mask 255.255.128.0 ;
if substring (option vendor-class-identifier,0,4) = "MSFT"{
...This ticket is about how to convert this ISC DHCP config style:
```
subnet 10.208.0.0 netmask 255.255.128.0 {
option subnet-mask 255.255.128.0 ;
if substring (option vendor-class-identifier,0,4) = "MSFT"{
option routers 10.208.0.1 ;
option domain-name-servers 10.237.3.4, 10.237.3.5 ;
}
if substring (option vendor-class-identifier,0,2) = "RG"{
option classless-routes = 0F:0A:EC:0A:D0:00:01 ;
}
pool {
deny members of "MotoVIP";
range 10.208.64.1 10.208.127.254;
}
}
```
(old discussion)
The 2 if (and the "MotoVIIP" class uses an test expression which can be easily converted into a match if defining a class. The domain-name-servers option shares the same value but not the routers or the classless-routes so it is not possible to set all these parameters in class definitions.
As there is no subnet related class selector (for two reasons: classes are globally defined and classes are used to select subnets so can't depend on them) the idea should to split the subnet into class-dependent subnets. It works well for the subnet selection and parameter setting but not for the pool: range conflicts are detected when they occur inside a subnet, not yet (cf Trac 2346) between subnets but clearly do *not* work.
So IMHO it is a good place for shared networks (cf Kea 5273)... (implemented since this comment)backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/234ISC DHCP log executable statement2023-07-13T18:33:07ZFrancis DupontISC DHCP log executable statementAccording to ISC DHCP dhcp-eval(5):
>>>
log (priority, data-expr)
Logging statements may be used to send information to the standard
logging channels. A logging statement includes an optional priority
...According to ISC DHCP dhcp-eval(5):
>>>
log (priority, data-expr)
Logging statements may be used to send information to the standard
logging channels. A logging statement includes an optional priority
(fatal, error, info, or debug), and a data expression.
Logging statements take only a single data expression argument, so if
you want to output multiple data values, you will need to use the
concat operator to concatenate them.
>>>
It is an interesting feature which was discussed before (cf #4124).
To implement it in the ISC DHCP style we need 3 parameters:
- a boolean expression
- a priority
- a string expression to log
It does not seem so hard to do...backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/233ISC DCHP host reservation "group <name>" parameter2022-11-02T15:08:44ZFrancis DupontISC DCHP host reservation "group <name>" parameterIt is not documented at all but in host reservations one can specify a group by name.
I believe it is a second way (first is inclusion of the host reservation declaration in the scope of the group) to apply a group to a host. If it is t...It is not documented at all but in host reservations one can specify a group by name.
I believe it is a second way (first is inclusion of the host reservation declaration in the scope of the group) to apply a group to a host. If it is the case the corresponding Kea feature is to declare a class without a matching expression with all the parameters (e.g. option-data) of the group and to specify the host reservation belongs to the class, so basically swapping the group keyword for class.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/232Kea supports only Ethernet hardware type2022-11-02T15:08:43ZFrancis DupontKea supports only Ethernet hardware typeISC DHCP supports some other (real) hardware as FDDI... IMHO it should be allowed to use a number for the hardware type in >= 1.6.ISC DHCP supports some other (real) hardware as FDDI... IMHO it should be allowed to use a number for the hardware type in >= 1.6.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/231ISC DHCP host declaration are global2023-07-13T18:30:36ZFrancis DupontISC DHCP host declaration are globalISC DHCP host declarations are always global, Kea reservations are by default per subnet.
Kea 1.5 introduced global host reservations.ISC DHCP host declarations are always global, Kea reservations are by default per subnet.
Kea 1.5 introduced global host reservations.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/228ISC DHCP server config option dhcp-cache-threshold2022-05-25T08:37:06ZFrancis DupontISC DHCP server config option dhcp-cache-threshold>>>
The dhcp-cache-threshold statement
**dhcp-cache-threshold** percentage;
The dhcp-cache-threshold statement takes one integer parameter with
allowed values between 0 and 100. The default value is 25 (25% of the
lease time). This par...>>>
The dhcp-cache-threshold statement
**dhcp-cache-threshold** percentage;
The dhcp-cache-threshold statement takes one integer parameter with
allowed values between 0 and 100. The default value is 25 (25% of the
lease time). This parameter expresses the percentage of the total
lease time, measured from the beginning, during which a client's
attempt to renew its lease will result in getting the already
assigned lease, rather than an extended lease.
