[Kea-users] Is Interface mandate in kea-DHCPv6 section

Darren Ankney darren.ankney at gmail.com
Sat Mar 1 11:49:00 UTC 2025 

Hi Kraishak,

I am not able to understand what is happening with screenshots of packet
captures.  Please describe the problem you are having currently and attach
the actual .pcap file for analysis.  Looking at your DHCPv6 configuration,
I would say again that your kea-dhcp6 is likely only listening on the link
local (fe80) address.  This is due to:

   "interfaces-config": {
      "interfaces": ["ens192"]  # The network interface the DHCPv6 server
listens on
    },

Kea will pick the first address it finds on the interface and link to it.
This is almost always the link local rather than the unique global (or
local) address.

Please try changing the above to "ens192/<address>" where address is the
aforementioned unique local (ULA) or global address (UGA).  That is
assuming that statements such as:

"relay": {
                "ip-addresses": ["2001:470:edb5:300::1" ]
            },

reflect a relay agent that is configured to forward packets to the
kea-dhcp6 server at the ULA or UGA.

Thank you,
Darren Ankney


On Thu, Feb 27, 2025 at 8:33 AM Kraishak Mahtha <kraishak.edu at gmail.com>
wrote:

> Looks like my previous message is not aligned properly with the config,
> let me share them as files
>
>
>
> On Fri, Feb 21, 2025 at 10:59 AM Kraishak Mahtha <kraishak.edu at gmail.com>
> wrote:
>
>> Hi Darren & Owen DeLong
>>
>> Thanks for your reply and for sharing the information. I have trouble
>> dealing with multiple subnets in kea-dhcpv6 mode.
>>
>> Previously, I used ISC DHCPv6, where I successfully obtained leases from
>> both 2001:470:edb5:200::/64 and 2001:470:edb5:300::/64 subnets. In this
>> setup, the OPNsense router was configured as a relay with the IP
>> 2001:470:edb5:200::23.(server IP, not router IP)
>>
>> After migrating to Kea DHCPv6, leases are being assigned correctly within
>> the local subnet, but clients from 2001:470:edb5:300::/64 are unable to
>> obtain addresses. No relevant logs appear in kea-dhcp6-packets.log when a
>> client requests a lease from the relayed subnet. However, a network traffic
>> capture confirms that packets are being forwarded correctly, yet my Kea
>> server does not respond.
>>
>> ### Troubleshooting Steps Attempted:
>> 1. Configured the `relay-ip` statement in the 2001:470:edb5:300::/64
>> subnet, using the Kea server's IP address → No success.
>> 2. Updated the `relay-ip` statement in the ......300::/64 subnet to match
>> 2001:470:edb5:300::1, as observed in the packet capture → No success.
>>
>> A comparison of network traffic between ISC DHCPv6 and Kea DHCPv6 shows
>> identical behavior, yet Kea is not assigning leases for the relayed subnet.
>>
>>
>> Here is my config
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *{  "Dhcp6": {    "interfaces-config": {      "interfaces": ["ens192"]  #
>> The network interface the DHCPv6 server listens on    },
>> "multi-threading": {        "packet-queue-size": 28,
>> "enable-multi-threading": true,        "thread-pool-size": 4    },
>> "lease-database": {      "name": "/XXXXX/XXXXXX/XXXXX/XXXX/dhcp6.leases",
>>      "type": "memfile",  # In-memory lease database (useful for testing)
>>   "persist": true     # Save leases to disk    },
>> "preferred-lifetime": 3000,    "valid-lifetime": 4000,
>> "renew-timer": 1000,    "rebind-timer": 2000,    "option-data": [      {
>>     "name": "dns-servers",        "data": "2001:470:edb5:200::23"  # Define
>> DNS servers for clients      },      {        "name": "domain-search",
>>   "data": "tester.com <http://tester.com>"  # Domain search list      }
>> ],    "subnet6": [      {        "subnet": "2001:470:edb5:200::/64",  # The
>> subnet from which addresses are allocated        "interface": "ens192",
>>     "pools": [                {"pool":
>> "2001:470:edb5:200::2-2001:470:edb5:200::15"},                {"pool":
>>  "2001:470:edb5:200::3e-2001:470:edb5:200::51"},                {"pool":
>> "2001:470:edb5:200::52-2001:470:edb5:200::65"}        ],
>> "preferred-lifetime": 600,        "valid-lifetime": 1200,
