[Kea-users] Kea dhcp6 clients do not get IPs
Jan Jurko
jan at jurko.cz
Mon Aug 19 18:54:04 UTC 2024
Hi Darren.
I just discovered error message in the tcpdump - Server could not select subnet for this client name_of_the_client
Jan
> 19. 8. 2024 v 16:32, Jan Jurko via Kea-users <kea-users at lists.isc.org>:
>
> Hi Darren.
>
> Here are some tcpdump logs gathered during ipconfig /renew6 on windows machine.
>
>
> 16:28:45.345877 IP6 (flowlabel 0x50bc8, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
> 16:28:45.347124 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
> 16:28:46.336578 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
> 16:28:46.337552 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
> 16:28:46.338244 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
> 16:28:46.338882 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
> 16:28:46.345023 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
> 16:28:46.346179 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
> 16:28:46.346691 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
> 16:28:46.347208 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
> 16:28:46.347629 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
> 16:28:46.348078 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
> 16:28:46.348483 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
> 16:28:46.348923 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
> 16:28:46.349395 IP6 (flowlabel 0x080d2, hlim 1, next-header UDP (17) payload length: 103) fe80::54a0:da31:647a:debc.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=109009 (elapsed-time 0) (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (IA_NA IAID:106058752 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
> 16:28:46.349856 IP6 (flowlabel 0x51d47, hlim 64, next-header UDP (17) payload length: 138) fe80::5054:ff:fefb:f887.547 > fe80::54a0:da31:647a:debc.546: [udp sum ok] dhcp6 advertise (xid=109009 (client-ID hwaddr/time type 1 time 777170736 525400f4c2d7) (server-ID hwaddr/time type 1 time 777238119 525400fbf887) (IA_NA IAID:106058752 T1:0 T2:0 (status-code NoAddrsAvail)) (Client-FQDN))
>
>
> Jan
>
>> 18. 8. 2024 v 23:55, Darren Ankney <darren.ankney at gmail.com>:
>>
>> Hi Jan,
>>
>> "Message is invalid and it is discarded." this is the reason. Though
>> I could not begin to speculate why the client is discarding the
>> message. Most likely there is some incorrect information or missing
>> information (some option was requested but was not sent). Wireshark
>> can help here. Use tcpdump to dump the packets: tcpdump -w dump.pcap
>> port 547. Open the file in Wireshark. See what was requested in the
>> Solicit vs what was sent in the Advertise.
>>
>> Thank you,
>> Darren Ankney
>>
>> On Sun, Aug 18, 2024 at 7:03 AM Jan Jurko via Kea-users
>> <kea-users at lists.isc.org> wrote:
>>>
>>> Hello Darren.
>>> Thank you for your reply.
>>>
>>> Kea and client are both on the same hypervizor, other clients are on the same network in the building so there should not be a problem with some fw etc.
>>>
>>> I’ve enabled windows logs for dhcp and here they are:
>>>
>>> 1.
>>> Information
>>> Solicit is sent from the interface 4. Status code is 0x0
>>>
>>> 2.
>>> Error
>>> Message is invalid and it is discarded.
>>>
>>> 3.
>>> Error
>>> Your computer was not assigned an address from the network (by the DHCP server) for the Network Card with network address XXXX. The following error occured: 0x138E. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
>>>
>>>
>>> There is no firewall on the clients.
>>>
>>> As I said, Kea and rest of the computers/clients are in the same network.
>>>
>>> I’ve tried to create the small configuration - no reservations, only pool of addresses - the same bad result.
>>>
>>> Thank you very much for your help.
>>>
>>> Jan
>>>
>>>
>>>> 18. 8. 2024 v 12:36, Darren Ankney <darren.ankney at gmail.com>:
>>>>
>>>> Hi Jan,
>>>>
>>>> From the log messages you have shown, it appears that Kea is
>>>> attempting to advertise some address to a client with DUID:
>>>> 00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7 The client should next
>>>> request this address but that isn't shown in your logs. The client
>>>> must not like something about the advertisement or is not receiving
>>>> the advertisement. It would be difficult to help without more
>>>> information. Is this traffic relayed or do the client and server
>>>> exist on the same physical network? Have you looked in the client
>>>> logs (if exist) to see what it thinks is happening? You might try
>>>> adding a small pool to the subnet to see what happens (i.e., does the
>>>> client get an address, though I doubt that would be the case).
>>>>
>>>> Thank you,
>>>> Darren Ankney
>>>>
>>>> On Sun, Aug 18, 2024 at 5:03 AM Jan Jurko via Kea-users
>>>> <kea-users at lists.isc.org> wrote:
>>>>>
>>>>> Good day.
>>>>> I have Kea 2.6.1 installed. I use v4 and v6 dhcp server. V4 works fine but v6 does not give clients IPv6 addresses. The setup is:
>>>>>
>>>>> HW router with ipv6 enabled, RA enabled, M flag present. I do not use O flag because in the dualstack dns servers are on v4 addresses. So I just want to distribute ipv6 addresses from dhcp server to clients. I use hw-address to distribute addresses but I tried DUID as well.