Clients that attempt renewal frequently can cause the server to
update and write the database frequently resulting in a performance
impact on the server. The dhcp-cache-threshold statement instructs
the DHCP server to avoid updating leases too frequently thus avoiding
this behavior. Instead the server assigns the same lease (i.e.
reuses it) with no modifications except for CLTT (Client Last Trans-
mission Time) which does not require disk operations. This feature
applies to IPv4 only.
When an existing lease is matched to a renewing client, it will be
reused if all of the following conditions are true:
- The dhcp-cache-threshold is larger than zero
- The current lease is active
- The percentage of the lease time that has elapsed is less than dhcp-cache-threshold
- The client information provided in the renewal does not alter any of the following:
- DNS information and DNS updates are enabled
- Billing class to which the lease is associated
- The host declaration associated with the lease
- The client id - this may happen if a client boots without a client id and then starts using one in subsequent requests.
Note that the lease can be reused if the options the client or relay
agent sends are changed. These changes will not be recorded in the
in-memory or on-disk databases until the client renews after the
threshold time is reached.
>>>
The whole idea to cache too frequent requests is a good one even not so simple to implement.
**UPDATE:** Kea now supports cache-threshold since 1.9.4. The Keama should be updated one day.ISC DHCP Migrationhttps://gitlab.isc.org/isc-projects/kea/-/issues/227ISC DHCP server config option limit-addrs/prefs-per-ia2023-07-17T18:40:44ZFrancis DupontISC DHCP server config option limit-addrs/prefs-per-ia>>>
The limit-addrs-per-ia statement
**limit-addrs-per-ia** number;
By default, the DHCPv6 server will limit clients to one IAADDR per IA
option, meaning one address. If you wish to permit clients to hang
onto multiple addresses at a t...>>>
The limit-addrs-per-ia statement
**limit-addrs-per-ia** number;
By default, the DHCPv6 server will limit clients to one IAADDR per IA
option, meaning one address. If you wish to permit clients to hang
onto multiple addresses at a time, configure a larger number here.
Note that there is no present method to configure the server to
forcibly configure the client with one IP address per each subnet on
a shared network. This is left to future work.
>>>
There is another **limit-prefs-per-ia** option for prefixes. It seems a good idea even if its main/obvious use case is not supported (by ISC DHCP).backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/226ISC DHCP server config option adaptive-lease-time-threshold2022-11-02T15:08:42ZFrancis DupontISC DHCP server config option adaptive-lease-time-threshold>>>
The adaptive-lease-time-threshold statement
**adaptive-lease-time-threshold** percentage;
When the number of allocated leases within a pool rises above the
percentage given in this statement, the DHCP server decreases the
lease len...>>>
The adaptive-lease-time-threshold statement
**adaptive-lease-time-threshold** percentage;
When the number of allocated leases within a pool rises above the
percentage given in this statement, the DHCP server decreases the
lease length for new clients within this pool to min-lease-time sec-
onds. Clients renewing an already valid (long) leases get at least
the remaining time from the current lease. Since the leases expire
faster, the server may either recover more quickly or avoid pool
exhaustion entirely. Once the number of allocated leases drop below
the threshold, the server reverts back to normal lease times. Valid
percentages are between 1 and 99.
>>>
A good idea for a lease allocation hook library.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/225ISC DHCP server config option ddns-ttl2023-07-17T13:58:22ZFrancis DupontISC DHCP server config option ddns-ttlNo description in the manual. According to the code this option provides a way to set the DNS RR TTL in updates (vs using the lease timers). Can be useful?No description in the manual. According to the code this option provides a way to set the DNS RR TTL in updates (vs using the lease timers). Can be useful?kea2.3.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/224ISC DHCP server config option limited-broadcast-address2022-11-02T15:08:43ZFrancis DupontISC DHCP server config option limited-broadcast-addressThere is no manual entry for this. The idea is to get some control on the broadcast address used to send responses to on-link clients. A priori not a bad idea. BTW the limited broadcast address is 255.255.255.255 and is not forwarded by ...There is no manual entry for this. The idea is to get some control on the broadcast address used to send responses to on-link clients. A priori not a bad idea. BTW the limited broadcast address is 255.255.255.255 and is not forwarded by routers (so the name) but the ISC DHCP option takes an IPv4 address (vs a boolean).backlog