[Kea-users] kea-dhcpv6 won't offer adresses to clients

Django [Bastard Operator from Hell] django at nausch.org
Fri May 10 16:38:14 UTC 2024 

HI Kevin,

Am 10.05.24 um 14:50 schrieb Kevin P. Fleming:

> It was indeed a huge email... 

Yes indeed, that was a big email - I had also tried to provide as much 
information as possible to help narrow down my error. I have a hunch, 
it's called PEBCAK!

> but it's also missing a crucial bit of information:
> 
> You're running Kea on a VM: how is that VM's network interface connected to the LAN (through the hypervisor)? Is it bridged, or routed, or some other configuration?

No problem, I'll be happy to supply the missing information. The network 
port net4 is bound to a bridge that is passed on to the guest system by 
KVM an my KVM-host pml010102.

--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
django at pml010102:/etc/systemd/network$ ll br4*

-rw-r--r-- 1 root root 306 Mar  2 17:07 br4_net4.network
-rw-r--r-- 1 root root 271 Mar  2 17:06 br4.netdev
-rw-r--r-- 1 root root 282 Mar  2 17:07 br4.network
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
 

--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
django at pml010102:/etc/systemd/network$ cat br4.network

# Ansible generated, do not edit manually! 
 

# assign network-bridges-networkdevice

# Function/Usage: intranet1
[Match]
Name=br4

[Network]
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------

--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
django at pml010102:/etc/systemd/network$ cat br4.netdev

# Ansible generated, do not edit manually! 
 

# assign network-bridges

# Function/Usage: intranet1
[NetDev]
Name=br4
Kind=bridge
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------

--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
django at pml010102:/etc/systemd/network$ cat br4.network

# Ansible generated, do not edit manually! 
 

# assign network-bridges-networkdevice

# Function/Usage: intranet1
[Match]
Name=br4

[Network]
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------


... and last but not least, here's the interface definition visible in 
virt-manager:
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
<interface type="bridge">
   <mac address="52:54:00:41:11:02"/>
   <source bridge="br4"/>
   <target dev="vnet3"/>
   <model type="virtio"/>
   <alias name="net1"/>
   <address type="pci" domain="0x0000" bus="0x02" slot="0x00" 
function="0x0"/>
</interface>
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------

But the confusing thing is now:
I can reach the VM (vml010110 with 10.0.10.110) from my laptop (host 
nitropad) using SSH:
django at nitropad:~$ ping -c4 10.0.10.110

I can also access the MTA on the VM:
django at nitropad:~$ telnet 10.0.10.110 25

The VM has the following IP addresses on eth1:
root at vml000110:~# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state 
UP group default qlen 1000
     link/ether 52:54:00:41:11:02 brd ff:ff:ff:ff:ff:ff:ff:ff
     altname enp2s0
     inet 10.0.10.110/24 brd 10.0.10.255 scope global eth1
        valid_lft forever preferred_lft forever
     inet6 2003:a:e0d:7607:10:0:10:110/64 scope global
        valid_lft forever preferred_lft forever
     inet6 fd00::7:10:0:0:110/64 scope global
        valid_lft forever preferred_lft forever
     inet6 fe80::7:10:ff:fe10:110/64 scope link
        valid_lft forever preferred_lft forever

But I can NOT ping the LLA link-local-address fe80::7:10:ff:fe10:110 
from my laptop:
django at nitropad:~$ ping -6 -c4 fe80::7:10:ff:fe10:110%enp0s25

So, and to add to the confusion, the following test. I have manually 
assigned static IPv6 addresses to the laptop.

inet6 2003:a:e0d:7607:10:0:10:73/64
inet6 fe80::7:10:ff:fe10:73/64

Now I can ping the LLA:
django at nitropad:~$ ping -6 -c4 fe80::7:10:ff:fe10:110%enp0s25

and of course also the global scope address:
django at nitropad:~$ ping -6 -c4 2003:a:e0d:7607:10:0:10:110

It's milking mice! :(

And that makes me a bit suspicious! I'm also wondering why a tcpdump on 
the VM doesn't show any packets when I try to receive adresses from 
kea-dhcp6 an I try to capture DHCPv6 traffic with :

root at vml000110:/var/log# tcpdump -i eth1 -n -vv ‘(udp port 546 and port 
547)’
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 
262144 bytes

Nothing! NULL! de narda! I think there is something wrong with the basic 
network configuration/routing. Because if the tcpdump doesn't record 
anything, how is the kea-dhcp6 supposed to hear anything and be able to 
respond?

As I said before, something is very wrong here and I'm afraid it's not 
just me, where ‘something is going wrong, the installation and 
configuration also has a medium sized handicap!


ttyl
Django

More information about the Kea-users mailing list