<div dir="ltr">This does not seem to be intended behavior: <a href="https://kea.readthedocs.io/en/kea-2.4.1/arm/dhcp6-srv.html#interface-configuration">https://kea.readthedocs.io/en/kea-2.4.1/arm/dhcp6-srv.html#interface-configuration</a> as this shows the following configurations all as valid:<br><br><pre style="box-sizing:border-box;line-height:1.4;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;margin-top:0px;margin-bottom:0px;padding:12px;overflow:auto;color:rgb(64,64,64)"><span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"interfaces-config"</span><span class="gmail-p" style="box-sizing:border-box">:</span> <span class="gmail-p" style="box-sizing:border-box">{</span>
<span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"interfaces"</span><span class="gmail-p" style="box-sizing:border-box">:</span> <span class="gmail-p" style="box-sizing:border-box">[</span> <span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"*"</span> <span class="gmail-p" style="box-sizing:border-box">]</span>
<span class="gmail-p" style="box-sizing:border-box">},</span></pre><pre style="box-sizing:border-box;line-height:1.4;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;margin-top:0px;margin-bottom:0px;padding:12px;overflow:auto;color:rgb(64,64,64)"><span class="gmail-p" style="box-sizing:border-box"><pre style="box-sizing:border-box;line-height:1.4;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;margin-top:0px;margin-bottom:0px;padding:12px;overflow:auto"><span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"interfaces-config"</span><span class="gmail-p" style="box-sizing:border-box">:</span> <span class="gmail-p" style="box-sizing:border-box">{</span>
<span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"interfaces"</span><span class="gmail-p" style="box-sizing:border-box">:</span> <span class="gmail-p" style="box-sizing:border-box">[</span> <span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"eth1"</span><span class="gmail-p" style="box-sizing:border-box">,</span> <span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"eth3"</span> <span class="gmail-p" style="box-sizing:border-box">]</span>
<span class="gmail-p" style="box-sizing:border-box">},</span></pre><pre style="box-sizing:border-box;line-height:1.4;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;margin-top:0px;margin-bottom:0px;padding:12px;overflow:auto"><span class="gmail-p" style="box-sizing:border-box"><pre style="box-sizing:border-box;line-height:1.4;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;margin-top:0px;margin-bottom:0px;padding:12px;overflow:auto"><span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"interfaces-config"</span><span class="gmail-p" style="box-sizing:border-box">:</span> <span class="gmail-p" style="box-sizing:border-box">{</span>
<span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"interfaces"</span><span class="gmail-p" style="box-sizing:border-box">:</span> <span class="gmail-p" style="box-sizing:border-box">[</span> <span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"eth1"</span><span class="gmail-p" style="box-sizing:border-box">,</span> <span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"eth3"</span><span class="gmail-p" style="box-sizing:border-box">,</span> <span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"*"</span> <span class="gmail-p" style="box-sizing:border-box">]</span>
<span class="gmail-p" style="box-sizing:border-box">},</span></pre><pre style="box-sizing:border-box;line-height:1.4;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;margin-top:0px;margin-bottom:0px;padding:12px;overflow:auto"><span class="gmail-p" style="box-sizing:border-box"><pre style="box-sizing:border-box;line-height:1.4;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;margin-top:0px;margin-bottom:0px;padding:12px;overflow:auto"><span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"interfaces-config"</span><span class="gmail-p" style="box-sizing:border-box">:</span> <span class="gmail-p" style="box-sizing:border-box">{</span>
<span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"interfaces"</span><span class="gmail-p" style="box-sizing:border-box">:</span> <span class="gmail-p" style="box-sizing:border-box">[</span> <span class="gmail-s2" style="box-sizing:border-box;color:rgb(186,33,33)">"enp0s2/2001:db8::1234:abcd"</span> <span class="gmail-p" style="box-sizing:border-box">]</span>
<span class="gmail-p" style="box-sizing:border-box">},</span></pre></span></pre></span></pre></span></pre></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 23, 2024 at 7:04 PM Marek Hajduczenia <<a href="mailto:mxhajduczenia@gmail.com">mxhajduczenia@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-4841320761094769588"><div lang="EN-US" style="overflow-wrap: break-word;"><div class="m_-4841320761094769588WordSection1"><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif">I have not been able to find a workaround for this problem on IPv6 side for now. <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif">Marek<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p><div><div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0in 0in"><p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> Kea-users <<a href="mailto:kea-users-bounces@lists.isc.org" target="_blank">kea-users-bounces@lists.isc.org</a>> <b>On Behalf Of </b>Butler, Glenn via Kea-users<br><b>Sent:</b> Tuesday, April 23, 2024 3:58 PM<br><b>To:</b> Kea user's list <<a href="mailto:kea-users@lists.isc.org" target="_blank">kea-users@lists.isc.org</a>><br><b>Cc:</b> Butler, Glenn <<a href="mailto:glenn.butler@ziply.com" target="_blank">glenn.butler@ziply.com</a>><br><b>Subject:</b> Re: [Kea-users] DHCPv6, shared network, and double-relay Solicit messages<u></u><u></u></span></p></div></div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif">I need to figure this out also, as I run Kea in a container that can be destroyed and rebuilt anytime. I am thinking I will update the Kea config via a shell script run on boot/init. <u></u><u></u></span></p><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif">Would be nice if there was a "listen on all" option like 0.0.0.0 does for IPv4, but all the docs I have read indicate that it only binds to one address.