[Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
Darren Ankney
darren.ankney at gmail.com
Wed Sep 18 10:03:41 UTC 2024
Hi Mark,
I see toward the end of the log that these messages with some binary
content following the final option start to appear. This seems to have
started on "2024-09-06 08:53:21.023". Was this about the time you globally
set "store-extended-info": true ? I see that was the day I said that in
the earlier message.
2024-09-06 10:26:36.372 DEBUG
[kea-dhcp6.lease-query-hooks/106209.140395253245504]
BULK_LEASE_QUERY_RESPONSE_SENT A bulk lease query response sent to
fc00:d2c0:10:170::3, details: local_address=[::]:0,
remote_address=[fc00:d2c0:10:170::3]:65201,
msg_type=LEASEQUERY_DATA (17), trans_id=0x8b66be,
options:
type=00045, len=00233:,
options:
type=00001, len=00010: 00:03:00:01:b8:94:70:fb:20:6e
type=00026(IAPREFIX), len=00025: prefix=2605:d2c0:8000::/56,
preferred-lft=761, valid-lft=761
type=00046, len=00004: 439 (uint32)
type=00047, len=00178: fe80::ba94:70ff:fefb:206e (ipv6-address)
0C012605D2C0158002550000000000000003FE80000000000000BA9470FFFEFB206E001200076972622E3230310035001F0002000005830166343A62663A61383A33393A63653A3230000000000000000009004E0C0000000000000000000000000000000000FE80000000000000BA9470FFFEFB206E001200164C41422D5441354B2065746820312F322F312F312F310025000E00000DE95370726F75745F4E4F43
(binary)
No relays traversed.
On Tue, Sep 17, 2024 at 9:16 AM Mark Blackford <mblackford at agn.tech> wrote:
> Hello Darren,
>
>
>
> I have attached the BLQ log file that you requested.
>
>
>
> Thanks!
>
>
>
> [image: Logo] <http://www.alchemy-global.net/>
>
> *Mark Blackford*
>
> Network Engineer
>
> 678-230-8769
>
> mblackford at agn.tech
>
>
>
>
>
> *From: *Kea-users <kea-users-bounces at lists.isc.org> on behalf of Darren
> Ankney <darren.ankney at gmail.com>
> *Date: *Tuesday, September 17, 2024 at 4:37 AM
> *To: *Kea user's list <kea-users at lists.isc.org>
> *Subject: *Re: [Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
>
> Hi Mark,
>
>
>
> Your configuration looks ok to me. Please can you attach the log file: /var/log/kea/dhcp6-blq.log?
> I would like to have a look there to see if there is any clue.
>
>
>
> Thank you,
>
> Darren Ankney
>
>
>
> On Mon, Sep 16, 2024 at 8:51 AM Mark Blackford <mblackford at agn.tech>
> wrote:
>
> Hello Darren,
>
>
>
> I have attached the file here and also pasted below.
>
> Thank you for your assistance,
>
> Mark
>
>
>
>
>
> % cat kea-dhcp6.conf
>
> {
>
>
>
> "Dhcp6": {
>
> "interfaces-config": {
>
> "interfaces": [ "ens224/fc00:d2c0:10:170::23" ]
>
> },
>
>
>
> "control-socket": {
>
> "socket-type": "unix",
>
> "socket-name": "/tmp/kea6-ctrl-socket"
>
> },
>
>
>
> // Mark B. July 19, 2024
>
> // Trying memfile for bulk leasequery
>
>
>
> "lease-database": {
>
> "type": "memfile",
>
> "persist": true,
>
> "name": "/var/lib/kea/dhcp6.leases"
>
> },
>
>
>
> // "lease-database": {
>
> // "type": "postgresql",
>
> // "name": "kea",
>
> // "user": "kea",
>
> // "password": "XXXXXXXXXXXX",
>
> // "host": "localhost",
>
> // "port": 5432
>
> // },
>
>
>
> "hosts-database": {
>
> "type": "postgresql",
>
> "name": "kea",