>> "option-data": [          {            "name": "dns-servers",
>> "data": "2001:470:edb5:200::23"  # Override DNS servers for this subnet
>>       },          {            "name": "domain-search",            "data":
>> "tester.com <http://tester.com>"          }        ]      },     {
>> "subnet": "2001:470:edb5:300::/64",  # The subnet from which addresses are
>> allocated        "pools": [             {"pool":
>> "2001:470:edb5:300::16-2001:470:edb5:300::1f"},             {"pool":
>> "2001:470:edb5:300::2-2001:470:edb5:300::b"},             {"pool":
>> "2001:470:edb5:300::c-2001:470:edb5:300::15"}        ],"relay": {
>>       "ip-addresses": ["2001:470:edb5:300::1" ]            },
>>   "preferred-lifetime": 600,        "valid-lifetime": 1200,
>> "option-data": [          {            "name": "dns-servers",
>> "data": "2001:470:edb5:200::23"  # Override DNS servers for this subnet
>>       },          {            "name": "domain-search",            "data":
>> "tester.com <http://tester.com>"          }        ]      }    ],    #
>> Logging configuration       "loggers": [{            "name": "kea-dhcp6",
>>           "output_options": [{                "output":
>> "/var/log/kea-dhcp6.log"            }],            "severity": "INFO",
>>       "debuglevel": 99        },        {            "debuglevel": 99,
>>       "severity": "DEBUG",            "output_options": [{
>> "output": "/var/log/kea-dhcp6-packets.log",                "maxver": 5,
>>             "flush": true,                "maxsize": 10240000
>> }],            "name": "kea-dhcp6.packets"        },       {
>> "debuglevel": 55,            "severity": "DEBUG",
>> "output_options": [{                "output":
>> "/var/log/kea-dhcp6-leases.log",                "maxver": 5,
>> "flush": true,                "maxsize": 10240000            }],
>> "name": "kea-dhcp6.leases"        }] }}*
>>
>> Traffic capture screenshot of  kea
>> [image: image.png]
>> Traffic capture screenshot of ISC(ISC granted lease)
>> [image: image.png]
>>
>> Would appreciate insights on potential configuration mistakes, if any, in
>> my Kea DHCPv6 config,
>>
>> Thanks in Advance
>> Kraishak
>>
>>
>>
>> On Fri, Feb 21, 2025 at 2:46 AM Darren Ankney <darren.ankney at gmail.com>
>> wrote:
>>
>>> Hi Kraishak,
>>>
>>> > Q)
>>> > 1)Is it mandatory to add the interface line in every subnet6 section,
>>> unlike subnet4
>>>
>>> subnet4 will most likely need the interface specified for a local
>>> subnet as well (see here:
>>>
>>> https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#how-the-dhcpv4-server-selects-a-subnet-for-the-client
>>> ).
>>>
>>> > 2)If that is mandatory, how can I use multiple subnets? Let's say I
>>> have one more network range using the same DHCPv6 appliance, but I don't
>>> have any interface on the box. How can we use that
>>>
>>> It is indeed mandatory, for the same reason (see here:
>>>
>>> https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#ipv6-subnet-selection
>>> ).
>>>
>>> If you have another subnet to which the DHCP server has no interface
>>> attached, then there will be a relay agent forwarding the traffic to
>>> the DHCP server.  Then you will use the "relay: {}" mechanism (see
>>> here:
>>> https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#using-a-specific-relay-agent-for-a-subnet
>>> ).
>>> But you may not have to if the relay agent source IP is actually part
>>> of one of the subnets configured on your DHCP server.
>>>
>>> Thank you,
>>> Darren Ankney
>>> --
>>> ISC funds the development of this software with paid support
>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> information.
>>>
>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>
>>> Kea-users mailing list
>>> Kea-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>
>> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250301/c2499ff5/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 175753 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250301/c2499ff5/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 130284 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250301/c2499ff5/attachment-0003.png>

More information about the Kea-users mailing list