[Kea-users] Option 81 and embedded devices
We migrated from dhcpd to kea 2.0 almost 2 months ago. Everything has been going well with the exception of a seemingly perplexing behavior difference between the two DHCP implementations. We have a lot of embedded devices of varying age all dhcping. All of these devices had been working nominally when using dhcpd. However we are noticing that when a device has a /technically/ non-compliant fqdn in the option 81 field, kea will silently drop the DISCOVER packet. Some of the devices we’ve been able to upgrade or fix the configuration, but many devices can’t be fixed and would need to be replaced. I’m curious if anyone else has noticed this behavior and if so has anyone figured out a work around? -- Munroe Sollog (He/Him/His) Network Architect mun...@lehigh.edu -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] DHCP fingerprinting hook
Thanks for the feedback. This project started for us 5-7 years ago with a
(then open source) project called fingerbank and snippet of code for dhcpd:
log(info,
concat("Client :",
binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)),
": requests ",
binary-to-ascii(16, 8, ":", option dhcp-parameter-request-list),
" - ",
pick-first-value(option vendor-class-identifier, "no_vendor_id"))
);
This cemented our local database of fingerprints as colon separated hex
options. I agree it's a silly format, but it's what we have and I don't
think we're ready to change that. I can absolutely use a comma separator
for the decimal-value output as I agree that makes a lot more sense.
At the moment though we are struggling with how to use the packaged version
of kea and this custom hook. When we upgraded to 2.0.1 via apt last week
the custom hook failed to load and thus kea failed to start. I'm not sure
if there is a better way to construct the Makefile so these hooks are more
resilient or if we just need to hold kea and only upgrade.
On Sat, Dec 18, 2021 at 9:40 PM Klaus Steden wrote:
>
> This looks pretty cool, but if I can offer a suggestion, I would report
> the options in a slightly different format (comma-separated perhaps?) to
> make it easier to distinguish from a MAC address ... I did a bit of a
> double-take when I looked at the sample log message in your GitHub README.
>
> cheers,
> Klaus
>
> On Thu, Dec 9, 2021 at 10:20 PM Munroe Sollog wrote:
>
>> I finally found the time to dig into kea's code and dust off my very old
>> C++ knowledge. The result is this hook:
>>
>> https://github.com/mroe1234/DHCPfingerprintHook
>>
>> It adds a log line with the mac address and the specific option order a
>> client requested.
>>
>> --
>> Munroe Sollog (He/Him/His)
>> Network Architect
>> mun...@lehigh.edu
>> ___
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
>
--
Munroe Sollog (He/Him/His)
Network Architect
mun...@lehigh.edu
___
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] DHCP fingerprinting hook
I finally found the time to dig into kea's code and dust off my very old C++ knowledge. The result is this hook: https://github.com/mroe1234/DHCPfingerprintHook It adds a log line with the mac address and the specific option order a client requested. -- Munroe Sollog (He/Him/His) Network Architect mun...@lehigh.edu ___ ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] buffer4_receive hook
Referencing this documentation: https://reports.kea.isc.org/dev_guide/de/df3/dhcpv4Hooks.html#dhcpv4HooksBuffer4Receive It says "this callout is executed when the server has received a buffer containing a DHCPv4 message, but the message hasn't yet been parsed. The sole argument "query4" contains a pointer to the isc::dhcp::Pkt4 object, which contains the source and destination address of the received packet, the interface over which the packet has been received, and a raw buffer, stored in the data_ field, containing the DHCPv4 message in the wire format. None of the packet fields (op_, hlen_, chaddr_, etc.) are set yet. Callouts installed on this hook point can modify the data in the received buffer. The server will parse the buffer afterwards." I am trying to gain access to the actual raw buffer stored in the "data_" field, but based on this documentation, the only object I have access to is the isc::dhcp::Pkt4 object, which doesn't seem to have a method to expose the buffer. If anyone has some clarity on this I would appreciate it. Thanks. -- Munroe Sollog (He/Him/His) Network Architect mun...@lehigh.edu ___ ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Forensic logging to syslog
Is it possible to configure the forensic logging hook to output to syslog? -- Munroe Sollog (He/Him/His) Network Architect mun...@lehigh.edu ___ ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] dhcpv4 log lines explained
INFO DHCP4_INIT_REBOOT [hwtype=1 ea:0d:45:c7:a6:2f], cid=[01:ea:0d:45:c7:a6:2f], tid=0xef2c2a4f: client is in INIT-REBOOT state and requests address 172.31.33.173 Is there a document that explains what the loggings means a little? in dhcpd DORA was very clearly logged and information in each log line was also clear. It seems like KEA has adopted SARS (IPv6 logging) notation perhaps? Even if that is true, questions remain. 1) I'm not aware of an "INIT-REBOOT" state? 2) I'm assuming hwtype1= <> is the client's mac address? 3) What is cid and what is tid? Hopefully there is some documentation that clarifies all this for me. Thanks. -- Munroe Sollog (He/Him/His) Network Architect mun...@lehigh.edu ___ ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] log the dhcp options the client requests
Yes, that is correct.
On Thu, Aug 22, 2019 at 11:54 AM Victoria Risk wrote:
> For fingerprinting, don’t you also need to know the order in which the
> options are requested?
>
> On Aug 22, 2019, at 5:10 AM, Munroe Sollog wrote:
>
> We currently use the dhcp options a client requests to fingerprint the
> device.
>
> On Thu, Aug 22, 2019 at 7:54 AM Tomek Mrugalski wrote:
>
>> On 22.08.2019 13:16, Munroe Sollog wrote:
>> > Just a bump to see if any progress has been made in allowing servers
>> > to log the options a client requests.
>> Thanks for bringing this up. That's interesting and a bit dangerous
>> request, especially if misconfigured.
>>
>> What exactly would you like to see in the log? Content of PRL or ORO
>> options, i.e. a list of options being requested or the actual content of
>> all options the client sent in its messages?
>>
>> Take a look at the loggers we currently have:
>>
>> https://kea.readthedocs.io/en/latest/arm/logging.html#the-name-string-logger
>>
>> In particular, you may look at kea-dhcp{4,6}.packets. If you're trying
>> to debug a client that his packets are rejects,
>> kea-dhcp{4,6}.bad-packets is something to look at. Also, there's
>> kea-dhcp4.options logger.
>>
>> If none of those work for you, can you open an issue in gitlab?
>> https://gitlab.isc.org/isc-projects/kea/issues
>>
>> Thanks,
>>
>> Tomek
>> ___
>> Kea-users mailing list
>> Kea-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
> --
> Munroe Sollog
> Senior Network Engineer
> mun...@lehigh.edu
> _______
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
>
> Victoria Risk
> Product Manager
> Internet Systems Consortium
> vi...@isc.org
>
>
>
>
>
>
--
Munroe Sollog
Senior Network Engineer
mun...@lehigh.edu
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] log the dhcp options the client requests
We currently use the dhcp options a client requests to fingerprint the
device.
On Thu, Aug 22, 2019 at 7:54 AM Tomek Mrugalski wrote:
> On 22.08.2019 13:16, Munroe Sollog wrote:
> > Just a bump to see if any progress has been made in allowing servers
> > to log the options a client requests.
> Thanks for bringing this up. That's interesting and a bit dangerous
> request, especially if misconfigured.
>
> What exactly would you like to see in the log? Content of PRL or ORO
> options, i.e. a list of options being requested or the actual content of
> all options the client sent in its messages?
>
> Take a look at the loggers we currently have:
>
> https://kea.readthedocs.io/en/latest/arm/logging.html#the-name-string-logger
>
> In particular, you may look at kea-dhcp{4,6}.packets. If you're trying
> to debug a client that his packets are rejects,
> kea-dhcp{4,6}.bad-packets is something to look at. Also, there's
> kea-dhcp4.options logger.
>
> If none of those work for you, can you open an issue in gitlab?
