<div style="font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">Hello Marek,</div><div style="font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);"><br></div><div style="font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">kea listens on UDP socket only for port 546. You should not use -t flag with netstat which shows only TCP.</div><div style="font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);"><br></div><div style="font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">Marek</div><div style="font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);"><br></div><div class="protonmail_quote">
        On Tuesday, April 23rd, 2024 at 17:42, mxhajduczenia@gmail.com <mxhajduczenia@gmail.com> wrote:<br>
        <blockquote class="protonmail_quote" type="cite">
            <div class="WordSection1"><p class="MsoNormal"><span style="mso-fareast-language:EN-US">I wonder whether it has anything to do with the fact that DHCPv6 process does not seem to listen on port 546</span></p><p class="MsoNormal"><span style="mso-fareast-language:EN-US"> </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">root@server-kea-node1:/home/kea # sudo netstat -tulpn | grep LISTEN</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      628/kea-ctrl-agent  </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      673/sshd: /usr/sbin </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      610/systemd-resolve </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">tcp6       0      0 :::9119                 :::*                    LISTEN      632/stork-agent     </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">tcp6       0      0 :::22                   :::*                    LISTEN      673/sshd: /usr/sbin </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">tcp6       0      0 :::8080                 :::*                    LISTEN      632/stork-agent     </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">tcp6       0      0 :::9547                 :::*                    LISTEN      632/stork-agent</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US"> </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">root@server-kea-node1:/home/kea# nmap localhost                     </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">Starting Nmap 7.80 ( <a href="https://nmap.org" rel="noreferrer nofollow noopener" target="_blank">https://nmap.org</a> ) at 2024-04-23 15:35 UTC</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">Nmap scan report for localhost (127.0.0.1)</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">Host is up (0.0000030s latency).</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">Not shown: 997 closed ports</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">PORT     STATE SERVICE</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">22/tcp   open  ssh</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">8000/tcp open  http-alt</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">8080/tcp open  http-proxy</span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US"> </span></p><p class="MsoNormal"><span style="font-family:"Courier New";mso-fareast-language:EN-US">Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds</span></p><p class="MsoNormal"><span style="mso-fareast-language:EN-US"> </span></p><p class="MsoNormal"><span style="mso-fareast-language:EN-US">I do not see DHCPv4 or DHCPv6 ports open at all. Per manual, “</span><i>The DHCPv4 and DHCPv6 protocols assume the server will open privileged UDP port 67 (DHCPv4) or 547 (DHCPv6).</i><i><span style="mso-fareast-language:EN-US">” </span></i><span style="mso-fareast-language:EN-US">, which is fine, I do start the DHCPv6 process as root, so it should show up in the list of ports being open. </span></p><p class="MsoNormal"><span style="mso-fareast-language:EN-US"> </span></p><p class="MsoNormal"><span style="mso-fareast-language:EN-US">Marek</span></p><p class="MsoNormal"><span style="mso-fareast-language:EN-US"> </span></p><div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-family:"Calibri",sans-serif;mso-ligatures:none">From:</span></b><span style="font-family:"Calibri",sans-serif;mso-ligatures:none"> mxhajduczenia@gmail.com <mxhajduczenia@gmail.com> <br><b>Sent:</b> Tuesday, April 23, 2024 9:19 AM<br><b>To:</b> 'Kea user's list' <kea-users@lists.isc.org><br><b>Subject:</b> DHCPv6, shared network, and double-relay Solicit messages</span></p></div></div><p class="MsoNormal"> </p><p class="MsoNormal">Dear colleagues, </p><p class="MsoNormal"> </p><p class="MsoNormal">I have been attempting to test a setup in the lab with DOCSIS CM operating in IPv6 mode only, where the DHCPv6 messages are relayed across the CMTS and the first-hop router (relay address 2600:6ce4:0:3e::1) towards a Kea server running 2.4 code (address 2600:6ce4:0:42::130). </p><p class="MsoNormal"> </p><p class="MsoNormal">At the Kea server level, I ran a packet capture, to observe an interesting behavior – the Solicit messages from the DOCSIS CM are being forwarded back to the relay, embedded within the ICMPv6 message with indication that the destination is unreachable for some reason. </p><p class="MsoNormal"> </p><p class="MsoNormal"><span style="mso-ligatures:none"><img id="Picture_x0020_1" style="width:15.7833in;height:1.125in" height="108" width="1515" border="0" class="proton-embedded" src="cid:image001.png@01DA9561.ECC4AE90"></span></p><p class="MsoNormal"> </p><p class="MsoNormal">The Kea server is running without any issues so it seems that the binding is successful and </p><p class="MsoNormal"> </p><p class="MsoNormal"><span style="font-family:"Courier New"">root@server-kea-node1:/home/ace# service isc-kea-dhcp6-server status                 </span></p><p class="MsoNormal"><span style="font-family:"Courier New"">● isc-kea-dhcp6-server.service - Kea DHCPv6 Service</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">     Loaded: loaded (/lib/systemd/system/isc-kea-dhcp6-server.service; enabled; vendor preset: enabled)</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">     Active: active (running) since Tue 2024-04-23 15:02:41 UTC; 11min ago</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">       Docs: man:kea-dhcp6(8)</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">   Main PID: 1551 (kea-dhcp6)</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">      Tasks: 7 (limit: 4550)</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">     Memory: 3.5M</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">        CPU: 119ms</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">     CGroup: /system.slice/isc-kea-dhcp6-server.service</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">             └─1551 /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf</span></p><p class="MsoNormal"><span style="font-family:"Courier New""> </span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.467 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 129 bytes over command socket 22</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 INFO  [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get'</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 92 bytes (0 bytes left to send) over command socket 22</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 117 bytes over command socket 22</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 INFO  [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get-all'</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 8715 bytes (0 bytes left to send) over command socket 22</span></p><p class="MsoNormal"><span style="font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection</span></p><p class="MsoNormal"> </p><p class="MsoNormal">I attach the Kea DHCPv6 config for reference (keav6.json) – the test device should match rpd-10 class, and make its way into 2600:6ce4:0:3e::/64 subnet. </p><p class="MsoNormal"> </p><p class="MsoNormal">I am drawing blank on what the problem might be in here. I have not seen this behavior before and I am not sure whether it is related with the fact that I have two layers of relays in messages or not</p><p class="MsoNormal"> </p><p class="MsoNormal">Regards</p><p class="MsoNormal"> </p><p class="MsoNormal">Marek</p><p class="MsoNormal"> </p></div>
        </blockquote><br>
    </div>