kea-dev Digest, Vol 72, Issue 2

kea-dev-request Wed, 07 Apr 2021 05:01:52 -0700

Send kea-dev mailing list submissions to
        [email protected]

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/kea-dev
or, via email, send a message with subject or body 'help' to
        [email protected]


You can reach the person managing the list at
        [email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of kea-dev digest..."


Today's Topics:

   1.  kea 1.8.2 (with premium hooks) problem with gre tunnel
      interfaces (Stefan Berger)


----------------------------------------------------------------------

Message: 1
Date: Tue, 6 Apr 2021 12:58:25 +0000
From: Stefan Berger <[email protected]>
To: "[email protected]" <[email protected]>
Subject: [kea-dev] kea 1.8.2 (with premium hooks) problem with gre
        tunnel interfaces
Message-ID:
        <D4D2148E1B534F41924577F6D85DA2E4035F857D24@EDELHOF1.wvnetintern.local>
        
Content-Type: text/plain; charset="us-ascii"

Hi all,

i have already asked the user-list but i havn't received an answer.
I thought i have solved the problem, but it still exist - maybe somebody can 
give me a hint.

I'm using kea 1.6.3 with premium hooks in an anycast setup (ipv4 only) .
Each anycast node has two GRE tunnels which are terminated on different 
broadband aggregation routers (BAR)
These BARs are cisco ASR1004 which are forwarding (via udp-helper) the dhcp 
requests from the clients to our kea cluster

The kea daemon itself is configured to listen on an specific loopback ip which 
is
advertised by BGP (bird) to the BARs and the next-hop ip is set to GRE tunnel 
IP (MY_INNER_IPADDR)
This is working pretty fine with version 1.6.3
All requests are received through GRE tunnel and the response is also send via 
GRE

During the upgrade  to 1.8 we realized that kea isn't able to send the response 
through GRE.
We also tried to configure  "outbound-interface": "use-routing" but it didn't 
work.

The reported error was 

[kea-dhcp4.packets/13945.140485403977856] DHCP4_PACKET_SEND_FAIL [hwtype=1 
f4:cf:e2:98:75:e1], 
cid=[00:63:69:73:63:6f:2d:66:34:63:66:2e:65:32:39:38:2e:37:35:65:31:2d:47:69:30:2f:31:2e:39:30:30],
 
tid=0x14ea: failed to send DHCPv4 packet: Interface tun1/8 does not have any 
suitable IPv4 sockets open

17:23:15 lseek(5, 0, SEEK_CUR)          = 9296497 <0.000008>
17:23:15 lseek(5, 0, SEEK_END)          = 9296497 <0.000008>
17:23:15 write(5, "2021-03-25 17:23:15.918 WARN  
[kea-dhcp4.dhcpsrv/18423.139928109389952] DHCPSRV_OPEN_SOCKET_FAIL failed to 
open socket: failed to open socket on interface tun1, reason: Failed to bind 
socket 25 to 172.16.200.254/port=67\n", 220) = 220 <0.000015>
17:23:15 lseek(5, 0, SEEK_CUR)          = 9296717 <0.000008>
17:23:15 fcntl(4, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=0}) = 0 <0.000009>
17:23:15 fcntl(8, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=1}) = 0 <0.000009>
17:23:15 fcntl(8, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, 
l_len=1}) = 0 <0.000010>
17:23:15 fcntl(4, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, 
l_len=0}) = 0 <0.000009>

System:
--------------------------------------------------------
Oracle EL 7 3.10.0-1160.21.1.el7.x86_64
Networkmanager is disabled

net.ipv4.fib_multipath_use_neigh=1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.default.arp_notify = 1
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_notify = 1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.icmp_errors_use_inbound_ifaddr=1


GRE Tunnel Interface
----------------------------
#GRE Tunnel Config
#cat ifcfg-tun1
DEVICE=tun1
BOOTPROTO=none
ONBOOT=yes
TYPE=GRE
PEER_OUTER_IPADDR=172.16.213.253
PEER_INNER_IPADDR=172.16.200.254/24
MY_OUTER_IPADDR=10.214.200.4
MY_INNER_IPADDR=172.16.200.4/24

STRACE on kea-dchp4
------------------------------
172.16.160.248 is the anycast loopback ip on which kea-dhcp4 is listening

"interfaces-config": {
        "interfaces": [ "lo/172.16.160.248" ],
        "dhcp-socket-type": "udp",
          "outbound-interface": "use-routing"
        // "outbound-interface": "same-as-inbound"
       // same as inbound is default
    },

In DHCP4_PACKET_SEND everything looks ok - 172.16.160.248 is the loopback IP on 
which the request
was received and 192.168.168.200.254 is the Interface on the BAR (broadband 
aggregation router) 
with the cisco ip-helper.

DHCP4_RESPONSE_DATA shows the right DHCPOFFER

Then the DHCP4_PACKET_SEND_FAIL Message - tun1 is the interface on which the 
packet was received.
I think the right way should be sending the packet through the loopback and the 
linux stack should do the rest.