> https://gitlab.isc.org/isc-projects/kea/issues
>
> Thanks,
>
> Tomek
> ___
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
--
Munroe Sollog
Senior Network Engineer
mun...@lehigh.edu
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] log the dhcp options the client requests
Just a bump to see if any progress has been made in allowing servers to log the options a client requests. On Mon, Dec 18, 2017 at 2:19 PM Munroe Sollog wrote: > I'm looking http://kea.isc.org/docs/kea-messages.html#DHCP4 for which log > line will log the 'request details'. I'm more than happy to see if I can > acheive the same type of thing a different way. I don't see which item > actually logs the requesting information. > > > > On Mon, Dec 18, 2017 at 8:47 AM, Francis Dupont wrote: > >> Munroe Sollog writes: >> > I have this in our old dhcpd config file and I'd like to replicate >> > something like this in kea. Any idea how to do such a thing? >> >> => not yet (cf #5271: as it is a low priority MA ticket this means >> it was noted as something we can do in Kea if we need ideas). >> Of course you can log the request details (but not only PRL / ORO) >> or write a hook doing this (it is possible the log statement will be >> implemented as a hook). Note you can post a feature request (or >> wrote the hook code and make a pull request for it on github). >> >> Regards >> >> Francis Dupont >> >> PS: I have in the review queue a ticket which adds (as a side effect) >> a contrib directory in configure.ac so next year IMHO we'll be able >> to resume the idea to provide a contrib sub module / distribution. >> > > > > -- > Munroe Sollog > Senior Network Engineer > mun...@lehigh.edu > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] deny booting or ignore booting
I'm going to start calling you Thomas "Scope Creep" Andersen. :) . In all seriousness, we can talk about the value of NACs and sure there are some, but it is clearly out of scope for lifecycling our dhcp server. On Fri, Mar 22, 2019 at 9:06 AM Thomas Andersen wrote: > Hi, > > > > Installing a NAC for that purpose solely, would be overkill :) > > But when you have 35,000 devices, I would presume you already had some > sort of NAC, to control/verify who’s on your network. > > > > That being 802.1x, Mac auth or CWP. > > > > We use clearpass for all network authentication, which has the option of > blacklist mac addresses. Similar OpenSource like packetfence has the same > featureset as ClearPass. More or less. > > > > Br, > > Thomas > > > > *From: *Munroe Sollog > *Date: *Friday, 22 March 2019 at 13.03 > *To: *Thomas Andersen > *Cc: *Francis Dupont , "KEA-Users ( > kea-users@lists.isc.org)" > *Subject: *Re: [Kea-users] deny booting or ignore booting > > > > While I appreciate the suggestion. Installing a NAC to accomplish similar > functionality to one line of configuration in our DHCP server is kind of > silly. > > > > On Fri, Mar 22, 2019 at 7:58 AM Thomas Andersen wrote: > > Do you have a NAC or is it open network? > > I would prefer deny it when entering the network, not when asking for DHCP. > > > > > > > > Br, > > Thomas > > > > *From: *Kea-users on behalf of Munroe > Sollog > *Date: *Friday, 22 March 2019 at 12.42 > *To: *Francis Dupont > *Cc: *"KEA-Users (kea-users@lists.isc.org)" > *Subject: *Re: [Kea-users] deny booting or ignore booting > > > > Perhaps random wasn't a good choice of words. Given a MAC address we need > a way of ensuring it does not DHCP. I'm open to alternatives to the > ignore/deny booting function. Some sort of client classification? > > > > On Thu, Mar 21, 2019 at 7:43 PM Francis Dupont wrote: > > Munroe Sollog writes: > > isc dhcpd supports the concept of "deny booting" or "ignore booting". > Kea > > does not seem to support this concept. > > => this feature is not supported by Kea but you have other ways to get > the same effect. > > > >From time to time we need to ensure that a random device does not get a > > valid lease and is thus prevented from accessing our network (we enforce > > DHCP at the access layer). I found this: > > => as ISC DHCP booting keyword has a meaning only in a host reservation > it is useless for a random device which by definition has no known > identifier. Note if you want to ban unknown devices both ISC DHCP and > Kea (since 1.5) provide a known/unknown client classification. > > > http://oldkea.isc.org/ticket/5229 > > => replaced by https://gitlab.isc.org/isc-projects/kea/issues/239 > > This ticket is a migration ticket: all features of ISC DHCP were > analyzed: > - some can be translated (*) to Kea > - some are candidate to be added to Kea > - some have low interest (too specific, obsolete or unused, etc) (**) > (*) There is a piece of software named the Migration Assistant which > helps to translate ISC DHCP configurations to Kea. It is still in > development but as we are looking for config samples to test and > improve it you can contact us to know more... > (**) #239 enters in the last category (priority low), the MA code emits > a "no concrete usage known?" message when it finds the booting keyword. > > > I'm not sure what to make of this, but I tried creating a host > reservation > > without an IP address and kea errors with: > > > > specified reservation for DUID: hwtype=1 00:50:56:bf:d7:a5 must include > at > > least one resource, i.e. hostname, IPv4 address, IPv6 address/prefix, > > options > > => yes if you have no address (nor prefix in IPv6) you need a hostname. > Note here a host reservation is perhaps not the best feature: what you > want is some kind of access list and for a negative access list a client > class is better. Host reservations and KNOWN/UNKNOWN are faster for > a positive (and large) access list. > > Regards > > Francis Dupont > > > > > -- > > Munroe Sollog > > Senior Network Engineer > > mun...@lehigh.edu > > -- > > Munroe Sollog > > Senior Network Engineer > > mun...@lehigh.edu > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] deny booting or ignore booting
The firewall idea is interesting, but all of our DHCP is via relay and I don’t think I can capture the source MAC address from the relay. We have 35,000 hosts DHCP-ing, to whitelist all but 100 sounds very inefficient. Further, in this case, we are only able to enumerate badness, new devices that behave properly should not be limited. There has to be a way to give kea a list of MAC addresses to ignore. On Fri, Mar 22, 2019 at 8:03 AM Francis Dupont wrote: > Munroe Sollog writes: > > Perhaps random wasn't a good choice of words. Given a MAC address we > need > > a way of ensuring it does not DHCP. I'm open to alternatives to the > > ignore/deny booting function. Some sort of client classification? > > => the simplest (and most efficient as a rogue client can for instance > flood the server with junk queries) is to use a firewall feature to > drop messages on the floor. At the Kea server level the standard way > is to create a client class which matches all other clients and > to guard subnets or pools with this class so not resource will be > available to it. You can also write a hook to filter out messages > but it requires to write some code (vs a config update). > > Regards > > Francis Dupont > > PS: I cited the hook because it is the standard way to plug an > authentication/authorization service to Kea. > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] deny booting or ignore booting
While I appreciate the suggestion. Installing a NAC to accomplish similar functionality to one line of configuration in our DHCP server is kind of silly. On Fri, Mar 22, 2019 at 7:58 AM Thomas Andersen wrote: > Do you have a NAC or is it open network? > > I would prefer deny it when entering the network, not when asking for DHCP. > > > > > > > > Br, > > Thomas > > > > *From: *Kea-users on behalf of Munroe > Sollog > *Date: *Friday, 22 March 2019 at 12.42 > *To: *Francis Dupont > *Cc: *"KEA-Users (kea-users@lists.isc.org)" > *Subject: *Re: [Kea-users] deny booting or ignore booting > > > > Perhaps random wasn't a good choice of words. Given a MAC address we need > a way of ensuring it does not DHCP. I'm open to alternatives to the > ignore/deny booting function. Some sort of client classification? > > > > On Thu, Mar 21, 2019 at 7:43 PM Francis Dupont wrote: > > Munroe Sollog writes: > > isc dhcpd supports the concept of "deny booting" or "ignore booting". > Kea > > does not seem to support this concept. > > => this feature is not supported by Kea but you have other ways to get > the same effect. > > > >From time to time we need to ensure that a random device does not get a > > valid lease and is thus prevented from accessing our network (we enforce > > DHCP at the access layer). I found this: > > => as ISC DHCP booting keyword has a meaning only in a host reservation > it is useless for a random device which by definition has no known > identifier. Note if you want to ban unknown devices both ISC DHCP and > Kea (since 1.5) provide a known/unknown client classification. > > > http://oldkea.isc.org/ticket/5229 > > => replaced by https://gitlab.isc.org/isc-projects/kea/issues/239 > > This ticket is a migration ticket: all features of ISC DHCP were > analyzed: > - some can be translated (*) to Kea > - some are candidate to be added to Kea > - some have low interest (too specific, obsolete or unused, etc) (**) > (*) There is a piece of software named the Migration Assistant which > helps to translate ISC DHCP configurations to Kea. It is still in > development but as we are looking for config samples to test and > improve it you can contact us to know more... > (**) #239 enters in the last category (priority low), the MA code emits > a "no concrete usage known?" message when it finds the booting keyword. > > > I'm not sure what to make of this, but I tried creating a host > reservation > > without an IP address and kea errors with: > > > > specified reservation for DUID: hwtype=1 00:50:56:bf:d7:a5 must include > at > > least one resource, i.e. hostname, IPv4 address, IPv6 address/prefix, > > options > > => yes if you have no address (nor prefix in IPv6) you need a hostname. > Note here a host reservation is perhaps not the best feature: what you > want is some kind of access list and for a negative access list a client > class is better. Host reservations and KNOWN/UNKNOWN are faster for > a positive (and large) access list. > > Regards > > Francis Dupont > > > > > -- > > Munroe Sollog > > Senior Network Engineer > > mun...@lehigh.edu > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] deny booting or ignore booting
