[Kea-users] single subnet for multiple interfaces

Darren Ankney darren.ankney at gmail.com
Sat Jul 15 10:15:33 UTC 2023 

Hi Joe,

I can't think of any other way to get around that.  I haven't much
experience with DHCP without a relay agent.  From a network design
perspective, it would usually be assumed that a separate interface
would have a separate subnet.  Usually it isn't possible for subnets
to work on multiple interfaces unless they are all in the same VLAN or
so.   Is there any particular reason you don't extend the VLANs to the
loopback where you have placed the gateway (I assume that the loopback
is already part of the VLANs or the clients wouldn't be able to reach
their gateway) and specify that as the interface on which Kea should
listen?  Then Kea would only need to have one interface (the loopback)
in the configuration.  The DHCP traffic should all be present on the
loopback and thats the problem solved!

Random idea that may not work would be to try specifying "*" as the
interface.  You can do that in the global interfaces-config (see first
example here: https://kea.readthedocs.io/en/kea-2.4.0/arm/dhcp4-srv.html#interface-configuration),
for sure.  I'm not sure that will be permitted in the pool statement,
however (probably not, but worth a try).

Thank you,

Darren Ankney

On Fri, Jul 14, 2023 at 7:04 AM Joe Botha <joe at swimgeek.com> wrote:
>
> Hi
>
> Got a bit stuck with the client-class idea.
>
> Even with classes forcing subnet selection based on the interface, Kea will not respond unless an interface is defined within the subnet - and we're back to the same problem, you can only define one interface per subnet.
>
> So we're using br0.30 as the test. br0.30 is defined at the global level. If it's defined in the subnet as well, things work. If it's not defined in the subnet level, things do not work.
>
> Any advice to get around the one interface per subnet problem?
>
>
>
> Some debug logs below.
>
> 2023-07-14 12:25:46.543 DEBUG [kea-dhcp4.packets/1650692.139622836189632] DHCP4_BUFFER_RECEIVED received buffer from 0.0.0.0:68 to 255.255.255.255:67 over interface br0.30
> 2023-07-14 12:25:46.543 DEBUG [kea-dhcp4.options/1650692.139622802572992] DHCP4_BUFFER_UNPACK parsing buffer received from 0.0.0.0 to 255.255.255.255 over interface br0.30
> 2023-07-14 12:25:46.544 DEBUG [kea-dhcp4.eval/1650692.139622802572992] EVAL_DEBUG_PKT Pushing PKT meta data iface with value br0.30
> 2023-07-14 12:25:46.544 DEBUG [kea-dhcp4.eval/1650692.139622802572992] EVAL_DEBUG_STRING Pushing text string 'br0.30'
> 2023-07-14 12:25:46.544 DEBUG [kea-dhcp4.eval/1650692.139622802572992] EVAL_DEBUG_EQUAL Popping 0x6272302E3330 and 0x6272302E3330 pushing result 'true'
> 2023-07-14 12:25:46.544 INFO  [kea-dhcp4.dhcpsrv/1650692.139622802572992] EVAL_RESULT Expression vlan30 evaluated to 1
> 2023-07-14 12:25:46.544 DEBUG [kea-dhcp4.dhcpsrv/1650692.139622802572992] DHCPSRV_SUBNET4_SELECT_NO_RAI_OPTIONS No RAI options found to use for subnet selection.
> 2023-07-14 12:25:46.544 DEBUG [kea-dhcp4.dhcpsrv/1650692.139622802572992] DHCPSRV_SUBNET4_SELECT_NO_RELAY_ADDRESS Relay address (giaddr) in client packet is empty.
> 2023-07-14 12:25:46.544 DEBUG [kea-dhcp4.dhcpsrv/1650692.139622802572992] DHCPSRV_SUBNET4_SELECT_BY_INTERFACE_NO_MATCH No subnet matches interface: br0.30
> 2023-07-14 12:25:46.544 DEBUG [kea-dhcp4.dhcpsrv/1650692.139622802572992] DHCPSRV_SUBNET4_SELECT_BY_ADDRESS_NO_MATCH No subnet matches address: 172.16.1.30
> 2023-07-14 12:25:46.544 DEBUG [kea-dhcp4.packets/1650692.139622802572992] DHCP4_SUBNET_SELECTION_FAILED [hwtype=1 e2:48:a7:5b:37:83], cid=[no info], tid=0xbe9fe95a: failed to select subnet for the client
> 2023-07-14 12:25:46.544 DEBUG [kea-dhcp4.bad-packets/1650692.139622802572992] DHCP4_PACKET_DROP_0002 [hwtype=1 e2:48:a7:5b:37:83], cid=[no info], tid=0xbe9fe95a, from interface br0.30: no suitable subnet configured for a direct client
>
>
>
>
>
> --
> Swimmingly,
>  Joe
>
> swimgeek.com/blog  +27 82 562 6167  instagram.com/joe.swimgeek
>       "...all progress depends on the unreasonable man.”
>
>
> > On 13 Jul 2023, at 19:32, Darren Ankney <darren.ankney at gmail.com> wrote:
> >
> > Hi Joe,
> >
> > I think that will work.  You don't need to set any options in the
> > client class if you don't want to.  Best to test before deployment in
> > production.
> >
> > Thank you,
> >
> > Darren Ankney
> >
> > On Thu, Jul 13, 2023 at 1:08 PM Joe Botha <joe at swimgeek.com> wrote:
> >>
> >> Hi
> >>
> >> Using client classes seems like a good plan.
> >>
> >> if packet comes in on eth0.1 or eth0.2 or eth0.3 - give them all IPs in 192.0.2.0/24
> >>
> >> does this make sense?
> >>
> >> "Dhcp4": {
> >>    "client-classes": [
