[kea-announce] Kea 2.3.4, a new development release of Kea, is now available

Wed Jan 25 15:34:57 UTC 2023

Internet Systems Consortium is pleased to announce the release of Kea 2.3.4.

Releases in the Kea 2.3.x sequence are part of the Kea 2.3 development
branch, where new features are provided for testing and evaluation
before the branch is designated stable and recommended for production use.

The current stable branch of Kea is Kea 2.2 and its most recent release
is 2.2.0

Kea source tarball are available from cloudsmith.io:

https://dl.cloudsmith.io/public/isc/kea-2-2/raw/versions/2.2.0/kea-2.2.0.tar.gz

https://dl.cloudsmith.io/public/isc/kea-2-3/raw/versions/2.3.4/kea-2.3.4.tar.gz

And from the ISC download page:

          https://www.isc.org/download

---

# Kea 2.3.4, January 25 2023, Release Notes

Welcome to Kea 2.3.4, the fifth monthly release of the 2.3 development
series. As with any other development release, use this with caution:
development releases are not recommended for production use.

Kea is a DHCP implementation developed by Internet Systems Consortium
(ISC) that features DHCPv4 and DHCPv6 servers with DNS updating and a
REST API; optional database support (MySQL and PostgreSQL); optional
RADIUS, Kerberos, and YANG/NETCONF support; and much more. Kea provides
extensive management capabilities, including but not limited to: TLS
support, run-time configuration monitoring and updates via a REST API,
host reservations, client classification, and more.

The text below references issue numbers. For more details, visit the Kea
GitLab page at https://gitlab.isc.org/isc-projects/kea/issues.

The following features and bug fixes have been implemented since the
previous release, version 2.3.3:

1. **Random Allocation Strategy**: Since its inception in 2011, Kea has
been using an iterative allocation strategy, which means it was
iterating through the address space and allocating available addresses
sequentially. This is a simple, fast, and easy-to-understand allocation
strategy that works for most use cases. However, we have now introduced
a new random allocator, not to replace the iterative allocator, but to
provide an alternative. The choice of an allocation strategy is now a
configuration decision depending on the deployment requirements [#969,
#1313, #2316].

2. **Bulk Leasequery**: The subscriber-only Leasequery hook has been
extended to support Bulk Leasequery (BLQ) for DHCPv6. BLQ allows
rebooting routers and switches to reacquire their lost state by querying
the DHCP server. BLQ differs from the typical DHCP protocol in several
fundamental ways: first, it uses TCP, and therefore is
connection-oriented; second, it does not follow the "one query, one
response" paradigm. The "bulk" in BLQ means that devices can send a
single query and receive many (possibly millions) of answers. We did
extensive internal testing and the feature appears to be stable, but
please do use it with caution. We are eager to get feedback on this
topic, especially with regards to interoperability with other vendors.
BLQ is currently available for memfile + DHCPv6 only [#2713, #2634,
#2691, #2687, #2689, #2680, #2685, #2662, #2679, #2681, #2684, #979,
#2674, #2675, #2678, #2673, #2663, #2668, #2665, #2645, #2655, #2647,
#2639, #2644].

3. **Multiple vivso suboptions for DHCPv4**: The Kea DHCPv4 server can
now handle multiple vendor options with different enterprise IDs and
multiple vivso suboptions. The vendor options handling has been updated
[#1518, #2694].

4. **PD hints**: Kea now understands when a DHCPv6 client prefers a
prefix of a certain length. If Kea is configured to hand out /64, /60,
and /56 prefixes and the client requests /56, it will get it.
Previously, Kea ignored the hint and assigned prefixes in the order the
pools appeared in the config file [#1958]. The `prefix-len` and
`pd-pools` list now checks the prefix lengths correctly [#2612].

5. **Deprecating libreload**: The API `libreload` command is now
deprecated. The command was implemented a long time ago, in Kea 1.2.0,
when the hooks framework was still being implemented and there were no
hooks. The original idea - to reload just the hooks and not the whole
server configuration - never gained any traction. Starting with this
release and for the next stable branch (Kea 2.4.x) the command will
print a deprecation warning, but will otherwise function normally. It
will be removed completely from the Kea 2.5 and 2.6 branches [#2693].

6. **DB improvements**: New database connection parameters,
`read-timeout` and `write-timeout`, control the timeouts in
communication with a MySQL database. The `tcp-user-timeout` parameter
controls the timeout in communication with a PostgreSQL database.
Setting these timeouts can prevent occasional Kea hangs due to issues
with database connectivity. Those are expected to improve compatibility
with HAProxy [#2688]. Compatibility with recently published PostgreSQL
15 has been improved [#2724]. Kea can now detect a bug in MariaDB, which
incorrectly rejects certain valid constructs as invalid JSON. This has
been reported to and confirmed by the MariaDB team [#2654].
Compatibility with MySQL 5.5 (very old, but still used by CentOS 7) has
been improved [#2727]. A bug in the logic to set DB parameters no longer
confuses DHCPv4 with DHCPv6 [#2672].

7. **DDNS logging failure reasons**: The `kea-dhcp-ddns` daemon now uses
new log messages to clearly distinguish between timeouts and other IO
errors when communicating with DNS servers [#2589].