16:46:02 write(5, "2021-03-26 16:46:02.116 DEBUG 
[kea-dhcp4.options/13945.140485403977856] DHCP4_PACKET_PACK [hwtype=1 
f4:cf:e2:98:75:e1], 
cid=[00:63:69:73:63:6f:2d:66:34:63:66:2e:65:32:39:38:2e:37:35:65:31:2d:47:69:30:2f:31:2e:39:30:30],
 tid=0x14ea: preparing on-wire format of the packet to be sent\n", 282) = 282 
<0.000011>
16:46:02 lseek(5, 0, SEEK_CUR)          = 9600239 <0.000009>
16:46:02 fcntl(4, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=0}) = 0 <0.000010>
16:46:02 fcntl(26, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=1}) = 0 <0.000010>
16:46:02 fcntl(25, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, 
l_len=1}) = 0 <0.000011>
16:46:02 fcntl(4, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, 
l_len=0}) = 0 <0.000010>
16:46:02 lseek(5, 0, SEEK_END)          = 9600239 <0.000010>
16:46:02 lseek(5, 0, SEEK_CUR)          = 9600239 <0.000009>
16:46:02 lseek(5, 0, SEEK_END)          = 9600239 <0.000010>
16:46:02 write(5, "2021-03-26 16:46:02.117 DEBUG 
[kea-dhcp4.packets/13945.140485403977856] DHCP4_PACKET_SEND [hwtype=1 
f4:cf:e2:98:75:e1], 
cid=[00:63:69:73:63:6f:2d:66:34:63:66:2e:65:32:39:38:2e:37:35:65:31:2d:47:69:30:2f:31:2e:39:30:30],
 tid=0x14ea: trying to send packet DHCPOFFER (type 2) from 172.16.160.248:67 to 
192.168.200.254:67 on interface lo\n", 334) = 334 <0.000016>
16:46:02 lseek(5, 0, SEEK_CUR)          = 9600573 <0.000010>
16:46:02 fcntl(4, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=0}) = 0 <0.000010>
16:46:02 fcntl(25, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=1}) = 0 <0.000010>
16:46:02 fcntl(25, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, 
l_len=1}) = 0 <0.000011>
16:46:02 fcntl(4, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, 
l_len=0}) = 0 <0.000010>
16:46:02 lseek(5, 0, SEEK_END)          = 9600573 <0.000010>
16:46:02 lseek(5, 0, SEEK_CUR)          = 9600573 <0.000010>
16:46:02 lseek(5, 0, SEEK_END)          = 9600573 <0.000010>
16:46:02 write(5, "2021-03-26 16:46:02.117 DEBUG 
[kea-dhcp4.packets/13945.140485403977856] DHCP4_RESPONSE_DATA [hwtype=1 
f4:cf:e2:98:75:e1], 
cid=[00:63:69:73:63:6f:2d:66:34:63:66:2e:65:32:39:38:2e:37:35:65:31:2d:47:69:30:2f:31:2e:39:30:30],
 tid=0x14ea: responding with packet DHCPOFFER (type 2), packet details: 
local_address=172.16.160.248:67, remote_address=192.168.200.254:67, 
msg_type=DHCPOFFER (2), transid=0x14ea,\noptions:\n  type=001, len=004: 
4294967040 (uint32)\n  type=003, len=004: 192.168.200.254\n  type=006, len=008: 
8.8.8.8 9.9.9.9\n  type=012, len=014: \"config-station\" (string)\n  type=051, 
len=004: 28800 (uint32)\n  type=053, len=001: 2 (uint8)\n  type=054, len=004: 
172.16.160.248\n  type=061, len=031: 
00:63:69:73:63:6f:2d:66:34:63:66:2e:65:32:39:38:2e:37:35:65:31:2d:47:69:30:2f:31:2e:39:30:30\n",
 802) = 802 <0.000018>
16:46:02 lseek(5, 0, SEEK_CUR)          = 9601375 <0.000010>
16:46:02 fcntl(4, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=0}) = 0 <0.000010>
16:46:02 fcntl(25, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=1}) = 0 <0.000010>
16:46:02 fcntl(25, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, 
l_len=1}) = 0 <0.000010>
16:46:02 fcntl(4, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, 
l_len=0}) = 0 <0.000009>
16:46:02 lseek(5, 0, SEEK_END)          = 9601375 <0.000008>
16:46:02 lseek(5, 0, SEEK_CUR)          = 9601375 <0.000009>
16:46:02 lseek(5, 0, SEEK_END)          = 9601375 <0.000009>
16:46:02 write(5, "2021-03-26 16:46:02.118 ERROR 
[kea-dhcp4.packets/13945.140485403977856] DHCP4_PACKET_SEND_FAIL [hwtype=1 
f4:cf:e2:98:75:e1], 
cid=[00:63:69:73:63:6f:2d:66:34:63:66:2e:65:32:39:38:2e:37:35:65:31:2d:47:69:30:2f:31:2e:39:30:30],
 tid=0x14ea: failed to send DHCPv4 packet: Interface tun1/8 does not have any 
suitable IPv4 sockets open.\n", 330) = 330 <0.000016>
16:46:02 lseek(5, 0, SEEK_CUR)          = 9601705 <0.000009>
16:46:02 fcntl(4, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=0}) = 0 <0.000009>
16:46:02 fcntl(25, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, 
l_len=1}) = 0 <0.000008>




------------------------------

Subject: Digest Footer

_______________________________________________
kea-dev mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/kea-dev


------------------------------

End of kea-dev Digest, Vol 72, Issue 2
**************************************

kea-dev Digest, Vol 72, Issue 2

Reply via email to