Project

General

Profile

Actions

Feature #6960

closed

Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6

Added by Bogdan P over 7 years ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Category:
DHCP (IPv4)
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default

Description

I think it would be a good idea to at least take a look at kea dhcp by ISC. It seems to be a much better solution for pfsense than ISC DHCP.


Related issues

Related to Bug #14830: Kea can't start with both MAC address and Client Identifier on static mappingsDuplicate

Actions
Actions #1

Updated by Raul Ramos over 7 years ago

It looks like Facebook migrated to Kea DHCP. Should be for a good reason [[https://code.facebook.com/posts/845909058837784/using-isc-kea-dhcp-in-our-data-centers/]]

Actions #2

Updated by Jim Thompson over 7 years ago

  • Category set to DHCP (IPv4)
  • Assignee set to Jim Thompson

they moved because it's better.

but they have a really large environment.

we've known about kea for a while. (One of my dogs is named "Kea", the other is "sudo".)

Actions #3

Updated by Eron Lloyd almost 7 years ago

Agreed. We are implementing this internally as well and it'd be great to be able to run it on our pfSense boxes.

Actions #4

Updated by Bogdan P about 5 years ago

Any progress on Kea dhcp? It looks like ISC has allocated more resources to Kea and put the legacy ISC dhcp in the backlog. Right now pfsense 2.4.4 is using a deprecated dhcp version(4.3.6). If it's not feasible to integrate Kea this year please consider upgrading ISC dhcp to 4.4.1 and expose new features in the gui (ddns-dual-stack-mixed-mode, ddns-update-style standard etc)

Actions #5

Updated by Dan Mahoney over 4 years ago

For what it's worth, for my dayjob, run ISC's internal office network with a pair of pfsense boxen (official hardware, because we like Netgate).

Right now, we're using Kea internally on a separate machine but it would be nice to have it as simple as it is with PfSense.

If NetGate or the pfsense developers would like to try and work out direct access to our Kea developers, please let me know.

Actions #6

Updated by Jim Thompson over 4 years ago

  • Assignee changed from Jim Thompson to Anonymous
  • Target version changed from Future to 2.5.0

Hey Dan, we definitely know who you guys are. We use Kea on tnsr.

Actions #7

Updated by Renato Botelho over 3 years ago

  • Target version changed from 2.5.0 to Future

Not enough time for this big change before 2.5.0 is out

Actions #8

Updated by Jim Pingle over 1 year ago

  • Subject changed from Consider replacing ISC DHCP server with KEA DHCP to Replace ISC DHCP server with Kea
  • Target version changed from Future to CE-Next
  • Start date deleted (11/24/2016)
  • Plus Target Version set to Plus-Next

ISC DHCP Server is EOL, so this appears to be the path forward.

https://www.isc.org/blogs/isc-dhcp-eol/

Will need to replace the IPv4 and IPv6 DHCP servers and, if possible, the relay agents.

Actions #9

Updated by Jim Pingle over 1 year ago

  • Plus Target Version changed from Plus-Next to 23.05
Actions #10

Updated by Christian McDonald about 1 year ago

  • Assignee set to Christian McDonald
Actions #11

Updated by Jim Pingle 11 months ago

  • Plus Target Version changed from 23.05 to 23.09

Doesn't look likely that we'll have time to finish this for 23.05. Moving forward to the next release target.

Actions #12

Updated by Jim Pingle 10 months ago

Worth noting that when we do convert, we can remove input validation that prevents adding mappings within pools (or make it optional). Kea by default does respect reservations inside or outside of a pool, but has an option to increase performance by only using only out-of-pool reservations: https://kb.isc.org/docs/what-are-host-reservations-how-to-use-them

Actions #13

Updated by Christian McDonald 10 months ago

  • Status changed from New to In Progress
  • Start date set to 05/12/2023
Actions #14

Updated by Christian McDonald 8 months ago

  • Subject changed from Replace ISC DHCP server with Kea to Introduce Kea DHCP as an alternative DHCP server
  • Release Notes set to Default
Actions #16

Updated by Jim Pingle 6 months ago

  • Status changed from In Progress to Feedback
  • Target version changed from CE-Next to 2.8.0

MR has been merged, it will be in snapshots shortly.

Actions #17

Updated by Danilo Zrenjanin 6 months ago

Tested the Kea DHCP with the latest release today.

Here are the test results:

- The service started without any problems.
- The client successfully received an address from the designated pool.
- The client also received the specified DNS server.
- The client received the designated gateway.
- The DHCP static mappings worked flawlessly as well.
- Status/DHCP leases showed the correct MAC address and hostname
- Status/DHCP leases showed correct Lease Utilization information.

I'll keep it in the feedback status in case more testing is required.

Actions #18

Updated by Jordan G 6 months ago

Testing as we speak with 23.09.a.20230929.2350
I needed to acknowledge deprecation before I could change any legacy options and was redirected to where you can change the backend
ISC DHCP options still seemed to function as normal. Possible to have a link to system>advanced>networking in the DHCP backend table line just for ease of access?

