<div dir="ltr"><div class="gmail_default" style="font-size:small">I'm a little confused about what you are trying to do. What don't you like about the way it is working now?</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">I have also configured an "ipv6-mostly" network and have kea doing the option 108 thing and am happy with the way it is all working.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">--Dan</div><div class="gmail_default" style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jul 28, 2023 at 2:12 PM Brian Candler <<a href="mailto:b.candler@pobox.com">b.candler@pobox.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
I have a somewhat out-of-the-ordinary config question. I'm using <br>
isc-kea-dhcp4 version 2.4.0 under Ubuntu 22.04. The full config is at <br>
the end of this mail.<br>
<br>
Background: I have set up a "mostly IPv6" subnet, as per this article: <br>
<a href="https://labs.ripe.net/author/ondrej_caletka_1/deploying-ipv6-mostly-access-networks/" rel="noreferrer" target="_blank">https://labs.ripe.net/author/ondrej_caletka_1/deploying-ipv6-mostly-access-networks/</a><br>
<br>
I have it working when offering IPv4 addresses to all clients. Those <br>
which support the v6-only-preferred option happily ignore the IPv4 <br>
address that I offer, and will configure themselves as IPv6-only. Neat.<br>
<br>
However, I want to tighten this up to make it a true "IPv6-only" <br>
network, as follows:<br>
<br>
(a) Only make an offer to clients which request the "v6-only-preferred" <br>
parameter (option 108, RFC 8925). That is: I don't want to offer IPv4 <br>
addresses to anyone who will actually use them.<br>
<br>
(b) Offer yiaddr 0.0.0.0, as RFC 8925 section 3.3 says I should, instead <br>
of a pool address. And preferably get rid of the pool entirely.<br>
<br>
<br>
Problem 1: in order to test whether the client supports <br>
v6-only-preferred, I have to check whether 108 is included in the <br>
dhcp-parameter-request-list (option 55) from the request.<br>
<br>
Unfortunately, "option[108].exists" does not work for this, because the <br>
client isn't sending option 108; they are only requesting option 108 as <br>
a response parameter.<br>
<br>
The only solution I could come up with was this:<br>
<br>
"client-classes": [<br>
{<br>
"name": "rfc8925",<br>
"test": "substring(option[55].hex, 0, 1) == 0x6c or <br>
substring(option[55].hex, 1, 1) == 0x6c or substring(option[55].hex, 2, <br>
1) == 0x6c or substring(option[55].hex, 3, 1) == 0x6c or <br>
substring(option[55].hex, 4, 1) == 0x6c or substring(option[55].hex, 5, <br>
1) == 0x6c or substring(option[55].hex, 6, 1) == 0x6c or <br>
substring(option[55].hex, 7, 1) == 0x6c or substring(option[55].hex, 8, <br>
1) == 0x6c or substring(option[55].hex, 9, 1) == 0x6c or <br>
substring(option[55].hex, 10, 1) == 0x6c or substring(option[55].hex, <br>
11, 1) == 0x6c or substring(option[55].hex, 12, 1) == 0x6c"<br>
},<br>
],<br>
<br>
... and even that's not complete, in case the client requests more than <br>
13 options. Is there a better way to do this?<br>
<br>
<br>
Problem 2: how can I return a yiaddr of 0.0.0.0 ? I thought about <br>
setting a static dummy flex-id, e.g.<br>
<br>
"reservations": [<br>
{<br>
"flex-id": "'any'",<br>
"ip-address": "0.0.0.0"<br>
}<br>
]<br>
<br>
but I'm using the open-source version of Kea, which means I don't have <br>
the flex_id hook. I don't think a pool starting from 0.0.0.0 will work, <br>
because once that's been given out to one client, it's no longer <br>
available for other clients (unless I use a tiny lease time??) In any <br>
