[Kea-users] ISC DHCP shared-network {} and Kea

Marcin Siodelski marcin at isc.org
Mon Nov 28 13:30:27 UTC 2016 

One possible way to deal with this problem is to use the Kea client
classification mechanisms. The Kea Administrator's Manual, sections:

 http://kea.isc.org/docs/kea-guide.html#dhcp4-client-classifier
 http://kea.isc.org/docs/kea-guide.html#classify

describe how client classification can be used to influence subnet
selection for a given client. There is a bunch of values from the
client's message you can look into to classify the client. But, whether
it works for you or not mostly depends on how you determine that this
client on a shared link should belong to this subnet, and the other
belongs to another subnet. Do you have any database of known / unknown
clients that you want to use? How are the clients identified, by their
MAC address?

The most flexible approach, but potentially requiring some coding, is to
use a hooks library. Kea sources include a "User Check" hooks library
(in src/hooks/dhcp/user_chk/) which is intended to do what you want:
assign one subnet to known clients, assign another subnet to unknown
clients. The known clients are stored in a text file which the hook
library reads.

I suggest you have a look into the Kea Developer's Guide:
https://jenkins.isc.org/job/Kea_doc/doxygen/d8/db2/libdhcp_user_chk.html

for the documentation of the UserCheck library. You may also want to
watch the webinar about hooks development, which uses User Check library
as an example.

Cheers,

Marcin Siodelski
ISC


On 18.11.2016 15:24, SoupNazi izaNpuoS wrote:
> Thomas,
> 
> That is exactly what I mean ... a group of subnets on a single
> interface.  In some instances, we also will deny unknown-clients from
> some of the subnets forcing unknown-clients into a certain subnet.
> 
> This also applies to DHCPv6 moving forward.  We need to be able to have
> multiple subnets grouped together on a remote interface.  We may deny
> unknown-clients from some subnets forcing them to other subnets.
> 
> Please note that all of the above will occur via relay forwarding as the
> DHCP servers are centrally located.
> 
> On Fri, Nov 18, 2016 at 8:57 AM, Thomas Markwalder <tmark at isc.org
> <mailto:tmark at isc.org>> wrote:
> 
>     On 11/16/16 3:58 PM, SoupNazi izaNpuoS wrote:
>>     Folks,
>>
>>     I had a look at the migration document
>>     (https://kea.isc.org/wiki/ConfigurationMigration
>>     <https://kea.isc.org/wiki/ConfigurationMigration>)
>>
>>     I found shared-network in the table and noted that no Kea
>>     equivalent is listed.  Also
>>     the http://kea.isc.org/docs/kea-guide.html
>>     <http://kea.isc.org/docs/kea-guide.html> doesn't seem to show a
>>     way to group subnets together.
>>
>>     Is there presently no way to do something like this?:
>>
>>     shared-network SomeNetwork {
>>
>>             option domain-name-servers 8.8.8.8,8.8.4.4;
>>
>>             subnet 10.0.0.0 netmask 255.255.255.0 {
>>
>>                     option routers 10.0.0.1;
>>
>>                     option subnet-mask 255.255.255.0;
>>
>>
>>                     pool {
>>
>>                             min-lease-time 28800;
>>
>>                             default-lease-time 28800;
>>
>>                             max-lease-time 28800;
>>
>>                             range 10.0.0.2 10.0.0.254;
>>
>>                     }
>>
>>             }
>>
>>             subnet 192.168.0.0 netmask 255.255.255.0 {
>>
>>                     option routers 192.168.0.1;
>>
>>                     option subnet-mask 255.255.255.0;
>>
>>
>>                     pool {
>>
>>                             min-lease-time 28800;
>>
>>                             default-lease-time 28800;
>>
>>                             max-lease-time 28800;
>>
>>                             range 192.168.0.2 192.168.0.254;
>>
>>                     }
>>
>>             }
>>
>>     }
>>
>>
>>     _______________________________________________
>>     Kea-users mailing list
>>     Kea-users at lists.isc.org <mailto:Kea-users at lists.isc.org>
>>     https://lists.isc.org/mailman/listinfo/kea-users
>>     <https://lists.isc.org/mailman/listinfo/kea-users>
>     Hello:
> 
>     It depends on what you are using the shared-network feature to
>     accomplish.  For ISC DHCP, a shared-network implies that the subnets
>     therein are the same physical interface. It is also true that the
>     subnets inherit any statements (such as options) from the
>     shared-network.  Could you expand on your needs?
> 
>     Thanks,
> 
>     Thomas Markwalder
>     ISC Software Engineering
> 
> 
> 
>     _______________________________________________
>     Kea-users mailing list
>     Kea-users at lists.isc.org <mailto:Kea-users at lists.isc.org>
>     https://lists.isc.org/mailman/listinfo/kea-users
>     <https://lists.isc.org/mailman/listinfo/kea-users>
> 
> 
> 
> 
> _______________________________________________
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>

More information about the Kea-users mailing list