Perhaps random wasn't a good choice of words. Given a MAC address we need a way of ensuring it does not DHCP. I'm open to alternatives to the ignore/deny booting function. Some sort of client classification? On Thu, Mar 21, 2019 at 7:43 PM Francis Dupont wrote: > Munroe Sollog writes: > > isc dhcpd supports the concept of "deny booting" or "ignore booting". > Kea > > does not seem to support this concept. > > => this feature is not supported by Kea but you have other ways to get > the same effect. > > > >From time to time we need to ensure that a random device does not get a > > valid lease and is thus prevented from accessing our network (we enforce > > DHCP at the access layer). I found this: > > => as ISC DHCP booting keyword has a meaning only in a host reservation > it is useless for a random device which by definition has no known > identifier. Note if you want to ban unknown devices both ISC DHCP and > Kea (since 1.5) provide a known/unknown client classification. > > > http://oldkea.isc.org/ticket/5229 > > => replaced by https://gitlab.isc.org/isc-projects/kea/issues/239 > > This ticket is a migration ticket: all features of ISC DHCP were > analyzed: > - some can be translated (*) to Kea > - some are candidate to be added to Kea > - some have low interest (too specific, obsolete or unused, etc) (**) > (*) There is a piece of software named the Migration Assistant which > helps to translate ISC DHCP configurations to Kea. It is still in > development but as we are looking for config samples to test and > improve it you can contact us to know more... > (**) #239 enters in the last category (priority low), the MA code emits > a "no concrete usage known?" message when it finds the booting keyword. > > > I'm not sure what to make of this, but I tried creating a host > reservation > > without an IP address and kea errors with: > > > > specified reservation for DUID: hwtype=1 00:50:56:bf:d7:a5 must include > at > > least one resource, i.e. hostname, IPv4 address, IPv6 address/prefix, > > options > > => yes if you have no address (nor prefix in IPv6) you need a hostname. > Note here a host reservation is perhaps not the best feature: what you > want is some kind of access list and for a negative access list a client > class is better. Host reservations and KNOWN/UNKNOWN are faster for > a positive (and large) access list. > > Regards > > Francis Dupont > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] deny booting or ignore booting
isc dhcpd supports the concept of "deny booting" or "ignore booting". Kea does not seem to support this concept. >From time to time we need to ensure that a random device does not get a valid lease and is thus prevented from accessing our network (we enforce DHCP at the access layer). I found this: http://oldkea.isc.org/ticket/5229 I'm not sure what to make of this, but I tried creating a host reservation without an IP address and kea errors with: specified reservation for DUID: hwtype=1 00:50:56:bf:d7:a5 must include at least one resource, i.e. hostname, IPv4 address, IPv6 address/prefix, options -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] kea API
Did this ever make it into the roadmap? On Mon, Dec 4, 2017 at 4:24 PM Klaus Steden wrote: > > +1 to this request. > > cheers, > Klaus > > On Mon, Dec 4, 2017 at 1:19 PM, Munroe Sollog wrote: > >> Has there been any discussion about using GET instead of POST for the >> read-only (statistics) API? I'm working on integrating our monitoring and >> metrics with kea, and it would have been very helpful to have a POST API >> and a GET API so I can limit access accordingly. >> >> As it is I have to write an intermediary web service to allow statistics >> collection without allowing nagios/icinga/etc to 'shutdown' the server. >> >> -- >> Munroe Sollog >> Senior Network Engineer >> mun...@lehigh.edu >> >> ___ >> Kea-users mailing list >> Kea-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/kea-users >> >> > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] HA based on galera
I am running a similar configuration with other weirdness. I was told that it is currently an unsupported configuration until version 1.4 On Tue, Mar 13, 2018 at 7:11 AM <l...@ezelink.com> wrote: > Thanks, Dominik, > > I don't think the dedicated write node will help, cause mysql reports > deadlock. > that's probably sequential locks which are not properly adjusted. > > On 2018-03-13 14:37, Dominik Epple wrote: > > Hi, > > > > it might help if you pick a dedicated galera write node, i.e. both of > > your kea servers write to the same galera node at each point in time. > > You can still configure that in a HA fashion by some active-passive > > loadbalancer or a failover IP or something. > > > > The other option would be that the kea code gets adjusted for running > > "galera-aware" but I am no expert on what exactly needs to happen > > there. But if it can't be fixed on application level, it probably can > > be fixed on system level by picking a dedicated write node. > > > > Dominik > > > > 2018-03-13 11:28 GMT+01:00 <l...@ezelink.com>: > > > >> Hi guys, > >> > >> I'm running 2 kea dhcp servers and connect them to galera-mysql > >> cluster for HA. > >> Everything is ok, but sometimes i have this message in logs: > >> > >> 2018-03-13 14:14:45.036 ERROR [kea-dhcp4.alloc-engine/11864] > >> ALLOC_ENGINE_V4_ALLOC_ERROR [hwtype=1 b8:53:ac:xx:xx:xx], > >> cid=[01:b8:53:ac:xx:xx:xx], tid=0xa56d03a4: error during attempt to > >> allocate an IPv4 address: unable to execute for >> hwaddr, client_id, valid_lifetime, expire, subnet_id, fqdn_fwd, > >> fqdn_rev, hostname, state FROM lease4 WHERE client_id = ? AND > >> subnet_id = ?>, reason: Deadlock found when trying to get lock; try > >> restarting transaction (error code 1213) > >> > >> the network is relatively small - not more than 50-100 requests per > >> second > >> > >> How can I get rid of these messages? Cause after getting this error, > >> server sends NACK to client > >> ___ > >> Kea-users mailing list > >> Kea-users@lists.isc.org > >> https://lists.isc.org/mailman/listinfo/kea-users [1] > > > > > > > > Links: > > -- > > [1] https://lists.isc.org/mailman/listinfo/kea-users > ___ > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] log the dhcp options the client requests
I'm looking http://kea.isc.org/docs/kea-messages.html#DHCP4 for which log line will log the 'request details'. I'm more than happy to see if I can acheive the same type of thing a different way. I don't see which item actually logs the requesting information. On Mon, Dec 18, 2017 at 8:47 AM, Francis Dupont <fdup...@isc.org> wrote: > Munroe Sollog writes: > > I have this in our old dhcpd config file and I'd like to replicate > > something like this in kea. Any idea how to do such a thing? > > => not yet (cf #5271: as it is a low priority MA ticket this means > it was noted as something we can do in Kea if we need ideas). > Of course you can log the request details (but not only PRL / ORO) > or write a hook doing this (it is possible the log statement will be > implemented as a hook). Note you can post a feature request (or > wrote the hook code and make a pull request for it on github). > > Regards > > Francis Dupont <fdup...@isc.org> > > PS: I have in the review queue a ticket which adds (as a side effect) > a contrib directory in configure.ac so next year IMHO we'll be able > to resume the idea to provide a contrib sub module / distribution. > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] log the dhcp options the client requests
I have this in our old dhcpd config file and I'd like to replicate something like this in kea. Any idea how to do such a thing? -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] bind kea to non-local IP
I’m happy to try to resolve my problem of sticky clients another way, I just don’t see how. On Thu, Dec 14, 2017 at 9:47 AM Francis Dupont <fdup...@isc.org> wrote: > Munroe Sollog writes: > > Actually Bind9 supports 'rescanning' for new IPs to listen on and HAProxy > > supports listening to non-local IPs. > > => rescan allows to add or remove addresses to interfaces, not > virtual addresses. The DNS uses anycast addresses which is another way > to provide a service at a "fixed" address by multiple servers. > Of course it works better with an essentially "state less" protocol as DNS, > and not with DHCP at the exception of INFORM... > > > The real problem we experience is that there are many poorly implemented > > dhcp clients. When it come time to renew its IP address, it contacts its > > last DHCP server and if that server doesn't respond, it gives up. > > => it is a clear (but common) violation of the protocol both at the letter > and in the spirit. > Perhaps it is the reason DHCPv6 requires the use of multicast? > > Thanks > > Francis Dupont <fdup...@isc.org> > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] bind kea to non-local IP
