[Kea-users] Kea-users Digest, Vol 128, Issue 26
Owen DeLong
owen at delong.com
Sat Feb 15 08:15:45 UTC 2025
Try taking out the “relay” clauses. I’ve never had to use those for DHCP6 relay, and I suspect that since your relay is sending the packets to the kea server via it’s link local address (fe80::…), it’s failing to match the “relay” statement.
Owen
> On Feb 15, 2025, at 00:10, kea-users-request at lists.isc.org wrote:
>
> Send Kea-users mailing list submissions to
> kea-users at lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.isc.org/mailman/listinfo/kea-users
> or, via email, send a message with subject or body 'help' to
> kea-users-request at lists.isc.org
>
> You can reach the person managing the list at
> kea-users-owner at lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Kea-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Not processing DHPCv6 Relayed requests (Geoff Sweet)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 15 Feb 2025 00:10:18 -0800
> From: Geoff Sweet <thegorf+kea at gmail.com>
> To: "Kea user's list" <kea-users at lists.isc.org>
> Subject: Re: [Kea-users] Not processing DHPCv6 Relayed requests
> Message-ID:
> <CAPkbxkr9AXEH+f9Hc0e=upZHkhx=jwuyMp8fHgDsU3Uwrz2Aow at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Thanks kindly there Darren, that did make a difference and solved part of
> the problem. I also made a change in the configuration. Check this out, the
> config is shared-network now and the debug logs clearly show that it now
> receives the request and looks for a subnet. What is strange here is this
> log entry:
>
> 2025-02-14 23:49:15.069 WARN [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_FAIL_SHARED_NETWORK
> duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907:
> failed to allocate a lease in the shared network Site Subnets: 0 subnets
> have no available leases, 15 subnets have no matching pools
>
> I don't know where it's getting that 15 subnets from. Or why it thinks
> there are 0 subnets with available leases. By the way, that sentence is an
> odd double negative.
>
> Anyway, I'm just throwing stuff against the wall in this config now.
> Current subnet configuration and block of logs below:
>
> ####
> Config
> ####
> "shared-networks": [
> {
> "name": "Site Subnets",
> "subnet6": [
> {
> "id":6100,
> "subnet":"2603:3023:62c:e101::/64",
> "pools":[ { "pool":"2603:3023:62c:e101::1000 -
> 2603:3023:62c:e101::ffff" } ],
> "relay":{
> "ip-addresses":[ "2603:3023:62c:e101::1" ]
> },
> "interface": "ens18"
> },
> {
> "id":6110,
> "subnet":"2603:3023:62c:e110::/64",
> "pools":[ { "pool":"2603:3023:62c:e110::1000 -
> 2603:3023:62c:e110::ffff" } ],
> "relay":{
> "ip-addresses":[ "2603:3023:62c:e110::1" ]
> },
> "interface": "ens18"
> },
> {
> "id":6130,
> "subnet":"2603:3023:62c:e130::/64",
> "pools":[ { "pool":"2603:3023:62c:e130::1000 -
> 2603:3023:62c:e130::ffff" } ],
> "relay":{
> "ip-addresses":[ "2603:3023:62c:e130::1" ]
> },
> "interface": "ens18"
> },
> {
> "id":6150,
> "subnet":"2603:3023:62c:e150::/64",
> "pools":[ { "pool":"2603:3023:62c:e150::1000 -
> 2603:3023:62c:e150::ffff" } ],
> "relay":{
> "ip-addresses":[ "2603:3023:62c:e150::1" ]
> },
> "interface": "ens18"
> },
> {
> "id":6160,
> "subnet":"2603:3023:62c:e160::/64",
> "pools":[ { "pool":"2603:3023:62c:e160::1000 -
> 2603:3023:62c:e160::ffff" } ],
> "interface": "ens18"
> }
> ]
> }
> ],
>
> ####
> Logfile of a request:
> ####
>
> msg_type=SOLICIT (1), trans_id=0xe52907,
> options:
> type=00001, len=00010: 00:03:00:01:16:fb:97:88:25:a7
> type=00006, len=00002: 82(uint16)
> type=00008, len=00002: 23347 (uint16)
> type=00014, len=00000:
> type=00025(IA_PD), len=00041: iaid=0, t1=0, t2=0,
> options:
> type=00026(IAPREFIX), len=00025: prefix=::/64, preferred-lft=0,
> valid-lft=0
> 1 relay(s):
> relay[0]: msg-type=12(RELAY_FORWARD), hop-count=0,
> link-address=2603:3023:62c:e101::1, peer-address=fe80::14fb:97ff:fe88:25a7,
> 1 option(s)
> type=00018, len=00004: 04:00:00:00
>
> 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.packets/9752.140223914522304]