Actions #19

Updated by Kris Phillips 6 months ago

Tested static leases, DHCP status page, service stop/start manually or from reboots. Seems to work without issues at this time on latest 23.09 snapshots.

Actions #20

Updated by Vladimir Suhhanov 6 months ago

No luck here...

Oct 1 09:05:21     kea-dhcp4     27252     ERROR [kea-dhcp4.dhcp4.0x61662a12000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': the 'hw-address' and 'client-id' are mutually exclusive (/usr/local/etc/kea/kea-dhcp4.conf:142:21)
Oct 1 09:05:21     kea-dhcp4     27252     ERROR [kea-dhcp4.dhcp4.0x61662a12000] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: the 'hw-address' and 'client-id' are mutually exclusive (/usr/local/etc/kea/kea-dhcp4.conf:142:21)
Oct 1 09:05:21     kea-dhcp4     27252     ERROR [kea-dhcp4.dhcp4.0x61662a12000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element subnet4: the 'hw-address' and 'client-id' are mutually exclusive (/usr/local/etc/kea/kea-dhcp4.conf:142:21)

This is definitely due to incompatible client identifier that was accidentally configured. Removed those and it works.

The other question is where I can see CARP status for the DHCP. ISC provided additional information for the DHCP on the status page. Now I can't see it anywhere?

Actions #21

Updated by Jim Pingle 6 months ago

  • Status changed from Feedback to In Progress

Confirmed here as well, setting a 'client identifier' in a static mapping makes Kea fail to start. Looks like we need input validation to prevent setting both, a note on the settings about them being mutually exclusive, and the backend code should only use one or the other. IMO it should use the MAC address if both are set, ignoring the client ID in that case.

Actions #22

Updated by Jim Pingle 6 months ago

  • Related to Bug #14830: Kea can't start with both MAC address and Client Identifier on static mappings added
Actions #23

Updated by Jim Pingle 6 months ago

Vladimir Suhhanov wrote in #note-20:

The other question is where I can see CARP status for the DHCP. ISC provided additional information for the DHCP on the status page. Now I can't see it anywhere?

Failover is not supported yet. There are a few features that are not yet implemented in Kea. See https://docs.netgate.com/pfsense/en/latest/releases/23-09.html#kea-dhcp-server-feature-preview-now-available for details.

Actions #24

Updated by Christian McDonald 6 months ago

  • Status changed from In Progress to Feedback

I added a note to the UI when using Kea that the MAC address is used for mappings that set both a MAC and cid (which apparently wouldn't blow up ISC DHCP)...and implemented this behavior in the config generation code.

Actions #25

Updated by Jim Pingle 6 months ago

  • Status changed from Feedback to In Progress

If I put a client ID such as "mint3" in, it's allowed by validation and Kea still crashes and refuses to start.

Oct 5 17:45:18     kea-dhcp4     69532     ERROR [kea-dhcp4.dhcp4.0x38b6c012000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element reservations: invalid host identifier value 'mint3' (/usr/local/etc/kea/kea-dhcp4.conf:91:13)
Oct 5 17:45:18     kea-dhcp4     69532     ERROR [kea-dhcp4.dhcp4.0x38b6c012000] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: invalid host identifier value 'mint3' (/usr/local/etc/kea/kea-dhcp4.conf:91:13)
Oct 5 17:45:18     kea-dhcp4     69532     ERROR [kea-dhcp4.dhcp4.0x38b6c012000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': invalid host identifier value 'mint3' (/usr/local/etc/kea/kea-dhcp4.conf:91:13) 

That appears to be due to the fact that Kea requires a specific format there, whereas ISC DHCPD doesn't seem to have cared.

Actions #26

Updated by Jim Pingle 5 months ago

  • Subject changed from Introduce Kea DHCP as an alternative DHCP server to Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Actions #27

Updated by Phil Wardt 5 months ago

Christian McDonald wrote in #note-24:

I added a note to the UI when using Kea that the MAC address is used for mappings that set both a MAC and cid (which apparently wouldn't blow up ISC DHCP)...and implemented this behavior in the config generation code.

The client ID seems to take precedence now on MAC addr as per RFC specifications
https://kea.readthedocs.io/en/kea-1.6.1/arm/dhcp4-srv.html#using-client-identifier-and-hardware-address

I don't understand the note added to UI in this case !

Actions #28

Updated by Christian McDonald 5 months ago

  • Status changed from In Progress to Feedback

Validation is now in place to check v4 client identifiers as being valid kea hex strings. If this check fails, the client identifier is wrapped in single quotes and rendered in the kea configuration as-is. Kea can do the transform to a byte vector if given a string wrapped in single quotes.

                "reservations": [
                    {
                        "client-id": "'something'" 
                    }
                ],
                "reservations": [
                    {
                        "client-id": "00:11:22:33:44:55" 
                    }
                ],
Actions #29

Updated by Jim Pingle 5 months ago

  • Status changed from Feedback to Resolved

Looks good here. I see the expected entry in the config file and the Kea daemon is still up and running.

Thanks!

Actions #30

Updated by Jim Pingle 4 months ago

  • Target version changed from 2.8.0 to 2.7.1
Actions

Also available in: Atom PDF