8. **Build improvements**: The autoconf script for forensic logging has
been moved to another location [#2633]. The deprecated-declarations
warnings have been fixed [#2617]. The C++ warnings for (in)equality
operator have been fixed [#2661]. Compilation on MacOS clang and C++20
has been fixed [#2621]. Jenkins improvements in hammer have been made
[#2657]. Freeradius-client package names in hammer have been fixed
[#2652].

## Incompatible Changes

1. The `libreload` API command is now deprecated.

2. The `tcp-user-timeout` is not supported until PostgreSQL 12. This
causes DHCPv4 and DHCPv6 unit tests to fail on systems with PostgreSQL
11 and earlier. See #2734 for details.

## License

This version of Kea is released under the Mozilla Public License,
version 2.0.

https://www.mozilla.org/en-US/MPL/2.0

The premium and subscriber-only hook libraries are provided under the
terms of a Kea Hooks Basic Commercial End User License Agreement.

## Download

Pre-built ISC packages for current versions of the most popular Linux
operating systems are available at:

https://cloudsmith.io/\~isc/repos/

The Kea source and PGP signature for this release may be downloaded from:

https://www.isc.org/download

as well as from the Cloudsmith repository.

The signature was generated with the ISC code signing key, which is
available at:

https://www.isc.org/pgpkey

ISC provides detailed documentation, including installation instructions
and usage tutorials, in the Kea Administrator Reference Manual.
Documentation is included with the installation or at
https://kea.readthedocs.io/en/latest/index.html.

Limitations and known issues with this release can be found at
https://gitlab.isc.org/isc-projects/kea/wikis/known-issues-list.

We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the Kea Users mailing list
(https://lists.isc.org/mailman/listinfo/kea-users. We would also like to
hear whether the documentation is adequate and accurate. Please open
tickets in the Kea GitLab project for bugs, documentation omissions and
errors, and enhancement requests. We want to hear from you even if
everything worked.

## Support

Professional support for Kea is available from ISC. We encourage all
professional users to consider this option; Kea maintenance is funded
with support subscriptions. For more information on ISC's Kea and DHCP
software support see https://www.isc.org/support/.

Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/community/mailing-list.

## Changes

The following summarizes changes and important upgrade notes since the
2.3.3 release for Kea core:

2089.	[build]		razvan
	The library version numbers have been bumped for the Kea 2.3.4
	development release.
	(Gitlab #2726)

2088.	[func]*		tomek
	The libreload command is now deprecated. The code is still there,
	but it will be removed in the future versions.
	(Gitlab #2693)

2087.	[func]		razvan
	The Kea DHCPv4 server can now handle multiple vendor options
	with different enterprise IDs and multiple vivso-suboptions.
	(Gitlab #1518)

2086.	[bug]		andrei
	A spacing issue in a prepared statement that prevented Config
	Backend from working with PostgreSQL 15 and above has been fixed.
	(Gitlab #2724)

2085.	[func]		tmark
	kea-dhcp-ddns uses new log messages to clearly distinguish
	between timeouts and other IO errors when communicating with
	DNS servers.
	(Gitlab #2589)

2084.	[func]		razvan
	When the client adds a prefix length in the hint, the server
	will try to select a pool with the delegated prefix length
	equal to the respective value. If no pool is found, the server
	will try to select a pool with a lower delegated prefix length
	(a larger address space) and if none is found, it will try to
	select a pool with a higher delegated prefix length (a smaller
	address space).
	(Gitlab #1958)

2083.	[func]		marcin
	New database connection parameters, "read-timeout" and
	"write-timeout", control the timeouts in communication with the
	MySQL database. The "tcp-user-timeout" controls the timeout in
	communication with the PostgreSQL database. Setting these
	timeouts can prevent occasional Kea hangs due to issues with
	the database connectivity.
	(Gitlab #2688)

2082.	[bug]		razvan
	The prefix address provided in the prefix and prefix length pair
	from the pool configuration is now checked to match the first
	address in the pool.
	(Gitlab #2612)

2081.	[func]		tmark
	The default value for the kea-dhcp-ddns parameter,
	dns-server-timeout, has been increased from 100 ms to
	500 ms.  This was done to improve the out-of-the-box
	user experience.
	(Gitlab #2590)

2080.	[func]		tmark
	Bulk Lease Query results can now include delegated prefixes.
	Memfile queries used by Bulk Lease Query (BLQ) were modified
	to include delegated prefixes when appropriate. Prior to
	this they were returning only address leases.
	(Gitlab #2713)

2079.	[func]		marcin
	The lease allocation strategy is now configurable. It is possible
	to select between iterative and random lease selection for the
	address assignment and prefix delegation, respectively, at the
	global, shared network, and subnet levels.
	(Gitlab #2348, #969)

And for Kea premium:

162.	[bug]		razvan
	The prefix address provided in the prefix and prefix length pair
	from the pool configuration is now checked to match the first
	address in the pool.
	(Gitlab #2612)

161.	[build]		andrei
	Building without the forensic log source files is now possible.
	Previously, it would complain about files not existing. Those
	file declarations were moved from a generic m4 file to a m4 file
	that is dedicated to forensic logging.
	(Gitlab #2633)

160.	[func]		fdupont, tmark
	The lease_query hook library now supports bulk lease query
	for DHCPv6 (RFC 5460). It is currently only supported with
	memfile lease storage.
	(Gitlab #2673)

See https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes for a
complete list of release notes.

Thank you again to everyone who assisted us in making this release
possible.

We look forward to receiving your feedback.

-- 
Everett B. Fulton
ISC Support