[Kea-users] Global host reservations - unexpected behavior
Maria Hrabosova
maria.hrabosova at cern.ch
Tue Oct 22 15:47:58 UTC 2019
Hi John,
Thanks for your reply. Apparently, using the global reservations now,
that they do no sanity checks, isn't a good idea. Unfortunately, the
absence of the checks makes the global reservations containing IP
addresses unusable in any settings, where the clients can move from one
shared network to another. It would be nice if the checks were added in
a future release...
By the way, while looking at the host reservations in KEA more closely,
I found out that the meaning of the KNOWN and UNKNOWN classes is a bit
different from what we know from ISC DHCP. I thought this information
might be useful for you or for others who are migrating to KEA. In ISC
DHCP, the KNOWN class covers all hosts that have a reservation and the
rest of the hosts belongs to the UNKNOWN class. In KEA, the KNOWN class
covers only the hosts that have a reservation in the particular subnet.
Respectively, the UNKNOWN class covers all hosts that are not known in
that subnet (although they can be known in a different subnet or have a
global reservation).
Cheers,
Maria
On 14.10.19 23:03, Gibbins, John (IM&T, Black Mountain) wrote:
> Hi Maria,
>
> In the 1.5.0 Kea Administrator Reference Manual (p69 of the PDF) it says:
>
> "Note You can reserve any ip-address in a global reservation. Just keep in mind that Kea will not do any sanity checking on the
> address and for Kea 1.5.0, support for global reservations should be considered experimental."
>
> I believe that by "sanity checking" it means that it will not ensure that the address is appropriate for the subnet as you found. I suspect this may change in later releases.
>
> Disclaimer: I'm very new to kea.
>
> I'm trying to translate our ISC DHCP config to kea. I had assumed from this that I needed to put reservations within the subnet as you discovered. To me it makes more sense to have them associated with the subnet rather than globally as ISC DHCP did.
> My intention is to translate ISC DHCP reservations to subnet reservations and subclasses to global reservations.
>
> Regards
> johng
>
> -----Original Message-----
> From: Kea-users <kea-users-bounces at lists.isc.org> On Behalf Of Maria Hrabosova
> Sent: Tuesday, 15 October 2019 1:17 AM
> To: kea-users at lists.isc.org
> Subject: [Kea-users] Global host reservations - unexpected behavior
>
> Hello,
>
> I found a use case in which KEA DHCP server behaves differently than I
> expected and I would like to ask if it was meant to behave that way or
> there is a problem in my configuration. Here is the description:
>
> Imagine you have a known host client-X with a reserved IP address
> 10.0.0.9. client-X usually connects via the Shared-B network, but one
> day it wants to connect via Shared-A. The IP address reserved for
> client-X does not match any of the subnets in Shared-A. Therefore, I
> would expect that it would be given an IP address from the pool in the
> subnet 10.1.1.0/24 (that is how it works in ISC DHCP). However, it is
> given it's reserved IP 10.0.0.9 along with the options from the subnet
> 10.1.1.0/24, which does not make sense to me. Is this how it was meant
> to behave?
>
> I found a solution how to make the client-X get an IP address from the
> pool in the subnet 10.1.1.0/24 by moving the host reservation from the
> global scope to the scope of the subnet 10.0.0.0/24. Anyway, I've been
> wondering why it doesn't work the same way with the global reservations.
> I tried the global mode first, as I am using host reservations in groups
> (which are global) in ISC DHCP and it works as expected there.
>
> Could you please give it a look? Thanks in advance. See the
> corresponding configuration and the demonstration of the use case below.
>
> Best regards,
>
> Maria Hrabosova
>
>
> ---
>
> kea-dhcp4.conf:
>
> {
> "Dhcp4": {
> "interfaces-config": {
> "interfaces": [
> "server-eth0"
> ],
> "dhcp-socket-type": "udp"
> },
> "control-socket": {
> "socket-type": "unix",
> "socket-name": "/tmp/kea-dhcp4-ctrl.sock"
> },
> "lease-database": {
> "type": "memfile"
> },
> "shared-networks": [
> {
> "name": "Shared-A",
> "relay": {
> "ip-address": "192.0.2.1"
> },
> "subnet4": [
> {
> "subnet": "10.1.1.0/24",
> "pools": [
> {
> "pool": "10.1.1.200 - 10.1.1.250"
> }
> ],
> "option-data": [
> {
> "name": "routers",
> "data": "10.1.1.1"
> },
> {
> "name": "domain-name-servers",
> "data": "10.1.1.2, 10.1.1.3"
> }
> ]
> }
> ]
> },
> {
> "name": "Shared-B",
> "relay": {
> "ip-address": "192.0.1.1"
> },
> "subnet4": [
> {
> "subnet": "10.0.0.0/24",
> "pools": [
> {
> "pool": "10.0.0.200 - 10.0.0.250"
> }
> ],
> "option-data": [
> {
> "name": "routers",
> "data": "10.0.0.1"
> },
> {
> "name": "domain-name-servers",
> "data": "10.0.0.2, 10.0.0.3"
> }
> ]
> }
> ]
> }
> ],
> "host-reservation-identifiers": [
> "hw-address"
> ],
> "reservation-mode": "global",
> "reservations": [
> {
> "hw-address": "aa:a0:00:00:11:10",
> "ip-address": "10.0.0.9",
> "hostname": "client-X"
> }
> ]
> }
> }
>
> ---
>
> dhclient-debug.sh:
>
> #!/bin/sh
> env
>
> ---
>
> ip add
> ...
> link/ether aa:a0:00:00:11:10 brd ff:ff:ff:ff:ff:ff link-netnsid 1
> ...
>
>
> dhclient client1-eth0 --timeout 2 -sf dhclient-debug.sh -H client-X
> ...
> new_ip_address=10.0.0.9
> new_routers=10.1.1.1
> new_domain_name_servers=10.1.1.2 10.1.1.3
> ...
>
> _______________________________________________
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
More information about the Kea-users
mailing list