[Kea-users] Kea dhcp6 clients do not get IPs

Jan Jurko jan at jurko.cz
Mon Aug 19 14:32:23 UTC 2024 

 Hi Darren.

Here are some tcpdump logs gathered during ipconfig /renew6 on windows machine.


16:28:45.345877 IP6 (flowlabel 0x50bc8, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
16:28:45.347124 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
16:28:46.336578 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
16:28:46.337552 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
16:28:46.338244 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
16:28:46.338882 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
16:28:46.345023 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
16:28:46.346179 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
16:28:46.346691 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
16:28:46.347208 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
16:28:46.347629 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
16:28:46.348078 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
16:28:46.348483 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
16:28:46.348923 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
16:28:46.349395 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
16:28:46.349856 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))


Jan

> 18. 8. 2024 v 23:55, Darren Ankney <darren.ankney at gmail.com>:
> 
> Hi Jan,
> 
> "Message is invalid and it is discarded." this is the reason.  Though
> I could not begin to speculate why the client is discarding the
> message.  Most likely there is some incorrect information or missing
> information (some option was requested but was not sent).  Wireshark
> can help here.  Use tcpdump to dump the packets:  tcpdump -w dump.pcap
> port 547.  Open the file in Wireshark.  See what was requested in the
> Solicit vs what was sent in the Advertise.
> 
> Thank you,
> Darren Ankney
> 
> On Sun, Aug 18, 2024 at 7:03 AM Jan Jurko via Kea-users
> <kea-users at lists.isc.org> wrote:
>> 
>> Hello Darren.
>> Thank you for your reply.
>> 
>> Kea and client are both on the same hypervizor, other clients are on the same network in the building so there should not be a problem with some fw etc.
>> 
>> I’ve enabled windows logs for dhcp and here they are:
>> 
>> 1.
>> Information
>> Solicit is sent from the interface 4. Status code is 0x0
>> 
>> 2.
>> Error
>> Message is invalid and it is discarded.
>> 
>> 3.
>> Error
>> Your computer was not assigned an address from the network (by the DHCP server) for the Network Card with network address XXXX. The following error occured: 0x138E. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
>> 
>> 
>> There is no firewall on the clients.
>> 
>> As I said, Kea and rest of the computers/clients are in the same network.
>> 
>> I’ve tried to create the small configuration - no reservations, only pool of addresses - the same bad result.
>> 
>> Thank you very much for your help.
>> 
>> Jan
>> 
>> 
>>> 18. 8. 2024 v 12:36, Darren Ankney <darren.ankney at gmail.com>:
>>> 
>>> Hi Jan,
>>> 
>>> From the log messages you have shown, it appears that Kea is
>>> attempting to advertise some address to a client with DUID:
>>> 00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7 The client should next
>>> request this address but that isn't shown in your logs.  The client
>>> must not like something about the advertisement or is not receiving
>>> the advertisement.  It would be difficult to help without more
>>> information.  Is this traffic relayed or do the client and server
>>> exist on the same physical network?  Have you looked in the client
>>> logs (if exist) to see what it thinks is happening?  You might try
>>> adding a small pool to the subnet to see what happens (i.e., does the
>>> client get an address, though I doubt that would be the case).
>>> 
>>> Thank you,
>>> Darren Ankney
>>> 
>>> On Sun, Aug 18, 2024 at 5:03 AM Jan Jurko via Kea-users
>>> <kea-users at lists.isc.org> wrote:
>>>> 
>>>> Good day.
>>>> I have Kea 2.6.1 installed. I use v4 and v6 dhcp server. V4 works fine but v6 does not give clients IPv6 addresses. The setup is:
>>>> 
>>>> HW router with ipv6 enabled, RA enabled, M flag present. I do not use O flag because in the dualstack dns servers are on v4 addresses. So I just want to distribute ipv6 addresses from dhcp server to clients. I use hw-address to distribute addresses but I tried DUID as well.
>>>> 
