[Kea-users] limiting how many leases someone can get

Tomek Mrugalski tomasz at isc.org
Wed Nov 15 20:38:51 UTC 2017 

On 16/11/2017 04:19, John Ratliff wrote:
> I would like to replace ISC DHCP with kea. Currently, we're using
> classes to put a lease limit of 1 on each household. The class is
> created based on remote-id or circuit-id (option 82 information).
> 
> Is it possible to do something similar with kea? I see that you can do a
> lease reservation based on circuit-id, but I didn't see anything about
> lease restrictions. It seems like the limits are based on MAC alone.
Explicit lease limits are not supported yet.

Some capabilities for limiting number of leases are being under
consideration and they may appear in 1.4, but that depends on business
aspects that are completely outside of our control.

Having said that, you may get a similar functionality under certain
conditions. If you have a list of remote-id or circuit-ids for your
clients, then just define reservations for them, define a subnet and
don't define any pools. This way the clients having a matching
circuit-id or remote-id will get an address. Just one. Those that don't
match your reservations won't get any address at all.

I admit this approach is somewhat limited. If the device behind specific
remote-id or circuit-id changes, then Kea will detect a conflict and
will try to resolve it, but then will likely fail to pick an alternate
lease, because there is no dynamic pool. Once the old lease expires, the
new device will be able to get a lease for the same address.

If you don't like that approach, you can try using replace-client-id
parameter set to true in flex-id hook. This should cause the old lease
to be stored with client-id matching your remote-id or circuit-id. When
a new device is connected behind the same location, its generated
client-id will match the old one, so Kea will look at this as if the
device changed mac address, but has the same client-id and will issue
the same address to the new device. I have not tested this, though. I'm
currently on a conference and don't have access to my home test setup.

Tomek

More information about the Kea-users mailing list