> >>        {
> >>            "name": "Client_foo",
> >>            "test": "split(pkt.iface, '.', 1) == eth0",
> >>            "option-data": [
> >>                {
> >>                    "name": "domain-name-servers",
> >>                    "code": 6,
> >>                    "space": "dhcp4",
> >>                    "csv-format": true,
> >>                    "data": "192.0.2.1, 192.0.2.2"
> >>                }
> >>            ]
> >>        },
> >>        ...
> >>    ],
> >>    "subnet4": [
> >>        {
> >>            "id": 1,
> >>            "subnet": "192.0.2.0/24",
> >>            "pools": [
> >>                {
> >>                    "pool": "192.0.2.10 - 192.0.2.20",
> >>                    "client-class": "Client_foo"
> >>                }
> >>            ]
> >>        },
> >>        ...
> >>    ],
> >>    ...
> >> }
> >>
> >> --
> >> Swimmingly,
> >> Joe
> >>
> >> swimgeek.com/blog  +27 82 562 6167  instagram.com/joe.swimgeek
> >>      "...all progress depends on the unreasonable man.”
> >>
> >>
> >>
> >>> On 13 Jul 2023, at 17:40, Darren Ankney <darren.ankney at gmail.com> wrote:
> >>>
> >>> Hi Joe,
> >>>
> >>> In that case, shouldn't all of the DHCP traffic be present on the
> >>> loopback?  Therefore, telling Kea to only listen on the loopback
> >>> containing this gateway would be most appropriate?  Otherwise, you
> >>> might have to do some class magic to assign clients to the subnet
> >>> regardless of their interface.  You can only specify one interface per
> >>> subnet in Kea.  I've honestly never tried this in Kea.
> >>>
> >>> Thank you,
> >>>
> >>> Darren Ankney
> >>>
> >>> On Thu, Jul 13, 2023 at 11:33 AM Joe Botha <joe at swimgeek.com> wrote:
> >>>>
> >>>> Hi
> >>>>
> >>>> We look at using relays, but ISC DHCP relay is end-of-life, and it can’t add v6 PD routes - so we are looking at just installing Kea on the switch - which is why we want an IP pool shared with multiple VLAN interfaces.
> >>>>
> >>>>> Does the subnet need to receive different networking/routing details
> >>>>> depending on which VLAN it is attached to?
> >>>>
> >>>> Nope, all the same gateway IP - which we will probably put on a loopback interface.
> >>>>
> >>>> --
> >>>> Swimmingly,
> >>>> Joe
> >>>>
> >>>> swimgeek.com/blog  +27 82 562 6167  instagram.com/joe.swimgeek
> >>>>     "...all progress depends on the unreasonable man.”
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> On 13 Jul 2023, at 17:22, Darren Ankney <darren.ankney at gmail.com> wrote:
> >>>>>
> >>>>> Hi Joe,
> >>>>>
> >>>>> Does the subnet need to receive different networking/routing details
> >>>>> depending on which VLAN it is attached to?
> >>>>>
> >>>>> Is the DHCP traffic relayed?
> >>>>>
> >>>>> You might be able to something like:
> >>>>>
> >>>>> "subnet4": [
> >>>>> {
> >>>>>  "id": 1,
> >>>>>   "subnet": "192.0.2.0/24",
> >>>>>   "relay": {
> >>>>>      "ip-addresses": [ "198.51.100.1", "198.51.100.2" ]
> >>>>>   }
> >>>>> }
> >>>>> ]
> >>>>>
> >>>>> where you are specifying multiple relay ips to use for assigning from
> >>>>> one subnet.  Take care here as the clients will all receive the same
> >>>>> details (subnet mask, default gw etc..) so it must be confirmed that
> >>>>> this is ok from a routing prospective.
> >>>>>
> >>>>> Thank you,
> >>>>>
> >>>>> Darren Ankney
> >>>>>
> >>>>> On Thu, Jul 13, 2023 at 11:07 AM Joe Botha <joe at swimgeek.com> wrote:
> >>>>>>
> >>>>>> Hi
> >>>>>>
> >>>>>> Is there a way to configure Kea so you can share a subnet over multiple interfaces?
> >>>>>>
> >>>>>> Use case is something like sharing a /24 subnet where you have a few VLAN interfaces on the server.
> >>>>>>
> >>>>>> --
> >>>>>> Swimmingly,
> >>>>>> Joe
> >>>>>>
> >>>>>> swimgeek.com/blog  +27 82 562 6167  instagram.com/joe.swimgeek
> >>>>>>    "...all progress depends on the unreasonable man.”
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> >>>>>>
> >>>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >>>>>>
> >>>>>> Kea-users mailing list
> >>>>>> Kea-users at lists.isc.org
> >>>>>> https://lists.isc.org/mailman/listinfo/kea-users
> >>>>
> >>>> --
> >>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> >>>>
> >>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >>>>
> >>>> Kea-users mailing list
> >>>> Kea-users at lists.isc.org
> >>>> https://lists.isc.org/mailman/listinfo/kea-users
> >>
> >> --
> >> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> >>
> >> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >>
> >> Kea-users mailing list
> >> Kea-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/kea-users
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users

More information about the Kea-users mailing list