Francis - Actually Bind9 supports 'rescanning' for new IPs to listen on and HAProxy supports listening to non-local IPs. The real problem we experience is that there are many poorly implemented dhcp clients. When it come time to renew its IP address, it contacts its last DHCP server and if that server doesn't respond, it gives up. Having a secondary or tertiary DHCP server doesn't help in this regard unless it can also assume the IP of the primary DHCP server. On Thu, Dec 14, 2017 at 8:48 AM, James Sumners <jamessumn...@clayton.edu> wrote: > I concur with Munroe. I maintain https://github.com/jsumners/ucarp-rhel7 > for my HAProxy failover setup. My guess is that your opposition could stem > from multiple OSes not supporting this sort of socket binding. Some quick > searching shows me that at least FreeBSD supports it via the “IP_BINDANY” > options http://fxr.watson.org/fxr/ident?i=IP_BINDANY. On Linux it is is > “IP_FREEBIND”. These are defined in netinet/in.h and netinet/ip.h, > respectively. > > I think this would be a good feature to support since, as far as I can > tell, routers don’t typically allow defining a backup “ip helper.” > > > > > On December 14, 2017 at 3:04:25 AM, Francis Dupont (fdup...@isc.org) > wrote: > > Kea is like 99.99% of network servers I know: it binds only to local > addresses > as required by the standard socket API. > > Regards > > Francis Dupont <fdup...@isc.org> > > PS: I am sure you'll get the same problem with bind9 for instance. > ___ > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] bind kea to non-local IP
VRRP should allow for a quick and easy way to implement a failover pair of dhcp servers without breaking poorly implemented DHCP clients (clients that won't re-broadcast the dhcp request when the renewing server doesn't respond). However in order to implement keepalived, you have to enable nonlocal ip binding in the kernel: echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind It seems like Kea though, also doesn't like binding to a non-local IP. So if the other DHCP server fails, it can't seemlessly assume its role and needs to be reconfigured and restarted. This would be a great feature to implement especially in 1.4 as part of the HA feature set. As of right now, when I try to configure kea to listen on the standby IP (the IP the other server is currently using), I get: DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/etc/kea/kea-dhcp4.conf': Failed to select interface: interface 'eth0' doesn't have address '172.31.0.1' assigned (/etc/kea/kea-dhcp4.conf:18:41) (/etc/kea/kea-dhcp4.conf:18:5) -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Weird stats from a shared database
All great info to know and other than this stats weirdness everything is working fine. The only detail I didn’t share was that the servers are handing out non-overlapping IPs. I'd be happy to provide my configuration experience for Galera. I'll work on writing it up and share when it's done. I will also open a bug for this issue. Thanks for the help. On Wed, Dec 13, 2017 at 7:13 AM Tomek Mrugalski <tom...@isc.org> wrote: > W dniu 12.12.2017 o 15:48, Munroe Sollog pisze: > > Let me know if this should be a bug, but I have noticed some weird stats > > when running two kea-1.3 DHCP servers from the same mysql database > > (using Galera). > > > > I have included a screen grab of the stats. > > > > Between noon and 2pm yesterday we when I migrated rogi from the memfile > > to the mysql database. I migrated all of the existing leases from the > > CSV to mysql and started rogi. > > > > Igor from around 2:30pm until about 7:45am the next day it steadily > > declines all the way to -436 leases. How can it possibly have > > *negative* leases? > Rasmus is right. Running more than one Kea server using the same > database is not officially supported. > > Here's what is likely to happen: each Kea instance allocates leases to > clients. For each allocation, the statistic is increased. The statistic > is observed on each instance. It is likely to be incorrect as there is > another instance that also allocates leases. > > Now, unless you took extra steps to disable lease expiration on one > instance and keep it running on another, there are two instances > periodically looking for leases that are expired. Depending on how many > leases are expired during exact moment when the expiration triggers, one > server may get more expired leases to process than the other. Only that > server will decrease the statistic. > > Finally, I don't know how you set this up, but I presume that the server > that allocated a lease will send its own server-id and thus the release > messages will be processed only by that server. So this shouldn't > contribute to the confusion, unless you did some clever things with > server-id. > > You may perceive it as a bug. It's a valid point of view. But I see it > as Kea being run in a configuration that is not officially supported. > There's nothing wrong with it. We're happy it provides service and > generally works. It's just there are quirks like this. > > We do have recountLeaseStats4 and recountLeaseStats6 method, but it is > only used internally. I suppose we could expose it as a command that you > could call. Kea instance would then consult the database and recalculate > the values. > > As Rasmus mentioned, we do plan to improve the situation significantly > in 1.4. We want to provide a high availability solution, but also > improve many aspects of running multiple Kea servers at the same time. > > I don't have any specific solution for you right now, just some things > to consider. Kea doesn't have any notion (at least not yet) of a server > instance owning a lease. You could try generating the statistic by > pooling both servers and adding the values together. Consider it an > experiment. It may or may not work. I'd love to hear about the results. > > I'd like to ask you a favour. Can you describe how you did set up Galera > for MySQL on kea wiki? There are installation instructions here: > http://kea.isc.org/wiki/Install I was thinking about something similar, > but with detailed instructions how to set up Galera cluster. This would > be useful for two reasons. First, other users could set it up in similar > fashion. Second, one of ISC engineers will get to look at this problem > one day. It will be very helpful to have an instruction to replicate > your environment. > > Finally, can you submit a bug for this? It would great if this bug > report had a link to the installation instruction. > > Hope that helps, > Tomek > ___ > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > > ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Weird stats from a shared database
Let me know if this should be a bug, but I have noticed some weird stats when running two kea-1.3 DHCP servers from the same mysql database (using Galera). I have included a screen grab of the stats. Between noon and 2pm yesterday we when I migrated rogi from the memfile to the mysql database. I migrated all of the existing leases from the CSV to mysql and started rogi. Igor from around 2:30pm until about 7:45am the next day it steadily declines all the way to -436 leases. How can it possibly have *negative* leases? This subnet is configured with 1hr leases. With that in mind, the fact that rogi steadily climbed overnight is very suspicious. This seems like rogi maybe wasn't reclaiming leases correctly? At just after 8am (towards the end of the graph), I made a configuration change to rogi and restarted it. This seemed to have triggered the reclamation process and also brought igor back from the negative. All and all a very weird graph. With two servers handing out IPs for the same subnet from the same database, how does the daemon track which one it handed out vs which one the other server handed out? -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] How is tsid generated
I was refering to 'xid'. So it sounds like it is expected for the same client to use the same xid across different negotiations, which would explain what I am seeing. On Tue, Dec 12, 2017 at 8:23 AM, Tomek Mrugalski <tom...@isc.org> wrote: > W dniu 11.12.2017 o 22:38, Munroe Sollog pisze: > > Can someone help me understand how the tsid field is generated? What is > > used to generate that hash? I’m tracking DHCP performance based on the > > tsid and I’m seeing a very small percentage of long transaction time > > that may be explained by colliding tsids. > Are you asking about transaction-id, a 32 (in DHCPv4) or 24 (in DHCPv6) > bit field in the DHCP message or tsig, a signature used to protect DNS > updates? You mentioned a hash, which suggests the latter. Anyway, here > are brief answers to both. > > xid, or transaction-id, is not a hash. It is supposed to be set by a > client to a random value, but some clients set it a special value. Kea > doesn't pay much attention to it, except it being echoed back in its > responses. This value is used by clients to match responses to their > outstanding transmissions. For details, see RFC2131, Section 2, page 10. > > tsig, or transaction signature is used to sign DNS updates. Kea supports > a number of algorithms (hmac-md5, hmac-sha1 and others, see Section > 11.3.2 for details: > http://kea.isc.org/docs/kea-guide.html#d2-tsig-key-list-config). This > mechanism is defined in RFC2845. I haven't looked at the details, but I > presume it protects the whole content of the DNS message, so everything > in the DNS update message, a timestamp and a secret key are used to > generate that digest. > > Hope that helps. > Tomek > ___ > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Negative Assigned addresses?
