[Kea-users] Using DHCP Relays

Simon dhcp1 at thehobsons.co.uk
Sat Jan 21 15:52:42 UTC 2023 

Stefan G. Weichinger <lists at xunil.at> wrote:

>> I will start by stopping one of my 2 kea-nodes, and then remove the VLAN interfaces on the remaining one. Plus enable the DHCP-relay, plus adding that fw-rule.
>> In kea I have to remove the various vlan-interfaces and edit the subnets to all listen on the same and only LAN-interface.
> 
> Did my changes but today there are no more workers on site there so it's a bit hard to test for me from remote.
> 
> Went back to the old setup for now.
> 
> questions around config:
> 
> Could I remove the separate interface lines from the subnets:
> 
> 
> {
> 			"interface": "enp0s31f6",  # THIS LINE
> 			"id": 3,
> 			"subnet": "192.168.103.0/24",
> 
> 
> In the first lines I already have:
> 
> 
> {
>        "Dhcp4": {
>                "interfaces-config": {
>                        "interfaces": [ "enp0s31f6" ],
>                        "dhcp-socket-type": "raw",
> 			"service-sockets-require-all": false,
>            		"service-sockets-max-retries": 1000,
>            		"service-sockets-retry-wait-time": 10000
>                },
> 
> 
> That defines the interface anyway, right?

I think so, but I’m not a Kea user and have only had a fairly quick look at the documentation - most of the previous advice is based on relaying being generic and not really affecting server config much/at all.
With dhcpd (where my experience is for about 25 years !), the only config for interfaces is to specify which ones to listen on.

> "dhcp-socket-type" is ok? "raw" seems to be the default anyway.


The manual at https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#interface-configuration says :
> Kea supports responding to directly connected clients which do not have an address configured. This requires the server to inject the hardware address of the destination into the data-link layer of the packet being sent to the client. The DHCPv4 server uses raw sockets to achieve this, and builds the entire IP/UDP stack for the outgoing packets. The downside of raw socket use, however, is that incoming and outgoing packets bypass the firewalls (e.g. iptables).


> Using UDP sockets automatically disables the reception of broadcast packets from directly connected clients. This effectively means that UDP sockets can be used for relayed traffic only. When using raw sockets, both the traffic from the directly connected clients and the relayed traffic are handled.


So it’s clear that you want to keep raw sockets (default, no need to specify it) if you have any locally connected clients - but if you have no locally connected clients and want packets to pass through a firewall then use UDP.


Also, looking at https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#dhcp4-subnet-selection it seems fairly clear that you don’t need to tie subnets to interfaces in the config - simply defining the interfaces to listen on, and the subnets to be served, is sufficient for the server to automagically associate clients with the right subnet.


Simon

More information about the Kea-users mailing list