[Kea-users] Client connectivity problem

Marcin Siodelski marcin at isc.org
Mon Nov 28 14:39:09 UTC 2016


Toby,

Kea performs a lookup of the reservations in two places. Firstly, in a
configuration file. If not found, the will use one of the alternative
places: MySQL or PostgreSQL. The log fragments you have provided pertain
to the phase when the reservation is being looked up in the
configuration file. Because you have stored your reservation in the
MySQL database (not config file), it is expected that it returns:

2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.hosts/4695]
HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier
hwaddr=001122334455, found 0 host(s)

However, if MySQL hosts database is also used by Kea the most
interesting part would be to see logs from the Kea talking to the
database. Unfortunately, I now found that the function which retrieves
host reservations from MySQL by MAC address lacks some logging
statements and that is probably the reason why we don't see any output
from attempts to retrieve the reservation from MySQL. We'll need to fix
that. But, it doesn't mean that the lookup doesn't take place.

In any case, I don't think I can get any closer to resolving this
problem without Kea configuration file and the entire (debug?) log. The
dump of hosts MySQL table would also be good.

A typical error can be a subnet-id mismatch between the Kea
configuration file and the host entries within the database.

If you're uncomfortable with sending configuration file and a dump of
the hosts table to the list, you're welcome to send it directly to me.

BTW, it should be ok that colons are stripped from the MAC address
because we store hosts in the database without colons.

