[Kea-users] Multi-tenancy in Kea

Jason Guy jguy at cumulusnetworks.com
Wed Mar 7 14:47:10 UTC 2018


Hi Tomek,

Are you referring to VRF support when you say Multi-Tenancy?
In the latest Linux kernel (4.9+), the full VRF infrastructure is working
well, but I don't think a lot of classic services have added support. It
would be awesome to assign a subnet to a linux VRF.

Cheers,
Jason

On Wed, Mar 7, 2018 at 8:24 AM, Tomek Mrugalski <tomasz at isc.org> wrote:

> Hi Rob,
>
> I did a little experiment. With a bit of code tweaking, I managed to
> force Kea to load two identical subnets that only differed in relay IP
> address. It started all fine and I was able to get leases in each subnet.
>
> There's one major caveat, though. Allocation engine, the core part of
> the code that picks leases for new clients, can't tell a difference
> between them and thinks the address is used, despite it being used in
> the other subnet.
>
> My subnets defined were 192.0.2.1 - 192.0.2.200. First client in the
> first subnet got 192.0.2.1 (as expected), but the second client in the
> second subnet got 192.0.2.2, not 192.0.2.1.
>
> If your subnets are large (e.g. 10.0.0.0/8) you may not care. If they're
> smaller, you'll use up all addresses real quick.
>
> To implement it properly, we would have to remove getLeases4(addr) call
> and implement getLeases4(addr, subnet-id) instead. There's tons of uses
> of getLease4(addr) throughout the whole code (around 200 instances).
> This would require a MAJOR rework of Kea code and the reworked code
> would probably we worse than it is now. So am afraid it's unlikely to
> happen. At least in official master. I can imagine you hacking Kea code
> similar way you did dhcpd would be somewhat realistic, if you accept
> that certain things will be broken.
>
> Keep in mind that tweaking the code to allocate the leases is only the
> first step on this dark and twisted path. The next step that will
> probably not work is lease renewal. Then release release. After that
> you'll face probably broken lease expiration. Commands related to leases
> won't work etc. You can end up with all sorts of messed up situations,
> like client from one network renewing a lease from another subnet, then
> his lease expiring because not being renewed.
>
> If you really want to go that path, here's a page that described my
> experiment: http://kea.isc.org/wiki/KeaMultiTenant
>
> Tomek
> _______________________________________________
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20180307/f257b27e/attachment.htm>


More information about the Kea-users mailing list