<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#467886" vlink="#96607D" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>I have not been able to find a workaround for this problem on IPv6 side for now. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Marek<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Kea-users <kea-users-bounces@lists.isc.org> <b>On Behalf Of </b>Butler, Glenn via Kea-users<br><b>Sent:</b> Tuesday, April 23, 2024 3:58 PM<br><b>To:</b> Kea user's list <kea-users@lists.isc.org><br><b>Cc:</b> Butler, Glenn <glenn.butler@ziply.com><br><b>Subject:</b> Re: [Kea-users] DHCPv6, shared network, and double-relay Solicit messages<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>I need to figure this out also, as I run Kea in a container that can be destroyed and rebuilt anytime. I am thinking I will update the Kea config via a shell script run on boot/init. <o:p></o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Would be nice if there was a "listen on all" option like 0.0.0.0 does for IPv4, but all the docs I have read indicate that it only binds to one address.<o:p></o:p></span></p></div></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>On Apr 23, 2024 09:26, Marek Hajduczenia <<a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a>> wrote:<o:p></o:p></span></p></div></div><div><div class=MsoNormal align=center style='text-align:center'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><hr size=2 width="100%" align=center></span></div><p class=MsoNormal><b><span style='font-size:13.5pt;font-family:"Times New Roman",serif;color:red'>WARNING:</span></b><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> </span></b><b><span style='font-size:13.5pt;font-family:"Times New Roman",serif;color:black'>External email. Please verify sender before opening attachments or clicking on links.</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p></o:p></span></p><div class=MsoNormal align=center style='text-align:center'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><hr size=2 width="100%" align=center></span></div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div><div><p class=MsoNormal><span style='font-size:11.0pt'>So I think I found the potential solution, though I am not sure I understand why this happens. I had to specifically configure the unicast IPv6 address in the “interfaces” clause, as follows</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> "interfaces-config": {</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> "interfaces": [</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> "enp6s18/2600:6ce4:0:42::130"</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> ]</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> },</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>far from ideal, but it seems to force the association with the unicast IPv6 address (marked in yellow highlight below)</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>root@server-kea-node1:/etc/kea# ss -tulpn</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>udp UNCONN 0 0 127.0.0.1:53001 0.0.0.0:* users:(("kea-dhcp-ddns",pid=629,fd=13)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=13)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>udp UNCONN 0 0 172.17.129.130:67 0.0.0.0:* users:(("kea-dhcp4",pid=630,fd=17)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:black;background:yellow'>udp UNCONN 0 0 [2600:6ce4:0:42::130]:547 [::]:* users:(("kea-dhcp6",pid=2059,fd=17))</span><span style='font-size:11.0pt;font-family:"Courier New"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>udp UNCONN 0 0 [fe80::be24:11ff:fea6:ccbe]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=2059,fd=18)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>udp UNCONN 0 0 [ff02::1:2]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=2059,fd=19)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 127.0.0.1:8000 0.0.0.0:* users:(("kea-ctrl-agent",pid=628,fd=7)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=673,fd=3)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=14)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 *:9119 *:* users:(("stork-agent",pid=632,fd=8)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=673,fd=4)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 *:8080 *:* users:(("stork-agent",pid=632,fd=9)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 *:9547 *:* users:(("stork-agent",pid=632,fd=3)</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>but this behavior does not seem to be documented anywhere. I did not find any indication that for v6 an explicit address allocation is also required, otherwise just the link local will be bound. Is this an expected behavior?</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Regards</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Marek</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><div id=mail-editor-reference-message-container><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'><a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a> <<a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a>><br><b>Date: </b>Tuesday, April 23, 2024 at 9:56</span><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:black'> </span><span style='font-size:12.0pt;color:black'>AM<br><b>To: </b>'Kea user's list' <<a href="mailto:kea-users@lists.isc.org">kea-users@lists.isc.org</a>><br><b>Subject: </b>RE: DHCPv6, shared network, and double-relay Solicit messages</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'>I guess netstat is deprecated. “ss” seems to show the binding but … only to a link local address for some reason on the v6 side. </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>root@server-kea-node1:~# ss -tulpn</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>udp UNCONN 0 0 127.0.0.1:53001 0.0.0.0:* users:(("kea-dhcp-ddns",pid=629,fd=13)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=13)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>udp UNCONN 0 0 172.17.129.130:67 0.0.0.0:* users:(("kea-dhcp4",pid=630,fd=17)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:black;background:yellow'>udp UNCONN 0 0 [fe80::be24:11ff:fea6:ccbe]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=1631,fd=17)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:black;background:yellow'>udp UNCONN 0 0 [ff02::1:2]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=1631,fd=18))</span><span style='font-size:11.0pt;font-family:"Courier New"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 127.0.0.1:8000 0.0.0.0:* users:(("kea-ctrl-agent",pid=628,fd=7)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=673,fd=3)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=14)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 *:9119 *:* users:(("stork-agent",pid=632,fd=8)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=673,fd=4)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 *:8080 *:* users:(("stork-agent",pid=632,fd=9)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp LISTEN 0 4096 *:9547 *:* users:(("stork-agent",pid=632,fd=3)) </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>The host does have unicast IPv6 address on it and the binding is done on specific interface. </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>root@server-kea-node1:~# ip a</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> inet 127.0.0.1/8 scope host lo</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> valid_lft forever preferred_lft forever</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> inet6 ::1/128 scope