>
> "user": "kea",
>
> "password": "XXXXXXXXXXXX",
>
> "host": "localhost",
>
> "port": 5432
>
> },
>
>
>
> "expired-leases-processing": {
>
> "reclaim-timer-wait-time": 10,
>
> "flush-reclaimed-timer-wait-time": 25,
>
> "hold-reclaimed-time": 3600,
>
> "max-reclaim-leases": 100,
>
> "max-reclaim-time": 250,
>
> "unwarned-reclaim-cycles": 5
>
> },
>
>
>
> "renew-timer": 600,
>
> "rebind-timer": 800,
>
> "preferred-lifetime": 1200,
>
> "valid-lifetime": 1200,
>
>
>
> "option-data": [
>
> {
>
> "name": "dns-servers",
>
> "data": "2001:XXXX:XXXX::XXXX, 2001:XXXX:XXXX::XXXX"
>
> },
>
> ],
>
>
>
> # Added on suggestion of Darren from ISC Mailing List (Sept. 6, 2024)
>
> #
> https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp6-srv.html#storing-extended-lease-information
>
>
>
> "store-extended-info": true,
>
>
>
> "hooks-libraries": [
>
> {
>
> "library": "/usr/lib64/kea/hooks/libdhcp_lease_query.so",
>
> "parameters": {
>
> "requesters": [ "fc00:d2c0:10:170::2",
> "fc00:d2c0:10:170::3" ],
>
> "advanced" : {
>
> "bulk-query-enabled": true,
>
> "active-query-enabled": false,
>
> "extended-info-tables-enabled": true,
>
> "lease-query-ip": "fc00:d2c0:10:170::23",
>
> "lease-query-tcp-port": 547,
>
> },
>
> },
>
> },
>
> {
>
> "library": "/usr/lib64/kea/hooks/libdhcp_legal_log.so",
>
> "parameters": {
>
> "path": "/var/log/kea",
>
> "base-name": "kea-forensic6",
>
> "request-parser-format": "ifelse(pkt6.msgtype == 5,
> 'DHCPv6 RENEW(5)' + 0x0a + 'OPTION-18: | DUID= ' + hexstring(option[1].hex,
> ':') + '| CIRCUIT ID= ' +
> uint8totext(substring(relay6[1].option[18].hex,20,4)) + 0x0a + 'OPTION-37:
> REMOTE-ID= ' + uint8totext(substring(relay6[1].option[37].hex, 0, 24)) +
> 0x0a,'UNKNOWN MESSAGE FOR REQUEST PARSER')",
>
> "response-parser-format": "ifelse(pkt6.msgtype == 7,
> 'DHCPv6 REPLY(7)' + 0x0a + 'Address: ' +
> addrtotext(substring(option[3].option[5].hex, 0, 16)) + ' has been assigned
> for ' + uint32totext(substring(option[3].option[5].hex, 20, 4)) + ' seconds
> to a device with DUID: ' + hexstring(option[1].hex, ':'),'UNKNOWN MESSAGE
> FOR RESPONSE PARSER')",
>
> // "request-parser-format": "ifelse(pkt6.msgtype == 5,
> 'DHCPv6 RENEW(5)' + 0x0a + 'OPTION-18: | DUID= ' + hexstring(option[1].hex,
> ':') + '| CIRCUIT ID= ' +
> uint8totext(substring(relay6[1].option[18].hex,20,4)) + 0x0a + 'OPTION-37:
> REMOTE-ID= ' + uint8totext(substring(relay6[1].option[37].hex, 0, 24)) +
> 0x0a,'UNKNOWN MESSAGE FOR REQUEST PARSER')",
>
> // "response-parser-format": "ifelse(pkt6.msgtype == 7,
> 'DHCPv6 REPLY(7)' + 0x0a + 'Address: ' +
> addrtotext(substring(option[3].option[5].hex, 0, 16)) + ' has been assigned
> for ' + uint32totext(substring(option[3].option[5].hex, 20, 4)) + ' seconds
> to a device with DUID: ' + hexstring(option[1].hex, ':'),'UNKNOWN MESSAGE
> FOR RESPONSE PARSER')",
>
> },
>
> },
>
>
>
> { "library": "/usr/lib64/kea/hooks/libdhcp_lease_cmds.so", },
>
> { "library": "/usr/lib64/kea/hooks/libdhcp_stat_cmds.so", },
>
> //{ "library": "/usr/lib64/kea/hooks/libdhcp_ha.so", },
>
> ],
>
>
>
> ### Manual edits required here to define subnets to be served by this
> server.
