[Kea-users] Disable multicast Listening

Veronique Lefebure Veronique.Lefebure at cern.ch
Mon Jan 9 15:51:12 UTC 2023 

We are using ip6tables for dropping all traffic coming from ff02::1:2.
Cheers,
Veronique
________________________________
From: Kea-users <kea-users-bounces at lists.isc.org> on behalf of Frey, Rick E via Kea-users <kea-users at lists.isc.org>
Sent: Wednesday, January 4, 2023 5:02 PM
To: s k <sat98 at hotmail.com>; kea-users <kea-users at lists.isc.org>
Subject: Re: [Kea-users] Disable multicast Listening


Realized you’re likely asking about DHCPv6 since mentioning “multicast” address.  Kea docs indicate that even when unicast address specified for dhcp6, the server will still listen on multicast address.



Guessing you have already tried blocking the multicast traffic via server firewall (ip6tables/nftables)?



From: Kea-users <kea-users-bounces at lists.isc.org> on behalf of Frey, Rick E via Kea-users <kea-users at lists.isc.org>
Date: Wednesday, January 4, 2023 at 9:46 AM
To: s k <sat98 at hotmail.com>, kea-users <kea-users at lists.isc.org>
Subject: Re: [Kea-users] Disable multicast Listening

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.



Have you tried setting the “dhcp-socket-type” to “udp”?



Docs indicate that if not specified, the default is “raw”.  If you’re only needing DHCP on unicast (via relay), you should be able to set to “udp” which should disable reception of broadcast packets from directly connected clients.



See https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#interface-configuration<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkea.readthedocs.io%2Fen%2Fkea-2.2.0%2Farm%2Fdhcp4-srv.html%23interface-configuration&data=05%7C01%7Crick.frey%40windstream.com%7Cc6b0ce4a0f5541a58ac608daee6a8360%7C2567b4c1b0ed40f5aee358d7c5f3e2b2%7C0%7C0%7C638084439667774117%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fNiS%2BAThL93u%2Bq27py%2F75qyeUQPNnu6CJS7DFYZ4vFo%3D&reserved=0>







From: Kea-users <kea-users-bounces at lists.isc.org> on behalf of s k <sat98 at hotmail.com>
Date: Tuesday, January 3, 2023 at 7:05 PM
To: kea-users <kea-users at lists.isc.org>
Subject: [Kea-users] Disable multicast Listening

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.



Hi

Is there a way to stop Kea from listening on multicast address  , since our set up only uses relay forwarding to request for ip which is point to point. when i enable listening on global interface by default kea listens on multicast address and the number of requests received  over multicast is overwhelming .

Thanks

skumar







Sensitivity: Internal



Sensitivity: Internal


Sensitivity: Internal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230109/f1d46af3/attachment.htm>

More information about the Kea-users mailing list