>>>>>
>>>>> I can see in the Kea logs this output:
>>>>>
>>>>> 2024-08-18 10:44:32.959 INFO [kea-dhcp6.dhcp6/3542.140690709083840] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948
>>>>> 2024-08-18 10:44:32.959 INFO [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: SOLICIT (type 1) received from fe80::54a0:da31:647a:debc to ff02::1:2 on interface ens3
>>>>> 2024-08-18 10:44:32.959 INFO [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::54a0:da31:647a:debc]:546 on interface ens3
>>>>> 2024-08-18 10:44:33.957 INFO [kea-dhcp6.dhcp6/3542.140690717476544] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948
>>>>> 2024-08-18 10:44:33.958 INFO [kea-dhcp6.packets/3542.140690717476544] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: SOLICIT (type 1) received from fe80::54a0:da31:647a:debc to ff02::1:2 on interface ens3
>>>>> 2024-08-18 10:44:33.958 INFO [kea-dhcp6.packets/3542.140690717476544] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::54a0:da31:647a:debc]:546 on interface ens3
>>>>> 2024-08-18 10:44:33.959 INFO [kea-dhcp6.dhcp6/3542.140690709083840] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948
>>>>> 2024-08-18 10:44:33.959 INFO [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: SOLICIT (type 1) received from fe80::54a0:da31:647a:debc to ff02::1:2 on interface ens3
>>>>> 2024-08-18 10:44:33.960 INFO [kea-dhcp6.packets/3542.140690709083840] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:52:af:30:52:54:00:f4:c2:d7], [no hwaddr info], tid=0xbea948: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::54a0:da31:647a:de
>>>>>
>>>>>
>>>>> I’ve used the old ISC dhcp server but I want to migrace to Kea because the old ISC dhcp server is obsolette.
>>>>>
>>>>> Configuration file looks like this (it is truncated because there are more than 200 records):
>>>>>
>>>>>
>>>>>
>>>>> {
>>>>> # /etc/dhcpd6.conf
>>>>> #
>>>>> # Sample DHCPv6 configuration file for ISC dhcpd
>>>>> #
>>>>> # *** PLEASE CONFIGURE IT FIRST ***
>>>>> #
>>>>> # Don't forget to set the DHCPD6_INTERFACE in the
>>>>> # /etc/sysconfig/dhcpd file.
>>>>> #
>>>>> /// This configuration declares some subnets but has no interfaces-config
>>>>> /// Reference Kea #245
>>>>> "Dhcp6": {
>>>>> "control-socket": {
>>>>> "socket-type": "unix",
>>>>> "socket-name": "/tmp/kea6-ctrl-socket"
>>>>> },
>>>>> "mac-sources": [
>>>>> "any"
>>>>> ],
>>>>> "loggers": [
>>>>> {
>>>>> "name": "kea-dhcp6",
>>>>> "severity": "DEBUG",
>>>>> "output_options": [
>>>>> {
>>>>> "output": "/var/log/kea/dhcp6.log",
>>>>> "maxver": 10
>>>>> }
>>>>> ]
>>>>> },
>>>>> {
>>>>> "name": "kea-dhcp6.dhcpsrv",
>>>>> "severity": "DEBUG",
>>>>> "output_options": [
>>>>> {
>>>>> "output": "/var/log/kea/dhcp6-dhcpsrv.log",
>>>>> "maxver": 10
>>>>> }
>>>>> ]
>>>>> },
>>>>> {
>>>>> "name": "kea-dhcp6.leases",
>>>>> "severity": "DEBUG",
>>>>> "output_options": [
>>>>> {
>>>>> "output": "/var/log/kea/dhcp6-leases.log",
>>>>> "maxver": 10
>>>>> }
>>>>> ]
>>>>> }
>>>>> ],
>>>>> "interfaces-config": {
>>>>> "interfaces": [ "ens3" ]
>>>>> },
>>>>> "subnet6": [
>>>>> {
>>>>> "id": 1,
>>>>> "subnet": „2001:XXX:XXX:0::/64",
>>>>> "reservations": [
>>>>> {
>>>>> "hostname": „XXX",
>>>>> "hw-address": "08:8f:c3:f5:ab:49",
>>>>> "ip-addresses": [
>>>>> „2001:XXX:XXX:0:192:168:1:75"
>>>>> ]
>>>>> },
>>>>> {
>>>>> "hostname": „AAAAA",
>>>>> "hw-address": "08:97:98:d7:c5:d0",
>>>>> "ip-addresses": [
>>>>> „2001:XXX:XXX:0:192:168:0:169"
>>>>> ]
>>>>> }
>>>>> ]
>>>>> }
>>>>> ]
>>>>> }
>>>>> }
>>>>>
>>>>> Thank you for your help. I’ve spent more than 10 hours debugging this problem, but still no luck.
>>>>>
>>>>> Jan
>>>>> --
>>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>>>
>>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>>>
>>>>> Kea-users mailing list
>>>>> Kea-users at lists.isc.org
>>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>> --
>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>>
>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>>
>>>> Kea-users mailing list
>>>> Kea-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>
>>> --
>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>
>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>
>>> Kea-users mailing list
>>> Kea-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/kea-users
>> --
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
More information about the Kea-users
mailing list