[Kea-users] Duplicate Subnets

Dee-Jay Logozzo dee-jay.logozzo at ursys.com.au
Wed Oct 1 06:55:41 UTC 2025 

Hi All,

I am unable to configure KEA to serve identical subnets to different networks.

We have an MPLS Service-Provider style network I am configuring that would benefit from being able to provide DHCP for different segregated network segments (vrfs) using overlapping (or possibly duplicate) subnets.
These segregated vrfs are able to talk back to the KEA instance via multi-homed DHCP Relays living in both the customer's vrf, and our dhcp-management vrf.
We are using Option 82 (sub-option 2) set individually by each DHCP relay to distinguish between each network within the KEA DHCP server.
Everything is working as expected with this configuration, the segregated DHCP clients are able to receive their specific allocation as per Option 82 (using flex-id within KEA).
However, if we configure two different and segregated network pools to use the same subnet within the KEA kea-dhcp4.conf configuration file, KEA refuses to start with a 'DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file 'kea-dhcp4.conf': subnet with the prefix of '192.168.10.0/30' already exists (kea-dhcp4.conf:62:7)' error.

As the IP subnets we use for the different network segments are often allocations from our customers, the likelihood for subnet collision is inevitable, but as they are segregated networks that does not cause any issues.
The only problem is that KEA refuses to start with such a configuration.

Is this a supported configuration that I am missing the obvious solution for? Are there any available workarounds for my use-case? Are there any other solutions for such an issue?
We have considered running multiple distinct KEA instances, one for each customer with dedicated configuration, however this is undesirable as it greatly increases both the network design and system provisioning logic required for the rest of our system, as well as reduces the system resiliency as each customer/network-segment would need its own load-balance/HA group instead of being able to pool all those server (or vm) resources into one larger load-balance/HA group.
We would much prefer to be able to have one KEA configuration covering everything.


Regards.

Dee-Jay


Dee-Jay Logozzo

IT Security Architect

URSYS PTY LTD

Level 1 / 459 – 461 Parramatta Road

Leichhardt  2040 NSW

E: dee-jay at ursys.com.au<mailto:dee-jay at ursys.com.au>

T: 02 8745 2841

W: URSYS.com.au<https://ursys.com.au/>

[cid:117db375-a32b-47a3-8843-59dfad20cd46]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20251001/9862f70d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-iaqzm1yd.png
Type: image/png
Size: 18368 bytes
Desc: Outlook-iaqzm1yd.png
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20251001/9862f70d/attachment-0001.png>

More information about the Kea-users mailing list