Thanks Tomek! VLAN in linux are worked by kernel modules, so if Kea uses raw sockets, probabily VLAN is marked/worked AFTER Kea. I still not 100% sure, but my guess is that Kea was receiving all packets at least two times, one for each interface. After that config change, everything is working. About IP on interface, I don't have this problem, since my subnet for each interface has the same IP range for hosts and server.
Jonis Maurin CearĂ¡ Analista de Sistemas FEA-RP Help Desk +55 (16) 3315-3898 Audiovisual +55 (16) 3315-3927 Desenv. Sistemas +55 (16) 3315-4485 Infraestrutura +55 (16) 3315-8539 / 0672 Atendimento Web: http://suporte.fearp.usp.br ----- Mensagem original ----- > De: "Tomek Mrugalski" <[email protected]> > Para: "Jonis Maurin Ceara" <[email protected]> > Cc: [email protected] > Enviadas: Sexta-feira, 20 de Maio de 2016 6:33:01 > Assunto: Re: [Kea-users] Can't get KEA to work here - VLAN issues > On 19.05.2016 19:29, Jonis Maurin Ceara wrote: > > Actually, I need some explanations from experts.... > > DHCP works on Layer 2? And VLAN's, works on layer 2 too? > I don't have much experience with VLANs, so not sure if what I have > for > you would be useful or not. DHCPv4 component of Kea by default uses > raw > sockets. This means that it dissects incoming packets on its own. One > side effect is that raw sockets receive packets before kernel stack > processes it. In particular, iptables are not effective and Kea would > receive the traffic, even if iptables drop it. I do not know how VLAN > support is implemented in Linux kernel, but I presume it may be > similar. > > This is what I have: > > One VM with only one interface.....this interface has VLAN 227 as > > untagged and a lot of other VLAN"s tagged, including VLAN 209 > > On OS of this VM (CentOS 7), I have two interfaces: > > > > eth0 => 'normal interface', configured with static IP and nothing > > related to VLAN. Untagged VLAN = 227, but receives a lot of other > > tagged > > VLAN's. network-id = 1025 for this IP range/VLAN > > eth0.209 => interface configured with VLAN ID 209. Network-id = > > 1024 > > for this range/VLAN. > > > > In Kea configuration, I had: > > */"interfaces-config": {/* > > */ "interfaces": [ "eth0", "eth0.209" ]/* > > */ },/* > > and nothing more. > > The 'problem' is that Kea is seeing more traffic on eth0....I mean, > > Kea > > is receiving DHCP requests from ALL other VLAN's that is tagged, > > even if > > my linux is not configured for these VLAN's. So I'm guessing that > > Kea is > > intercepting DHCP packages before my linux could 'ignore' these > > tagged > > packets on eth0 (I could see this on log with debug). Since my VLAN > > 209 > > came untagged to interface eth0.209 and tagged to interface eth0, I > > think Kea is guetting crazy with same packet on both network cards > > and > > subnets. > > > > I have added 'interface' to specific subnetworks and It's working > > for now. > That's good to hear. So is Kea doing what you wanted it to do? > I'm afraid that any improvements for VLAN are out of scope for the > current 1.1 milestone. So you'll have to work with what is there in > the > code now. However, there are couple things you may possibly find > useful. > 1. You can switch Kea to use UDP sockets rather than raw sockets. > This > should work great if you have relays, but may be not optimal if you > have > directly connected clients. See Section 7.2.4 of the User's Guide for > details (the parameter name is dhcp-socket-type). > 2. You mentioned using interface parameter in subnet definition. This > is > working in Kea 1.0, but has some flaws. In particular, it will not > work > if your IP address on the interface does not match the subnet range. > This has been improved recently. If you're interested, the code is > currently available on trac4308 branch. You can get it from github. > It will be on master branch soon. With this change, only the > interface > name has to match, not the addresses configured on it. You may give > it a > try if you experience problems with the interface selection in the > 1.0 code. > Hope that helps, > Tomek
_______________________________________________ Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
