[kea-dev] Initial feedback on the new Radius integration

Baptiste Jonglez baptiste at bitsofnetworks.org
Sun May 20 21:37:30 UTC 2018


Hi,

As you probably know, I have been developing Radius integration in Kea for
a non-profit ISP / community network I am a member of.  Here is the
work-in-progress code: https://code.ffdn.org/zorun/kea

I saw that there is a new Radius feature in Kea 1.4 (unfortunately not
publicly available).  Based on its documentation [1], I have a couple of
questions:

- do you support the Framed-IP-Netmask radius attribute?  Our use-case
  involves giving /32 IP addresses to clients, regardless of the actual
  prefix length in Kea's configuration.  So we basically use
  Framed-IP-Netmask = 255.255.255.255, would it be interpreted by Kea?

- is there a reason for using the original freeradius client library
  (which is unmaintained to the point that you had to patch it locally),
  while radcli [2] is actively maintained and has the same API?  We tried
  to discuss this some time ago [3].

- your radius implementation is advertised as a hook, but I see that a
  full rebuild of Kea is needed.  It seems that part of the implementation
  is built into Kea?  We initially tried to implement radius support as a
  hook, but it was really awkward, so we implemented it within Kea.

- the host reservation cache looks very nice!  This is something we really
  wanted to implement but it looked quite complex to do.

Thanks in advance,
Baptiste

[1] http://kea.isc.org/docs/kea-guide.html#hooks-radius
[2] https://github.com/radcli/radcli
[3] https://kea.isc.org/ticket/5349#comment:1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-dev/attachments/20180520/afa5796d/attachment.bin>


More information about the kea-dev mailing list