<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-2022-jp"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@MS PGothic";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;
mso-fareast-language:JA;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#467886" vlink="#96607D" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='mso-fareast-language:EN-US'>I guess netstat is deprecated. “ss” seems to show the binding but … only to a link local address for some reason on the v6 side. <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>root@server-kea-node1:~# ss -tulpn<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>udp UNCONN 0 0 127.0.0.1:53001 0.0.0.0:* users:(("kea-dhcp-ddns",pid=629,fd=13)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=13)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>udp UNCONN 0 0 172.17.129.130:67 0.0.0.0:* users:(("kea-dhcp4",pid=630,fd=17)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";background:yellow;mso-highlight:yellow;mso-fareast-language:EN-US'>udp UNCONN 0 0 [fe80::be24:11ff:fea6:ccbe]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=1631,fd=17)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";background:yellow;mso-highlight:yellow;mso-fareast-language:EN-US'>udp UNCONN 0 0 [ff02::1:2]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=1631,fd=18))</span><span style='font-family:"Courier New";mso-fareast-language:EN-US'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp LISTEN 0 4096 127.0.0.1:8000 0.0.0.0:* users:(("kea-ctrl-agent",pid=628,fd=7)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=673,fd=3)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=14)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp LISTEN 0 4096 *:9119 *:* users:(("stork-agent",pid=632,fd=8)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=673,fd=4)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp LISTEN 0 4096 *:8080 *:* users:(("stork-agent",pid=632,fd=9)) <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp LISTEN 0 4096 *:9547 *:* users:(("stork-agent",pid=632,fd=3)) <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>The host does have unicast IPv6 address on it and the binding is done on specific interface. <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>root@server-kea-node1:~# ip a<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> inet 127.0.0.1/8 scope host lo<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> valid_lft forever preferred_lft forever<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> inet6 ::1/128 scope host <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> valid_lft forever preferred_lft forever<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> link/ether bc:24:11:a6:cc:be brd ff:ff:ff:ff:ff:ff<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> inet 172.17.129.130/25 brd 172.17.129.255 scope global enp6s18<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> valid_lft forever preferred_lft forever<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> <span style='background:yellow;mso-highlight:yellow'>inet6 2600:6ce4:0:42::130/64 scope global <o:p></o:p></span></span></p><p class=MsoNormal><span style='font-family:"Courier New";background:yellow;mso-highlight:yellow;mso-fareast-language:EN-US'> valid_lft forever preferred_lft forever</span><span style='font-family:"Courier New";mso-fareast-language:EN-US'><o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> inet6 fe80::be24:11ff:fea6:ccbe/64 scope link <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'> valid_lft forever preferred_lft forever<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Regards<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Marek<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-family:"Calibri",sans-serif;mso-ligatures:none'>From:</span></b><span style='font-family:"Calibri",sans-serif;mso-ligatures:none'> mxhajduczenia@gmail.com <mxhajduczenia@gmail.com> <br><b>Sent:</b> Tuesday, April 23, 2024 9:42 AM<br><b>To:</b> 'Kea user's list' <kea-users@lists.isc.org><br><b>Subject:</b> RE: DHCPv6, shared network, and double-relay Solicit messages<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>I wonder whether it has anything to do with the fact that DHCPv6 process does not seem to listen on port 546<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>root@server-kea-node1:/home/kea # sudo netstat -tulpn | grep LISTEN<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 628/kea-ctrl-agent <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 673/sshd: /usr/sbin <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 610/systemd-resolve <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp6 0 0 :::9119 :::* LISTEN 632/stork-agent <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp6 0 0 :::22 :::* LISTEN 673/sshd: /usr/sbin <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp6 0 0 :::8080 :::* LISTEN 632/stork-agent <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>tcp6 0 0 :::9547 :::* LISTEN 632/stork-agent<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>root@server-kea-node1:/home/kea# nmap localhost <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>Starting Nmap 7.80 ( <a href="https://nmap.org">https://nmap.org</a> ) at 2024-04-23 15:35 UTC<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>Nmap scan report for localhost (127.0.0.1)<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>Host is up (0.0000030s latency).<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>Not shown: 997 closed ports<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>PORT STATE SERVICE<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>22/tcp open ssh<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>8000/tcp open http-alt<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>8080/tcp open http-proxy<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New";mso-fareast-language:EN-US'>Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>I do not see DHCPv4 or DHCPv6 ports open at all. Per manual, “</span><i>The DHCPv4 and DHCPv6 protocols assume the server will open privileged UDP port 67 (DHCPv4) or 547 (DHCPv6).</i><i><span style='mso-fareast-language:EN-US'>” </span></i><span style='mso-fareast-language:EN-US'>, which is fine, I do start the DHCPv6 process as root, so it should show up in the list of ports being open. <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Marek<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-family:"Calibri",sans-serif;mso-ligatures:none'>From:</span></b><span style='font-family:"Calibri",sans-serif;mso-ligatures:none'> <a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a> <<a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a>> <br><b>Sent:</b> Tuesday, April 23, 2024 9:19 AM<br><b>To:</b> 'Kea user's list' <<a href="mailto:kea-users@lists.isc.org">kea-users@lists.isc.org</a>><br><b>Subject:</b> DHCPv6, shared network, and double-relay Solicit messages<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Dear colleagues, <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I have been attempting to test a setup in the lab with DOCSIS CM operating in IPv6 mode only, where the DHCPv6 messages are relayed across the CMTS and the first-hop router (relay address 2600:6ce4:0:3e::1) towards a Kea server running 2.4 code (address 2600:6ce4:0:42::130). <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>At the Kea server level, I ran a packet capture, to observe an interesting behavior – the Solicit messages from the DOCSIS CM are being forwarded back to the relay, embedded within the ICMPv6 message with indication that the destination is unreachable for some reason. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='mso-ligatures:none'><img border=0 width=1515 height=108 style='width:15.7833in;height:1.125in' id="Picture_x0020_1" src="cid:image001.png@01DA9563.FB2640A0"></span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The Kea server is running without any issues so it seems that the binding is successful and <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-family:"Courier New"'>root@server-kea-node1:/home/ace# service isc-kea-dhcp6-server status <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>● isc-kea-dhcp6-server.service - Kea DHCPv6 Service<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> Loaded: loaded (/lib/systemd/system/isc-kea-dhcp6-server.service; enabled; vendor preset: enabled)<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> Active: active (running) since Tue 2024-04-23 15:02:41 UTC; 11min ago<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> Docs: man:kea-dhcp6(8)<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> Main PID: 1551 (kea-dhcp6)<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> Tasks: 7 (limit: 4550)<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> Memory: 3.5M<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> CPU: 119ms<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> CGroup: /system.slice/isc-kea-dhcp6-server.service<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> └瘢雹─1551 /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.467 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 129 bytes over command socket 22<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get'<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 92 bytes (0 bytes left to send) over command socket 22<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 117 bytes over command socket 22<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get-all'<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 8715 bytes (0 bytes left to send) over command socket 22<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I attach the Kea DHCPv6 config for reference (keav6.json) – the test device should match rpd-10 class, and make its way into 2600:6ce4:0:3e::/64 subnet. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I am drawing blank on what the problem might be in here. I have not seen this behavior before and I am not sure whether it is related with the fact that I have two layers of relays in messages or not<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Regards<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Marek<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>