[Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
Mark Blackford
mblackford at agn.tech
Wed Sep 18 15:32:18 UTC 2024
Hi Darren,
You are correct. I notated the config file also with that date.
That was indeed the first time that I ever saw a “matching BINDING” to my bulk leasequery by relay-ID attempt, and it was only possible because I added the “store-extended-info”.
Let me know if I can capture anything else for you.
Thanks,
Mark
From: Kea-users <kea-users-bounces at lists.isc.org> on behalf of Darren Ankney <darren.ankney at gmail.com>
Date: Wednesday, September 18, 2024 at 5:04 AM
To: Kea user's list <kea-users at lists.isc.org>
Subject: Re: [Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
Hi Mark,
I see toward the end of the log that these messages with some binary content following the final option start to appear. This seems to have started on "2024-09-06 08:53:21.023". Was this about the time you globally set "store-extended-info": true ? I see that was the day I said that in the earlier message.
2024-09-06 10:26:36.372 DEBUG [kea-dhcp6.lease-query-hooks/106209.140395253245504] BULK_LEASE_QUERY_RESPONSE_SENT A bulk lease query response sent to fc00:d2c0:10:170::3, details: local_address=[::]:0, remote_address=[fc00:d2c0:10:170::3]:65201,
msg_type=LEASEQUERY_DATA (17), trans_id=0x8b66be,
options:
type=00045, len=00233:,
options:
type=00001, len=00010: 00:03:00:01:b8:94:70:fb:20:6e
type=00026(IAPREFIX), len=00025: prefix=2605:d2c0:8000::/56, preferred-lft=761, valid-lft=761
type=00046, len=00004: 439 (uint32)
type=00047, len=00178: fe80::ba94:70ff:fefb:206e (ipv6-address) 0C012605D2C0158002550000000000000003FE80000000000000BA9470FFFEFB206E001200076972622E3230310035001F0002000005830166343A62663A61383A33393A63653A3230000000000000000009004E0C0000000000000000000000000000000000FE80000000000000BA9470FFFEFB206E001200164C41422D5441354B2065746820312F322F312F312F310025000E00000DE95370726F75745F4E4F43 (binary)
No relays traversed.
On Tue, Sep 17, 2024 at 9:16 AM Mark Blackford <mblackford at agn.tech> wrote:
Hello Darren,
I have attached the BLQ log file that you requested.
Thanks!
[Logo]<http://www.alchemy-global.net/>
Mark Blackford
Network Engineer
678-230-8769
mblackford at agn.tech<mailto:mblackford at agn.tech>
From: Kea-users <kea-users-bounces at lists.isc.org<mailto:kea-users-bounces at lists.isc.org>> on behalf of Darren Ankney <darren.ankney at gmail.com<mailto:darren.ankney at gmail.com>>
Date: Tuesday, September 17, 2024 at 4:37 AM
To: Kea user's list <kea-users at lists.isc.org<mailto:kea-users at lists.isc.org>>
Subject: Re: [Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
Hi Mark,
Your configuration looks ok to me. Please can you attach the log file: /var/log/kea/dhcp6-blq.log? I would like to have a look there to see if there is any clue.
Thank you,
Darren Ankney
On Mon, Sep 16, 2024 at 8:51 AM Mark Blackford <mblackford at agn.tech> wrote:
Hello Darren,
I have attached the file here and also pasted below.
Thank you for your assistance,
Mark
% cat kea-dhcp6.conf
{
"Dhcp6": {
"interfaces-config": {
"interfaces": [ "ens224/fc00:d2c0:10:170::23" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/tmp/kea6-ctrl-socket"
},
// Mark B. July 19, 2024
// Trying memfile for bulk leasequery
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/dhcp6.leases"
},
// "lease-database": {
// "type": "postgresql",
// "name": "kea",
// "user": "kea",
// "password": "XXXXXXXXXXXX",
// "host": "localhost",
// "port": 5432
// },
"hosts-database": {
"type": "postgresql",
"name": "kea",
"user": "kea",
"password": "XXXXXXXXXXXX",
"host": "localhost",
"port": 5432
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 600,
"rebind-timer": 800,
"preferred-lifetime": 1200,
"valid-lifetime": 1200,
"option-data": [
{
"name": "dns-servers",
"data": "2001:XXXX:XXXX::XXXX, 2001:XXXX:XXXX::XXXX"
},
],
