[Kea-users] Duplicate Subnets

Darren Ankney darren.ankney at gmail.com
Thu Oct 2 00:45:58 UTC 2025 

Hi Dee-Jay,

In Kea, the subnet is just a label.  You should be able to do
something like this:
"subnet4": [
 {
   "subnet": "192.168.10.0/30",
   "id": 1
 },
 {
   "subnet": "192.168.10.1/30",
   "id": 2
 }
]

However, kea-dhcp4 may then complain about overlapping pools.  Please
do try this in a test lab before trying to use in production.

Thank you,
Darren Ankney


On Wed, Oct 1, 2025 at 2:56 AM Dee-Jay Logozzo
<dee-jay.logozzo at ursys.com.au> wrote:
>
> Hi All,
>
> I am unable to configure KEA to serve identical subnets to different networks.
>
> We have an MPLS Service-Provider style network I am configuring that would benefit from being able to provide DHCP for different segregated network segments (vrfs) using overlapping (or possibly duplicate) subnets.
> These segregated vrfs are able to talk back to the KEA instance via multi-homed DHCP Relays living in both the customer's vrf, and our dhcp-management vrf.
> We are using Option 82 (sub-option 2) set individually by each DHCP relay to distinguish between each network within the KEA DHCP server.
> Everything is working as expected with this configuration, the segregated DHCP clients are able to receive their specific allocation as per Option 82 (using flex-id within KEA).
> However, if we configure two different and segregated network pools to use the same subnet within the KEA kea-dhcp4.conf configuration file, KEA refuses to start with a 'DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file 'kea-dhcp4.conf': subnet with the prefix of '192.168.10.0/30' already exists (kea-dhcp4.conf:62:7)' error.
>
> As the IP subnets we use for the different network segments are often allocations from our customers, the likelihood for subnet collision is inevitable, but as they are segregated networks that does not cause any issues.
> The only problem is that KEA refuses to start with such a configuration.
>
> Is this a supported configuration that I am missing the obvious solution for? Are there any available workarounds for my use-case? Are there any other solutions for such an issue?
> We have considered running multiple distinct KEA instances, one for each customer with dedicated configuration, however this is undesirable as it greatly increases both the network design and system provisioning logic required for the rest of our system, as well as reduces the system resiliency as each customer/network-segment would need its own load-balance/HA group instead of being able to pool all those server (or vm) resources into one larger load-balance/HA group.
> We would much prefer to be able to have one KEA configuration covering everything.
>
> Regards.
>
> Dee-Jay
>
>
> Dee-Jay Logozzo
>
> IT Security Architect
>
> URSYS PTY LTD
>
> Level 1 / 459 – 461 Parramatta Road
>
> Leichhardt  2040 NSW
>
> E: dee-jay at ursys.com.au
>
> T: 02 8745 2841
>
> W: URSYS.com.au
>
>
>
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> Kea-users at lists.isc.org

More information about the Kea-users mailing list