date:20230731

Re: [Kea-users] Problems trying to implement RFC 8925 (v6-only-preferred)

2023-07-31 Thread Dan Oachs

I'm confused.  What is the issue with Kea offering v6 only clients an ipv4
address?  The client will not accept the ipv4 address and kea will not
reserve that IP address for them.  The end result is a drastic reduction in
ipv4 pool usage.  At least, that's how it is working for me.

Thanks,
  Dan Oachs


On Sun, Jul 30, 2023 at 2:44 PM Brian Candler  wrote:

> On 30/07/2023 14:28, Darren Ankney wrote:
> > I have not tested this, but you could use the 'v6-only-preferred'
> > setting in the subnet (see:
> >
> https://kea.readthedocs.io/en/kea-2.4.0/arm/dhcp4-srv.html#ipv6-only-preferred-networks
> ).
>
> As the config I included in my original mail shows, I'm already using
> that option.  Yes it works.  But I still end up *offering* clients an
> IPv4 address from the pool, even those which request the
> v6-only-preferred option and will actually not request the offered
> address; and RFC 8925 says the server should set yiaddr 0.0.0.0 in this
> situation.
>
> > If I'm understanding what you are saying ... DON'T allocate v4 to
> > clients who DON'T send v6 only option?  Won't that result in a bunch
> > of clients with no IP at all?
>
> No, because those clients will still be able to get an IPv6 address (via
> either SLAAC or DHCPv6, depending on what I set up on the network)
>
> > Kea does not appear to offer native support for RFC 2563.  I must not
> > be understanding what you are saying.  You also want the clients that
> > didn't receive any ip address (v4 or v6) to not auto-configure a
> > 169.254 address?
>
> Correct. Clients which don't understand RFC 8925 will still try to
> obtain an IPv4 address.  However, if they support RFC 2563 then I can
> detect this, and use this option to control whether or not they assign a
> link-local IPv4 address.  Again: if I'm not offering them a real IPv4
> address, then the RFC says the yiaddr should be 0.0.0.0.
>
> Clients which don't implement either RFC 2563 or RFC 8925, I don't want
> to respond to.  If they choose to assign a link-local IPv4 address,
> that's up to them.
>
> Regards,
>
> Brian.
>
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-- 
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

Re: [Kea-users] Problems trying to implement RFC 8925 (v6-only-preferred)

2023-07-31 Thread Brian Candler


On 31/07/2023 19:32, Dan Oachs wrote:
I'm confused.  What is the issue with Kea offering v6 only clients an 
ipv4 address?  The client will not accept the ipv4 address and kea 
will not reserve that IP address for them.  The end result is a 
drastic reduction in ipv4 pool usage.  At least, that's how it is 
working for me.


This is a proof-of-concept IPv6-only network: no IPv4 addresses at all, 
and no NAT44 (only NAT64).


You are correct that RFC8925-aware clients refuse the IPv4 address 
offered. However if someone plugs in a non-RFC8925 client, and Kea 
offers them an IPv4 address, they will use it.


That's why I want to detect whether the client is announcing RFC8925 
capability, and I was hoping for something less ugly (and more robust) 
than this:


    "client-classes": [
    {
    "name": "rfc8925",
    "test": "substring(option[55].hex, 0, 1) == 0x6c or 
substring(option[55].hex, 1, 1) == 0x6c or substring(option[55].hex, 2, 
1) == 0x6c or substring(option[55].hex, 3, 1) == 0x6c or 
substring(option[55].hex, 4, 1) == 0x6c or substring(option[55].hex, 5, 
1) == 0x6c or substring(option[55].hex, 6, 1) == 0x6c or 
substring(option[55].hex, 7, 1) == 0x6c or substring(option[55].hex, 8, 
1) == 0x6c or substring(option[55].hex, 9, 1) == 0x6c or 
substring(option[55].hex, 10, 1) == 0x6c or substring(option[55].hex, 
11, 1) == 0x6c or substring(option[55].hex, 12, 1) == 0x6c"

    },
    ],

--
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

Re: [Kea-users] Problems trying to implement RFC 8925 (v6-only-preferred)

2023-07-31 Thread Dan Oachs

Ah, ok.  In my experience, devices that don't support DHCP option 108, are
not ready to live on an ipv6 only network, and need some sort of ipv4 to
function.

--Dan


On Mon, Jul 31, 2023 at 1:42 PM Brian Candler  wrote:

> On 31/07/2023 19:32, Dan Oachs wrote:
> > I'm confused.  What is the issue with Kea offering v6 only clients an
> > ipv4 address?  The client will not accept the ipv4 address and kea
> > will not reserve that IP address for them.  The end result is a
> > drastic reduction in ipv4 pool usage.  At least, that's how it is
> > working for me.
>
> This is a proof-of-concept IPv6-only network: no IPv4 addresses at all,
> and no NAT44 (only NAT64).
>
> You are correct that RFC8925-aware clients refuse the IPv4 address
> offered. However if someone plugs in a non-RFC8925 client, and Kea
> offers them an IPv4 address, they will use it.
>
> That's why I want to detect whether the client is announcing RFC8925
> capability, and I was hoping for something less ugly (and more robust)
> than this:
>
>  "client-classes": [
>  {
>  "name": "rfc8925",
>  "test": "substring(option[55].hex, 0, 1) == 0x6c or
> substring(option[55].hex, 1, 1) == 0x6c or substring(option[55].hex, 2,
> 1) == 0x6c or substring(option[55].hex, 3, 1) == 0x6c or
> substring(option[55].hex, 4, 1) == 0x6c or substring(option[55].hex, 5,
> 1) == 0x6c or substring(option[55].hex, 6, 1) == 0x6c or
> substring(option[55].hex, 7, 1) == 0x6c or substring(option[55].hex, 8,
> 1) == 0x6c or substring(option[55].hex, 9, 1) == 0x6c or
> substring(option[55].hex, 10, 1) == 0x6c or substring(option[55].hex,
> 11, 1) == 0x6c or substring(option[55].hex, 12, 1) == 0x6c"
>  },
>  ],
>
>
-- 
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

Re: [Kea-users] Problems trying to implement RFC 8925 (v6-only-preferred)

Re: [Kea-users] Problems trying to implement RFC 8925 (v6-only-preferred)

Re: [Kea-users] Problems trying to implement RFC 8925 (v6-only-preferred)

3 matches

Site Navigation

Mail list logo

Footer information