<u></u><u></u></span></p></div></div><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif">On Apr 23, 2024 09:26, Marek Hajduczenia <<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>> wrote:<u></u><u></u></span></p></div></div><div><div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11pt;font-family:Calibri,sans-serif"><hr size="2" width="100%" align="center"></span></div><p class="MsoNormal"><b><span style="font-size:13.5pt;font-family:"Times New Roman",serif;color:red">WARNING:</span></b><b><span style="font-size:11pt;font-family:Calibri,sans-serif"> </span></b><b><span style="font-size:13.5pt;font-family:"Times New Roman",serif;color:black">External email. Please verify sender before opening attachments or clicking on links.</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u><u></u></span></p><div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11pt;font-family:Calibri,sans-serif"><hr size="2" width="100%" align="center"></span></div><p class="MsoNormal" style="margin-bottom:12pt"><span style="font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p><div><div><p class="MsoNormal"><span style="font-size:11pt">So I think I found the potential solution, though I am not sure I understand why this happens. I had to specifically configure the unicast IPv6 address in the “interfaces” clause, as follows</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> "interfaces-config": {</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> "interfaces": [</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> "enp6s18/2600:6ce4:0:42::130"</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> ]</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> },</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">far from ideal, but it seems to force the association with the unicast IPv6 address (marked in yellow highlight below)</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">root@server-kea-node1:/etc/kea# ss -tulpn</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">udp UNCONN 0 0 <a href="http://127.0.0.1:53001" target="_blank">127.0.0.1:53001</a> 0.0.0.0:* users:(("kea-dhcp-ddns",pid=629,fd=13)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=13)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">udp UNCONN 0 0 <a href="http://172.17.129.130:67" target="_blank">172.17.129.130:67</a> 0.0.0.0:* users:(("kea-dhcp4",pid=630,fd=17)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New";color:black;background:yellow">udp UNCONN 0 0 [2600:6ce4:0:42::130]:547 [::]:* users:(("kea-dhcp6",pid=2059,fd=17))</span><span style="font-size:11pt;font-family:"Courier New""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">udp UNCONN 0 0 [fe80::be24:11ff:fea6:ccbe]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=2059,fd=18)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">udp UNCONN 0 0 [ff02::1:2]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=2059,fd=19)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 <a href="http://127.0.0.1:8000" target="_blank">127.0.0.1:8000</a> 0.0.0.0:* users:(("kea-ctrl-agent",pid=628,fd=7)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 128 <a href="http://0.0.0.0:22" target="_blank">0.0.0.0:22</a> 0.0.0.0:* users:(("sshd",pid=673,fd=3)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=14)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 *:9119 *:* users:(("stork-agent",pid=632,fd=8)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=673,fd=4)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 *:8080 *:* users:(("stork-agent",pid=632,fd=9)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 *:9547 *:* users:(("stork-agent",pid=632,fd=3)</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">but this behavior does not seem to be documented anywhere. I did not find any indication that for v6 an explicit address allocation is also required, otherwise just the link local will be bound. Is this an expected behavior?</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">Regards</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">Marek</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><div id="m_-4841320761094769588mail-editor-reference-message-container"><div><div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(181,196,223);padding:3pt 0in 0in"><p class="MsoNormal" style="margin-bottom:12pt"><b><span style="font-size:12pt;color:black">From: </span></b><span style="font-size:12pt;color:black"><a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a> <<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>><br><b>Date: </b>Tuesday, April 23, 2024 at 9:56</span><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"> </span><span style="font-size:12pt;color:black">AM<br><b>To: </b>'Kea user's list' <<a href="mailto:kea-users@lists.isc.org" target="_blank">kea-users@lists.isc.org</a>><br><b>Subject: </b>RE: DHCPv6, shared network, and double-relay Solicit messages</span><u></u><u></u></p></div><div><p class="MsoNormal"><span style="font-size:11pt">I guess netstat is deprecated. “ss” seems to show the binding but … only to a link local address for some reason on the v6 side. </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">root@server-kea-node1:~# ss -tulpn</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">udp UNCONN 0 0 <a href="http://127.0.0.1:53001" target="_blank">127.0.0.1:53001</a> 0.0.0.0:* users:(("kea-dhcp-ddns",pid=629,fd=13)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=13)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">udp UNCONN 0 0 <a href="http://172.17.129.130:67" target="_blank">172.17.129.130:67</a> 0.0.0.0:* users:(("kea-dhcp4",pid=630,fd=17)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New";color:black;background:yellow">udp UNCONN 0 0 [fe80::be24:11ff:fea6:ccbe]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=1631,fd=17)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New";color:black;background:yellow">udp UNCONN 0 0 [ff02::1:2]%enp6s18:547 [::]:* users:(("kea-dhcp6",pid=1631,fd=18))</span><span style="font-size:11pt;font-family:"Courier New""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 <a href="http://127.0.0.1:8000" target="_blank">127.0.0.1:8000</a> 0.0.0.0:* users:(("kea-ctrl-agent",pid=628,fd=7)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 128 <a href="http://0.0.0.0:22" target="_blank">0.0.0.0:22</a> 0.0.0.0:* users:(("sshd",pid=673,fd=3)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=610,fd=14)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 *:9119 *:* users:(("stork-agent",pid=632,fd=8)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=673,fd=4)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 *:8080 *:* users:(("stork-agent",pid=632,fd=9)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp LISTEN 0 4096 *:9547 *:* users:(("stork-agent",pid=632,fd=3)) </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">The host does have unicast IPv6 address on it and the binding is done on specific interface. </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">root@server-kea-node1:~# ip a</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> scope host lo</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> valid_lft forever preferred_lft forever</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> inet6 ::1/128 scope host </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> valid_lft forever preferred_lft forever</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> link/ether bc:24:11:a6:cc:be brd ff:ff:ff:ff:ff:ff</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> inet <a href="http://172.17.129.130/25" target="_blank">172.17.129.130/25</a> brd 172.17.129.255 scope global enp6s18</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> valid_lft forever preferred_lft forever</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> <span style="color:black;background:yellow">inet6 2600:6ce4:0:42::130/64 scope global </span></span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New";color:black;background:yellow"> valid_lft forever preferred_lft forever</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> inet6 fe80::be24:11ff:fea6:ccbe/64 scope link </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> valid_lft forever preferred_lft forever</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">Regards</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">Marek</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><div><div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0in 0in"><p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> <a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a> <<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>> <br><b>Sent:</b> Tuesday, April 23, 2024 9:42 AM<br><b>To:</b> 'Kea user's list' <<a href="mailto:kea-users@lists.isc.org" target="_blank">kea-users@lists.isc.org</a>><br><b>Subject:</b> RE: DHCPv6, shared network, and double-relay Solicit messages</span><u></u><u></u></p></div></div><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">I wonder whether it has anything to do with the fact that DHCPv6 process does not seem to listen on port 546</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">root@server-kea-node1:/home/kea # sudo netstat -tulpn | grep LISTEN</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp 0 0 <a href="http://127.0.0.1:8000" target="_blank">127.0.0.1:8000</a> 0.0.0.0:* LISTEN 628/kea-ctrl-agent </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp 0 0 <a href="http://0.0.0.0:22" target="_blank">0.0.0.0:22</a> 0.0.0.0:* LISTEN 673/sshd: /usr/sbin </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp 0 0 <a href="http://127.0.0.53:53" target="_blank">127.0.0.53:53</a> 0.0.0.0:* LISTEN 610/systemd-resolve </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp6 0 0 :::9119 :::* LISTEN 632/stork-agent </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp6 0 0 :::22 :::* LISTEN 673/sshd: /usr/sbin </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp6 0 0 :::8080 :::* LISTEN 632/stork-agent </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">tcp6 0 0 :::9547 :::* LISTEN 632/stork-agent</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">root@server-kea-node1:/home/kea# nmap localhost </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Starting Nmap 7.80 ( <a href="https://protect.checkpoint.com/v2/___https:/nmap.org___.YzJ1OnppcGx5ZmliZXI6YzpvOjZkYzY1Y2Y5MDliYzlmMGM0MTg5Zjc2NGVlMjYzMzQ1OjY6ZGFmOTowNDc5ZWVmYzVmY2FiM2NmMTU2MDk4Y2MxOGQ4MTFmMjdkNzY4YzNjZjgwZmQ0MTExZDVlZDM0OGEwZDQ4ZmZlOmg6VA" title="Protected by Check Point: https://nmap.org" target="_blank">https://nmap.org</a> ) at 2024-04-23 15:35 UTC</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Nmap scan report for localhost (127.0.0.1)</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Host is up (0.0000030s latency).