Feature #6960
closedIntroduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
100%
Description
I think it would be a good idea to at least take a look at kea dhcp by ISC. It seems to be a much better solution for pfsense than ISC DHCP.
Related issues
Updated by Raul Ramos about 8 years ago
It looks like Facebook migrated to Kea DHCP. Should be for a good reason [[https://code.facebook.com/posts/845909058837784/using-isc-kea-dhcp-in-our-data-centers/]]
Updated by Jim Thompson about 8 years ago
- Category set to DHCP (IPv4)
- Assignee set to Jim Thompson
they moved because it's better.
but they have a really large environment.
we've known about kea for a while. (One of my dogs is named "Kea", the other is "sudo".)
Updated by Eron Lloyd over 7 years ago
Agreed. We are implementing this internally as well and it'd be great to be able to run it on our pfSense boxes.
Updated by Bogdan P almost 6 years ago
Any progress on Kea dhcp? It looks like ISC has allocated more resources to Kea and put the legacy ISC dhcp in the backlog. Right now pfsense 2.4.4 is using a deprecated dhcp version(4.3.6). If it's not feasible to integrate Kea this year please consider upgrading ISC dhcp to 4.4.1 and expose new features in the gui (ddns-dual-stack-mixed-mode, ddns-update-style standard etc)
Updated by Dan Mahoney over 5 years ago
For what it's worth, for my dayjob, run ISC's internal office network with a pair of pfsense boxen (official hardware, because we like Netgate).
Right now, we're using Kea internally on a separate machine but it would be nice to have it as simple as it is with PfSense.
If NetGate or the pfsense developers would like to try and work out direct access to our Kea developers, please let me know.
Updated by Jim Thompson over 5 years ago
- Assignee changed from Jim Thompson to Anonymous
- Target version changed from Future to 2.5.0
Hey Dan, we definitely know who you guys are. We use Kea on tnsr.
Updated by Renato Botelho about 4 years ago
- Target version changed from 2.5.0 to Future
Not enough time for this big change before 2.5.0 is out
Updated by Jim Pingle about 2 years ago
- Subject changed from Consider replacing ISC DHCP server with KEA DHCP to Replace ISC DHCP server with Kea
- Target version changed from Future to CE-Next
- Start date deleted (
11/24/2016) - Plus Target Version set to Plus-Next
ISC DHCP Server is EOL, so this appears to be the path forward.
https://www.isc.org/blogs/isc-dhcp-eol/
Will need to replace the IPv4 and IPv6 DHCP servers and, if possible, the relay agents.
Updated by Jim Pingle about 2 years ago
- Plus Target Version changed from Plus-Next to 23.05
Updated by Christian McDonald almost 2 years ago
- Assignee set to Christian McDonald
Updated by Jim Pingle over 1 year ago
- Plus Target Version changed from 23.05 to 23.09
Doesn't look likely that we'll have time to finish this for 23.05. Moving forward to the next release target.
Updated by Jim Pingle over 1 year ago
Worth noting that when we do convert, we can remove input validation that prevents adding mappings within pools (or make it optional). Kea by default does respect reservations inside or outside of a pool, but has an option to increase performance by only using only out-of-pool reservations: https://kb.isc.org/docs/what-are-host-reservations-how-to-use-them
Updated by Christian McDonald over 1 year ago
- Status changed from New to In Progress
- Start date set to 05/12/2023
Updated by Christian McDonald over 1 year ago
- Subject changed from Replace ISC DHCP server with Kea to Introduce Kea DHCP as an alternative DHCP server
- Release Notes set to Default
Updated by Marcos M about 1 year ago
Updated by Jim Pingle about 1 year ago
- Status changed from In Progress to Feedback
- Target version changed from CE-Next to 2.8.0
MR has been merged, it will be in snapshots shortly.
Updated by Danilo Zrenjanin about 1 year ago
Tested the Kea DHCP with the latest release today.
Here are the test results:
- The service started without any problems.
- The client successfully received an address from the designated pool.
- The client also received the specified DNS server.
- The client received the designated gateway.
- The DHCP static mappings worked flawlessly as well.
- Status/DHCP leases showed the correct MAC address and hostname
- Status/DHCP leases showed correct Lease Utilization information.
I'll keep it in the feedback status in case more testing is required.
Updated by Jordan G about 1 year ago
Testing as we speak with 23.09.a.20230929.2350
I needed to acknowledge deprecation before I could change any legacy options and was redirected to where you can change the backend
ISC DHCP options still seemed to function as normal. Possible to have a link to system>advanced>networking in the DHCP backend table line just for ease of access?
Updated by Kris Phillips about 1 year ago
Tested static leases, DHCP status page, service stop/start manually or from reboots. Seems to work without issues at this time on latest 23.09 snapshots.
Updated by Vladimir Suhhanov about 1 year ago
No luck here...