# Added on suggestion of Darren from ISC Mailing List (Sept. 6, 2024)
# https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp6-srv.html#storing-extended-lease-information
"store-extended-info": true,
"hooks-libraries": [
{
"library": "/usr/lib64/kea/hooks/libdhcp_lease_query.so",
"parameters": {
"requesters": [ "fc00:d2c0:10:170::2", "fc00:d2c0:10:170::3" ],
"advanced" : {
"bulk-query-enabled": true,
"active-query-enabled": false,
"extended-info-tables-enabled": true,
"lease-query-ip": "fc00:d2c0:10:170::23",
"lease-query-tcp-port": 547,
},
},
},
{
"library": "/usr/lib64/kea/hooks/libdhcp_legal_log.so",
"parameters": {
"path": "/var/log/kea",
"base-name": "kea-forensic6",
"request-parser-format": "ifelse(pkt6.msgtype == 5, 'DHCPv6 RENEW(5)' + 0x0a + 'OPTION-18: | DUID= ' + hexstring(option[1].hex, ':') + '| CIRCUIT ID= ' + uint8totext(substring(relay6[1].option[18].hex,20,4)) + 0x0a + 'OPTION-37: REMOTE-ID= ' + uint8totext(substring(relay6[1].option[37].hex, 0, 24)) + 0x0a,'UNKNOWN MESSAGE FOR REQUEST PARSER')",
"response-parser-format": "ifelse(pkt6.msgtype == 7, 'DHCPv6 REPLY(7)' + 0x0a + 'Address: ' + addrtotext(substring(option[3].option[5].hex, 0, 16)) + ' has been assigned for ' + uint32totext(substring(option[3].option[5].hex, 20, 4)) + ' seconds to a device with DUID: ' + hexstring(option[1].hex, ':'),'UNKNOWN MESSAGE FOR RESPONSE PARSER')",
// "request-parser-format": "ifelse(pkt6.msgtype == 5, 'DHCPv6 RENEW(5)' + 0x0a + 'OPTION-18: | DUID= ' + hexstring(option[1].hex, ':') + '| CIRCUIT ID= ' + uint8totext(substring(relay6[1].option[18].hex,20,4)) + 0x0a + 'OPTION-37: REMOTE-ID= ' + uint8totext(substring(relay6[1].option[37].hex, 0, 24)) + 0x0a,'UNKNOWN MESSAGE FOR REQUEST PARSER')",
// "response-parser-format": "ifelse(pkt6.msgtype == 7, 'DHCPv6 REPLY(7)' + 0x0a + 'Address: ' + addrtotext(substring(option[3].option[5].hex, 0, 16)) + ' has been assigned for ' + uint32totext(substring(option[3].option[5].hex, 20, 4)) + ' seconds to a device with DUID: ' + hexstring(option[1].hex, ':'),'UNKNOWN MESSAGE FOR RESPONSE PARSER')",
},
},
{ "library": "/usr/lib64/kea/hooks/libdhcp_lease_cmds.so", },
{ "library": "/usr/lib64/kea/hooks/libdhcp_stat_cmds.so", },
//{ "library": "/usr/lib64/kea/hooks/libdhcp_ha.so", },
],
### Manual edits required here to define subnets to be served by this server.
"subnet6": [
{
"id": 1,
"subnet": "XXXX:XXXX:1580:0255::/64",
"pools": [ { "pool": "XXXX:XXXX:1580:0255::100 - XXXX:XXXX:1580:0255::105" } ],
"interface": "ens224",
"pd-pools": [
{
"prefix": "XXXX:XXXX:8000:0000::",
"prefix-len": 33,
"delegated-len": 56,
}
],
}
],
"loggers": [
{
"name": "kea-dhcp6",
"severity": "DEBUG",
"debuglevel": 99,
"output_options": [
{
"output": "/var/log/kea/dhcp6.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp6.lease-query-hooks",
"severity": "DEBUG",
"debuglevel": 99,
"output_options": [
{
"output": "/var/log/kea/dhcp6-blq.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp6.dhcpsrv",
"severity": "DEBUG",
"debuglevel": 99,
"output_options": [
{
"output": "/var/log/kea/dhcp6-dhcpsrv.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp6.leases",
"severity": "DEBUG",
"debuglevel": 99,
"output_options": [
{
"output": "/var/log/kea/dhcp6-leases.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp6.packets",
"severity": "DEBUG",
"debuglevel": 99,
"output_options": [
{
"output": "/var/log/kea/isc-dhcp6-like-logging.log",
"maxver": 10
}
]
}
]
}
}
// "loggers": [
// {
// "name": "kea-dhcp6",
// "output_options": [
// {
// "output": "stdout",
//
// "pattern": "%-5p %m\n",
// }
// ],
// // This specifies the severity of log messages to keep. Supported values
// // are: FATAL, ERROR, WARN, INFO, DEBUG
// // "severity": "INFO",
//
// // If DEBUG level is specified, this value is used. 0 is least verbose,
// // 99 is most verbose. Be cautious, Kea can generate lots and lots
// // of logs if told to do so.
