Re: [Kea-users] dhcp6 address assignment
Have you looked at using multiple reservations for the same IP? Would that solve any of your issues? https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html?highlight=unique#multiple-reservations-for-the-same-ip --Dan On Tue, Oct 18, 2022 at 1:15 PM Marek Greško via Kea-users < kea-users@lists.isc.org> wrote: > Hello, > > I am in a phase of migration ISC DHCPD into kea and I am suffering several > problems in ipv6 address assignment. > > >1. I used to assign same ipv6 address for the same machine which was >dial boot linux/windows. It was possible by assigning same ipv6 address to >both DUIDs before. But in kea this is not allowed. I found out there is a >possibility to assign ipv6 address by MAC address which was not possible in >ISC DHCPD. I was very happy with that finding but fallen into second >problem. >2. The windows machine got 2 interfaces ethernet and wifi. I >configured kea to assign one ipv6 address to the ethernet adapter and >another one to the wifi adapter. But after investigating logs kea was >receiving dhcp6 request over wifi using the ethernet adapter mac address. >How is this possible? Is it possible the MAC address in DHCP does not match >L2 MAC address? I did not sniff the request, yet. I decided to switch back >to DUID assignment since this problem is worse than the previous. >3. Maybe it would be possible to overcome the above problems if kea is >able to match both DUID and MAC address, but it is not allowed in kea. I am >ought to select one option only. Why? > > > Thanks > > Marek > > > Thanks > > Marek > > > -- > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] dhcp6 address assignment
>1. I used to assign same ipv6 address for the same machine which was dial
> boot
>linux/windows. It was possible by assigning same ipv6 address to both DUIDs
>before. But in kea this is not allowed. I found out there is a possibility
> to
>assign ipv6 address by MAC address which was not possible in ISC DHCPD. I
> was
> very happy with that finding but fallen into second problem.
You could make a client class
(https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#reserving-client-classes-in-dhcpv6)
for each dual booting client with both duids in the class.
Then make very tiny pools with only one address assigned to those classes
I think the below should work.
"client-classes": [
{
"name": "WINDOWS1",
"test": "(substring(option[1].hex,0,all) == 0x000203090505149182b5fb4c) or
(substring(option[1].hex,0,all) == 0x0001000126ffbc3f001c42bdc36c)"
},
{
"name": "WINDOWS2",
"test": "(substring(option[1].hex,0,all) == 0x0001000116c3c001) or
(substring(option[1].hex,0,all) == 0x0001000116c3c001)"
}
],
"subnet6": [
{
"subnet": "2001:db8:2e50:e8::/64",
"pools": [
{
"pool": "2001:db8:2e50:e8::1-2001:db8:2e50:e8::1",
"client-class": "WINDOWS1"
},
{
"pool": "2001:db8:2e50:e8::2-2001:db8:2e50:e8::2",
"client-class": "WINDOWS2"
}
],
>2. The windows machine got 2 interfaces ethernet and wifi. I configured
> kea to
>assign one ipv6 address to the ethernet adapter and another one to the wifi
>adapter. But after investigating logs kea was receiving dhcp6 request over
> wifi
>using the ethernet adapter mac address. How is this possible? Is it
> possible
>the MAC address in DHCP does not match L2 MAC address? I did not sniff the
>request, yet. I decided to switch back to DUID assignment since this
> problem is
> worse than the previous.
This is likely because Kea is deriving the MAC address from the DUID (assuming
the traffic was relayed). The windows machine will most likely use the same
DUID for all interfaces (at least it is supposed to or allowed to - I'd have to
go review the RFC again to be sure).
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] dhcp6 address assignment
I have recently learned that it is normal and expected that the DUID may contain the MAC address of a different network device. For example, an Apple laptop ( that has only wifi ) will generate its DUID the first time it boots and use that DUID for everything. Wifi, usb-ethernet dongle, etc. Windows has its own way of generating a DUID. And on Linux, most distro's will use a DUID but you can change a config file to have it use a link local address instead. While this info does not directly solve your problems, hopefully it helps you understand how things are working. The short answer is that you might need to rethink the way you use DHCP (v6) on your network. I know I have been struggling with some of the differences making it difficult or impossible to do things the way we had in the past. For example, we can no longer assume a usb to ethernet adapter will have a specific IPv6 address assigned to it, the address might change depending on what host it is connected to :( Thanks, Dan Oachs On Tue, Oct 18, 2022 at 1:15 PM Marek Greško via Kea-users < kea-users@lists.isc.org> wrote: > Hello, > > I am in a phase of migration ISC DHCPD into kea and I am suffering several > problems in ipv6 address assignment. > > >1. I used to assign same ipv6 address for the same machine which was >dial boot linux/windows. It was possible by assigning same ipv6 address to >both DUIDs before. But in kea this is not allowed. I found out there is a >possibility to assign ipv6 address by MAC address which was not possible in >ISC DHCPD. I was very happy with that finding but fallen into second >problem. >2. The windows machine got 2 interfaces ethernet and wifi. I >configured kea to assign one ipv6 address to the ethernet adapter and >another one to the wifi adapter. But after investigating logs kea was >receiving dhcp6 request over wifi using the ethernet adapter mac address. >How is this possible? Is it possible the MAC address in DHCP does not match >L2 MAC address? I did not sniff the request, yet. I decided to switch back >to DUID assignment since this problem is worse than the previous. >3. Maybe it would be possible to overcome the above problems if kea is >able to match both DUID and MAC address, but it is not allowed in kea. I am >ought to select one option only. Why? > > > Thanks > > Marek > > > Thanks > > Marek > > > -- > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Kea and on-commit
You can also send lease data somewhere using the high availability hook in the
passive-backup configuration:
https://kea.readthedocs.io/en/latest/arm/hooks.html#passive-backup-configuration
You could create a listener that captures the data and does something with it
(assumedly, whatever /usr/local/bin/dhcp-dyndns.sh is doing).