>
>
>
> "subnet6": [
>
> {
>
> "id": 1,
>
> "subnet": "XXXX:XXXX:1580:0255::/64",
>
> "pools": [ { "pool": "XXXX:XXXX:1580:0255::100 -
> XXXX:XXXX:1580:0255::105" } ],
>
> "interface": "ens224",
>
> "pd-pools": [
>
> {
>
> "prefix": "XXXX:XXXX:8000:0000::",
>
> "prefix-len": 33,
>
> "delegated-len": 56,
>
> }
>
> ],
>
> }
>
> ],
>
>
>
> "loggers": [
>
> {
>
> "name": "kea-dhcp6",
>
> "severity": "DEBUG",
>
> "debuglevel": 99,
>
> "output_options": [
>
> {
>
> "output": "/var/log/kea/dhcp6.log",
>
> "maxver": 10
>
> }
>
> ]
>
> },
>
> {
>
> "name": "kea-dhcp6.lease-query-hooks",
>
> "severity": "DEBUG",
>
> "debuglevel": 99,
>
> "output_options": [
>
> {
>
> "output": "/var/log/kea/dhcp6-blq.log",
>
> "maxver": 10
>
> }
>
> ]
>
> },
>
> {
>
> "name": "kea-dhcp6.dhcpsrv",
>
> "severity": "DEBUG",
>
> "debuglevel": 99,
>
> "output_options": [
>
> {
>
> "output": "/var/log/kea/dhcp6-dhcpsrv.log",
>
> "maxver": 10
>
> }
>
> ]
>
> },
>
> {
>
> "name": "kea-dhcp6.leases",
>
> "severity": "DEBUG",
>
> "debuglevel": 99,
>
> "output_options": [
>
> {
>
> "output": "/var/log/kea/dhcp6-leases.log",
>
> "maxver": 10
>
> }
>
> ]
>
> },
>
> {
>
> "name": "kea-dhcp6.packets",
>
> "severity": "DEBUG",
>
> "debuglevel": 99,
>
> "output_options": [
>
> {
>
> "output": "/var/log/kea/isc-dhcp6-like-logging.log",
>
> "maxver": 10
>
> }
>
> ]
>
> }
>
> ]
>
> }
>
> }
>
>
>
> // "loggers": [
>
> // {
>
> // "name": "kea-dhcp6",
>
> // "output_options": [
>
> // {
>
> // "output": "stdout",
>
> //
>
> // "pattern": "%-5p %m\n",
>
> // }
>
> // ],
>
> // // This specifies the severity of log messages to keep.
> Supported values
>
> // // are: FATAL, ERROR, WARN, INFO, DEBUG
>
> // // "severity": "INFO",
>
> //
>
> // // If DEBUG level is specified, this value is used. 0 is least
> verbose,
>
> // // 99 is most verbose. Be cautious, Kea can generate lots and
> lots
>
> // // of logs if told to do so.
>
> // "debuglevel": 0
>
> // }
>
> // ]
>
> //}
>
> //}
>
>
>
>
>
> [image: Logo] <http://www.alchemy-global.net/>
>
> *Mark Blackford*
>
> Network Engineer
>
> 678-230-8769
>
> mblackford at agn.tech
>
>
>
>
>
> *From: *Kea-users <kea-users-bounces at lists.isc.org> on behalf of Darren
> Ankney <darren.ankney at gmail.com>
> *Date: *Friday, September 13, 2024 at 5:30 AM
> *To: *Kea user's list <kea-users at lists.isc.org>
> *Subject: *Re: [Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
>
> Hello Mark,
>
>
>
> Please can you upload your full configuration here (with any sensitive
> parts redacted)?
>
>
>
> Thank you,
>
> Darren Ankney
>
>
>
> On Wed, Sep 11, 2024 at 2:43 PM Mark Blackford <mblackford at agn.tech>
> wrote:
>
> Hello Darren,
>
>
>
> I re-tested the BLQ from Kea last week to a Juniper Gateway router, and
> while the IA_NA and IA_PD DUID leases were found this time, the actual
> DHCPv6 Type (15) Leasequery-reply packets are undecodable.
>
>
>
> I was taking packet captures at the time and wireshark agrees:
>
> 1) The IA Address (Type 5) response, Wireshark claims “Trailing Stray
> Characters”
>
> 2) The IA Prefix (Type 26) response, Wireshark claims “Malformed Packet”
>
>
>
> I have attached the following for the packets:
>
> 1. Detailed BLQ Kea Log for the transaction
>
> 2. PCAPs take at the Kea Server
>
> 3. The Kea DHCP Lease File (From today)
>
> 4. The Snippet of the Juniper Decode
>
>
>
> I forgot to get the leases file on Friday, but this is a lab with only 1
> unit. I attached the file from today which looks to have the same
> information.
