[Kea-users] Duplicate Subnets

Wed Oct 1 09:46:12 UTC 2025

Hi Frances,

Thank you for your quick reply.
That’s disappointing that tagged IPv4 is not supported.

During my initial research I did come across this thread from 2017 from this mailing list asking for something similar (or possibly the same thing? It's unclear) https://lists.isc.org/mailman/htdig/kea-users/2017-February/000826.html.

It does seem like an important feature for Service Provider type applications and is especially disappointing since Kea already has 90% of the features required for an application like this such as matching subnets based on relay ip or any other arbitrary value (such as option 82 sub options) with flex-id.

Regards,
Dee-Jay Logozzo
________________________________
From: Francis Dupont <fdupont at isc.org>
Sent: Wednesday, October 1, 2025 6:22:22 PM
To: Kea user's list <kea-users at lists.isc.org>; Dee-Jay Logozzo <dee-jay.logozzo at ursys.com.au>
Subject: Re: [Kea-users] Duplicate Subnets

[You don't often get email from fdupont at isc.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Dee-Jay Logozzo writes:
> I am unable to configure KEA to serve identical subnets to different networks.

=> Kea does not support different networks with the same address space.

> We have an MPLS Service-Provider style network I am configuring that would =
> benefit from being able to provide DHCP for different segregated network se=
> gments (vrfs) using overlapping (or possibly duplicate) subnets.

=> so in fact you want to manage (tag, address) resources (vs the common
address resources).

> subnet with the prefix of '192.168.10.0/30' already exists

=> note even you can avoid this error using for instance '192.168.10.1/30'
(Kea raises the error only when the text representation of the subnet is
the same as an already configured one: there are some cases where it can
be useful to configure overlapping subnets in Kea) this does not solve
your problem as the address is the primary (so unique) key for the lease
databases so:
 - tagged IPv4 is not supported
 - you can't have a delegated IPv6 prefix sharing the address part with
  an assigned IPv6 address (not something valid in the real world BTW)
I am afraid you have to run different instances of Kea not sharing the
lease database (e.g. if you use MySQL the "name" of the database must
be different between Kea instances).

> As the IP subnets we use for the different network segments are often alloc=
> ations from our customers, the likelihood for subnet collision is inevitabl=
> e, but as they are segregated networks that does not cause any issues.

=> here the problem is address collision. Of course if there is an
easy way to avoid them there is also no reason to tag addresses so
to allow address collision is an essential part of the problem.

> We have considered running multiple distinct KEA instances, one for each cu=
> stomer with dedicated configuration, however this is undesirable as it grea=
> tly increases both the network design and system provisioning logic require=
> d for the rest of our system, as well as reduces the system resiliency as e=
> ach customer/network-segment would need its own load-balance/HA group inste=
> ad of being able to pool all those server (or vm) resources into one larger=
>  load-balance/HA group.
> We would much prefer to be able to have one KEA configuration covering ever=
> ything.

=> I am afraid that currently you don't have the choice...

Thanks

Francis Dupont <fdupont at isc.org>

PS: as far as I know you are the first to ask for tagged IPv4 support even
one can believe that IPv6 should have removed interest for this...
I leave my colleagues to add comments as IMHO it was a major gap in the Kea
initial design but nobody complained in this list until today.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20251001/8fd779d1/attachment-0001.htm>