Hi All, I am unable to configure KEA to serve identical subnets to different networks.
We have an MPLS Service-Provider style network I am configuring that would benefit from being able to provide DHCP for different segregated network segments (vrfs) using overlapping (or possibly duplicate) subnets. These segregated vrfs are able to talk back to the KEA instance via multi-homed DHCP Relays living in both the customer's vrf, and our dhcp-management vrf. We are using Option 82 (sub-option 2) set individually by each DHCP relay to distinguish between each network within the KEA DHCP server. Everything is working as expected with this configuration, the segregated DHCP clients are able to receive their specific allocation as per Option 82 (using flex-id within KEA). However, if we configure two different and segregated network pools to use the same subnet within the KEA kea-dhcp4.conf configuration file, KEA refuses to start with a 'DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file 'kea-dhcp4.conf': subnet with the prefix of '192.168.10.0/30' already exists (kea-dhcp4.conf:62:7)' error. As the IP subnets we use for the different network segments are often allocations from our customers, the likelihood for subnet collision is inevitable, but as they are segregated networks that does not cause any issues. The only problem is that KEA refuses to start with such a configuration. Is this a supported configuration that I am missing the obvious solution for? Are there any available workarounds for my use-case? Are there any other solutions for such an issue? We have considered running multiple distinct KEA instances, one for each customer with dedicated configuration, however this is undesirable as it greatly increases both the network design and system provisioning logic required for the rest of our system, as well as reduces the system resiliency as each customer/network-segment would need its own load-balance/HA group instead of being able to pool all those server (or vm) resources into one larger load-balance/HA group. We would much prefer to be able to have one KEA configuration covering everything. Regards. Dee-Jay Dee-Jay Logozzo IT Security Architect URSYS PTY LTD Level 1 / 459 – 461 Parramatta Road Leichhardt 2040 NSW E: [email protected]<mailto:[email protected]> T: 02 8745 2841 W: URSYS.com.au<https://ursys.com.au/> [cid:117db375-a32b-47a3-8843-59dfad20cd46]
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. [email protected]
