[Kea-users] Is Interface mandate in kea-DHCPv6 section
Kraishak Mahtha
kraishak.edu at gmail.com
Fri Feb 21 06:45:45 UTC 2025
Looks like my previous message is not aligned properly with the config, let
me share them as files
On Fri, Feb 21, 2025 at 10:59 AM Kraishak Mahtha <kraishak.edu at gmail.com>
wrote:
> Hi Darren & Owen DeLong
>
> Thanks for your reply and for sharing the information. I have trouble
> dealing with multiple subnets in kea-dhcpv6 mode.
>
> Previously, I used ISC DHCPv6, where I successfully obtained leases from
> both 2001:470:edb5:200::/64 and 2001:470:edb5:300::/64 subnets. In this
> setup, the OPNsense router was configured as a relay with the IP
> 2001:470:edb5:200::23.(server IP, not router IP)
>
> After migrating to Kea DHCPv6, leases are being assigned correctly within
> the local subnet, but clients from 2001:470:edb5:300::/64 are unable to
> obtain addresses. No relevant logs appear in kea-dhcp6-packets.log when a
> client requests a lease from the relayed subnet. However, a network traffic
> capture confirms that packets are being forwarded correctly, yet my Kea
> server does not respond.
>
> ### Troubleshooting Steps Attempted:
> 1. Configured the `relay-ip` statement in the 2001:470:edb5:300::/64
> subnet, using the Kea server's IP address → No success.
> 2. Updated the `relay-ip` statement in the ......300::/64 subnet to match
> 2001:470:edb5:300::1, as observed in the packet capture → No success.
>
> A comparison of network traffic between ISC DHCPv6 and Kea DHCPv6 shows
> identical behavior, yet Kea is not assigning leases for the relayed subnet.
>
>
> Here is my config
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *{ "Dhcp6": { "interfaces-config": { "interfaces": ["ens192"] #
> The network interface the DHCPv6 server listens on },
> "multi-threading": { "packet-queue-size": 28,
> "enable-multi-threading": true, "thread-pool-size": 4 },
> "lease-database": { "name": "/XXXXX/XXXXXX/XXXXX/XXXX/dhcp6.leases",
> "type": "memfile", # In-memory lease database (useful for testing)
> "persist": true # Save leases to disk },
> "preferred-lifetime": 3000, "valid-lifetime": 4000,
> "renew-timer": 1000, "rebind-timer": 2000, "option-data": [ {
> "name": "dns-servers", "data": "2001:470:edb5:200::23" # Define
> DNS servers for clients }, { "name": "domain-search",
> "data": "tester.com <http://tester.com>" # Domain search list }
> ], "subnet6": [ { "subnet": "2001:470:edb5:200::/64", # The
> subnet from which addresses are allocated "interface": "ens192",
> "pools": [ {"pool":
> "2001:470:edb5:200::2-2001:470:edb5:200::15"}, {"pool":
> "2001:470:edb5:200::3e-2001:470:edb5:200::51"}, {"pool":
> "2001:470:edb5:200::52-2001:470:edb5:200::65"} ],
> "preferred-lifetime": 600, "valid-lifetime": 1200,
> "option-data": [ { "name": "dns-servers",
> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet
> }, { "name": "domain-search", "data":
> "tester.com <http://tester.com>" } ] }, {
> "subnet": "2001:470:edb5:300::/64", # The subnet from which addresses are
> allocated "pools": [ {"pool":
> "2001:470:edb5:300::16-2001:470:edb5:300::1f"}, {"pool":
> "2001:470:edb5:300::2-2001:470:edb5:300::b"}, {"pool":
> "2001:470:edb5:300::c-2001:470:edb5:300::15"} ],"relay": {
> "ip-addresses": ["2001:470:edb5:300::1" ] },
> "preferred-lifetime": 600, "valid-lifetime": 1200,
> "option-data": [ { "name": "dns-servers",
> "data": "2001:470:edb5:200::23" # Override DNS servers for this subnet
> }, { "name": "domain-search", "data":
> "tester.com <http://tester.com>" } ] } ], #
> Logging configuration "loggers": [{ "name": "kea-dhcp6",
> "output_options": [{ "output":
> "/var/log/kea-dhcp6.log" }], "severity": "INFO",
> "debuglevel": 99 }, { "debuglevel": 99,
> "severity": "DEBUG", "output_options": [{
> "output": "/var/log/kea-dhcp6-packets.log", "maxver": 5,
> "flush": true, "maxsize": 10240000
> }], "name": "kea-dhcp6.packets" }, {
> "debuglevel": 55, "severity": "DEBUG",
> "output_options": [{ "output":
> "/var/log/kea-dhcp6-leases.log", "maxver": 5,
> "flush": true, "maxsize": 10240000 }],
> "name": "kea-dhcp6.leases" }] }}*
>
> Traffic capture screenshot of kea
> [image: image.png]
> Traffic capture screenshot of ISC(ISC granted lease)
> [image: image.png]
>
> Would appreciate insights on potential configuration mistakes, if any, in
> my Kea DHCPv6 config,
>
> Thanks in Advance
> Kraishak
>
>
>
> On Fri, Feb 21, 2025 at 2:46 AM Darren Ankney <darren.ankney at gmail.com>
> wrote:
>
>> Hi Kraishak,
>>
>> > Q)
>> > 1)Is it mandatory to add the interface line in every subnet6 section,
>> unlike subnet4
>>
>> subnet4 will most likely need the interface specified for a local
>> subnet as well (see here:
>>
>> https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#how-the-dhcpv4-server-selects-a-subnet-for-the-client
>> ).
>>
>> > 2)If that is mandatory, how can I use multiple subnets? Let's say I
>> have one more network range using the same DHCPv6 appliance, but I don't
>> have any interface on the box. How can we use that
>>
>> It is indeed mandatory, for the same reason (see here:
>>
>> https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#ipv6-subnet-selection
>> ).
>>
>> If you have another subnet to which the DHCP server has no interface
>> attached, then there will be a relay agent forwarding the traffic to
>> the DHCP server. Then you will use the "relay: {}" mechanism (see
>> here:
>> https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#using-a-specific-relay-agent-for-a-subnet
>> ).
>> But you may not have to if the relay agent source IP is actually part
>> of one of the subnets configured on your DHCP server.
>>
>> Thank you,
>> Darren Ankney
>> --
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250221/37370fa7/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 175753 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250221/37370fa7/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 130284 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250221/37370fa7/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ISC.png
Type: image/png
Size: 208690 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250221/37370fa7/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Kea.png
Type: image/png
Size: 216425 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250221/37370fa7/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kea-dhcpv6.conf
Type: application/octet-stream
Size: 3311 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250221/37370fa7/attachment-0001.obj>
More information about the Kea-users
mailing list