[Kea-users] KEA DHCPv6 Server and PD
Darren Ankney
darren.ankney at gmail.com
Sat Aug 5 13:46:35 UTC 2023
Hi Meinhard,
Looking at your Kea configuration, it looks like you've assigned the
same /56 as both the subnet and the prefix delegation (unless the XXX
part is different). If you imagine a consumer router as having a WAN
and LAN interface, you need different subnets. One for the WAN side
from which the client will get a single IP out of a (assumedly) /64.
Then you have a larger subnet that is the prefix delegation subnet
which assigns subnets for use on the LAN interface that the consumer
router shares with interior devices. ISP infrastructure of some sort
adds routes for these prefix delegations from the ISP router to the IP
on the WAN interface. This is necessary as NAT is not used in IPv6,
so each device needs to have a public address. See RFC 8415 for
details about prefix delegation.
Thank you,
Darren Ankney
On Fri, Aug 4, 2023 at 11:17 AM Meinhard Schneider <meini at meini.org> wrote:
>
> Hello,
>
> I am trying to set up the KEA DHCPv6 server with prefix delegation
> pools. I am now so far that the router behind the DHCPv6 obtains
> prefixes for its subnets, but all interfaces have the same prefix.
>
> Here is my setup:
> gw-wan0 (server):
> Debian/Bookworm
> KEA: 2.2.0
>
> $ cat /etc/kea/kea-dhcp6.conf
> {
> "Dhcp6": {
> "valid-lifetime": 4000,
> "renew-timer": 1000,
> "rebind-timer": 2000,
> "preferred-lifetime": 3000,
>
> "control-socket": {
> "socket-type": "unix",
> "socket-name": "/run/kea/kea6-ctrl-socket"
> },
>
> "option-data": [
> {
> "name": "dns-servers",
> "data": "xxxx:xxxx::1"
> }
> ],
>
> "interfaces-config": {
> "interfaces": [ "enp2s0" ]
> },
>
> "lease-database": {
> "type": "memfile",
> "persist": true,
> "name": "/var/lib/kea/kea-leases6.csv",
> "lfc-interval": 3600
> },
>
> "subnet6": [
> {
> "subnet": "xxxx:xxxx:ff00:ff00::/56",
> "interface": "enp2s0",
> "pd-pools": [
> {
> "prefix": "xxxx:xxxx:ff00:ff00::",
> "prefix-len": 56,
> "delegated-len": 64
> }
> ]
> }
> ],
>
> "loggers": [
> {
> "name": "kea-dhcp6",
> "output_options": [
> {
> "output": "/var/log/kea/kea-dhcp6.log",
> "maxver": 8,
> "maxsize": 204800,
> "flush": true,
> "pattern": "%d{%j %H:%M:%S.%q} %c %m\n"
> }
> ],
> "severity": "DEBUG",
> "debuglevel": 99
> }
> ]
> }
> }
>
>
> $ ip a s enp2s0
> 3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
> link/ether 00:0d:b9:55:b8:15 brd ff:ff:ff:ff:ff:ff
> inet x.x.107.4/31 brd 255.255.255.255 scope global enp2s0
> valid_lft forever preferred_lft forever
> inet6 xxxx:xxxx:ff00:ff00::1/56 scope global
> valid_lft forever preferred_lft forever
> inet6 fe80::20d:b9ff:fe55:b815/64 scope link
> valid_lft forever preferred_lft forever
>
>
> gw-test (client):
> Debian/Bookworm
> wide-dhcpv6-client: 20080615-23
> (for historical reasons and because I'm already running many other
> installations with it, I'm currently testing with WIDE)
>
> $ cat /etc/wide-dhcpv6/dhcp6c.conf
> profile default
> {
> script "/etc/wide-dhcpv6/radvd";
> };
>
> interface enp2s0
> {
> send ia-pd 0;
> script "/etc/wide-dhcpv6/radvd";
> };
>
> id-assoc pd
> {
> prefix-interface enp3s0
> {
> sla-id 1;
> };
> prefix-interface enp4s0
> {
> sla-id 2;
> };
> };
>
> $ ip a s enp2s0
> 3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
> link/ether 00:0d:b9:56:4b:c5 brd ff:ff:ff:ff:ff:ff
> inet x.x.107.5/31 brd x.x.107.5 scope global dynamic enp2s0
> valid_lft 3381sec preferred_lft 3381sec
> inet6 xxxx:xxxx:ff00:0:20d:b9ff:fe56:4bc5/64 scope global dynamic
> mngtmpaddr
> valid_lft 86085sec preferred_lft 14085sec
> inet6 fe80::20d:b9ff:fe56:4bc5/64 scope link
> valid_lft forever preferred_lft forever
>
> $ ip a s enp3s0
> 4: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
> DOWN group default qlen 1000
> link/ether 00:0d:b9:56:4b:c6 brd ff:ff:ff:ff:ff:ff
> inet 192.168.3.1/24 brd 192.168.3.255 scope global enp3s0
> valid_lft forever preferred_lft forever
> inet6 xxxx:xxxx:ff00:ff00:20d:b9ff:fe56:4bc6/64 scope global tentative
> valid_lft forever preferred_lft forever
>
> $ ip a s enp4s0
> 5: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
> DOWN group default qlen 1000
> link/ether 00:0d:b9:56:4b:c7 brd ff:ff:ff:ff:ff:ff
> inet 192.168.4.1/24 brd 192.168.4.255 scope global enp4s0
> valid_lft forever preferred_lft forever
> inet6 xxxx:xxxx:ff00:ff00:20d:b9ff:fe56:4bc7/64 scope global tentative
> valid_lft forever preferred_lft forever
>
>
> Both devices are directly connected to each other on the enp2s0 interface.
>
> My expectation was that gw-test would get its own /64 IPv6 subnet at the
> KEA DHCPv6 server for each interface defined in the wide-dhcpv6-client
> (i.e. enp3s0 and enp4s0). Instead, both interfaces get the same subnet,
> which makes no sense (or is not the result I have in mind).
>
> Every time I restart the wide-dhcpv6-client, KEA counts up the subnet by
> one. Currently I got the subnet xxxx:xxxx:ff00:ff00::/64 (after emptying
> the lease cache). After the next reboot I get the subnet ff01, then
> ff02, ff03 and so on.
>
> Unfortunately I don't find the documentation on KEA DHCPv6 server and
> prefix delegation pools very comprehensive. I put together my
> configuration from the few examples I found on the internet.
>
>
> I would be very grateful for any help:
> 1. why doesn't each interface get its own subnet /64?
> 2. why does KEA count up the subnets instead of - with a new DHCP
> request - assigning the same subnets again?
>
> Many thanks & best regards
> Meinhard
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
More information about the Kea-users
mailing list