case, I'd also avoid allocating addresses from a pool in the first <br>
place, so that the pool doesn't become exhausted.<br>
<br>
If I can get this to work, I'd do the same for clients which support RFC <br>
2563 (auto-configure option), which also allows the server to return <br>
yiaddr 0.0.0.0.<br>
<br>
Any clues appreciated. If Kea doesn't support this use case, maybe I <br>
need to cobble together something custom for this.<br>
<br>
Thanks in advance,<br>
<br>
Brian.<br>
<br>
-------- 8< --------<br>
<br>
{<br>
"Dhcp4": {<br>
"interfaces-config": {<br>
"interfaces": [ "enp6s0" ]<br>
},<br>
<br>
"control-socket": {<br>
"socket-type": "unix",<br>
"socket-name": "/tmp/kea4-ctrl-socket"<br>
},<br>
<br>
"lease-database": {<br>
"type": "memfile",<br>
"lfc-interval": 3600<br>
},<br>
<br>
"renew-timer": 900,<br>
"rebind-timer": 1800,<br>
"valid-lifetime": 3600,<br>
<br>
"subnet4": [<br>
{<br>
// Subnet identifier should be unique for each subnet.<br>
"id": 1,<br>
<br>
// Subnet binds to dummy interface address (10.12.65.1)<br>
"subnet": "<a href="http://10.12.65.0/24" rel="noreferrer" target="_blank">10.12.65.0/24</a>",<br>
"authoritative": true,<br>
<br>
// Dummy pool - still needs to be big enough for all unique <br>
clients<br>
"pools": [<br>
{<br>
// Only give OFFERs to devices which support RFC 8925<br>
"pool": "10.12.65.2 - 10.12.65.254",<br>
"client-class": "rfc8925"<br>
}<br>
],<br>
<br>
// <br>
<a href="https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#dhcp4-std-options-list" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#dhcp4-std-options-list</a><br>
"option-data": [<br>
{<br>
// RFC 8925: option 108<br>
// (Note that client does not *send* this option, <br>
but includes it in<br>
// the requested parameters list)<br>
"name": "v6-only-preferred",<br>
"data": "0"<br>
},<br>
{<br>
// RFC 2563: option 116 (0 = DoNotAutoConfigure)<br>
"name": "auto-config",<br>
"data": "0"<br>
}<br>
],<br>
<br>
// TODO: How can I return yiaddr 0.0.0.0 in the OFFER?<br>
// TODO: If client supports RFC 2563 then also offer yiaddr <br>
0.0.0.0 with DoNotAutoConfigure<br>
"reservations": [<br>
//{<br>
// "flex-id": "'any'",<br>
// "ip-address": "0.0.0.0"<br>
//}<br>
]<br>
}<br>
],<br>
<br>
"client-classes": [<br>
{<br>
"name": "rfc8925",<br>
// We need to test whether option 108 is in the client's <br>
parameter request list (option 55).<br>
// That's not the same as "option[108].exists"<br>
// <br>
<a href="https://kea.readthedocs.io/en/latest/arm/classify.html#using-expressions-in-classification" rel="noreferrer" target="_blank">https://kea.readthedocs.io/en/latest/arm/classify.html#using-expressions-in-classification</a><br>
"test": "substring(option[55].hex, 0, 1) == 0x6c or <br>
substring(option[55].hex, 1, 1) == 0x6c or substring(option[55].hex, 2, <br>
1) == 0x6c or substring(option[55].hex, 3, 1) == 0x6c or <br>
substring(option[55].hex, 4, 1) == 0x6c or substring(option[55].hex, 5, <br>
1) == 0x6c or substring(option[55].hex, 6, 1) == 0x6c or <br>
substring(option[55].hex, 7, 1) == 0x6c or substring(option[55].hex, 8, <br>
1) == 0x6c or substring(option[55].hex, 9, 1) == 0x6c or <br>
substring(option[55].hex, 10, 1) == 0x6c or substring(option[55].hex, <br>
11, 1) == 0x6c or substring(option[55].hex, 12, 1) == 0x6c"<br>
},<br>
],<br>
<br>
"loggers": [<br>
{<br>
"name": "kea-dhcp4",<br>
"output_options": [<br>
{<br>
"output": "stdout",<br>
"pattern": "%-5p %m\n",<br>
}<br>
],<br>
"severity": "DEBUG",<br>
"debuglevel": 0<br>
}<br>
]<br>
}<br>
}<br>
<br>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>