So I have now modified this shared-network configuration to look like the
following. However, it has not made any difference. It still only generates
"type=00013, len=00040: NoPrefixAvail(6) "Sorry, no prefixes could be
allocated."" in the logfiles. To be clear, the /56 at this site has been
divided up into different /64's for each zone on the firewall. The firewall
is doing the DHCPv6 relaying. I had added the different relay IP's because
that is how the link-address comes through in the tcpdump. So I guess I
misundertood that one. I've tried this configuration both with and without
the link-local address for the local interface of the firewall that the
relay comes from. Makes no difference:
"shared-networks": [
{
"name": "Site Subnets",
"interface": "ens18",
"relay":{
"ip-addresses": [
"2603:3023:62c:e160::1"
]
},
"subnet6": [
{
"id":6100,
"subnet":"2603:3023:62c:e101::/64",
"pools":[ { "pool":"2603:3023:62c:e101::1000 -
2603:3023:62c:e101::ffff" } ]
},
{
"id":6110,
"subnet":"2603:3023:62c:e110::/64",
"pools":[ { "pool":"2603:3023:62c:e110::1000 -
2603:3023:62c:e110::ffff" } ]
},
{
"id":6130,
"subnet":"2603:3023:62c:e130::/64",
"pools":[ { "pool":"2603:3023:62c:e130::1000 -
2603:3023:62c:e130::ffff" } ]
},
{
"id":6150,
"subnet":"2603:3023:62c:e150::/64",
"pools":[ { "pool":"2603:3023:62c:e150::1000 -
2603:3023:62c:e150::ffff" } ]
},
{
"id":6160,
"subnet":"2603:3023:62c:e160::/64",
"pools":[ { "pool":"2603:3023:62c:e160::1000 -
2603:3023:62c:e160::ffff" } ]
}
]
}
],
On Sat, Feb 15, 2025 at 4:08 AM Darren Ankney <darren.ank...@gmail.com>
wrote:
> Hi Geoff,
>
> You can read more about any messages you encounter in the Kea logs by
> accessing the messages manual here:
> https://kea.readthedocs.io/en/kea-2.6.1/kea-messages.html and
> searching for the phrase that is in all caps separated by underscores,
> in this case: ALLOC_ENGINE_V6_ALLOC_FAIL_SHARED_NETWORK The double
> negative sentence wouldn't be a double negative if it had found
> subnets with "no available addresses".
>
> What I notice about your configuration that will be causing Kea
> problems is that you have different relay IP addresses for some
> subnets in the same shared-network. That has no meaning. The shared
> network subnets must all be assigned to the same relay agent or group
> of relay agents. While this can be done at the subnet level, it makes
> more sense to do it once per shared-network. See here:
>
> https://kea.readthedocs.io/en/kea-2.6.1/arm/dhcp4-srv.html#local-and-relayed-traffic-in-shared-networks
> where it says:
>
> " it is a configuration error to specify different relay addresses for
> the respective subnets in the shared network."
>
> Thank you,
> Darren Ankney
>
> On Sat, Feb 15, 2025 at 3:10 AM Geoff Sweet <thegorf+...@gmail.com> wrote:
> >
> > Thanks kindly there Darren, that did make a difference and solved part
> of the problem. I also made a change in the configuration. Check this out,
> the config is shared-network now and the debug logs clearly show that it
> now receives the request and looks for a subnet. What is strange here is
> this log entry:
> >
> > 2025-02-14 23:49:15.069 WARN
> [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_FAIL_SHARED_NETWORK
> duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907:
> failed to allocate a lease in the shared network Site Subnets: 0 subnets
> have no available leases, 15 subnets have no matching pools
> >
> > I don't know where it's getting that 15 subnets from. Or why it thinks
> there are 0 subnets with available leases. By the way, that sentence is an
> odd double negative.
> >
> > Anyway, I'm just throwing stuff against the wall in this config now.