> DHCP6_SUBNET_SELECTED duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr
> info], tid=0xe52907: the subnet with ID 6100 was selected for client
> assignments
> 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.packets/9752.140223914522304]
> DHCP6_SUBNET_DATA duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info],
> tid=0xe52907: the selected subnet details: 2603:3023:62c:e101::/64
> 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304]
> HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
> identifier: hwaddr=16FB978825A7
> 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304]
> HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=16FB978825A7,
> found 0 host(s)
> 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304]
> HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
> identifier: duid=0003000116FB978825A7
> 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304]
> HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier
> duid=0003000116FB978825A7, found 0 host(s)
> 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.dhcp6/9752.140223914522304]
> DHCP6_CLASS_ASSIGNED duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr
> info], tid=0xe52907: client packet has been assigned to the following
> class: UNKNOWN
> 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.dhcp6/9752.140223914522304]
> DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION
> duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907:
> client packet has been assigned to the following classes: ALL, UNKNOWN
> 2025-02-14 23:49:15.069 DEBUG [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_UNRESERVED no static reservations available - trying
> to dynamically allocate leases for client
> duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907
> 2025-02-14 23:49:15.069 WARN [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_FAIL_SHARED_NETWORK
> duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907:
> failed to allocate a lease in the shared network Site Subnets: 0 subnets
> have no available leases, 15 subnets have no matching pools
> 2025-02-14 23:49:15.069 WARN [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS duid=[00:03:00:01:16:fb:97:88:25:a7],
> [no hwaddr info], tid=0xe52907: no pools were available for the lease
> allocation
> 2025-02-14 23:49:15.069 WARN [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES duid=[00:03:00:01:16:fb:97:88:25:a7],
> [no hwaddr info], tid=0xe52907: Failed to allocate an IPv6 address for
> client with classes: ALL, UNKNOWN
> 2025-02-14 23:49:15.069 DEBUG [kea-dhcp6.options/9752.140223914522304]
> DHCP6_ADD_STATUS_CODE_FOR_IA duid=[00:03:00:01:16:fb:97:88:25:a7], [no
> hwaddr info], tid=0xe52907: adding Status Code to IA with iaid=0:
> NoPrefixAvail(6) "Sorry, no prefixes could be allocated."
> 2025-02-14 23:49:15.070 DEBUG [kea-dhcp6.dhcp6/9752.140223914522304]
> DHCP6_CLASSES_ASSIGNED duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr
> info], tid=0xe52907: client packet has been assigned on SOLICIT message to
> the following classes: ALL, UNKNOWN
> 2025-02-14 23:49:15.070 INFO [kea-dhcp6.packets/9752.140223914522304]
> DHCP6_PACKET_SEND duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info],
> tid=0xe52907: trying to send packet ADVERTISE (type 2) from
> [2603:3023:62c:e160::11]:547 to [2603:3023:62c:e160::1]:547 on interface
> ens18
> 2025-02-14 23:49:15.070 DEBUG [kea-dhcp6.packets/9752.140223914522304]
> DHCP6_RESPONSE_DATA duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info],
> tid=0xe52907: responding with packet ADVERTISE (type 2), packet details:
> local_address=[2603:3023:62c:e160::11]:547,
> remote_address=[2603:3023:62c:e160::1]:547,
> msg_type=ADVERTISE (2), trans_id=0xe52907,
> options:
> type=00001, len=00010: 00:03:00:01:16:fb:97:88:25:a7
> type=00002, len=00014: 00:01:00:01:2f:37:1b:26:bc:24:11:80:c9:7a
> type=00025(IA_PD), len=00056: iaid=0, t1=0, t2=0,
> options:
> type=00013, len=00040: NoPrefixAvail(6) "Sorry, no prefixes could be
> allocated."
