[kea-dev] select an IPv4 address on interface with multiple addresses

Mon Jan 26 16:38:10 UTC 2015

Marcin,

Please see my answers inline below.

Also, my apologizes for not expressing my use cases clearly enough previously.

Regards,
Nicolas.

> On 01/26/15 15:20, Chaigneau, Nicolas wrote:
> >
> > Hello,
> >
> >
> > I've tested the possibility to configure a specific listening address 
> > of an interface.
> >
> > It doesn't seem to do anything useful:
> > - I can't start two Kea servers listening on two different addresses 
> > of the same interface
> 
> That should work but I will double check to make sure.

In this situation, I get the following logs when starting the second server:

2015-01-26 17:13:31.952 WARN  [kea-dhcp4.dhcpsrv/14215] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: failed to open socket on interface eth0.102, reason: Failed to bind socket 6 to 10.163.216.230/port=67
2015-01-26 17:13:31.952 WARN  [kea-dhcp4.dhcpsrv/14215] DHCPSRV_NO_SOCKETS_OPEN no interface configured to listen to DHCP traffic

> 
> > - I can't start one Kea server listening on two different addresses of 
> > the same interface
> 
> Initially when we talked about it I thought you were running multiple instances of the DHCP server and each DHCP server would bind to a different address. So, you used to use two instances of the server because there was no other possibility with dhcpd and with Kea you would like to run just one?

This is only part of the answer (please refer to the other mail).

> 
> > - One Kea server will still answer to packets sent to any address of 
> > the interface, even when configured for a single listen address
> >
> 
> The way Kea works (and worked in the past) is that for each address and interface on which it should listen, it creates a socket, binds to a specific address on this interface and captures both unicast and broadcast traffic on this interface.
> 
> When we discussed the issues with unicast addresses you seemed to indicate that the major pain was that the socket was bound to an interface/device and received packets on this interface, even though they were sent to a different destination address on that interfaces.
>
> This has been corrected now. But, this was the case when raw socket was in use (direct_response_desired = "true"). What I didn't realize realize was that you're actually going to use the ip/udp sockets (direct_response_desired = "false), not raw sockets.

Yeah I don't want raw sockets at all. Sorry for the misunderstanding :/

> 
> > (this with Kea built with "direct_response_desired = false" so raw 
> > sockets are not used)
> >
> 
> Again, Kea doesn't yet (until #3604) support switching between use of raw sockets and ip/udp sockets. It always uses raw sockets. The trick with a direct_response_desired is a "hack" which allows you to test the use of ip/udp sockets.
> 
> Now that I understand a little more about your use cases it seems to me that what you ask for is:
> 
> - an ability to open multiple sockets on a single interface (assuming they are not raw sockets because for raw sockets you have to bind socket to the device), within a single DHCP server instance - this is not supported at present and implementing this would require a new ticket.

Yes.

> It is doable, but #3604 must go in first because it can only be done for the ip/udp socket case.

Understood.

>For raw socket it is way more complicated (not impossible, though).

Don't need them, don't want them :)

> 
> - a configuration knob which to select between the use raw sockets and udp sockets (for unicast traffic) - covered in #3604, with an additional ability to disable the broadcast traffic on the interface on which ip/udp socekts are in use.
> 
> Please confirm.

Yes.

> 
> The question I have is this. Since you want to use the ip/udp sockets (only relayed traffic, I suppose), you probably desire to use IP tables.

Yes.

> With a raw socket you couldn't use IP tables because packets will bypass the iptables. So one choice you have, when #3604 is done, is to setup ip tables to filter out broadcast packets, in which case Kea doesn't have to do it. Would that work?

Yes. In my setup Kea will never receive broadcast packets.

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.