Can someone help me understand how kea is reporting a negative number for
assigned addresses?
"subnet[].assigned-addresses": [
[
-19,
"2017-12-12 08:16:56.390577"
]
--
Munroe Sollog
Senior Network Engineer
mun...@lehigh.edu
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] How is tsid generated
Can someone help me understand how the tsid field is generated? What is used to generate that hash? I’m tracking DHCP performance based on the tsid and I’m seeing a very small percentage of long transaction time that may be explained by colliding tsids. Thanks. -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Kea integration with telegraf
For anyone that is interested, I wrote a script that re-formats the statistics output from the kea API into a telegraf-friendly format: https://github.com/mroe1234/kea-telegraf-stats I also bolted on a quick icinga/nagios status check to it. -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Kea logging
I am not familiar with splunk as we use logstash, but can't you just use syslog to forward them to splunk and then just parse them accordingly? On Tue, Dec 5, 2017 at 9:39 AM, Mikael Bjerkeland <mik...@bjerkeland.com> wrote: > I am also interested in this. I started writing a Splunk add-on to extract > and parse the logs. Posting the URL in case anyone else needs this: > > https://github.com/inspired/TA-isc-kea-dhcp-server-add-on- > for-splunk-enterprise > > > 5. des. 2017 15:35 skrev "Munroe Sollog" <m...@lehigh.edu>: > >> I'm using this document as reference: >> >> http://kea.isc.org/docs/kea-messages.html#messages >> >> When it comes to DHCP the decades-old process has long been understood as >> DORA or DORG >> >> Discover, Offer, Request/Renew, Acknowledge/Grant >> >> Looking at my logs and the above website, it looks like the ISC has >> abandoned these words and replaced them with things like 'LEASE_ALLOC" and >> "LEASE_ADVERT" and "INIT_REBOOT". I have not been able to find an >> equivalent message for discover yet. >> >> As a system/network administrator, I found it incredibly useful to be >> able to follow the DORA process in the logs, especially when >> troubleshooting a problem. >> >> Am I missing a configuration parameter that might restore some of this >> functionality? >> >> -- >> Munroe Sollog >> Senior Network Engineer >> mun...@lehigh.edu >> >> ___ >> Kea-users mailing list >> Kea-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/kea-users >> >> -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Kea logging
I'm using this document as reference: http://kea.isc.org/docs/kea-messages.html#messages When it comes to DHCP the decades-old process has long been understood as DORA or DORG Discover, Offer, Request/Renew, Acknowledge/Grant Looking at my logs and the above website, it looks like the ISC has abandoned these words and replaced them with things like 'LEASE_ALLOC" and "LEASE_ADVERT" and "INIT_REBOOT". I have not been able to find an equivalent message for discover yet. As a system/network administrator, I found it incredibly useful to be able to follow the DORA process in the logs, especially when troubleshooting a problem. Am I missing a configuration parameter that might restore some of this functionality? -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] CSV -> database converter
All - Not sure if anyone is interested or if something like this already exists, but I wrote a script to make it easy to migrate from a csv-backed kea to a database-backed kea. https://github.com/mroe1234/kea-importer comments welcome of course. -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Adding a lease via the API
Maybe my 'service' is wrong? lease4-add is implemented via a hook library
"hooks-libraries": [
// Hook libraries list may contain more than one library.
{
// The only necessary parameter is the library filename.
"library": "/usr/local/lib/hooks/libdhcp_lease_cmds.so"
// Some libraries may support parameters. Make sure you
// type this section carefully, as the CA does not validate
// it (because the format is library specific).
}
]
On Thu, Nov 30, 2017 at 9:21 AM, Munroe Sollog <m...@lehigh.edu> wrote:
> I added a dummy interface on a dead-end subnet and enabled a pool for that
> subnet, still the same result.
>
> On Thu, Nov 30, 2017 at 9:07 AM, Munroe Sollog <m...@lehigh.edu> wrote:
>
>> I don't want to add a pool because I really don't want it handing out any
>> addresses at the moment.
>>
>> On Thu, Nov 30, 2017 at 9:06 AM, Zayer, Sebastian <
>> sebastian.za...@takko.de> wrote:
>>
>>> Hi Munroe,
>>>
>>>
>>>
>>> to me it seems that the subnet is not working without any possible IPs
>>> in it’s pool.
>>>
>>> Did you already try that with some IPs in “pools”: [], ?
>>>
>>>
>>>
>>>
>>>
>>> With kind regards
>>>
>>>
>>>
>>> Sebastian
>>>
>>>
>>>
>>>
>>>
>>> *From:* Kea-users [mailto:kea-users-boun...@lists.isc.org] *On Behalf
>>> Of *Munroe Sollog
>>> *Sent:* Thursday, November 30, 2017 2:25 PM
>>> *To:* KEA-Users (kea-users@lists.isc.org) <kea-users@lists.isc.org>
>>> *Subject:* [Kea-users] Adding a lease via the API
>>>
>>>
>>>
>>> when I run:
>>>
>>>
>>>
>>> curl -X POST -H "Content-Type: application/json" -d '{ "command":
>>> "config-get", "service": ["dhcp4"] }' http://localhost:8000/
>>>
>>>
>>>
>>> I get:
>>>
>>>
>>>
>>> https://paste.debian.net/hidden/a5ae1e53/
>>>
>>>
>>>
>>> It seems to me that subnet-id=1 is configured. However when I run:
>>>
>>>
>>>
>>> curl -X POST -H "Content-Type: application/json" -d '{ "command":
>>> "lease4-add","service": ["dhcp4"], "arguments": { "subnet-id": 1,
>>> "ip-address": "172.31.32.12", "hw-address": "1a:1b:1c:1d:1e:1f" } }'
>>> http://localhost:8000/
>>>
>>> [ { "result": 1, "text": "Invalid subnet-id: No IPv4 subnet with
>>> subnet-id=1 currently configured." } ]
>>>
>>>
>>>
>>> It says that subnet-id=1 doesn't exist? What am I missing?
>>>
>>>
>>>
>>> --
>>>
>>> Munroe Sollog
>>>
>>> Senior Network Engineer
>>>
>>> mun...@lehigh.edu
>>>
>>> ___
>>> Kea-users mailing list
>>> Kea-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>
>>>
>>
>>
>> --
>> Munroe Sollog
>> Senior Network Engineer
>> mun...@lehigh.edu
>>
>
>
>
> --
> Munroe Sollog
> Senior Network Engineer
> mun...@lehigh.edu
>
--
Munroe Sollog
Senior Network Engineer
mun...@lehigh.edu
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Adding a lease via the API
I added a dummy interface on a dead-end subnet and enabled a pool for that
subnet, still the same result.
