Re: [Kea-users] kea-dhcpv6 won't offer adresses to clients

[Django [Bastard Operator from Hell] via Kea-users]

HI Kevin,

Am 10.05.24 um 14:50 schrieb Kevin P. Fleming:
It was indeed a huge email... 

Yes indeed, that was a big email - I had also tried to provide as much 
information as possible to help narrow down my error. I have a hunch, 
it's called PEBCAK!

but it's also missing a crucial bit of information:

You're running Kea on a VM: how is that VM's network interface connected to the 
LAN (through the hypervisor)? Is it bridged, or routed, or some other 
configuration?

No problem, I'll be happy to supply the missing information. The network 
port net4 is bound to a bridge that is passed on to the guest system by 
KVM an my KVM-host pml010102.

--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
django@pml010102:/etc/systemd/network$ ll br4*

-rw-r--r-- 1 root root 306 Mar  2 17:07 br4_net4.network
-rw-r--r-- 1 root root 271 Mar  2 17:06 br4.netdev
-rw-r--r-- 1 root root 282 Mar  2 17:07 br4.network
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------


--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
django@pml010102:/etc/systemd/network$ cat br4.network

# Ansible generated, do not edit manually! 


# assign network-bridges-networkdevice

# Function/Usage: intranet1
[Match]
Name=br4

[Network]
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------

--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
django@pml010102:/etc/systemd/network$ cat br4.netdev

# Ansible generated, do not edit manually! 


# assign network-bridges

# Function/Usage: intranet1
[NetDev]
Name=br4
Kind=bridge
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------

--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
django@pml010102:/etc/systemd/network$ cat br4.network

# Ansible generated, do not edit manually! 


# assign network-bridges-networkdevice

# Function/Usage: intranet1
[Match]
Name=br4

[Network]
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------


... and last but not least, here's the interface definition visible in 
virt-manager:
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------
<interface type="bridge">
  <mac address="52:54:00:41:11:02"/>
  <source bridge="br4"/>
  <target dev="vnet3"/>
  <model type="virtio"/>
  <alias name="net1"/>
  <address type="pci" domain="0x0000" bus="0x02" slot="0x00" 
function="0x0"/>
</interface>
--------8<--------8<--------8<--------8<--------8<--------8<--------8<--------

But the confusing thing is now:
I can reach the VM (vml010110 with 10.0.10.110) from my laptop (host 
nitropad) using SSH:
django@nitropad:~$ ping -c4 10.0.10.110

I can also access the MTA on the VM:
django@nitropad:~$ telnet 10.0.10.110 25

The VM has the following IP addresses on eth1:
root@vml000110:~# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state 
UP group default qlen 1000
    link/ether 52:54:00:41:11:02 brd ff:ff:ff:ff:ff:ff:ff:ff
    altname enp2s0
    inet 10.0.10.110/24 brd 10.0.10.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 2003:a:e0d:7607:10:0:10:110/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fd00::7:10:0:0:110/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::7:10:ff:fe10:110/64 scope link
       valid_lft forever preferred_lft forever

But I can NOT ping the LLA link-local-address fe80::7:10:ff:fe10:110 
from my laptop:
django@nitropad:~$ ping -6 -c4 fe80::7:10:ff:fe10:110%enp0s25

So, and to add to the confusion, the following test. I have manually 
assigned static IPv6 addresses to the laptop.

inet6 2003:a:e0d:7607:10:0:10:73/64
inet6 fe80::7:10:ff:fe10:73/64

Now I can ping the LLA:
django@nitropad:~$ ping -6 -c4 fe80::7:10:ff:fe10:110%enp0s25

and of course also the global scope address:
django@nitropad:~$ ping -6 -c4 2003:a:e0d:7607:10:0:10:110

It's milking mice! :(

And that makes me a bit suspicious! I'm also wondering why a tcpdump on 
the VM doesn't show any packets when I try to receive adresses from 
kea-dhcp6 an I try to capture DHCPv6 traffic with :

root@vml000110:/var/log# tcpdump -i eth1 -n -vv ‘(udp port 546 and port 
547)’
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 
262144 bytes

Nothing! NULL! de narda! I think there is something wrong with the basic 
network configuration/routing. Because if the tcpdump doesn't record 
anything, how is the kea-dhcp6 supposed to hear anything and be able to 
respond?

As I said before, something is very wrong here and I'm afraid it's not 
just me, where ‘something is going wrong, the installation and 
configuration also has a medium sized handicap!


ttyl
Django
--
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users