Oct 1 09:05:21 kea-dhcp4 27252 ERROR [kea-dhcp4.dhcp4.0x61662a12000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': the 'hw-address' and 'client-id' are mutually exclusive (/usr/local/etc/kea/kea-dhcp4.conf:142:21) Oct 1 09:05:21 kea-dhcp4 27252 ERROR [kea-dhcp4.dhcp4.0x61662a12000] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: the 'hw-address' and 'client-id' are mutually exclusive (/usr/local/etc/kea/kea-dhcp4.conf:142:21) Oct 1 09:05:21 kea-dhcp4 27252 ERROR [kea-dhcp4.dhcp4.0x61662a12000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element subnet4: the 'hw-address' and 'client-id' are mutually exclusive (/usr/local/etc/kea/kea-dhcp4.conf:142:21)
This is definitely due to incompatible client identifier that was accidentally configured. Removed those and it works.
The other question is where I can see CARP status for the DHCP. ISC provided additional information for the DHCP on the status page. Now I can't see it anywhere?
Updated by Jim Pingle about 1 year ago
- Status changed from Feedback to In Progress
Confirmed here as well, setting a 'client identifier' in a static mapping makes Kea fail to start. Looks like we need input validation to prevent setting both, a note on the settings about them being mutually exclusive, and the backend code should only use one or the other. IMO it should use the MAC address if both are set, ignoring the client ID in that case.
Updated by Jim Pingle about 1 year ago
- Related to Bug #14830: Kea can't start with both MAC address and Client Identifier on static mappings added
Updated by Jim Pingle about 1 year ago
Vladimir Suhhanov wrote in #note-20:
The other question is where I can see CARP status for the DHCP. ISC provided additional information for the DHCP on the status page. Now I can't see it anywhere?
Failover is not supported yet. There are a few features that are not yet implemented in Kea. See https://docs.netgate.com/pfsense/en/latest/releases/23-09.html#kea-dhcp-server-feature-preview-now-available for details.
Updated by Christian McDonald about 1 year ago
- Status changed from In Progress to Feedback
I added a note to the UI when using Kea that the MAC address is used for mappings that set both a MAC and cid (which apparently wouldn't blow up ISC DHCP)...and implemented this behavior in the config generation code.
Updated by Jim Pingle about 1 year ago
- Status changed from Feedback to In Progress
If I put a client ID such as "mint3" in, it's allowed by validation and Kea still crashes and refuses to start.
Oct 5 17:45:18 kea-dhcp4 69532 ERROR [kea-dhcp4.dhcp4.0x38b6c012000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element reservations: invalid host identifier value 'mint3' (/usr/local/etc/kea/kea-dhcp4.conf:91:13) Oct 5 17:45:18 kea-dhcp4 69532 ERROR [kea-dhcp4.dhcp4.0x38b6c012000] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: invalid host identifier value 'mint3' (/usr/local/etc/kea/kea-dhcp4.conf:91:13) Oct 5 17:45:18 kea-dhcp4 69532 ERROR [kea-dhcp4.dhcp4.0x38b6c012000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': invalid host identifier value 'mint3' (/usr/local/etc/kea/kea-dhcp4.conf:91:13)
That appears to be due to the fact that Kea requires a specific format there, whereas ISC DHCPD doesn't seem to have cared.
Updated by Jim Pingle about 1 year ago
- Subject changed from Introduce Kea DHCP as an alternative DHCP server to Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Updated by Phil Wardt about 1 year ago
Christian McDonald wrote in #note-24:
I added a note to the UI when using Kea that the MAC address is used for mappings that set both a MAC and cid (which apparently wouldn't blow up ISC DHCP)...and implemented this behavior in the config generation code.
The client ID seems to take precedence now on MAC addr as per RFC specifications
https://kea.readthedocs.io/en/kea-1.6.1/arm/dhcp4-srv.html#using-client-identifier-and-hardware-address
I don't understand the note added to UI in this case !
Updated by Christian McDonald about 1 year ago
- Status changed from In Progress to Feedback
Validation is now in place to check v4 client identifiers as being valid kea hex strings. If this check fails, the client identifier is wrapped in single quotes and rendered in the kea configuration as-is. Kea can do the transform to a byte vector if given a string wrapped in single quotes.
"reservations": [ { "client-id": "'something'" } ],
"reservations": [ { "client-id": "00:11:22:33:44:55" } ],
Updated by Jim Pingle about 1 year ago
- Status changed from Feedback to Resolved
Looks good here. I see the expected entry in the config file and the Kea daemon is still up and running.
Thanks!
Updated by Jim Pingle about 1 year ago
- Target version changed from 2.8.0 to 2.7.1
Updated by Jim Pingle 5 months ago
- Related to Feature #15650: Kea Feature Integration for parity with ISC DHCP added