Kea 2.2.0 Released

Kea 2.2 is our newest stable branch of the Kea DHCP server, suitable for production deployment.

Kea 1.8 is now EOL. If you are running Kea 1.8 or an older version, we recommend updating. Kea 2.0 will be supported until the release of Kea 2.4. See the ISC Software Support Policy for the Kea release schedule.

Kea 2.2 brings many new features developed during the Kea 2.1 development cycle to a production release. For full details of the new features, see the Kea 2.2.0 Release Notes.

PostgreSQL backend

By popular demand, we have added full support for PostgreSQL as a configuration backend, equivalent to MySQL. Most Kea configuration data can be stored in a separate MySQL or PostgreSQL configuration backend. Store options, pools, and subnets centrally and tag them based on which servers should “subscribe” for those configuration elements.

Application security

We have made tremendous progress in providing more secure access for Kea, by providing TLS/SSL support for connections between HA pairs and between Kea and backend databases. We have also removed user authentication secrets from the Kea configuration file and put those into a separate passwords file, which can be more strictly access-controlled.

As previously announced, we have also now finally removed support for Cassandra as a backend. This option was unpopular, and very difficult to maintain as the nosql model is so different from our SQL backends.

Kea 2.2 adds three new hook libraries

  • The DDNS Tuning Library adds custom behaviors related to Dynamic DNS updates on a per-client basis. Its primary feature is to allow the administrator to calculate the domain name (FQDN) to be assigned using a regular expression. This library is included in our low-cost Premium package.

  • The Limits library can rate-limit packet processing, to protect the server against overactive clients, and will also support controlling the number of leases per client. This new Subscriber hook library does not yet match the equivalent functionality in ISC DHCP, but we will continue to improve it.

  • The RBAC library allows an administrator to control authenticated user access to read and write Kea configuration data. This library is primarily useful in a large enterprise environment, and is offered to Silver and Gold support subscribers.

Sources are now available from Cloudsmith

Our Cloudsmith repository for binary packages has become very popular, and we think the majority of our subscribers are now using that repository. We are adding new packages for Alpine OS users (please give us feedback!). We are also providing the source tarballs on Cloudsmith, so users can get the source as well as the binaries from the same place. These source tarballs are signed by ISC and the signatures for verification are in the repo with the tarballs.

Kea Hooks Basic Commercial End User License

We have updated the basic commercial license for the non-open source hooks. (The open source hooks remain licensed under MPL 2.0, this is unchanged.)

The Premium hooks package, purchased online without support, is now for smaller businesses and non-profits only. There are 12 month license subscription options for 1,000, 6,000, 15,000 and 30,000 active leases at prices starting at $549. We think it is fairer for large enterprises and service providers to pay more, but we also wanted to preserve a low-cost option for universities and other non-profits, so qualifying non-profits can purchase the lowest cost option for up to 30,000 active leases.

Larger deployments can access the Premium and Subscriber hooks as a bundle, either without support at the Basic level, or with support at Bronze, Silver, or Gold levels. Our levels are:

  • Basic - premium and subscriber hooks; advance security notifications (ASNs); but no support
  • Bronze - premium and subscriber hooks; ASNs; email support during business hours
  • Silver - premium, subscriber, and the new RBAC hook; ASNs; 24x7 email and phone support with SLAs
  • Gold - premium, subscriber and the new RBAC hook; ASNs; 24x7 email and phone support with faster response times

Our support prices are based on deployment size, as measured by the number of simultaneous leases provided. For more information on the support options, please see our Support page and our Kea Support Subscription datasheet.

Q & A

  1. What does this mean if I have a current Kea Premium Hooks subscription?

Your subscription will be honored for the original period under the original terms, of course. The DDNS Tuning hook will be added to your download site. At renewal time, you will have to review and agree to the new license terms, and if you have a commercial deployment providing over 1,000 simultaneous leases, you may have to upgrade to another subscription level. Please see the text of the EULA for the special terms for non-profits.

  1. What does this mean if I am a current ISC Support Subscriber?

Thank you! If you are a Basic or Bronze subscriber, you will be receiving the new DDNS-tuning and Limits hooks. If you are a Silver or Gold level subscriber, you will receive the DDNS Tuning and Limits hooks, as well as the new RBAC hook. Also, you will no longer have to search your tickets for an ftp link to download the sources for your premium software; sources are now included in our Cloudsmith repositories.


References

Recent Posts

What's New from ISC