host </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> valid_lft forever preferred_lft forever</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> link/ether bc:24:11:a6:cc:be brd ff:ff:ff:ff:ff:ff</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> inet 172.17.129.130/25 brd 172.17.129.255 scope global enp6s18</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> valid_lft forever preferred_lft forever</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> <span style='color:black;background:yellow'>inet6 2600:6ce4:0:42::130/64 scope global </span></span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:black;background:yellow'> valid_lft forever preferred_lft forever</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> inet6 fe80::be24:11ff:fea6:ccbe/64 scope link </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> valid_lft forever preferred_lft forever</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Regards</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Marek</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a> <<a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a>> <br><b>Sent:</b> Tuesday, April 23, 2024 9:42 AM<br><b>To:</b> 'Kea user's list' <<a href="mailto:kea-users@lists.isc.org">kea-users@lists.isc.org</a>><br><b>Subject:</b> RE: DHCPv6, shared network, and double-relay Solicit messages</span><o:p></o:p></p></div></div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>I wonder whether it has anything to do with the fact that DHCPv6 process does not seem to listen on port 546</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>root@server-kea-node1:/home/kea # sudo netstat -tulpn | grep LISTEN</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 628/kea-ctrl-agent </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 673/sshd: /usr/sbin </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 610/systemd-resolve </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp6 0 0 :::9119 :::* LISTEN 632/stork-agent </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp6 0 0 :::22 :::* LISTEN 673/sshd: /usr/sbin </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp6 0 0 :::8080 :::* LISTEN 632/stork-agent </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>tcp6 0 0 :::9547 :::* LISTEN 632/stork-agent</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>root@server-kea-node1:/home/kea# nmap localhost </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Starting Nmap 7.80 ( <a href="https://protect.checkpoint.com/v2/___https:/nmap.org___.YzJ1OnppcGx5ZmliZXI6YzpvOjZkYzY1Y2Y5MDliYzlmMGM0MTg5Zjc2NGVlMjYzMzQ1OjY6ZGFmOTowNDc5ZWVmYzVmY2FiM2NmMTU2MDk4Y2MxOGQ4MTFmMjdkNzY4YzNjZjgwZmQ0MTExZDVlZDM0OGEwZDQ4ZmZlOmg6VA" title="Protected by Check Point: https://nmap.org">https://nmap.org</a> ) at 2024-04-23 15:35 UTC</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Nmap scan report for localhost (127.0.0.1)</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Host is up (0.0000030s latency).</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Not shown: 997 closed ports</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>PORT STATE SERVICE</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>22/tcp open ssh</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>8000/tcp open http-alt</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>8080/tcp open http-proxy</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>I do not see DHCPv4 or DHCPv6 ports open at all. Per manual, “<i>The DHCPv4 and DHCPv6 protocols assume the server will open privileged UDP port 67 (DHCPv4) or 547 (DHCPv6).” </i>, which is fine, I do start the DHCPv6 process as root, so it should show up in the list of ports being open. </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Marek</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a> <<a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a>> <br><b>Sent:</b> Tuesday, April 23, 2024 9:19 AM<br><b>To:</b> 'Kea user's list' <<a href="mailto:kea-users@lists.isc.org">kea-users@lists.isc.org</a>><br><b>Subject:</b> DHCPv6, shared network, and double-relay Solicit messages</span><o:p></o:p></p></div></div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Dear colleagues, </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>I have been attempting to test a setup in the lab with DOCSIS CM operating in IPv6 mode only, where the DHCPv6 messages are relayed across the CMTS and the first-hop router (relay address 2600:6ce4:0:3e::1) towards a Kea server running 2.4 code (address 2600:6ce4:0:42::130). </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>At the Kea server level, I ran a packet capture, to observe an interesting behavior – the Solicit messages from the DOCSIS CM are being forwarded back to the relay, embedded within the ICMPv6 message with indication that the destination is unreachable for some reason. </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'><img border=0 width=1515 height=108 style='width:15.7812in;height:1.125in' id="Picture_x0020_1" src="cid:image001.png@01DA95A0.3FE09600"></span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>The Kea server is running without any issues so it seems that the binding is successful and </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>root@server-kea-node1:/home/ace# service isc-kea-dhcp6-server status </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>● isc-kea-dhcp6-server.service - Kea DHCPv6 Service</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> Loaded: loaded (/lib/systemd/system/isc-kea-dhcp6-server.service; enabled; vendor preset: enabled)</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> Active: active (running) since Tue 2024-04-23 15:02:41 UTC; 11min ago</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> Docs: man:kea-dhcp6(8)</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> Main PID: 1551 (kea-dhcp6)</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> Tasks: 7 (limit: 4550)</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> Memory: 3.5M</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> CPU: 119ms</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> CGroup: /system.slice/isc-kea-dhcp6-server.service</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> └─1551 /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.467 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 129 bytes over command socket 22</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get'</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 92 bytes (0 bytes left to send) over command socket 22</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 117 bytes over command socket 22</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get-all'</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 8715 bytes (0 bytes left to send) over command socket 22</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New"'>Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>I attach the Kea DHCPv6 config for reference (keav6.json) – the test device should match rpd-10 class, and make its way into 2600:6ce4:0:3e::/64 subnet. </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>I am drawing blank on what the problem might be in here. I have not seen this behavior before and I am not sure whether it is related with the fact that I have two layers of relays in messages or not</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Regards</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Marek</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div></div></div></div></div></div></div></body></html>