On Thu, Nov 30, 2017 at 9:07 AM, Munroe Sollog <m...@lehigh.edu> wrote:
> I don't want to add a pool because I really don't want it handing out any
> addresses at the moment.
>
> On Thu, Nov 30, 2017 at 9:06 AM, Zayer, Sebastian <
> sebastian.za...@takko.de> wrote:
>
>> Hi Munroe,
>>
>>
>>
>> to me it seems that the subnet is not working without any possible IPs in
>> it’s pool.
>>
>> Did you already try that with some IPs in “pools”: [], ?
>>
>>
>>
>>
>>
>> With kind regards
>>
>>
>>
>> Sebastian
>>
>>
>>
>>
>>
>> *From:* Kea-users [mailto:kea-users-boun...@lists.isc.org] *On Behalf Of
>> *Munroe Sollog
>> *Sent:* Thursday, November 30, 2017 2:25 PM
>> *To:* KEA-Users (kea-users@lists.isc.org) <kea-users@lists.isc.org>
>> *Subject:* [Kea-users] Adding a lease via the API
>>
>>
>>
>> when I run:
>>
>>
>>
>> curl -X POST -H "Content-Type: application/json" -d '{ "command":
>> "config-get", "service": ["dhcp4"] }' http://localhost:8000/
>>
>>
>>
>> I get:
>>
>>
>>
>> https://paste.debian.net/hidden/a5ae1e53/
>>
>>
>>
>> It seems to me that subnet-id=1 is configured. However when I run:
>>
>>
>>
>> curl -X POST -H "Content-Type: application/json" -d '{ "command":
>> "lease4-add","service": ["dhcp4"], "arguments": { "subnet-id": 1,
>> "ip-address": "172.31.32.12", "hw-address": "1a:1b:1c:1d:1e:1f" } }'
>> http://localhost:8000/
>>
>> [ { "result": 1, "text": "Invalid subnet-id: No IPv4 subnet with
>> subnet-id=1 currently configured." } ]
>>
>>
>>
>> It says that subnet-id=1 doesn't exist? What am I missing?
>>
>>
>>
>> --
>>
>> Munroe Sollog
>>
>> Senior Network Engineer
>>
>> mun...@lehigh.edu
>>
>> ___
>> Kea-users mailing list
>> Kea-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
>>
>
>
> --
> Munroe Sollog
> Senior Network Engineer
> mun...@lehigh.edu
>
--
Munroe Sollog
Senior Network Engineer
mun...@lehigh.edu
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Adding a lease via the API
when I run:
curl -X POST -H "Content-Type: application/json" -d '{ "command":
"config-get", "service": ["dhcp4"] }' http://localhost:8000/
I get:
https://paste.debian.net/hidden/a5ae1e53/
It seems to me that subnet-id=1 is configured. However when I run:
curl -X POST -H "Content-Type: application/json" -d '{ "command":
"lease4-add","service": ["dhcp4"], "arguments": { "subnet-id": 1,
"ip-address": "172.31.32.12", "hw-address": "1a:1b:1c:1d:1e:1f" } }'
http://localhost:8000/
[ { "result": 1, "text": "Invalid subnet-id: No IPv4 subnet with
subnet-id=1 currently configured." } ]
It says that subnet-id=1 doesn't exist? What am I missing?
--
Munroe Sollog
Senior Network Engineer
mun...@lehigh.edu
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Manage leases table via the API
Perfect, thanks! On Wed, Nov 29, 2017 at 1:40 PM, Marcin Siodelski <mar...@isc.org> wrote: > Hello Munroe, > > Kea includes an open source hooks library called lease_cmds (see > src/hooks/dhcp/lease_cmds) which can be used to manipulate leases in the > lease database. > > Also, see Kea User's Guide: > https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#lease-cmds > > Marcin Siodelski > ISC > > On 29.11.2017 19:35, Munroe Sollog wrote: > > Is there currently a way to add/remove active leases from the leases4|6 > > table using the API? > > > > -- > > Munroe Sollog > > Senior Network Engineer > > mun...@lehigh.edu <mailto:mun...@lehigh.edu> > > > > > > ___ > > Kea-users mailing list > > Kea-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/kea-users > > > > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Manage leases table via the API
Is there currently a way to add/remove active leases from the leases4|6 table using the API? -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Can't enable the control agent
Using the configuration examples provided, I am trying to configure the HTTP control agent on kea 1.3. Here is a pastebin of my config: https://paste.debian.net/plainh/45a4da9a Here is a pastebin of my debug output running kea in the foreground: https://paste.debian.net/hidden/c4374b48/ However with kea running port 8000 on localhost is not open. I purposely have no subnets defined as it is a testing box and I don't want to hand out any leases accidentally. -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Does anybody use Debian stretch as OS?
I just tried to build kea-1.3 on a fresh install of Debian Stretch. I did run into a version issue with automake. Stretch ships 1.15 instead of 1.14.1 which is what is hardcoded in the Make file and configure file. I had to massage some values to get kea to compile. On Sun, Nov 26, 2017 at 7:19 PM, Jason Guy <j...@cumulusnetworks.com> wrote: > I have built it a couple times for Stretch, seeme to work fine. In fact, I > decided to start learning how to make a debian package, since the > "maintainer" has not done anything since 1.1. Since I use Ansible to deploy > my servers in the lab, it is a lot easier to deploy from a .deb package. > > Cheers, > Jason > > On Fri, Nov 24, 2017 at 4:52 AM, Klaus Steden <klausfi...@gmail.com> > wrote: > >> >> Owen -- I've done likewise for us, but we're using U14 servers for our >> environment. A bit fiddly editing the checksums in the .dsc and making sure >> none of the vendor patches break things, but it builds well enough against >> sources from Git. >> >> cheers, >> Klaus >> >> On Thu, Nov 23, 2017 at 6:25 AM, Zayer, Sebastian < >> sebastian.za...@takko.de> wrote: >> >>> Hi, >>> >>> thank you very much. >>> >>> >>> With kind regards >>> >>> >>> >>> >>> <https://m.exactag.com/cl.aspx?tc=622d63de2c2dfa4e3133f6eff7f4a2cb=https://www.takko.com/de-de/?utm_source=mail_medium=intern_campaign=Takko_DE_Mailing_Signatur> >>> >>> <https://www.facebook.com/TakkoFashionDE> >>> <https://www.youtube.com/user/TakkoFashion1> >>> <https://instagram.com/takko_fashion> *Sebastian Zayer* >>> Specialist IT Systems >>> >>> T: +49 2504 923 865 <+49%202504%20923865> >>> F: +49 2504 923 797 <+49%202504%20923797> >>> M: +49 152 21811579 <+49%201522%201811579> >>> >>> Takko Holding GmbH >>> Alfred-Krupp-Straße 21 >>> 48291 Telgte, Deutschland >>> >>> Geschäftsführer: Ulrich Eickmann, Thomas Helmreich, Alexander >>> Mattschull, Arnold Mattschull >>> Amtsgericht Münster HRB 8939 | Ust.-Id Nr. DE209094382 | *takko.com >>> <https://m.exactag.com/cl.aspx?tc=622d63de2c2dfa4e3133f6eff7f4a2cb=https://www.takko.com/de-de/?utm_source=mail_medium=intern_campaign=Takko_DE_Mailing_Signatur>* >>> Bitte prüfen Sie der Umwelt zuliebe, ob der Ausdruck dieser Mail >>> erforderlich ist. >>> -Original Message- >>> From: Jason Lixfeld [mailto:jason-...@lixfeld.ca <jason-...@lixfeld.ca>] >>> Sent: Thursday, November 23, 2017 3:26 AM >>> To: Francis Dupont <fdup...@isc.org> >>> Cc: Zayer, Sebastian <sebastian.za...@takko.de>; KEA-Users ( >>> kea-users@lists.isc.org) <kea-users@lists.isc.org> >>> Subject: Re: [Kea-users] Does anybody use Debian stretch as OS? >>> >>> Sure. Done. >>> >>> > On Nov 22, 2017, at 7:01 PM, Francis Dupont <fdup...@isc.org> wrote: >>> > >>> > Can you fill an entry in "Install Kea from sources" in the wiki >>> > (http://kea.isc.org/wiki/Install)? >>> > >>> > Thanks >>> > >>> > Francis Dupont <fdup...@isc.org> >>> > >>> > PS: we should keep these more up to date (:-)... >>> >>> >>> ___ >>> Kea-users mailing list >>> Kea-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/kea-users >>> >>> >> >> ___ >> Kea-users mailing list >> Kea-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/kea-users >> >> > > ___ > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > > -- Munroe Sollog Senior Network Engineer mun...@lehigh.edu ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Dynamically changing DHCP options based on current environment using hooks
I have a network that has two gateways that can act as a device’s default gateway. Currently I am running kea on two different servers. Each server is configured to hand out half of the network’s ip space (non-overlapping). Each server has a different default gateway configured. This has the effect of load balancing users across both gateways. For added robustness I wrote a simple perl script that checks to ensure each path is up and routing, when one goes down for whatever reason, the script stops the appropriate DHCP server so users aren’t directed to a black hole. Finally the same script will start the DHCP server again when the path becomes functional again. This setup has been working well, but I would like to take advantage of the Kea hook framework, so I can reproduce this functionality using a single kea instance. I am looking for pointers and thoughts regarding writing a hook for this. It looks like, at the moment, I am locked into C++. I’m not sure which hook to use to massage the default gw for every lease. signature.asc Description: Message signed with OpenPGP ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] Production Users
Non-technical question here. Can I get a quick idea of who is using kea and in what size are your environments? ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] lease reading error
here is the full log of kea attempting to start I also gzipp'ed and uploaded my
leases file to:
https://ufile.io/f2b9
Oct 26 11:40:01 rogi systemd[1]: Starting ISC KEA IPv4 DHCP daemon...