> 1 relay(s):
> relay[0]: msg-type=13(RELAY_REPLY), hop-count=0,
> link-address=2603:3023:62c:e101::1, peer-address=fe80::14fb:97ff:fe88:25a7,
> 1 option(s)
> type=00018, len=00004: 04:00:00:00
>
>
> On Thu, Feb 13, 2025 at 11:29?AM Darren Ankney <darren.ankney at gmail.com>
> wrote:
>
>> Hi Geoff,
>>
>> You might need to specify your IP address on which to listen in your
>> interfaces-config. You can check with the command: `ss -ulnp`. In
>> the output, look what address is listed with 547. It might be your
>> LLA for the interface. If it is that instead of your GLA for the
>> interface, then you need to specify the address. Something like this:
>>
>> "interfaces-config": {
>> "interfaces": [
>> "ens18/2001:db8::12"
>> ]
>> },
>>
>> See here:
>> https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#interface-configuration
>>
>> Thank you,
>> Darren Ankney
>>
>> On Tue, Feb 11, 2025 at 1:28?AM Geoff Sweet <thegorf+kea at gmail.com> wrote:
>>>
>>> Greetings everyone,
>>> I have a Kea 2.6 installation that for the most part is going great.
>> However, I'm not able to figure out the config to make it work with IPv6
>> relayed DHCPv6 requests. At the end of this email is my complete config.
>> So, my firewall is doing all DHCP relaying. I can see via tcpdump that the
>> request originates in the local subnet, is received by the firewall relay
>> agent, forwards it to the subnet with the Kea server on it, and forwards
>> it. On the Kea server itself I can see the request arrive for instance:
>>>
>>> 22:00:52.949059 IP6 (hlim 64, next-header UDP (17) payload length: 133)
>> 2603:3023:62c:e160::1.547 > 2603:3023:62c:e160::11.547: [udp sum ok] dhcp6
>> relay-fwd (linkaddr=2603:3023:62c:e101::1
>> peeraddr=fe80::14fb:97ff:fe88:25a7 (interface-ID 04000000...)
>> (relay-message (dhcp6 solicit (xid=4d2037 (elapsed-time 0) (client-ID
>> hwaddr type 1 16fb978825a7) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/64
>> pltime:0 vltime:0)) (option-request opt_82) (rapid-commit))))
>>>
>>> I'm not sure why the interface-ID is set the way it is. So opted to
>> ignore it and instead focus on the linkaddr. But while the documentation
>> mentions it, for the life of me I can NOT find a single example of how to
>> configure it. So I'm kinda throwing things at the wall now. As you can see
>> below. Can anyone offer any insight into what I am doing wrong? Also,could
>> someone tell me if my loggers are configured correctly? They literally
>> produce exactly the same output no matter what I do with severity and
>> debuglevel. Part of the reason this is so frustrating to troubleshoot.
>>>
>>> Thanks everyone!