> Current subnet configuration and block of logs below:
> >
> > ####
> > Config
> > ####
> > "shared-networks": [
> > {
> > "name": "Site Subnets",
> > "subnet6": [
> > {
> > "id":6100,
> > "subnet":"2603:3023:62c:e101::/64",
> > "pools":[ { "pool":"2603:3023:62c:e101::1000 -
> 2603:3023:62c:e101::ffff" } ],
> > "relay":{
> > "ip-addresses":[ "2603:3023:62c:e101::1" ]
> > },
> > "interface": "ens18"
> > },
> > {
> > "id":6110,
> > "subnet":"2603:3023:62c:e110::/64",
> > "pools":[ { "pool":"2603:3023:62c:e110::1000 -
> 2603:3023:62c:e110::ffff" } ],
> > "relay":{
> > "ip-addresses":[ "2603:3023:62c:e110::1" ]
> > },
> > "interface": "ens18"
> > },
> > {
> > "id":6130,
> > "subnet":"2603:3023:62c:e130::/64",
> > "pools":[ { "pool":"2603:3023:62c:e130::1000 -
> 2603:3023:62c:e130::ffff" } ],
> > "relay":{
> > "ip-addresses":[ "2603:3023:62c:e130::1" ]
> > },
> > "interface": "ens18"
> > },
> > {
> > "id":6150,
> > "subnet":"2603:3023:62c:e150::/64",
> > "pools":[ { "pool":"2603:3023:62c:e150::1000 -
> 2603:3023:62c:e150::ffff" } ],
> > "relay":{
> > "ip-addresses":[ "2603:3023:62c:e150::1" ]
> > },
> > "interface": "ens18"
> > },
> > {
> > "id":6160,
> > "subnet":"2603:3023:62c:e160::/64",
> > "pools":[ { "pool":"2603:3023:62c:e160::1000 -
> 2603:3023:62c:e160::ffff" } ],
> > "interface": "ens18"
> > }
> > ]
> > }
> > ],
> >
> > ####
> > Logfile of a request:
> > ####
> >
> > msg_type=SOLICIT (1), trans_id=0xe52907,
> > options:
> > type=00001, len=00010: 00:03:00:01:16:fb:97:88:25:a7
> > type=00006, len=00002: 82(uint16)
> > type=00008, len=00002: 23347 (uint16)
> > type=00014, len=00000:
> > type=00025(IA_PD), len=00041: iaid=0, t1=0, t2=0,
> > options:
> > type=00026(IAPREFIX), len=00025: prefix=::/64, preferred-lft=0,
> valid-lft=0
> > 1 relay(s):
> > relay[0]: msg-type=12(RELAY_FORWARD), hop-count=0,
> > link-address=2603:3023:62c:e101::1,
> peer-address=fe80::14fb:97ff:fe88:25a7, 1 option(s)
> > type=00018, len=00004: 04:00:00:00
> >
> > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.packets/9752.140223914522304]
> DHCP6_SUBNET_SELECTED duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr
> info], tid=0xe52907: the subnet with ID 6100 was selected for client
> assignments
> > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.packets/9752.140223914522304]
> DHCP6_SUBNET_DATA duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info],
> tid=0xe52907: the selected subnet details: 2603:3023:62c:e101::/64
> > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304]
> HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
> identifier: hwaddr=16FB978825A7
> > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304]
> HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=16FB978825A7,
> found 0 host(s)
> > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304]
> HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
> identifier: duid=0003000116FB978825A7
> > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.hosts/9752.140223914522304]
> HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier
> duid=0003000116FB978825A7, found 0 host(s)
> > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.dhcp6/9752.140223914522304]
> DHCP6_CLASS_ASSIGNED duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr
> info], tid=0xe52907: client packet has been assigned to the following
> class: UNKNOWN
> > 2025-02-14 23:49:15.068 DEBUG [kea-dhcp6.dhcp6/9752.140223914522304]
> DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION
> duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907:
> client packet has been assigned to the following classes: ALL, UNKNOWN
> > 2025-02-14 23:49:15.069 DEBUG
> [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_UNRESERVED no static reservations available - trying
> to dynamically allocate leases for client
> duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907
> > 2025-02-14 23:49:15.069 WARN
> [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_FAIL_SHARED_NETWORK
> duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info], tid=0xe52907:
> failed to allocate a lease in the shared network Site Subnets: 0 subnets
> have no available leases, 15 subnets have no matching pools
> > 2025-02-14 23:49:15.069 WARN
> [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS duid=[00:03:00:01:16:fb:97:88:25:a7],
> [no hwaddr info], tid=0xe52907: no pools were available for the lease
> allocation
> > 2025-02-14 23:49:15.069 WARN
> [kea-dhcp6.alloc-engine/9752.140223914522304]
> ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES duid=[00:03:00:01:16:fb:97:88:25:a7],
> [no hwaddr info], tid=0xe52907: Failed to allocate an IPv6 address for
> client with classes: ALL, UNKNOWN
> > 2025-02-14 23:49:15.069 DEBUG [kea-dhcp6.options/9752.140223914522304]
> DHCP6_ADD_STATUS_CODE_FOR_IA duid=[00:03:00:01:16:fb:97:88:25:a7], [no
> hwaddr info], tid=0xe52907: adding Status Code to IA with iaid=0:
> NoPrefixAvail(6) "Sorry, no prefixes could be allocated."
