[Kea-users] DHCPv6, shared network, and double-relay Solicit messages

Marek Greško marek.gresko at protonmail.com
Wed Apr 24 05:22:08 UTC 2024 

Hello Marek,

kea listens on UDP socket only for port 546. You should not use -t flag with netstat which shows only TCP.

Marek

On Tuesday, April 23rd, 2024 at 17:42, mxhajduczenia at gmail.com <mxhajduczenia at gmail.com> wrote:

> I wonder whether it has anything to do with the fact that DHCPv6 process does not seem to listen on port 546
>
> root at server-kea-node1:/home/kea # sudo netstat -tulpn | grep LISTEN
>
> tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 628/kea-ctrl-agent
>
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 673/sshd: /usr/sbin
>
> tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 610/systemd-resolve
>
> tcp6 0 0 :::9119 :::* LISTEN 632/stork-agent
>
> tcp6 0 0 :::22 :::* LISTEN 673/sshd: /usr/sbin
>
> tcp6 0 0 :::8080 :::* LISTEN 632/stork-agent
>
> tcp6 0 0 :::9547 :::* LISTEN 632/stork-agent
>
> root at server-kea-node1:/home/kea# nmap localhost
>
> Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-23 15:35 UTC
>
> Nmap scan report for localhost (127.0.0.1)
>
> Host is up (0.0000030s latency).
>
> Not shown: 997 closed ports
>
> PORT STATE SERVICE
>
> 22/tcp open ssh
>
> 8000/tcp open http-alt
>
> 8080/tcp open http-proxy
>
> Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
>
> I do not see DHCPv4 or DHCPv6 ports open at all. Per manual, “The DHCPv4 and DHCPv6 protocols assume the server will open privileged UDP port 67 (DHCPv4) or 547 (DHCPv6).” , which is fine, I do start the DHCPv6 process as root, so it should show up in the list of ports being open.
>
> Marek
>
> From: mxhajduczenia at gmail.com <mxhajduczenia at gmail.com>
> Sent: Tuesday, April 23, 2024 9:19 AM
> To: 'Kea user's list' <kea-users at lists.isc.org>
> Subject: DHCPv6, shared network, and double-relay Solicit messages
>
> Dear colleagues,
>
> I have been attempting to test a setup in the lab with DOCSIS CM operating in IPv6 mode only, where the DHCPv6 messages are relayed across the CMTS and the first-hop router (relay address 2600:6ce4:0:3e::1) towards a Kea server running 2.4 code (address 2600:6ce4:0:42::130).
>
> At the Kea server level, I ran a packet capture, to observe an interesting behavior – the Solicit messages from the DOCSIS CM are being forwarded back to the relay, embedded within the ICMPv6 message with indication that the destination is unreachable for some reason.
>
> The Kea server is running without any issues so it seems that the binding is successful and
>
> root at server-kea-node1:/home/ace# service isc-kea-dhcp6-server status
>
> ● isc-kea-dhcp6-server.service - Kea DHCPv6 Service
>
> Loaded: loaded (/lib/systemd/system/isc-kea-dhcp6-server.service; enabled; vendor preset: enabled)
>
> Active: active (running) since Tue 2024-04-23 15:02:41 UTC; 11min ago
>
> Docs: man:kea-dhcp6(8)
>
> Main PID: 1551 (kea-dhcp6)
>
> Tasks: 7 (limit: 4550)
>
> Memory: 3.5M
>
> CPU: 119ms
>
> CGroup: /system.slice/isc-kea-dhcp6-server.service
>
> └─1551 /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
>
> Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.467 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection
>
> Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 129 bytes over command socket 22
>
> Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get'
>
> Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 92 bytes (0 bytes left to send) over command socket 22
>
> Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection
>
> Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection
>
> Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 117 bytes over command socket 22
>
> Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get-all'
>
> Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 8715 bytes (0 bytes left to send) over command socket 22
>
> Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection
>
> I attach the Kea DHCPv6 config for reference (keav6.json) – the test device should match rpd-10 class, and make its way into 2600:6ce4:0:3e::/64 subnet.
>
> I am drawing blank on what the problem might be in here. I have not seen this behavior before and I am not sure whether it is related with the fact that I have two layers of relays in messages or not
>
> Regards
>
> Marek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240424/1a2d026a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 24639 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240424/1a2d026a/attachment-0001.png>

More information about the Kea-users mailing list