// "debuglevel": 0
// }
// ]
//}
//}
[Logo]<http://www.alchemy-global.net/>
Mark Blackford
Network Engineer
678-230-8769
mblackford at agn.tech<mailto:mblackford at agn.tech>
From: Kea-users <kea-users-bounces at lists.isc.org<mailto:kea-users-bounces at lists.isc.org>> on behalf of Darren Ankney <darren.ankney at gmail.com<mailto:darren.ankney at gmail.com>>
Date: Friday, September 13, 2024 at 5:30 AM
To: Kea user's list <kea-users at lists.isc.org<mailto:kea-users at lists.isc.org>>
Subject: Re: [Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
Hello Mark,
Please can you upload your full configuration here (with any sensitive parts redacted)?
Thank you,
Darren Ankney
On Wed, Sep 11, 2024 at 2:43 PM Mark Blackford <mblackford at agn.tech> wrote:
Hello Darren,
I re-tested the BLQ from Kea last week to a Juniper Gateway router, and while the IA_NA and IA_PD DUID leases were found this time, the actual DHCPv6 Type (15) Leasequery-reply packets are undecodable.
I was taking packet captures at the time and wireshark agrees:
1) The IA Address (Type 5) response, Wireshark claims “Trailing Stray Characters”
2) The IA Prefix (Type 26) response, Wireshark claims “Malformed Packet”
I have attached the following for the packets:
1. Detailed BLQ Kea Log for the transaction
2. PCAPs take at the Kea Server
3. The Kea DHCP Lease File (From today)
4. The Snippet of the Juniper Decode
I forgot to get the leases file on Friday, but this is a lab with only 1 unit. I attached the file from today which looks to have the same information.
It looks like the info that is needed to restore the lease is there, but I don’t know how to stop the packets being malformed.
Thank,
[Logo]<http://www.alchemy-global.net/>
Mark Blackford
Network Engineer
678-230-8769
mblackford at agn.tech<mailto:mblackford at agn.tech>
From: Kea-users <kea-users-bounces at lists.isc.org<mailto:kea-users-bounces at lists.isc.org>> on behalf of Mark Blackford <mblackford at agn.tech>
Date: Friday, September 6, 2024 at 9:02 AM
To: Kea user's list <kea-users at lists.isc.org<mailto:kea-users at lists.isc.org>>
Subject: Re: [Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
Hello Darren,
Thank you very much for your reply and correcting this issue.
1) I was aware of the 2.6 requirement and re-installed everything from scratch a little over a month ago.
[root at dhcp-test ~]# kea-dhcp4 -v
2.6.1
[root at dhcp-test ~]# kea-dhcp6 -v
2.6.1
2) However, I have been following this link:
https://kea.readthedocs.io/en/kea-2.6.0/arm/hooks.html#bulk-leasequery-configuration
Which indicated to me that the option “extended-info-tables-enabled” would have provided the same functionality. However, as you pointed out, there was no relay ID in the lease table.
I have since added the global parameter "store-extended-info" as you suggested, and I now see the JSON now at the end of each memfile lease. I hope this helps anyone trying to accomplish the same thing.
[Logo]<http://www.alchemy-global.net/>
Mark Blackford
Network Engineer
678-230-8769
mblackford at agn.tech<mailto:mblackford at agn.tech>
From: Kea-users <kea-users-bounces at lists.isc.org<mailto:kea-users-bounces at lists.isc.org>> on behalf of Darren Ankney <darren.ankney at gmail.com<mailto:darren.ankney at gmail.com>>
Date: Friday, September 6, 2024 at 4:33 AM
To: Kea user's list <kea-users at lists.isc.org<mailto:kea-users at lists.isc.org>>
Subject: Re: [Kea-users] Kea DHCPv6 Bulk Leasequery Relay-ID
Hi Mark,
Two questions:
1. Are you using Kea 2.6.1 ? I think the relay-id method was not
available before 2.6
2. Have you globally set "store-extended-info": true ? (see:
https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp6-srv.html#storing-extended-lease-information)
as this is required as well. It doesn't appear so from the lease you
pasted as I don't see any data in the "user-context" field.
Thank you,
Darren Ankney
On Wed, Aug 28, 2024 at 3:23 PM Mark Blackford <mblackford at agn.tech> wrote:
>
> Hello,
>
>
>
> I am trying to use the Bulk Leasequery feature of Kea DHCP6 to reload Gateway routers with delegated (or all) leases that have been lost due to either a reload or crash scenario. Since I want to reload thousands of IA_NA/IA_PD leases on demand, I expected to see a very clear “glue” between the relay ID and the target leases. But I do not and using default commands from my Juniper gateways is not resulting in any leases being returned.
>
>
>
> My main question that I am struggling with is where do I find where the Relay-ID value is stored to properly query for leases tied to it since I do not even know if my relay-id is valid?
>
>
>
> Based on 16.16.6. DHCPv6 Bulk Leasequery https://kea.readthedocs.io/en/kea-2.6.0/arm/hooks.html#dhcpv6-bulk-leasequery, I re-installed Kea to use a memfile lease backend to use those features.