I am not sure that the options host-name and/or client-name are included,
however, you would have to test.
- Original Message -
> From: "Frey, Rick E"
> To: "Rowland Penny" , "kea-users"
> Sent: Monday, October 17, 2022 3:24:44 PM
> Subject: Re: [Kea-users] Kea and on-commit
> Recommend that you look over the public Kea documentation, specifically the
> hook
> for external scripts:
> [
> https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html#run-script-run-script-support-for-external-hook-scripts
> |
> https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html#run-script-run-script-support-for-external-hook-scripts
> ]
> You may also want to consider modifying your current use of using the
> unchecked
> client provided name as an argument to your script. It may be possible to
> inject an unintended command on your system by using a crafted name sent by
> client. E.g. name of “; rm /var/lib/dhcpd/leases”.
> From: Kea-users on behalf of Rowland Penny
> via
> Kea-users
> Date: Monday, October 17, 2022 at 2:04 PM
> To: kea-users@lists.isc.org
> Subject: [Kea-users] Kea and on-commit
> CAUTION: This email originated from outside of the organization. Do not click
> links or open attachments unless you recognize the sender and know the content
> is safe.
> I have just discovered that the isc-dhcp-server is going EOL at the year
> and is being replaced by Kea. I know that the isc-dhcp-server will still
> be available from distros for sometime, but I need to find out if kea
> can work in the same way as isc-dhcp-server.
> You can set at the bottom of dhcp.conf something like this:
> on commit {
> set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> set ClientDHCID = concat (
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,1,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,2,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,3,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,4,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,5,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,6,1))),2)
> );
> set ClientName = pick-first-value(option host-name, config-option
> host-name, client-name, noname);
> log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ",
> ClientName));
> execute("/usr/local/bin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID,
> ClientName);
> }
> This will run a script that will update dns records in Samba AD.
> Can anyone point me at the Kea documentation that will show me how to do
> the above. I have done the usual Google searches and had a look at the
> Kea documentation, but couldn't readily see anything.
> Thanks in advance.
> Rowland Penny
> Samba team member
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at [
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2Fdata=05%7C01%7Crick.frey%40windstream.com%7C94730a0ac2dc4e8a137508dab07267df%7C2567b4c1b0ed40f5aee358d7c5f3e2b2%7C0%7C0%7C638016302667400647%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=Vsdg7n1OuqqrvbZZrBQ1Qcw91AWez6jUceLf2U01EHA%3Dreserved=0
> |
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2Fdata=05%7C01%7Crick.frey%40windstream.com%7C94730a0ac2dc4e8a137508dab07267df%7C2567b4c1b0ed40f5aee358d7c5f3e2b2%7C0%7C0%7C638016302667400647%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=Vsdg7n1OuqqrvbZZrBQ1Qcw91AWez6jUceLf2U01EHA%3Dreserved=0
> ] for more information.
> To unsubscribe visit [
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fkea-usersdata=05%7C01%7Crick.frey%40windstream.com%7C94730a0ac2dc4e8a137508dab07267df%7C2567b4c1b0ed40f5aee358d7c5f3e2b2%7C0%7C0%7C638016302667400647%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=hiq5sHWT23aHy8qG7qq2%2BoJIUXh%2BXK%2F3uQuA0NuITbM%3Dreserved=0
> |
>
[Kea-users] dhcp6 address assignment
Hello, I am in a phase of migration ISC DHCPD into kea and I am suffering several problems in ipv6 address assignment. - I used to assign same ipv6 address for the same machine which was dial boot linux/windows. It was possible by assigning same ipv6 address to both DUIDs before. But in kea this is not allowed. I found out there is a possibility to assign ipv6 address by MAC address which was not possible in ISC DHCPD. I was very happy with that finding but fallen into second problem. - The windows machine got 2 interfaces ethernet and wifi. I configured kea to assign one ipv6 address to the ethernet adapter and another one to the wifi adapter. But after investigating logs kea was receiving dhcp6 request over wifi using the ethernet adapter mac address. How is this possible? Is it possible the MAC address in DHCP does not match L2 MAC address? I did not sniff the request, yet. I decided to switch back to DUID assignment since this problem is worse than the previous. - Maybe it would be possible to overcome the above problems if kea is able to match both DUID and MAC address, but it is not allowed in kea. I am ought to select one option only. Why? Thanks Marek Thanks Marek-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