>
>
>
> It looks like the info that is needed to restore the lease is there, but I
> don’t know how to stop the packets being malformed.
>
>
>
> Thank,
>
> [image: Logo] <http://www.alchemy-global.net/>
>
> *Mark Blackford*
>
> Network Engineer
>
> 678-230-8769
>
> mblackford at agn.tech
>
>
>
>
>
> *From: *Kea-users <kea-users-bounces at lists.isc.org> on behalf of Mark
> Blackford <mblackford at agn.tech>
> *Date: *Friday, September 6, 2024 at 9:02 AM
> *To: *Kea user's list <kea-users at lists.isc.org>
> *Subject: *Re: [Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
>
> Hello Darren,
>
>
>
> Thank you very much for your reply and correcting this issue.
>
>
>
> 1) I was aware of the 2.6 requirement and re-installed everything from
> scratch a little over a month ago.
>
> [root at dhcp-test ~]# kea-dhcp4 -v
>
> 2.6.1
>
> [root at dhcp-test ~]# kea-dhcp6 -v
>
> 2.6.1
>
>
>
> 2) However, I have been following this link:
>
>
> https://kea.readthedocs.io/en/kea-2.6.0/arm/hooks.html#bulk-leasequery-configuration
>
>
>
> Which indicated to me that the option “extended-info-tables-enabled” would
> have provided the same functionality. However, as you pointed out, there
> was no relay ID in the lease table.
>
>
>
> I have since added the global parameter "store-extended-info" as you
> suggested, and I now see the JSON now at the end of each memfile lease. I
> hope this helps anyone trying to accomplish the same thing.
>
> [image: Logo] <http://www.alchemy-global.net/>
>
> *Mark Blackford*
>
> Network Engineer
>
> 678-230-8769
>
> mblackford at agn.tech
>
>
>
>
>
> *From: *Kea-users <kea-users-bounces at lists.isc.org> on behalf of Darren
> Ankney <darren.ankney at gmail.com>
> *Date: *Friday, September 6, 2024 at 4:33 AM
> *To: *Kea user's list <kea-users at lists.isc.org>
> *Subject: *Re: [Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
>
> Hi Mark,
>
> Two questions:
>
> 1. Are you using Kea 2.6.1 ? I think the relay-id method was not
> available before 2.6
> 2. Have you globally set "store-extended-info": true ? (see:
>
> https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp6-srv.html#storing-extended-lease-information)
> as this is required as well. It doesn't appear so from the lease you
> pasted as I don't see any data in the "user-context" field.
>
> Thank you,
> Darren Ankney
>
> On Wed, Aug 28, 2024 at 3:23 PM Mark Blackford <mblackford at agn.tech>
> wrote:
> >
> > Hello,
> >
> >
> >
> > I am trying to use the Bulk Leasequery feature of Kea DHCP6 to reload
> Gateway routers with delegated (or all) leases that have been lost due to
> either a reload or crash scenario. Since I want to reload thousands of
> IA_NA/IA_PD leases on demand, I expected to see a very clear “glue” between
> the relay ID and the target leases. But I do not and using default
> commands from my Juniper gateways is not resulting in any leases being
> returned.
> >
> >
> >
> > My main question that I am struggling with is where do I find where the
> Relay-ID value is stored to properly query for leases tied to it since I do
> not even know if my relay-id is valid?
> >
> >
> >
> > Based on 16.16.6. DHCPv6 Bulk Leasequery
> https://kea.readthedocs.io/en/kea-2.6.0/arm/hooks.html#dhcpv6-bulk-leasequery,
> I re-installed Kea to use a memfile lease backend to use those features.
