I wonder whether it has anything to do with the fact that DHCPv6 process does not seem to listen on port 546
root@server-kea-node1:/home/kea # sudo netstat -tulpn | grep LISTEN tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 628/kea-ctrl-agent tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 673/sshd: /usr/sbin tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 610/systemd-resolve tcp6 0 0 :::9119 :::* LISTEN 632/stork-agent tcp6 0 0 :::22 :::* LISTEN 673/sshd: /usr/sbin tcp6 0 0 :::8080 :::* LISTEN 632/stork-agent tcp6 0 0 :::9547 :::* LISTEN 632/stork-agent root@server-kea-node1:/home/kea# nmap localhost Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-23 15:35 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.0000030s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 8000/tcp open http-alt 8080/tcp open http-proxy Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds I do not see DHCPv4 or DHCPv6 ports open at all. Per manual, “The DHCPv4 and DHCPv6 protocols assume the server will open privileged UDP port 67 (DHCPv4) or 547 (DHCPv6).” , which is fine, I do start the DHCPv6 process as root, so it should show up in the list of ports being open. Marek From: mxhajducze...@gmail.com <mxhajducze...@gmail.com> Sent: Tuesday, April 23, 2024 9:19 AM To: 'Kea user's list' <kea-users@lists.isc.org> Subject: DHCPv6, shared network, and double-relay Solicit messages Dear colleagues, I have been attempting to test a setup in the lab with DOCSIS CM operating in IPv6 mode only, where the DHCPv6 messages are relayed across the CMTS and the first-hop router (relay address 2600:6ce4:0:3e::1) towards a Kea server running 2.4 code (address 2600:6ce4:0:42::130). At the Kea server level, I ran a packet capture, to observe an interesting behavior - the Solicit messages from the DOCSIS CM are being forwarded back to the relay, embedded within the ICMPv6 message with indication that the destination is unreachable for some reason. The Kea server is running without any issues so it seems that the binding is successful and root@server-kea-node1:/home/ace# service isc-kea-dhcp6-server status ● isc-kea-dhcp6-server.service - Kea DHCPv6 Service Loaded: loaded (/lib/systemd/system/isc-kea-dhcp6-server.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-04-23 15:02:41 UTC; 11min ago Docs: man:kea-dhcp6(8) Main PID: 1551 (kea-dhcp6) Tasks: 7 (limit: 4550) Memory: 3.5M CPU: 119ms CGroup: /system.slice/isc-kea-dhcp6-server.service └─1551 /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.467 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 129 bytes over command socket 22 Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get' Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 92 bytes (0 bytes left to send) over command socket 22 Apr 23 15:14:29 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:29.468 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_OPENED Opened socket 22 for incoming command connection Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_READ Received 117 bytes over command socket 22 Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 INFO [kea-dhcp6.commands/1551.140682475032192] COMMAND_RECEIVED Received command 'statistic-get-all' Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_WRITE Sent response of 8715 bytes (0 bytes left to send) over command socket 22 Apr 23 15:14:30 server-kea-node1 kea-dhcp6[1551]: 2024-04-23 15:14:30.158 DEBUG [kea-dhcp6.commands/1551.140682475032192] COMMAND_SOCKET_CONNECTION_CLOSED Closed socket 22 for existing command connection I attach the Kea DHCPv6 config for reference (keav6.json) - the test device should match rpd-10 class, and make its way into 2600:6ce4:0:3e::/64 subnet. I am drawing blank on what the problem might be in here. I have not seen this behavior before and I am not sure whether it is related with the fact that I have two layers of relays in messages or not Regards Marek
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
