[Kea-users] Can't get KEA to work here - VLAN issues

Fri May 20 09:33:01 UTC 2016

On 19.05.2016 19:29, Jonis Maurin Ceara wrote:
> Actually, I need some explanations from experts....
> DHCP works on Layer 2? And VLAN's, works on layer 2 too?
I don't have much experience with VLANs, so not sure if what I have for
you would be useful or not. DHCPv4 component of Kea by default uses raw
sockets. This means that it dissects incoming packets on its own. One
side effect is that raw sockets receive packets before kernel stack
processes it. In particular, iptables are not effective and Kea would
receive the traffic, even if iptables drop it. I do not know how VLAN
support is implemented in Linux kernel, but I presume it may be similar.

> This is what I have:
> One VM with only one interface.....this interface has VLAN 227 as
> untagged and a lot of other VLAN"s tagged, including VLAN 209
> On OS of this VM (CentOS 7), I have two interfaces:
> 
> eth0 => 'normal interface', configured with static IP and nothing
> related to VLAN. Untagged VLAN = 227, but receives a lot of other tagged
> VLAN's. network-id = 1025 for this IP range/VLAN
> eth0.209 => interface configured with VLAN ID 209.  Network-id = 1024
> for this range/VLAN.
> 
> In Kea configuration, I had:
> */"interfaces-config": {/*
> */    "interfaces": [ "eth0", "eth0.209" ]/*
> */  },/*
> and nothing more.
> The 'problem' is that Kea is seeing more traffic on eth0....I mean, Kea
> is receiving DHCP requests from ALL other VLAN's that is tagged, even if
> my linux is not configured for these VLAN's. So I'm guessing that Kea is
> intercepting DHCP packages before my linux could 'ignore' these tagged
> packets on eth0 (I could see this on log with debug). Since my VLAN 209
> came untagged to interface eth0.209 and tagged to interface eth0, I
> think Kea is guetting crazy with same packet on both network cards and
> subnets.
> 
> I have added 'interface' to specific subnetworks and It's working for now. 
That's good to hear. So is Kea doing what you wanted it to do?

I'm afraid that any improvements for VLAN are out of scope for the
current 1.1 milestone. So you'll have to work with what is there in the
code now. However, there are couple things you may possibly find useful.

1. You can switch Kea to use UDP sockets rather than raw sockets. This
should work great if you have relays, but may be not optimal if you have
directly connected clients. See Section 7.2.4 of the User's Guide for
details (the parameter name is dhcp-socket-type).

2. You mentioned using interface parameter in subnet definition. This is
working in Kea 1.0, but has some flaws. In particular, it will not work
if your IP address on the interface does not match the subnet range.
This has been improved recently. If you're interested, the code is
currently available on trac4308 branch. You can get it from github.
It will be on master branch soon. With this change, only the interface
name has to match, not the addresses configured on it. You may give it a
try if you experience problems with the interface selection in the 1.0 code.

Hope that helps,
Tomek