>
>
>
> My hook library config is below with logging turned to max:
>
>
>
> "hooks-libraries": [
>
> {
>
> "library": "/usr/lib64/kea/hooks/libdhcp_lease_query.so",
>
> "parameters": {
>
> "requesters": [ "fc00:d2c0:10:170::2", "fc00:d2c0:10:170::3" ],
>
> "advanced" : {
>
> "bulk-query-enabled": true,
>
> "active-query-enabled": false,
>
> "extended-info-tables-enabled": true,
>
> "lease-query-ip": "fc00:d2c0:10:170::23",
>
> "lease-query-tcp-port": 547,
>
> },
>
> },
>
> },
>
>
>
> "loggers": [
>
>
>
> {
>
> "name": "kea-dhcp6.lease-query-hooks",
>
> "severity": "DEBUG",
>
> "debuglevel": 99,
>
> "output_options": [
>
> {
>
> "output": "/var/log/kea/dhcp6-blq.log",
>
> "maxver": 10
>
> }
>
> ]
>
> },
>
>
>
> I see the bulk message come into the log file, but it also says there are no leases when I know there is at least 1 test lease (IA_NA/IA_PD):
>
>
>
> [root at dhcp-test ~]# cat /var/lib/kea/dhcp6.leases
>
> address,duid,valid_lifetime,expire,subnet_id,pref_lifetime,lease_type,iaid,prefix_len,fqdn_fwd,fqdn_rev,hostname,hwaddr,state,user_context,hwtype,hwaddr_source,pool_id
>
> 2001:db8:1580:255::100,00:03:00:01:b8:94:70:fb:20:6e,600,1724871654,1,600,0,1,128,0,0,resgw,b8:94:70:fb:20:6e,0,,1,2,0
>
> 2001:db8:8000::,00:03:00:01:b8:94:70:fb:20:6e,600,1724871654,1,600,2,1,56,0,0,resgw,b8:94:70:fb:20:6e,0,,1,2,0
>
>
>
> But the BLQ Hook Log says there are “no active leases”:
>
>
>
> 2024-08-21 14:54:10.244 DEBUG [kea-dhcp6.lease-query-hooks/1319.140527284262464] BULK_LEASE_QUERY_QUERY_RECEIVED A bulk lease query packet received from fc00:d2c0:10:170::3, details: local_address=[::]:0, remote_address=[fc00:d2c0:10:170::3]:53751,
>
> msg_type=LEASEQUERY (14), trans_id=0xeda378,
>
> options:
>
> type=00001, len=00031: 00:02:00:00:05:83:01:66:34:3a:62:66:3a:61:38:3a:33:39:3a:63:65:3a:32:30:00:00:00:00:00:00:00
>
> type=00044, len=00072: 3 (uint8) :: (ipv6-address),
>
> options:
>
> type=00006, len=00016: 18(uint16) 37(uint16) 47(uint16) 15(uint16) 16(uint16) 12(uint16) 100(uint16) 79(uint16)
>
> type=00053, len=00031: 00:02:00:00:05:83:01:66:34:3a:62:66:3a:61:38:3a:33:39:3a:63:65:3a:32:30:00:00:00:00:00:00:00
>
> No relays traversed.
>
>
>
> 2024-08-21 14:54:10.244 DEBUG [kea-dhcp6.lease-query-hooks/1319.140527284262464] BULK_LEASE_QUERY_RESPONSE_SENT A bulk lease query response sent to fc00:d2c0:10:170::3, details: local_address=[::]:0, remote_address=[fc00:d2c0:10:170::3]:53751,
>
> msg_type=LEASEQUERY_REPLY (15), trans_id=0xeda378,
>
> options:
>
> type=00001, len=00031: 00:02:00:00:05:83:01:66:34:3a:62:66:3a:61:38:3a:33:39:3a:63:65:3a:32:30:00:00:00:00:00:00:00
>
> type=00002, len=00014: 00:01:00:01:2d:90:6d:83:00:50:56:be:a7:9a
>
> type=00013, len=00018: Success(0) "no active leases"
>
> No relays traversed.
>
>
>
> I believe this is a crucial feature for anyone launching IPv6 with Prefix Delegation. Has anyone seen this feature work using relay-id? How did you know which one to use?
>
>
>
> Thanks,
>
> Mark
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org<mailto:Kea-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users at lists.isc.org<mailto:Kea-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users at lists.isc.org<mailto:Kea-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users at lists.isc.org<mailto:Kea-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users at lists.isc.org<mailto:Kea-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/kea-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240918/4647e85d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 47273 bytes
Desc: image001.png
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240918/4647e85d/attachment-0001.png>
More information about the Kea-users
mailing list