> > 2025-02-14 23:49:15.070 DEBUG [kea-dhcp6.dhcp6/9752.140223914522304]
> DHCP6_CLASSES_ASSIGNED duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr
> info], tid=0xe52907: client packet has been assigned on SOLICIT message to
> the following classes: ALL, UNKNOWN
> > 2025-02-14 23:49:15.070 INFO [kea-dhcp6.packets/9752.140223914522304]
> DHCP6_PACKET_SEND duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info],
> tid=0xe52907: trying to send packet ADVERTISE (type 2) from
> [2603:3023:62c:e160::11]:547 to [2603:3023:62c:e160::1]:547 on interface
> ens18
> > 2025-02-14 23:49:15.070 DEBUG [kea-dhcp6.packets/9752.140223914522304]
> DHCP6_RESPONSE_DATA duid=[00:03:00:01:16:fb:97:88:25:a7], [no hwaddr info],
> tid=0xe52907: responding with packet ADVERTISE (type 2), packet details:
> local_address=[2603:3023:62c:e160::11]:547,
> remote_address=[2603:3023:62c:e160::1]:547,
> > msg_type=ADVERTISE (2), trans_id=0xe52907,
> > options:
> > type=00001, len=00010: 00:03:00:01:16:fb:97:88:25:a7
> > type=00002, len=00014: 00:01:00:01:2f:37:1b:26:bc:24:11:80:c9:7a
> > type=00025(IA_PD), len=00056: iaid=0, t1=0, t2=0,
> > options:
> > type=00013, len=00040: NoPrefixAvail(6) "Sorry, no prefixes could be
> allocated."
> > 1 relay(s):
> > relay[0]: msg-type=13(RELAY_REPLY), hop-count=0,
> > link-address=2603:3023:62c:e101::1,
> peer-address=fe80::14fb:97ff:fe88:25a7, 1 option(s)
> > type=00018, len=00004: 04:00:00:00
> >
> >
> > On Thu, Feb 13, 2025 at 11:29 AM Darren Ankney <darren.ank...@gmail.com>
> wrote:
> >>
> >> Hi Geoff,
> >>
> >> You might need to specify your IP address on which to listen in your
> >> interfaces-config. You can check with the command: `ss -ulnp`. In
> >> the output, look what address is listed with 547. It might be your
> >> LLA for the interface. If it is that instead of your GLA for the
> >> interface, then you need to specify the address. Something like this:
> >>
> >> "interfaces-config": {
> >> "interfaces": [
> >> "ens18/2001:db8::12"
> >> ]
> >> },
> >>
> >> See here:
> https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#interface-configuration
> >>
> >> Thank you,
> >> Darren Ankney
> >>
> >> On Tue, Feb 11, 2025 at 1:28 AM Geoff Sweet <thegorf+...@gmail.com>
> wrote:
> >> >
> >> > Greetings everyone,
> >> > I have a Kea 2.6 installation that for the most part is going
> great. However, I'm not able to figure out the config to make it work with
> IPv6 relayed DHCPv6 requests. At the end of this email is my complete
> config. So, my firewall is doing all DHCP relaying. I can see via tcpdump
> that the request originates in the local subnet, is received by the
> firewall relay agent, forwards it to the subnet with the Kea server on it,
> and forwards it. On the Kea server itself I can see the request arrive for
> instance:
> >> >
> >> > 22:00:52.949059 IP6 (hlim 64, next-header UDP (17) payload length:
> 133) 2603:3023:62c:e160::1.547 > 2603:3023:62c:e160::11.547: [udp sum ok]
> dhcp6 relay-fwd (linkaddr=2603:3023:62c:e101::1
> peeraddr=fe80::14fb:97ff:fe88:25a7 (interface-ID 04000000...)
> (relay-message (dhcp6 solicit (xid=4d2037 (elapsed-time 0) (client-ID
> hwaddr type 1 16fb978825a7) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/64
> pltime:0 vltime:0)) (option-request opt_82) (rapid-commit))))
> >> >
> >> > I'm not sure why the interface-ID is set the way it is. So opted to
> ignore it and instead focus on the linkaddr. But while the documentation
> mentions it, for the life of me I can NOT find a single example of how to
> configure it. So I'm kinda throwing things at the wall now. As you can see
> below. Can anyone offer any insight into what I am doing wrong? Also,could
> someone tell me if my loggers are configured correctly? They literally
> produce exactly the same output no matter what I do with severity and
> debuglevel. Part of the reason this is so frustrating to troubleshoot.
> >> >
> >> > Thanks everyone!