>>>> I can see in the Kea logs this output:
>>>> 
>>>> 2024-08-18 10:44:32.959 INFO  [kea-dhcp6.dhcp6/3542.140690709083840] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948
>>>> 2024-08-18 10:44:32.959 INFO  [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: SOLICIT (type 1) received from fe80::54a0:da31:647a:debc to ff02::1:2 on interface ens3
>>>> 2024-08-18 10:44:32.959 INFO  [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::54a0:da31:647a:debc]:546 on interface ens3
>>>> 2024-08-18 10:44:33.957 INFO  [kea-dhcp6.dhcp6/3542.140690717476544] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948
>>>> 2024-08-18 10:44:33.958 INFO  [kea-dhcp6.packets/3542.140690717476544] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: SOLICIT (type 1) received from fe80::54a0:da31:647a:debc to ff02::1:2 on interface ens3
>>>> 2024-08-18 10:44:33.958 INFO  [kea-dhcp6.packets/3542.140690717476544] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::54a0:da31:647a:debc]:546 on interface ens3
>>>> 2024-08-18 10:44:33.959 INFO  [kea-dhcp6.dhcp6/3542.140690709083840] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948
>>>> 2024-08-18 10:44:33.959 INFO  [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: SOLICIT (type 1) received from fe80::54a0:da31:647a:debc to ff02::1:2 on interface ens3
>>>> 2024-08-18 10:44:33.960 INFO  [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::54a0:da31:647a:de
>>>> 
>>>> 
>>>> I’ve used the old ISC dhcp server but I want to migrace to Kea because the old ISC dhcp server is obsolette.
>>>> 
>>>> Configuration file looks like this (it is truncated because there are more than 200 records):
>>>> 
>>>> 
>>>> 
>>>> {
>>>> # /etc/dhcpd6.conf
>>>> #
>>>> # Sample DHCPv6 configuration file for ISC dhcpd
>>>> #
>>>> # *** PLEASE CONFIGURE IT FIRST ***
>>>> #
>>>> # Don't forget to set the DHCPD6_INTERFACE in the
>>>> # /etc/sysconfig/dhcpd file.
>>>> #
>>>> /// This configuration declares some subnets but has no interfaces-config
>>>> /// Reference Kea #245
>>>> "Dhcp6": {
>>>>   "control-socket": {
>>>>       "socket-type": "unix",
>>>>       "socket-name": "/tmp/kea6-ctrl-socket"
>>>> },
>>>> "mac-sources": [
>>>>       "any"
>>>> ],
>>>> "loggers": [
>>>>     {
>>>>       "name": "kea-dhcp6",
>>>>       "severity": "DEBUG",
>>>>       "output_options": [
>>>>         {
>>>>           "output": "/var/log/kea/dhcp6.log",
>>>>           "maxver": 10
>>>>         }
>>>>       ]
>>>>     },
>>>>     {
>>>>       "name": "kea-dhcp6.dhcpsrv",
>>>>       "severity": "DEBUG",
>>>>       "output_options": [
>>>>         {
>>>>           "output": "/var/log/kea/dhcp6-dhcpsrv.log",
>>>>           "maxver": 10
>>>>         }
>>>>       ]
>>>>     },
>>>>     {
>>>>       "name": "kea-dhcp6.leases",
>>>>       "severity": "DEBUG",
>>>>       "output_options": [
>>>>         {
>>>>           "output": "/var/log/kea/dhcp6-leases.log",
>>>>           "maxver": 10
>>>>         }
>>>>       ]
>>>>     }
>>>>   ],
>>>> "interfaces-config": {
>>>>       "interfaces": [ "ens3" ]
>>>> },
>>>>   "subnet6": [
>>>>     {
>>>>       "id": 1,
>>>>       "subnet": „2001:XXX:XXX:0::/64",
>>>>     "reservations": [
>>>>     {
>>>>       "hostname": „XXX",
>>>>       "hw-address": "08:8f:c3:f5:ab:49",
>>>>       "ip-addresses": [
>>>>         „2001:XXX:XXX:0:192:168:1:75"
>>>>       ]
>>>>     },
>>>>     {
>>>>       "hostname": „AAAAA",
>>>>       "hw-address": "08:97:98:d7:c5:d0",
>>>>       "ip-addresses": [
>>>>         „2001:XXX:XXX:0:192:168:0:169"
>>>>       ]
>>>>     }
>>>>   ]
>>>> }
>>>> ]
>>>> }
>>>> }
>>>> 
>>>> Thank you for your help. I’ve spent more than 10 hours debugging this problem, but still no luck.
>>>> 
>>>> Jan
>>>> --
>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>> 
>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>> 
>>>> Kea-users mailing list
>>>> Kea-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>> --
>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>> 
>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>> 
>>> Kea-users mailing list
>>> Kea-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/kea-users
>> 
>> --
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>> 
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>> 
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
> -- 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> 
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users

More information about the Kea-users mailing list