[Kea-users] `lease4-update` command has no effect and falsely reports success on multithreaded Kea servers
Cathy Almond
cathya at isc.org
Tue Nov 17 16:23:07 UTC 2020
We've recently discovered a defect that affects users of High
Availability (HA) who also have multithreading (MT) enabled, running on
Kea 1.8 (stable) and 1.9 (development). Multithreading is disabled by
default, so if you have not explicitly configured to run your Kea
servers with MT, you are unaffected.
The problem uncovered is that the HA server pairs do not add or update
IPv4 leases on their partner systems when MT is in use. A server that
handles a 'lease4-update' logs success, but without actually adding or
updating a lease on systems that are running with MT enabled.
In an HA environment, lease4-update is used for ongoing lease updates
(send-lease-updates is true). This problem therefore does not affect
production environments that use another mechanism for updating leases
between Kea servers (such as a shared lease backend). Initial lease
database synchronisation (sync-leases is true) does not use
lease4-update so it is also not affected.
In addition, administrator operation of the lease4-update command
falsely reports success.
Disabling MT is an effective workaround that allows HA server pairs to
continue to share lease updates.
We will be fixing this defect in Kea 1.8.2 (no ETA yet) and 1.9.2
(November 25). Details and a source-code patch (1.9 branch) can be
found here:
https://gitlab.isc.org/isc-projects/kea/-/issues/1542
Cathy Almond
ISC Support
More information about the Kea-users
mailing list