[Kea-users] Using DHCP Relays

Klaus Steden klausfiend at gmail.com
Mon Jan 23 06:52:45 UTC 2023 

This is what we added to our Kea configs to deal with the encapsulated
requests:

""""
...
    "option-def": [
      {
        "name": "link",
        "code": 150,
        "space": "relay-cisco",
        "type": "ipv4-address",
        "record-types": "",
        "array": false,
        "encapsulate": ""
      },
      {
        "name": "server-id",
        "code": 152,
        "space": "relay-cisco",
        "type": "ipv4-address",
        "record-types": "",
        "array": false,
        "encapsulate": ""
      }
 ],
...
"""

We're using UDP sockets and the shared-networks option, with the relays in
a separate file (as a JSON-formatted list):

"""
...
    "shared-networks": [
      {
        "name": "my-site-relays",
        "relay": {
          "ip-addresses": <?include "/etc/kea/kea-relay4.json"?>
        },
        "subnet4": [
          <?include "/etc/kea/kea-pool4.json"?>
        ]
      }
    ],
...
"""

Hopefully this is useful to you ...

cheers,
Klaus

On Sat, Jan 21, 2023 at 7:53 AM Simon <dhcp1 at thehobsons.co.uk> wrote:

> Stefan G. Weichinger <lists at xunil.at> wrote:
>
> >> I will start by stopping one of my 2 kea-nodes, and then remove the
> VLAN interfaces on the remaining one. Plus enable the DHCP-relay, plus
> adding that fw-rule.
> >> In kea I have to remove the various vlan-interfaces and edit the
> subnets to all listen on the same and only LAN-interface.
> >
> > Did my changes but today there are no more workers on site there so it's
> a bit hard to test for me from remote.
> >
> > Went back to the old setup for now.
> >
> > questions around config:
> >
> > Could I remove the separate interface lines from the subnets:
> >
> >
> > {
> >                       "interface": "enp0s31f6",  # THIS LINE
> >                       "id": 3,
> >                       "subnet": "192.168.103.0/24",
> >
> >
> > In the first lines I already have:
> >
> >
> > {
> >        "Dhcp4": {
> >                "interfaces-config": {
> >                        "interfaces": [ "enp0s31f6" ],
> >                        "dhcp-socket-type": "raw",
> >                       "service-sockets-require-all": false,
> >                       "service-sockets-max-retries": 1000,
> >                       "service-sockets-retry-wait-time": 10000
> >                },
> >
> >
> > That defines the interface anyway, right?
>
> I think so, but I’m not a Kea user and have only had a fairly quick look
> at the documentation - most of the previous advice is based on relaying
> being generic and not really affecting server config much/at all.
> With dhcpd (where my experience is for about 25 years !), the only config
> for interfaces is to specify which ones to listen on.
>
> > "dhcp-socket-type" is ok? "raw" seems to be the default anyway.
>
>
> The manual at
> https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#interface-configuration
> says :
> > Kea supports responding to directly connected clients which do not have
> an address configured. This requires the server to inject the hardware
> address of the destination into the data-link layer of the packet being
> sent to the client. The DHCPv4 server uses raw sockets to achieve this, and
> builds the entire IP/UDP stack for the outgoing packets. The downside of
> raw socket use, however, is that incoming and outgoing packets bypass the
> firewalls (e.g. iptables).
>
>
> > Using UDP sockets automatically disables the reception of broadcast
> packets from directly connected clients. This effectively means that UDP
> sockets can be used for relayed traffic only. When using raw sockets, both
> the traffic from the directly connected clients and the relayed traffic are
> handled.
>
>
> So it’s clear that you want to keep raw sockets (default, no need to
> specify it) if you have any locally connected clients - but if you have no
> locally connected clients and want packets to pass through a firewall then
> use UDP.
>
>
> Also, looking at
> https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#dhcp4-subnet-selection
> it seems fairly clear that you don’t need to tie subnets to interfaces in
> the config - simply defining the interfaces to listen on, and the subnets
> to be served, is sufficient for the server to automagically associate
> clients with the right subnet.
>
>
> Simon
>
>
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230122/199ddebb/attachment.htm>

More information about the Kea-users mailing list