Oct 26 11:40:01 rogi systemd[1]: Started ISC KEA IPv4 DHCP daemon.
Oct 26 11:40:01 rogi kea-dhcp4[20635]: 2016-10-26 11:40:01.720 INFO
[kea-dhcp4.dhcp4/20635]
DHCP4_STARTING Kea DHCPv4 server version 1.0.0 starting
Oct 26 11:40:01 rogi kea-dhcp4[20635]: 2016-10-26 11:40:01.722 INFO
[kea-dhcp4.dhcpsrv/20635]
DHCPSRV_CFGMGR_ADD_IFACE listening on interface eth0
Oct 26 11:40:01 rogi kea-dhcp4[20635]: 2016-10-26 11:40:01.722 INFO
[kea-dhcp4.dhcpsrv/20635]
DHCPSRV_CFGMGR_SOCKET_TYPE_DEFAULT "dhcp-socket-type" not specified , using
default socket type raw
Oct 26 11:40:01 rogi kea-dhcp4[20635]: 2016-10-26 11:40:01.723 INFO
[kea-dhcp4.dhcp4/20635]
DHCP4_CONFIG_NEW_SUBNET a new subnet has been added to configuration:
172.31.0.0/18 with params:
valid-lifetime=4000
Oct 26 11:40:01 rogi kea-dhcp4[20635]: 2016-10-26 11:40:01.724 INFO
[kea-dhcp4.commands/20635]
COMMAND_SOCKET_UNIX_OPEN Command socket opened: UNIX, fd=6,
path=/var/kea/statistics-socket
Oct 26 11:40:01 rogi kea-dhcp4[20635]: 2016-10-26 11:40:01.724 INFO
[kea-dhcp4.dhcpsrv/20635]
DHCPSRV_MEMFILE_DB opening memory file lease database: type=memfile universe=4
Oct 26 11:40:01 rogi kea-dhcp4[20635]: 2016-10-26 11:40:01.724 INFO
[kea-dhcp4.dhcpsrv/20635]
DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file
/var/lib/kea/kea-leases4.csv
Oct 26 11:40:09 rogi kea-dhcp4[20635]: 2016-10-26 11:40:09.311 ERROR
[kea-dhcp4.dhcp4/20635]
DHCP4_PARSER_FAIL failed to create or run parser for configuration element
lease-database: exceeded
maximum number of failures 100 to read a lease from the lease file
/var/lib/kea/kea-leases4.csv
Oct 26 11:40:09 rogi kea-dhcp4[20635]: 2016-10-26 11:40:09.311 ERROR
[kea-dhcp4.dhcp4/20635]
DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf,
reason: exceeded
maximum number of failures 100 to read a lease from the lease file
/var/lib/kea/kea-leases4.csv
Oct 26 11:40:09 rogi kea-dhcp4[20635]: 2016-10-26 11:40:09.311 ERROR
[kea-dhcp4.dhcp4/20635]
DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file
'/etc/kea/kea-dhcp4.conf': exceeded maximum number of failures 100 to read a
lease from the lease
file /var/lib/kea/kea-leases4.csv
Oct 26 11:40:09 rogi kea-dhcp4[20635]: 2016-10-26 11:40:09.311 INFO
[kea-dhcp4.commands/20635]
COMMAND_SOCKET_UNIX_CLOSE Command socket closed: UNIX, fd=6,
path=/var/kea/statistics-socket
Oct 26 11:40:09 rogi systemd[1]: kea-dhcp4-server.service: main process exited,
code=exited,
status=1/FAILURE
Oct 26 11:40:09 rogi systemd[1]: Unit kea-dhcp4-server.service entered failed
state.
On 10/25/2016 05:37 PM, Wlodek Wencel wrote:
> text files like kea_leases.csv reach really good compression ratio. It
> shouldn't reach more than 5Mb, but it is still to much for mailing list
> so if you could upload it somewhere.
>
> Or change logging severity to DEBUG with debug level 99 and see if there
> are additional logs.
>
> Regards,
> Włodek Wencel
>
> On 10/25/2016 11:13 PM, Munroe Sollog wrote:
>> below is my config. My leases file is ~350MB so can't easily attach that to
>> an email.
>>
>>
>> {
>> "Dhcp4":
>> {
>> "control-socket": {
>> "socket-type": "unix",
>> "socket-name": "/var/kea/statistics-socket"
>> },
>> "interfaces-config": {
>> "interfaces": ["eth0" ]
>> },
>> "lease-database": {
>> "type": "memfile"
>> },
>> "expired-leases-processing": {
>> "reclaim-timer-wait-time": 10,
>> "flush-reclaimed-timer-wait-time": 25,
>> "hold-reclaimed-time": 3600,
>> "max-reclaim-leases": 100,
>> "max-reclaim-time": 250,
>> "unwarned-reclaim-cycles": 5
>> },
>> "valid-lifetime": 4000,
>> "subnet4": [
>> {
>> "subnet": "172.31.0.0/18",
>> "pools": [ { "pool": "172.31.1.1 - 172.31.31.254"} ],
>> "option-data": [
>> {
>> "name": "domain-name-servers",
>> "data": "8.8.8.8, 8.8.4.4"
>> },
>> {
>> "name": "routers",
>> "data": "172.31.0.1"
>> },
>> ]
>> }
>>
>> ]
>> },
>>
>
Re: [Kea-users] lease reading error
below is my config. My leases file is ~350MB so can't easily attach that to an
email.
{
"Dhcp4":
{
"control-socket": {
"socket-type": "unix",
"socket-name": "/var/kea/statistics-socket"
},
"interfaces-config": {
"interfaces": ["eth0" ]
},
"lease-database": {
"type": "memfile"
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"valid-lifetime": 4000,
"subnet4": [
{
"subnet": "172.31.0.0/18",
"pools": [ { "pool": "172.31.1.1 - 172.31.31.254"} ],
"option-data": [
{
"name": "domain-name-servers",
"data": "8.8.8.8, 8.8.4.4"
},
{
"name": "routers",
"data": "172.31.0.1"
},
]
}
]
},
"Logging":
{
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea-dhcp4.log"
}
],
"severity": "INFO",
"debuglevel": 0
},
]
}
}
On 10/25/2016 05:10 PM, Wlodek Wencel wrote:
> Hello,
> thanks for reporting that issue, I never came across this kind of
> problem. Is there a possibility that you could send us leases file and
> kea config file?
