[Kea-users] Adding static /32 routes with Kea run_script hook

Giles Filmer giles at neuos.co.za
Mon Apr 25 16:06:59 UTC 2022 

Hi

I've been playing with the idea of using Kea and the official run_script
hook to add /32 routes to clients when they get a lease, and remove
these static routes when the client goes away - through lease expiry,
release, etc. The actual lease handed out to the client will still be a
/24, or whatever is large enough to include the gateway address.

Clients will connect to a router over various interfaces or VLAN
subinterfaces; their DHCP traffic will be relayed to a Kea server which
does subnet selection based on the relay GIADDR.
As there is a relay/GIADDR per router interface, I can then use the
run_script hook to have Kea communicate to the router over which
interface a /32 route should be added or removed when a client gets or
loses a lease.

I've got this mostly working in a lab, but have hit a few issues.

1) In an ideal world I'd like to simply add a route on the initial lease
assignment for a client, and remove it on, for example, a DHCPDECLINE or
DHCPRELEASE, ignoring all renews in between; but I haven't been able to
figure out how to differentiate between a client obtaining a lease
through DORA vs a client renewing a lease through REQUEST/ACK.
In both cases lease4_renew is called, and I can get the query type to
tell if it's a DISCOVER or REQUEST, but I think that adding a route in
the DISCOVER phase of DORA is too early...which leave me with doing it
on REQUEST, which I can't distinguish from a REQUEST in the renew cycle.

2) Because of the above, I'm using "ip route replace" on every REQUEST
which will add a route if there isn't one present, and do nothing if
there is. With a large number of clients, this obviously triggers at a
pretty high rate...is there a more efficient way to do this? I can
obviously bump up lease timers, but I'd like to keep them reasonably sane.

3) My initial plan was to trigger the above using the lease4_renew hook
point rather than the leases4_committed hook point, as I can't quite
figure out when the latter is called, but I'm starting to lean towards
using leases4_committed. Is there some piece of documentation that I
missed that explains the differences, as well as what DHCP message types
can trigger leases4_committed? I also seem to have hit a reproducable
bug with lease4_renew; testing with dhtest
(https://github.com/saravana815/dhtest), if I release any lease held
(dhtest -r -i eth0) and then perform a discovery (dhtest -i eth0), the
lease4_renew hook point does not get hit, while the leases4_committed
point does. Subsequent renews hit both.

4) Which parameter would be the most correct to obtain the offered
lease? Assuming I'm using the leases4_committed hook point, I think it
could be:
QUERY4_CIADDR - usually populated, but sometimes empty. When empty,
seems to be client-specific.
QUERY4_YIADDR - always zero'd - guessing this isn't implemented?
LEASES4_AT0_ADDRESS - this seems to be reliably populated.

5) When it comes to removing routes, I think there are 3 points -
lease4_expire, lease4_release, and lease4_decline.
lease4_release - straight forward, just remove the route.
lease4_decline - as I understand it this should only be hit if Kea hands
out a lease that another device already has bound?
lease4_expire - trickier...there's no DHCP packet triggering this, so I
can't infer which interface on the router the /32 is added via; luckily
you can "ip route del a.b.c.d/32" without specifying an interface.
There's a parameter called REMOVE_LEASE in this hook point, which I've
only ever seen set to false. I gather this has something to do with
lease reclamation. Would it be correct to remove the route regardless of
whether this parameter is true or false?

6) The last hook point is lease4_recover, which I think I can ignore.

In summary, the hook points + actions:

lease4_renew
      do nothing
lease4_expire
      delete a route
lease4_recover
      do nothing
leases4_committed
      if dhcprequest, add/replace a route
lease4_release
      delete a route
lease4_decline
      delete a route

The above is all tested on Debian 11.2, Kea 2.0.2-isc20220227221539. Any
input or suggestions on a better way to do this would be welcome

Regards
Giles

-- 
Giles Filmer <giles at neuos.co.za>
Neuos (Pty) Ltd
Phone: +27 82 575 1190

More information about the Kea-users mailing list