Marcin

On 12.11.2016 09:20, Toby Walsh wrote:
> I've found what I think is the problem. I decoupled systemd and went
> back to running keactrl myself and turned on verbose mode. In the
> logs, when the client device is trying to obtain an IP from the table,
> it uses the wrong hw-addr. Someone else is having the same problem it
> seems, because google turned up this:
> 
> https://gist.github.com/jefferyharrell/0dc515a2d6a9bf639a5e6f8be03e01eb
> 
> Unlike that guy, I get no message about closing the hosts table. Mine
> looks more like this:
> 
> 2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.packets/4695]
> DHCP4_SUBNET_DATA [hwtype=1 00:11:22:33:44:55], cid=[no info],
> tid=0xfdc54451: the selected subnet details: 10.10.10.10/24
> 2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.hosts/4695]
> HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4
> reservation for subnet id 1, identified by hwaddr=001122334455
> 2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.hosts/4695]
> HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
> identifier: hwaddr=001122334455
> 2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.hosts/4695]
> HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier
> hwaddr=001122334455, found 0 host(s)
> 2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.hosts/4695]
> HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using
> subnet id 199 and identifier hwaddr=001122334455
> 2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.bad-packets/4695]
> DHCP4_PACKET_DROP_0007 [hwtype=1 00:11:22:33:44:55],
> cid=[01:00:11:22:33:44:55], tid=0x5f091348: failed to process packet:
> DHCPv4 Option4AddrLst 5 has invalid length=19, must be divisible by 4.
> 2016-07-18 11:19:18.032 DEBUG [kea-dhcp4.packets/3131]
> DHCP4_BUFFER_WAIT waiting for next DHCPv4 packet with timeout 1000 ms
> 
> So, it's getting the correct subnet using a colon-separated MAC but
> the next steps (presumably looking up the hosts table?) it's using a
> stripped MAC, without colons, and failing to find any host reservation
> and dropping the packet.
> 
> My hosts table was populated as per the "Tips about Host Reservations
> in Kea 1.1" page, i.e. the dhcp_identifier field had
> UNHEX(REPLACE('00:11:22:33:44:55', ':', '')) inserted in it. The type
> of that field was varbinary(128). I can't unhex leaving the colons in,
> and I'm not sure what format the Kea queries expect other than to go
> off the examples on that page. But that might be the problem?
> 
> On top of my failure and this other guy's on github, there are several
> examples using the HOSTS_CFG_GET keywords of people who did
> successfully perform the lookups with colon-separated MACs. So I'm
> wondering what the github and my config have done differently?
> 
> 
> 
> 
> On 12 November 2016 at 11:13, Toby Walsh <walshtj at gmail.com> wrote:
>> I have isolated this to something wrong with my database connection. I
>> have strictly followed the instructions from "Tips about Host
>> Reservations in Kea 1.1". I have a hosts table and a dhcp4_options
>> table configured correctly. When I restart the kea-dhcp4 server the
>> logs tell me the server is started correctly. I now have Kea set up to
>> run under systemctl and those logs tell me that on restarting the
>> server the lease database and the hosts database are opened. The lease
>> database is correctly populated by Kea upon obtaining a lease. But the
>> hosts database is not read and therefore neither is the dhcp4_options
>> database, and dhcpdump shows requests by the test devices for an IP
>> address but nothing happening and certainly Kea is quiet.
>>
>> On the other hand, if I specify the reservations manually in the
>> kea.conf file using basic "hw-address" and "ip-address" fields both
>> test devices I'm using successfully obtain an IP address.
>>
>> So what is different about the hosts table that I'm getting wrong? I
>> have the same database name/user name/password that I use to manually
>> populate/edit the tables. In the hosts table I'm populating:
>>
>> host_id
>> dhcp_identifier (using UNHEX(REPLACE ... )
>> dhcp_identifier_type (using 'hw-address' mapping)
>> dhcp4_subnet_id
>> ipv4_address (using INET_ATON(@my_desired_ip))
>> hostname
>>
>> and that's it. No next_server, no dhcp4_server_hostname, no
>> dhcp4_boot_file_name but I don't have those in the working kea.conf
>> reservation either.
>>
>> In the dhcp4_options table I just have routers and DNS settings. I
>> tried using option 5 and 6 for DNS but it seems irrelevant since the
>> hosts table doesn't appear to be read anyway.
>>
>> Nothing else seems to stick out to me so any tips on getting
>> mysql-backed Kea working would be great.
>>
>> Thanks.
>>
>> On 11 November 2016 at 21:14, Toby Walsh <walshtj at gmail.com> wrote:
>>> This might not be a Kea problem, but switching my DHCP server to Kea
>>> triggers it every single time. I have a small home network I'm
>>> configuring. Topology looks like this:
>>>
>>> ESXi Ubuntu VM with various services <- ESXi pfSense VM -> Unifi
>>> switch -> Unifi AP -> Android phone
>>>
>>> I started with pfSense's DHCP and each time I switch to it the network
>>> works. I'm using Freeradius authentication on the Ubuntu VM and it
>>> authenticates and there are no problems. When I switch off pfSense's
>>> DHCP and switch on Kea with a host reservations (either in the conf
>>> file or in mysql) the phone's wifi get's "connected, no internet" and
>>> there is no connectivity (duh).
>>>
>>> I've tried specifying the routers option and the dns option in the
>>> kea.conf. The dns I'm using google's 8.8.8.8 and 8.8.4.4 for testing
>>> purposes. I did have bind running initially but eliminated that to
>>> reduce variables. One thing of note is the routers option in kea.conf
>>> seems to be overwritten. I'm (currently) setting:
>>>
>>> "subnet4": [
>>> // ...
>>> "option-data": [
>>> {
>>>   "name": "routers",
>>>   "code": 3,
>>>   "space": "dhcp4",
>>>   "csv-format": true,
>>>   "data": "pfSense's_ip_address"
>>> },
>>> // ...
>>>
>>> But per dhcpdump it's getting Ubuntu's IP, which is also the IP
>>> populated in the code 54 server field. Maybe this is confusing the
>>> phone, because when I run tcpdump on any of the hardware in the
>>> topology chain there is traffic associated with the MAC of the phone
>>> and it's even trying to look up google servers and
>>> connectivitycheck.gstatic.com at times but it gets stuck and lost
>>> within my subnet.
>>>
>>> My firewall rules are wide open so it's not getting blocked there, and
>>> indeed the firewall logs nothing from the IP I'm assigning.
>>>
>>> So the only difference from my perspective is: pfSense's DHCP works
>>> for my subnet, Kea's doesn't. What else am I missing?
>>>
>>> Thanks,
>>> Toby
> _______________________________________________
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
> 



More information about the Kea-users mailing list