>
> Regards,
> Włodek Wencel
> QA team
>
> On 10/25/2016 11:05 PM, Todd Simmons (todsimmo) wrote:
>> Understood, in my case it was caused by a power outage. I have 14 sites
>> running Kea 1.0.0 and that's the only time it's happened.
>>
>> Sent from my iPhone
>>
>>> On Oct 25, 2016, at 4:01 PM, Munroe Sollog <m...@lehigh.edu> wrote:
>>>
>>> I agree that the file is 'damaged' in some way, and of course if I delete
>>> all of the leases I expect
>>> it to start fine, but I'd like to figure out the root cause before I just
>>> blow the file away.
>>>
>>> - Munroe
>>>
>>>> On 10/25/2016 04:59 PM, Todd Simmons (todsimmo) wrote:
>>>> I had the same issue after the vm server was shutdown improperly after a
>>>> power outage. I opened the file in VI and deleted all the leases (after
>>>> saving a copy of course) and then it worked just fine.
>>>>
>>>> It's possible the file is damaged and that's causing the problem.
>>>>
>>>> Sent from my iPhone
>>>>
>>>>> On Oct 25, 2016, at 3:44 PM, Munroe Sollog <m...@lehigh.edu> wrote:
>>>>>
>>>>> running 1.0.0 code. I stopped the service a while and then when I went
>>>>> to start it I got the
>>>>> following error:
>>>>>
>>>>> kea-dhcp4[14193]: 2016-10-25 16:35:28.129 ERROR [kea-dhcp4.dhcp4/14193]
>>>>> DHCP4_INIT_FAIL failed to
>>>>> initialize Kea server: configuration error using file
>>>>> '/etc/kea/kea-dhcp4.conf': exceeded maximum
>>>>> number of failures 100 to read a lease from the lease file
>>>>> /var/lib/kea/kea-leases4.csv
>>>>>
>>>>>
>>>>> # kea-dhcp4 -V
>>>>> 1.0.0
>>>>> tarball
>>>>> linked with:
>>>>> log4plus 1.0.4
>>>>> OpenSSL 1.0.1t 3 May 2016
>>>>> database:
>>>>> MySQL backend 3.0, library 5.5.52
>>>>> PostgreSQL backend 2.0, library 90409
>>>>> Memfile backend 2.0
>>>>>
>>>>>
>>>>>
>>>>> A quick google search yeilded the comments from the header file that
>>>>> causes the error output, but I
>>>>> don't understand why it can't read its lease file all of a sudden. I
>>>>> don't know if it is pertinent,
>>>>> but there *a lot* of leases in the lease file:
>>>>>
>>>>> # wc -l /var/lib/kea/kea-leases4.csv
>>>>> 4485457 /var/lib/kea/kea-leases4.csv
>>>>>
>>>>> I obviously don't have 4.4million users though.
>>>>>
>>>>> --
>>>>> Munroe Sollog
>>>>> LTS - Senior Network Engineer
>>>>> x85002
>>>>> ___
>>>>> Kea-users mailing list
>>>>> Kea-users@lists.isc.org
>>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>> ___
>>>> Kea-users mailing list
>>>> Kea-users@lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>>
>>>
>>> --
>>> Munroe Sollog
>>> LTS - Senior Network Engineer
>>> x85002
>> ___
>> Kea-users mailing list
>> Kea-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
> ___
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
--
Munroe Sollog
LTS - Senior Network Engineer
x85002
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] assigned-addresses with a negative number?
I'm running 1.0.0 and this morning I pulled subnet[1].assigned-addresses from the control channel and it reported -175 which don't really make sense to me. Can someone explain? Thanks. -- Munroe Sollog LTS - Network Analyst x85002 ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] What is the purpose of the router array
Below is my config. I see that kea's documentation supports an array type for
the 'routers'
parameters. In practice it seems like the clients always use the first IP
listed. I'm trying to
understand the purpose of the array then. I am interested in the DHCP serving
these elements of the
array either non-deterministically or in some sort of load-balanced fashion in
order to spread
traffic evenly across both of our internet connections.
===My Config===
{
"Dhcp4":
{
"interfaces-config": {
"interfaces": ["eth0" ]
},
"lease-database": {
"type": "memfile"
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"valid-lifetime": 4000,
"subnet4": [
{
"subnet": "172.31.0.0/18",
"reservations": [
{
"hw-address": "a4:17:31:f5:05:fc",
"ip-address": "172.31.63.250"
},
],
"option-data": [
{
"name": "domain-name-servers",
"data": "8.8.8.8, 8.8.4.4"
},
{
"name": "routers",
"data": "172.31.63.254, 172.31.0.1"
},
]
}
]
},
--
Munroe Sollog
LTS - Network Analyst
x85002
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] DHCPv4 options router as an array
I have one network with two gateways, I'd like the dhcp server to round-robin (or something) handing out these gateways as the network's 'default gateway'. I am reading the docs for kea (http://kea.isc.org/docs/kea-guide.html#dhcp4-configuration) and I see that the 'routers' option supports an array. Is this meant to do exactly what I am trying to do? If not, why would the router option support an array? Thanks. -- Munroe Sollog LTS - Network Analyst x85002 ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] External script to enable or disable pools
I haven't designed it yet to be honest. the environment is such that the network is served by two gateways using two independent providers. The thought is to load balance the users out each gateway, and with a short enough lease time if one of the providers suffers an extended outage the DHCP server can 'fail' all of the clients over to the working gateway via lease expiration. - Munroe On 07/27/2016 12:46 PM, Tomek Mrugalski wrote: > On 27/07/16 17:03, Munroe Sollog wrote: >> I am working on deploying a DHCP server with two declarations. They >> will be serving the same VLAN and offering nonoverlapping pools. >> Each pool will be using a different gateway address. I would like the >> ability for a service (nagios) to be able to enable or disable a pool >> if/when the upstream gateway becomes unavailable. > Do you want this to be modeled as two subnets with one pool in each or > as one subnet with two pools in it? > > Please note that Kea currently does not provide the ability to tie > different option values with specific pools. You can currently define > options on global, subnet, client class and host levels. > > Also, keep in mind that once Kea (or any other DHCP server for that > matter) sends out a configuration to clients, they will use it and will > only get back to renew their configuration after renew-timer elapses. > This means that any changes will not be picked up instantly. In > principle there's a reconfigure mechanism, but since it is not > mandatory, majority of the clients don't support it, so it's risky to > depend on it. > >> Does Kea currently support any sort of API that would allow me to >> achieve this? > Not at this moment, but we're in a process of designing such an API. We > currently have requirements written and are looking for feedback. The > current proposal is available here: > http://kea.isc.org/wiki/ControlAPIRequirements. I would be great if you > could review it and check if what we intend to implement would work for you. > > We are looking for sponsors of that work and for people who are willing > to test engineering prototypes once we have it developed. Let me know if > you are interested. > >> I know that I could, through a script, edit the configuration and >> reload/restart the daemon, but I was wondering if there was a more >> elegant way. > There isn't any at the moment, but we're hoping to have that capability > in not so distant future. Depending on how popular this feature will be > among existing and prospective customers we may develop it sooner or > much later. > > Tomek > _______ > Kea-users mailing list > Kea-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/kea-users > -- Munroe Sollog LTS - Network Analyst x85002 ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
[Kea-users] External script to enable or disable pools
I am working on deploying a DHCP server with two declarations. They will be serving the same VLAN and offering nonoverlapping pools. Each pool will be using a different gateway address. I would like the ability for a service (nagios) to be able to enable or disable a pool if/when the upstream gateway becomes unavailable. Does Kea currently support any sort of API that would allow me to achieve this? I know that I could, through a script, edit the configuration and reload/restart the daemon, but I was wondering if there was a more elegant way. Thanks Munroe Sollog Network Analyst Lehigh University ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