> >
> >
> >
> > My hook library config is below with logging turned to max:
> >
> >
> >
> > "hooks-libraries": [
> >
> > {
> >
> > "library": "/usr/lib64/kea/hooks/libdhcp_lease_query.so",
> >
> > "parameters": {
> >
> > "requesters": [ "fc00:d2c0:10:170::2",
> "fc00:d2c0:10:170::3" ],
> >
> > "advanced" : {
> >
> > "bulk-query-enabled": true,
> >
> > "active-query-enabled": false,
> >
> > "extended-info-tables-enabled": true,
> >
> > "lease-query-ip": "fc00:d2c0:10:170::23",
> >
> > "lease-query-tcp-port": 547,
> >
> > },
> >
> > },
> >
> > },
> >
> >
> >
> > "loggers": [
> >
> >
> >
> > {
> >
> > "name": "kea-dhcp6.lease-query-hooks",
> >
> > "severity": "DEBUG",
> >
> > "debuglevel": 99,
> >
> > "output_options": [
> >
> > {
> >
> > "output": "/var/log/kea/dhcp6-blq.log",
> >
> > "maxver": 10
> >
> > }
> >
> > ]
> >
> > },
> >
> >
> >
> > I see the bulk message come into the log file, but it also says there
> are no leases when I know there is at least 1 test lease (IA_NA/IA_PD):
> >
> >
> >
> > [root at dhcp-test ~]# cat /var/lib/kea/dhcp6.leases
> >
> >
> address,duid,valid_lifetime,expire,subnet_id,pref_lifetime,lease_type,iaid,prefix_len,fqdn_fwd,fqdn_rev,hostname,hwaddr,state,user_context,hwtype,hwaddr_source,pool_id
> >
> >
> 2001:db8:1580:255::100,00:03:00:01:b8:94:70:fb:20:6e,600,1724871654,1,600,0,1,128,0,0,resgw,b8:94:70:fb:20:6e,0,,1,2,0
> >
> >
> 2001:db8:8000::,00:03:00:01:b8:94:70:fb:20:6e,600,1724871654,1,600,2,1,56,0,0,resgw,b8:94:70:fb:20:6e,0,,1,2,0
> >
> >
> >
> > But the BLQ Hook Log says there are “no active leases”:
> >
> >
> >
> > 2024-08-21 14:54:10.244 DEBUG
> [kea-dhcp6.lease-query-hooks/1319.140527284262464]
> BULK_LEASE_QUERY_QUERY_RECEIVED A bulk lease query packet received from
> fc00:d2c0:10:170::3, details: local_address=[::]:0,
> remote_address=[fc00:d2c0:10:170::3]:53751,
> >
> > msg_type=LEASEQUERY (14), trans_id=0xeda378,
> >
> > options:
> >
> > type=00001, len=00031:
> 00:02:00:00:05:83:01:66:34:3a:62:66:3a:61:38:3a:33:39:3a:63:65:3a:32:30:00:00:00:00:00:00:00
> >
> > type=00044, len=00072: 3 (uint8) :: (ipv6-address),
> >
> > options:
> >
> > type=00006, len=00016: 18(uint16) 37(uint16) 47(uint16) 15(uint16)
> 16(uint16) 12(uint16) 100(uint16) 79(uint16)
> >
> > type=00053, len=00031:
> 00:02:00:00:05:83:01:66:34:3a:62:66:3a:61:38:3a:33:39:3a:63:65:3a:32:30:00:00:00:00:00:00:00
> >
> > No relays traversed.
> >
> >
> >
> > 2024-08-21 14:54:10.244 DEBUG
> [kea-dhcp6.lease-query-hooks/1319.140527284262464]
> BULK_LEASE_QUERY_RESPONSE_SENT A bulk lease query response sent to
> fc00:d2c0:10:170::3, details: local_address=[::]:0,
> remote_address=[fc00:d2c0:10:170::3]:53751,
> >
> > msg_type=LEASEQUERY_REPLY (15), trans_id=0xeda378,
> >
> > options:
> >
> > type=00001, len=00031:
> 00:02:00:00:05:83:01:66:34:3a:62:66:3a:61:38:3a:33:39:3a:63:65:3a:32:30:00:00:00:00:00:00:00
> >
> > type=00002, len=00014: 00:01:00:01:2d:90:6d:83:00:50:56:be:a7:9a
> >
> > type=00013, len=00018: Success(0) "no active leases"
> >
> > No relays traversed.
> >
> >
> >
> > I believe this is a crucial feature for anyone launching IPv6 with
> Prefix Delegation. Has anyone seen this feature work using relay-id? How
> did you know which one to use?
> >
> >
> >
> > Thanks,
> >
> > Mark
> >
> > --
> > ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >
> > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >
> > Kea-users mailing list
> > Kea-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/kea-users
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240918/5d7444a1/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 47273 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240918/5d7444a1/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 47273 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240918/5d7444a1/attachment-0003.png>
More information about the Kea-users
mailing list