> >> >
> >> > #######
> >> > kea-dhcpv6.conf
> >> > #######
> >> > {
> >> > "Dhcp6": {
> >> > "renew-timer": 21600,
> >> > "rebind-timer": 43200,
> >> > "valid-lifetime": 86400,
> >> > "interfaces-config": {
> >> > "interfaces": [
> >> > "ens18"
> >> > ]
> >> > },
> >> > "lease-database": {
> >> > "type": "memfile",
> >> > "persist": true,
> >> > "name": "/var/lib/kea/dhcp6.leases"
> >> > },
> >> > "option-data": [
> >> > {
> >> > "name": "dns-servers",
> >> > "data": "2603:3023:62c:e101::10, 2603:3023:62c:e101::12"
> >> > },
> >> > {
> >> > "name": "domain-search",
> >> > "data": "iotlab.loc"
> >> > }
> >> > ],
> >> > "dhcp-ddns": {
> >> > "enable-updates": true,
> >> > "server-ip": "127.0.0.1",
> >> > "server-port": 53001
> >> > },
> >> > "ddns-override-client-update": true,
> >> > "ddns-override-no-update": true,
> >> > "ddns-qualifying-suffix": "iotlab.loc",
> >> > "ddns-update-on-renew": true,
> >> > "subnet6": [
> >> > # Home Subnet
> >> > {
> >> > "subnet": "2603:3023:62c:e101::/64",
> >> > "id": 6100,
> >> > "pools": [
> >> > {
> >> > "pool": "2603:3023:62c:e101::1000 -
> 2603:3023:62c:e101::ffff"
> >> > }
> >> > ],
> >> > "relay": {
> >> > "linkaddr": [ "2603:3023:62c:e101::1" ]
> >> > }
> >> > },
> >> > # DMZ Subnet
> >> > {
> >> > "subnet": "2603:3023:62c:e110::/64",
> >> > "id": 6110,
> >> > "pools": [
> >> > {
> >> > "pool": "2603:3023:62c:e110::1000 -
> 2603:3023:62c:e110::ffff"
> >> > }
> >> > ],
> >> > "relay": {
> >> > "ip-addresses": [ "2603:3023:62c:e110::1" ]
> >> > }
> >> > },
> >> > # IoT Subnet
> >> > {
> >> > "subnet": "2603:3023:62c:e130::/64",
> >> > "id": 6130,
> >> > "pools": [
> >> > {
> >> > "pool": "2603:3023:62c:e130::1000 -
> 2603:3023:62c:e130::ffff"
> >> > }
> >> > ],
> >> > "relay": {
> >> > "ip-addresses": [ "2603:3023:62c:e130::1" ]
> >> > }
> >> > },
> >> > # Guest Subnet
> >> > {
> >> > "subnet": "2603:3023:62c:e150::/64",
> >> > "id": 6150,
> >> > "pools": [
> >> > {
> >> > "pool": "2603:3023:62c:e150::1000 -
> 2603:3023:62c:e150::ffff"
> >> > }
> >> > ],
> >> > "relay": {
> >> > "ip-addresses": [ "2603:3023:62c:e150::1" ]
> >> > }
> >> > },
> >> > {
> >> > "subnet": "2603:3023:62c:e160::/64",
> >> > "id": 6160,
> >> > "interface": "ens18",
> >> > "pools": [
> >> > {
> >> > "pool": "2603:3023:62c:e160::1000 -
> 2603:3023:62c:e160::ffff"
> >> > }
> >> > ]
> >> > }
> >> > ],
> >> > "loggers": [
> >> > {
> >> > "name": "kea-dhcp6",
> >> > "severity": "DEBUG",
> >> > "debuglevel": "99",
> >> > "output_options": [
> >> > {
> >> > "output": "/var/log/kea/dhcp6.log",
> >> > "maxver": 10
> >> > }
> >> > ]
> >> > },
> >> > {
> >> > "name": "kea-dhcp6.dhcpsrv",
> >> > "severity": "DEBUG",
> >> > "debuglevel": "99",
> >> > "output_options": [
> >> > {
> >> > "output": "/var/log/kea/dhcp6-dhcpsrv.log",
> >> > "maxver": 10
> >> > }
> >> > ]
> >> > },
> >> > {
> >> > "name": "kea-dhcp6.leases",
> >> > "severity": "DEBUG",
> >> > "debuglevel": "99",
> >> > "output_options": [
> >> > {
> >> > "output": "/var/log/kea/dhcp6-leases.log",
> >> > "maxver": 10
> >> > }
> >> > ]
> >> > },
> >> > {
> >> > "name": "kea-netconf",
> >> > "severity": "DEBUG",
> >> > "debuglevel": "99",
> >> > "output_options": [
> >> > {
> >> > "output": "/var/log/kea/kea-netconf.log",
> >> > "maxver": 10
> >> > }
> >> > ]
> >> > }
> >> > ]
> >> > }
> >> > }
> >> >
> >> >
> >> >
> >> > --
> >> > ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >> >
> >> > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users
> .
> >> >
> >> > Kea-users mailing list
> >> > Kea-users@lists.isc.org
> >> > https://lists.isc.org/mailman/listinfo/kea-users
> >> --
> >> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >>
> >> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >>
> >> Kea-users mailing list
> >> Kea-users@lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/kea-users
> >
> > --
> > ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >
> > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> >
> > Kea-users mailing list
> > Kea-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/kea-users
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
