[Kea-users] kea 2.2.0 - responding twice to broadcast requests

vom513 vom513 at gmail.com
Sat Jun 10 01:43:28 UTC 2023 

Hello all,

On my firewall I have a bit of a complex setup in terms of interfaces.  I do VLAN trunking / subifs, SQM for bufferbloat, and some “aliases” (ex: eth0:0 - secondary IP on same subnet).

Under ISC dhcpd I don’t see this behavior.  I discovered this (no pun intended) with a Nagios check_dhcp script.

If I send a unicast request direct to the server, I get one response.  If I send a broadcast - it seems the server is “hearing it twice” ?  I see multiple replies in the logs for actual clients as well.

In the middle of writing this message, I decided to try messing with the alias.  Seems to be the culprit.  If I ifdown the alias interface - I get one response.  Seems like Kea binds (??) to the alias as well - even though it’s not defined in the interfaces in config.  I could bring it back up after Kea was running and everything was fine.  It’s only when Kea starts and this alias exists that I get this behavior (i.e. on a fresh boot).

Also to be very clear, not only is this an alias, but it’s an alias on a VLAN subif.  Don’t know how much that matters:

enp1s0f4d1.10:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.64.10  netmask 255.255.255.0  broadcast 192.168.64.255
        ether 00:07:43:16:0d:e8  txqueuelen 1000  (Ethernet)

Is there some knob that can be turned to pare this down to just the actual interface in the config ?  Or did I stumble on a bug ?

Thanks.

Some output:

With Kea running - single server:

root at nms:/home/vom# /usr/local/nagios/libexec/check_dhcp -i ens192 -v
DHCP socket: 3
Hardware address: 00:0c:29:33:58:37
DHCPDISCOVER to 255.255.255.255 port 67
DHCPDISCOVER XID: 155217937 (0x9407011)
DHCDISCOVER ciaddr:  0.0.0.0
DHCDISCOVER yiaddr:  0.0.0.0
DHCDISCOVER siaddr:  0.0.0.0
DHCDISCOVER giaddr:  0.0.0.0
send_dhcp_packet result: 548




recv_result_1: 309
recv_result_2: 309
receive_dhcp_packet() result: 309
receive_dhcp_packet() source: 192.168.64.1
Result=OK
DHCPOFFER from IP address 192.168.64.1 via 192.168.64.1
DHCPOFFER XID: 155217937 (0x9407011)
DHCPOFFER chaddr: 000C29335837
DHCPOFFER ciaddr: 0.0.0.0
DHCPOFFER yiaddr: 192.168.64.129
DHCPOFFER siaddr: 0.0.0.0
DHCPOFFER giaddr: 0.0.0.0
Option: 53 (0x01)
Option: 1 (0x04)
Option: 3 (0x04)
Option: 6 (0x08)
Option: 15 (0x11)
Option: 51 (0x04)
Option: 54 (0x04)
Option: 58 (0x04)
Option: 59 (0x04)
Lease Time: 86400 seconds
Renewal Time: 43200 seconds
Rebinding Time: 75600 seconds
Added offer from server @ 192.168.64.1 of IP address 192.168.64.129


recv_result_1: 309
recv_result_2: 309
receive_dhcp_packet() result: 309
receive_dhcp_packet() source: 192.168.64.1
Result=OK
DHCPOFFER from IP address 192.168.64.1 via 192.168.64.1
DHCPOFFER XID: 155217937 (0x9407011)
DHCPOFFER chaddr: 000C29335837
DHCPOFFER ciaddr: 0.0.0.0
DHCPOFFER yiaddr: 192.168.64.130
DHCPOFFER siaddr: 0.0.0.0
DHCPOFFER giaddr: 0.0.0.0
Option: 53 (0x01)
Option: 1 (0x04)
Option: 3 (0x04)
Option: 6 (0x08)
Option: 15 (0x11)
Option: 51 (0x04)
Option: 54 (0x04)
Option: 58 (0x04)
Option: 59 (0x04)
Lease Time: 86400 seconds
Renewal Time: 43200 seconds
Rebinding Time: 75600 seconds
Added offer from server @ 192.168.64.1 of IP address 192.168.64.130


No (more) data received (nfound: 0)
Result=ERROR
Total responses seen on the wire: 2
Valid responses for this machine: 2
OK: Received 2 DHCPOFFER(s), max lease time = 86400 sec.

With dhcpd:

root at nms:/home/vom# /usr/local/nagios/libexec/check_dhcp -i ens192 -v
DHCP socket: 3
Hardware address: 00:0c:29:33:58:37
DHCPDISCOVER to 255.255.255.255 port 67
DHCPDISCOVER XID: 2285418180 (0x8838B6C4)
DHCDISCOVER ciaddr:  0.0.0.0
DHCDISCOVER yiaddr:  0.0.0.0
DHCDISCOVER siaddr:  0.0.0.0
DHCDISCOVER giaddr:  0.0.0.0
send_dhcp_packet result: 548




recv_result_1: 312
recv_result_2: 312
receive_dhcp_packet() result: 312
receive_dhcp_packet() source: 192.168.64.1
Result=OK
DHCPOFFER from IP address 192.168.64.1 via 192.168.64.1
DHCPOFFER XID: 2285418180 (0x8838B6C4)
DHCPOFFER chaddr: 000C29335837
DHCPOFFER ciaddr: 0.0.0.0
DHCPOFFER yiaddr: 192.168.64.212
DHCPOFFER siaddr: 0.0.0.0
DHCPOFFER giaddr: 0.0.0.0
Option: 53 (0x01)
Option: 54 (0x04)
Option: 51 (0x04)
Option: 1 (0x04)
Option: 3 (0x04)
Option: 6 (0x08)
Option: -4 (0x01)
Option: 2 (0x04)
Option: 42 (0x04)
Option: 15 (0x11)
Lease Time: 300 seconds
Renewal Time: 0 seconds
Rebinding Time: 0 seconds
Added offer from server @ 192.168.64.1 of IP address 192.168.64.212


No (more) data received (nfound: 0)
Result=ERROR
Total responses seen on the wire: 1
Valid responses for this machine: 1
OK: Received 1 DHCPOFFER(s), max lease time = 300 sec.

Here is a “real” transaction.  Note the same XID, 2 IPs offered, and one ACKed:

root at ice:/home/vom# grep kea /var/log/messages | grep 0x18a954de
Jun  9 18:00:52 ice kea-dhcp4: INFO  DHCP4_LEASE_ADVERT [hwtype=1 3c:a6:f6:11:6a:42], cid=[01:3c:a6:f6:11:6a:42], tid=0x18a954de: lease 192.168.64.138 will be advertised
Jun  9 18:00:52 ice kea-dhcp4: INFO  DHCP4_LEASE_ADVERT [hwtype=1 3c:a6:f6:11:6a:42], cid=[01:3c:a6:f6:11:6a:42], tid=0x18a954de: lease 192.168.64.139 will be advertised
Jun  9 18:00:53 ice kea-dhcp4: INFO  DHCP4_LEASE_ALLOC [hwtype=1 3c:a6:f6:11:6a:42], cid=[01:3c:a6:f6:11:6a:42], tid=0x18a954de: lease 192.168.64.138 has been allocated for 86400 seconds
Jun  9 18:00:53 ice kea-dhcp4: INFO  DHCP4_LEASE_ALLOC [hwtype=1 3c:a6:f6:11:6a:42], cid=[01:3c:a6:f6:11:6a:42], tid=0x18a954de: lease 192.168.64.138 has been allocated for 86400 seconds

More information about the Kea-users mailing list