[Kea-users] Configuring kea for relayed subnets *not* on its own interface's address

Bob Harold rharolde at umich.edu
Wed Sep 13 12:17:21 UTC 2017


On Tue, Sep 12, 2017 at 9:33 PM, Jeff Kletsky <kea-dhcp at allycomm.com> wrote:

> I've been able to get kea to run nicely as a DHCP server in "conventional"
> mode with an interface listening on every one of the VLANs that I need to
> serve.
>
> I'm trying to configure it now so that it only responds to relayed DHCP
> through my Cisco SG300-series switches.
>
>     "dhcp-socket-type": "udp"
>
> is already set.
>
>
> I've been able to decode the Cisco format and it appears to properly
> assign the client-class based on the VLAN:
>
> kea.conf:
>
>         "client-classes": [
>         <?include "/usr/local/etc/kea/client_classes.conf"?>
>         ],
>
> client_classes.conf includes:
>
>     {
>         "name": "VLAN_1010",
>         "test": "substring(relay4[1].hex, 2, 2) == 0x03F2"
>     }
>
>
> Thanks to the debugging instructions in 13.9 (very helpful!), I was able
> to fix my first shot and "test" the above expressions. They match as
> expected, with that match being logged in the kea-dhcp4 log:
>
>     EVAL_RESULT Expression VLAN_1010 evaluated to 1
>
>
> In my application, the DHCP server and switches are "talking" on addresses
> in the 10.2.87.0/24 range, but the pool is in the 10.10.10.0/24 range.
>
>
> Setting the subnet parameter to correspond to the pool results in "failed
> to select a subnet for incoming packet"
>
> The subnet parameter is mandatory, so I can't just use the client-class to
> select the pool
>
> If I set it to 10.2.87.0/24 then kea won't start, complaining that the
> pool does not match the prefix of the subnet
>
> I have not (yet) used kea, so I am just guessing based on experience with
dhcpd.
But this message sounds like you need an empty subnet declared for the
actual interface of the kea server, even if it is not serving DHCP on that
subnet, So try adding: (where a.b.c.d/e is the subnet the kea server is on)

    {
        "subnet": "a <http://10.0.0.0/8>.b.c.d/e"
    }

In addition to the 10.2.87.0/24 subnet.

In the older dhcpd server, this is an unfortunate result of the assumption
that the DHCP is serving DHCP on the subnet it is connected to.  I would
have hoped that kea would have fixed that.  (Or can someone explain why it
is needed?)

-- 
Bob Harold

So far, only the rather ugly solution of setting the subnet to one that
> overlaps both the interface's address and the pool is all I've found to be
> functional
>
>     {
>         "subnet": "10.0.0.0/8",
>         "pools": [ { "pool": "10.10.10.200 - 10.10.10.219" } ],
>         "client-class": "VLAN_1010",
>
>     [...]
>
> (similarly <?include "ed"?> in the subnet4 section)
>
>
> The kea instance will *only* be answering relayed DHCP, never direct
> connections.
>
>
> Is there a better way to configure this?
>
>
> TIA,
>
> Jeff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20170913/d242a967/attachment.htm>


More information about the Kea-users mailing list