>>>
>>> #######
>>> kea-dhcpv6.conf
>>> #######
>>> {
>>> "Dhcp6": {
>>> "renew-timer": 21600,
>>> "rebind-timer": 43200,
>>> "valid-lifetime": 86400,
>>> "interfaces-config": {
>>> "interfaces": [
>>> "ens18"
>>> ]
>>> },
>>> "lease-database": {
>>> "type": "memfile",
>>> "persist": true,
>>> "name": "/var/lib/kea/dhcp6.leases"
>>> },
>>> "option-data": [
>>> {
>>> "name": "dns-servers",
>>> "data": "2603:3023:62c:e101::10, 2603:3023:62c:e101::12"
>>> },
>>> {
>>> "name": "domain-search",
>>> "data": "iotlab.loc"
>>> }
>>> ],
>>> "dhcp-ddns": {
>>> "enable-updates": true,
>>> "server-ip": "127.0.0.1",
>>> "server-port": 53001
>>> },
>>> "ddns-override-client-update": true,
>>> "ddns-override-no-update": true,
>>> "ddns-qualifying-suffix": "iotlab.loc",
>>> "ddns-update-on-renew": true,
>>> "subnet6": [
>>> # Home Subnet
>>> {
>>> "subnet": "2603:3023:62c:e101::/64",
>>> "id": 6100,
>>> "pools": [
>>> {
>>> "pool": "2603:3023:62c:e101::1000 - 2603:3023:62c:e101::ffff"
>>> }
>>> ],
>>> "relay": {
>>> "linkaddr": [ "2603:3023:62c:e101::1" ]
>>> }
>>> },
>>> # DMZ Subnet
>>> {
>>> "subnet": "2603:3023:62c:e110::/64",
>>> "id": 6110,
>>> "pools": [
>>> {
>>> "pool": "2603:3023:62c:e110::1000 - 2603:3023:62c:e110::ffff"
>>> }
>>> ],
>>> "relay": {
>>> "ip-addresses": [ "2603:3023:62c:e110::1" ]
>>> }
>>> },
>>> # IoT Subnet
>>> {
>>> "subnet": "2603:3023:62c:e130::/64",
>>> "id": 6130,
>>> "pools": [
>>> {
>>> "pool": "2603:3023:62c:e130::1000 - 2603:3023:62c:e130::ffff"
>>> }
>>> ],
>>> "relay": {
>>> "ip-addresses": [ "2603:3023:62c:e130::1" ]
>>> }
>>> },
>>> # Guest Subnet
>>> {
>>> "subnet": "2603:3023:62c:e150::/64",
>>> "id": 6150,
>>> "pools": [
>>> {
>>> "pool": "2603:3023:62c:e150::1000 - 2603:3023:62c:e150::ffff"
>>> }
>>> ],
>>> "relay": {
>>> "ip-addresses": [ "2603:3023:62c:e150::1" ]
>>> }
>>> },
>>> {
>>> "subnet": "2603:3023:62c:e160::/64",
>>> "id": 6160,
>>> "interface": "ens18",
>>> "pools": [
>>> {
>>> "pool": "2603:3023:62c:e160::1000 - 2603:3023:62c:e160::ffff"
>>> }
>>> ]
>>> }
>>> ],
>>> "loggers": [
>>> {
>>> "name": "kea-dhcp6",
>>> "severity": "DEBUG",
>>> "debuglevel": "99",
>>> "output_options": [
>>> {
>>> "output": "/var/log/kea/dhcp6.log",
>>> "maxver": 10
>>> }
>>> ]
>>> },
>>> {
>>> "name": "kea-dhcp6.dhcpsrv",
>>> "severity": "DEBUG",
>>> "debuglevel": "99",
>>> "output_options": [
>>> {
>>> "output": "/var/log/kea/dhcp6-dhcpsrv.log",
>>> "maxver": 10
>>> }
>>> ]
>>> },
>>> {
>>> "name": "kea-dhcp6.leases",
>>> "severity": "DEBUG",
>>> "debuglevel": "99",
>>> "output_options": [
>>> {
>>> "output": "/var/log/kea/dhcp6-leases.log",
>>> "maxver": 10
>>> }
>>> ]
>>> },
>>> {
>>> "name": "kea-netconf",
>>> "severity": "DEBUG",
>>> "debuglevel": "99",
>>> "output_options": [
>>> {
>>> "output": "/var/log/kea/kea-netconf.log",
>>> "maxver": 10
>>> }
>>> ]
>>> }
>>> ]
>>> }
>>> }
>>>
>>>
>>>
>>> --
>>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>>
>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>
>>> Kea-users mailing list
>>> Kea-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/kea-users
>> --
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250215/75b9a13c/attachment.htm>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
>
> ------------------------------
>
> End of Kea-users Digest, Vol 128, Issue 26
> ******************************************
More information about the Kea-users
mailing list