</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Not shown: 997 closed ports</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">PORT STATE SERVICE</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">22/tcp open ssh</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">8000/tcp open http-alt</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">8080/tcp open http-proxy</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">I do not see DHCPv4 or DHCPv6 ports open at all. Per manual, “<i>The DHCPv4 and DHCPv6 protocols assume the server will open privileged UDP port 67 (DHCPv4) or 547 (DHCPv6).” </i>, which is fine, I do start the DHCPv6 process as root, so it should show up in the list of ports being open. </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">Marek</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><div><div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0in 0in"><p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> <a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a> <<a href="mailto:mxhajduczenia@gmail.com" target="_blank">mxhajduczenia@gmail.com</a>> <br><b>Sent:</b> Tuesday, April 23, 2024 9:19 AM<br><b>To:</b> 'Kea user's list' <<a href="mailto:kea-users@lists.isc.org" target="_blank">kea-users@lists.isc.org</a>><br><b>Subject:</b> DHCPv6, shared network, and double-relay Solicit messages</span><u></u><u></u></p></div></div><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">Dear colleagues, </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">I have been attempting to test a setup in the lab with DOCSIS CM operating in IPv6 mode only, where the DHCPv6 messages are relayed across the CMTS and the first-hop router (relay address 2600:6ce4:0:3e::1) towards a Kea server running 2.4 code (address 2600:6ce4:0:42::130). </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">At the Kea server level, I ran a packet capture, to observe an interesting behavior – the Solicit messages from the DOCSIS CM are being forwarded back to the relay, embedded within the ICMPv6 message with indication that the destination is unreachable for some reason. </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"><img border="0" width="1515" height="108" style="width: 15.7812in; height: 1.125in;" id="m_-4841320761094769588Picture_x0020_1" src="cid:ii_18f0f8ae17a4cff311"></span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">The Kea server is running without any issues so it seems that the binding is successful and </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">root@server-kea-node1:/home/ace# service isc-kea-dhcp6-server status </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">● isc-kea-dhcp6-server.service - Kea DHCPv6 Service</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> Loaded: loaded (/lib/systemd/system/isc-kea-dhcp6-server.service; enabled; vendor preset: enabled)</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> Active: active (running) since Tue 2024-04-23 15:02:41 UTC; 11min ago</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> Docs: man:kea-dhcp6(8)</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> Main PID: 1551 (kea-dhcp6)</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> Tasks: 7 (limit: 4550)</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> Memory: 3.5M</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> CPU: 119ms</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> CGroup: /system.slice/isc-kea-dhcp6-server.service</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> └─1551 /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New""> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.467 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 129 bytes over command socket 22</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get'</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 92 bytes (0 bytes left to send) over command socket 22</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 117 bytes over command socket 22</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get-all'</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 8715 bytes (0 bytes left to send) over command socket 22</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt;font-family:"Courier New"">Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">I attach the Kea DHCPv6 config for reference (keav6.json) – the test device should match rpd-10 class, and make its way into 2600:6ce4:0:3e::/64 subnet. </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">I am drawing blank on what the problem might be in here. I have not seen this behavior before and I am not sure whether it is related with the fact that I have two layers of relays in messages or not</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">Regards</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt">Marek</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11pt"> </span><u></u><u></u></p></div></div></div></div></div></div></div></div>-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</div></blockquote></div>