[Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS

Tobias - lokskada at live.se
Sat Jan 20 02:02:01 UTC 2018 

On 2018-01-20 00:13, Francis Dupont wrote:
> Tobias - writes:
>> First:
>>
>> I'm trying to put my virtual machines in a separate subnet. The virtual mac=
>> hines have the vendor prefix of 52:54:00.
>>
>> If I would do this in code, I would use AND to mask away the last three oct=
>> ets and then compare against 52:54:00:00:00:00 but I seem to be unable to d=
>> o that.
>>
>> Since I was unable to fnd an example for Kea, I tried to do what people sug=
>> gested for dhcpd since the expression looked similar to what is availible i=
>> n Kea, but it didn't work.
> => in theory a substring(pkt4.mac, 0, 3) does the jobs
> BTW you can debug classification expression (admin guide, 13.9. Debugging
> Expressions). It should explain why it does not work in your example.
>
> Thanks
>
> Francis Dupont <fdupont at isc.org>

Hi Francis!

Thank you for your swift response.
I looked closer at the matching and got it working and it looks okay.
I haven't reached a solution to my problem yet, this seems to go deeper.
The network interface (br0) has two IP addresses, one for each subnet.
Not sure if this is necessary for Kea to work when working with two
subnets over the same bridge.

I've made reservations in 'kea.hosts':
+-----------------+----------------------+-----------------+--------------+-----------+
| dhcp_identifier | dhcp_identifier_name | dhcp4_subnet_id |
ipv4_address | hostname  |
+-----------------+----------------------+-----------------+--------------+-----------+
| 525400100001    | hw-address           |               2 |
192.168.1.10 | xxxxxx-01 |
| 525400100002    | hw-address           |               2 |
192.168.1.11 | xxxxxx-02 |
+-----------------+----------------------+-----------------+--------------+-----------+

This is how the classes and subnets are configured:

> "client-classes": [
>     {
>         "name": "none",
>         "test": "not (substring(pkt4.mac, 0, 3) == 0x525400)"
>     },
>     {
>         "name": "vm",
>         "test": "substring(pkt4.mac, 0, 3) == 0x525400"
>     }
> ],
> "subnet4": [
>     {
>         "subnet": "192.168.0.0/24",
>         "id": 1,
>         "client-class": "none",
>         ...
>      },
>     {
>         "subnet": "192.168.1.0/24",
>         "id": 2,
>         "client-class": "vm",
>         ...
>      }
> ]

And it results in this output:

> DEBUG [kea-dhcp4.packets] DHCP4_BUFFER_RECEIVED received buffer from
0.0.0.0:68 to 255.255.255.255:67 over interface br0
> DEBUG [kea-dhcp4.options] DHCP4_BUFFER_UNPACK parsing buffer received
from 0.0.0.0 to 255.255.255.255 over interface br0
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_PKT4 Pushing PKT4 field mac with
value 0x525400100002
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_STRING Pushing text string '0'
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_STRING Pushing text string '3'
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_SUBSTRING Popping length 3, start 0,
string 0x525400100002 pushing result 0x525400
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_HEXSTRING Pushing hex string 0x525400
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_EQUAL Popping 0x525400 and 0x525400
pushing result 'true'
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_NOT Popping 'true' pushing 'false'
> DEBUG [kea-dhcp4.options] EVAL_RESULT Expression none evaluated to 0
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_PKT4 Pushing PKT4 field mac with
value 0x525400100002
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_STRING Pushing text string '0'
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_STRING Pushing text string '3'
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_SUBSTRING Popping length 3, start 0,
string 0x525400100002 pushing result 0x525400
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_HEXSTRING Pushing hex string 0x525400
> DEBUG [kea-dhcp4.eval] EVAL_DEBUG_EQUAL Popping 0x525400 and 0x525400
pushing result 'true'
> INFO  [kea-dhcp4.options] EVAL_RESULT Expression vm evaluated to 1
> DEBUG [kea-dhcp4.packets] DHCP4_SUBNET_SELECTION_FAILED [hwtype=1
52:54:00:10:00:02], cid=[no info], tid=0xd5fd4831: failed to select
subnet for the client
> DEBUG [kea-dhcp4.bad-packets] DHCP4_PACKET_DROP_0002 [hwtype=1
52:54:00:10:00:02], cid=[no info], tid=0xd5fd4831, from interface br0:
no suitable subnet configured for a direct client

When I'm not using the classes, Kea looks for a reservation in subnet 1
which returns no match. So it will just grab the next availible address
in the pool from subnet 1. So specifying subnet id 2 in the reservation
table doesn't seem to help.

Have I missed something?

Thanks,
Tobias

More information about the Kea-users mailing list