Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS

2018-02-09 Thread Yantis, Walt 
We have been rolling out Kea in our environment, but have run into a major 
snag, which is not being able to configure multiple subdomains for DDNS.  As we 
have been moving networks off of ISC DHCPD, we ran into this limitation.  
(We've moved networks with simple configurations first)
This limitation is discussed here:  http://kea.isc.org/ticket/5048#ticket

Our environment has many, many departments that use different subdomains and 
DDNS.  Please make an effort to include this in the software.  We are quite 
pleased with Kea up to this point, and would greatly appreciate the ability to 
specify multiple suffixes for DDNS.

Thank you,

Walt

Texas State University

-Original Message-
From: Kea-users [mailto:kea-users-boun...@lists.isc.org] On Behalf Of Francis 
Dupont
Sent: Friday, January 19, 2018 5:14 PM
To: Tobias - <loksk...@live.se>
Cc: kea-users@lists.isc.org
Subject: Re: [Kea-users] Client classification based on MAC vendor prefix + 
multi-subnet DDNS

Tobias - writes:
> First:
> 
> I'm trying to put my virtual machines in a separate subnet. The 
> virtual mac= hines have the vendor prefix of 52:54:00.
> 
> If I would do this in code, I would use AND to mask away the last 
> three oct= ets and then compare against 52:54:00:00:00:00 but I seem 
> to be unable to d= o that.
> 
> Since I was unable to fnd an example for Kea, I tried to do what 
> people sug= gested for dhcpd since the expression looked similar to 
> what is availible i= n Kea, but it didn't work.

=> in theory a substring(pkt4.mac, 0, 3) does the jobs BTW you can debug 
classification expression (admin guide, 13.9. Debugging Expressions). It should 
explain why it does not work in your example.

> Second:
> 
> How would I configure DDNS to have two qualifying suffixes? The two 
> subnets=  have different subdomains. I've been unable to find anything 
> that works so=  I'm still stuck only having DDNS for the first subnet.

=> Unfortunately it is not yet supported (it was recognized as an useful 
feature to add but no milestone was selected for this work and current one 
(1.4) is already fully booked).

Thanks

Francis Dupont <fdup...@isc.org>
___
Kea-users mailing list
Kea-users@lists.isc.org
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fkea-users=02%7C01%7Cwyantis%40txstate.edu%7Caf07725aec834856bf4608d55f924c49%7Cb19c134a14c94d4caf65c420f94c8cbb%7C0%7C0%7C636520004308015598=x7IYBz1kQQCCi2qA11w4GCOPm28HgO4wdcU1wtkD8mc%3D=0
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS

2018-01-21 Thread Francis Dupont 
> Tobias - writes:
Forget option 81: I believed that by FQDN you meaned the option 81 but
in fact now I believe it is the FQDN used in DDNS. BTW you have no control
on the option 81: this option or the host name one (code 12) are more
from the client, and your config says to replace it.

Thanks

Francis Dupont 

PS: of course when clients know their name and provide it things are
simpler (:-)!
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS

2018-01-20 Thread Tobias - 
On 2018-01-20 09:55, Francis Dupont wrote:
> I can't see what is in the ... in subnet definitions but I am afraid
> there is no "interface": "br0" so no subnet can't be selected from
> the incoming packet. I sent in this a description of the algorithm
> of the subnet selection. To summary with a broadcast packet from a
> directly connected client without specific options the only thing
> which works is to match the interface. When you have a class guard
> in a subnet definition either the packet is in the class and this
> subnet is selected, or it is not and this subnet is rejected and
> the next (in the config file order) subnet is tried. Note this
> applies to subnets in a shared network, i.e. a class guard in
> a subnet entry is strict: pools or reservations under the subnet
> are only for class members (i.e. it is not the ISC DHCP behavior
> and class for pools (which I expect to be merged next week)
> will be different too).
>
> About the classes themselves I expect the branch where I added logical
> expressions using classes will be reviewed soon so you should no longer
> need to evaluate twice the substring equal expression.
>
> For the "not using the classes" I can't say because I lack infos.
> If you use Kea 1.3 perhaps you should try a shared network
> as  pools and host reservations in a shared network are for the whole
> shared network as soon as they are not under a subnet with a class guard.
>
> Pools with class could help too but they are not yet available.
>
> Thanks
>
> Francis Dupont 
Hi Francis!

Thank you for helping me out.Yes, I run version 1.3.0.

I managed to get the reservation going after using "shared-networks"
like you suggested and specifying the interface in the subnets.
Everything is fine except that the FQDN sent back to the client is in
the domain specified in subnet 1 but it gets the rest of the
configuration from subnet 2.

The  complete configuration looks like this:
> {
>   "Dhcp4": {
> "interfaces-config": {
>   "interfaces": [
> "br0"
>   ],
>   "dhcp-socket-type": "raw"
> },
> "control-socket": {
>   "socket-type": "unix",
>   "socket-name": "/tmp/kea-dhcp4-ctrl.sock"
> },
> "lease-database": {
>   "type": "mysql",
>   "name": "kea",
>   "user": "kea",
>   "password": "password",
>   "lfc-interval": 3600
> },
> "hosts-database": {
>   "type": "mysql",
>   "name": "kea",
>   "user": "kea",
>   "password": "password"
> },
> "valid-lifetime": 4000,
> "renew-timer": 1000,
> "rebind-timer": 2000,
> "option-data": [
>   {
> "name": "default-ip-ttl",
> "data": "0xf0"
>   }
> ],
> "client-classes": [
>   {
> "name": "none",
> "test": "not (substring(pkt4.mac, 0, 3) == 0x525400)"
>   },
>   {
> "name": "vm",
> "test": "substring(pkt4.mac, 0, 3) == 0x525400"
>   }
> ],
> "shared-networks": [
>   {
> "name": "local-networks",
> "interface": "br0",
> "subnet4": [
>   {
> "subnet": "192.168.0.0/24",
> "id": 1,
> "client-class": "none",
> "pools": [
>   {
> "pool": "192.168.0.50 - 192.168.0.199"
>   }
> ],
> "reservation-mode": "out-of-pool",
> "option-data": [
>   {
> "name": "domain-name-servers",
> "data": "192.168.0.1"
>   },
>   {
> "name": "domain-name",
> "data": "dhcp.local.intra"
>   },
>   {
> "name": "domain-search",
> "data": "local.intra, vm.local.intra, dhcp.local.intra"
>   },
>   {
> "name": "routers",
> "data": "192.168.0.1"
>   }
> ]
>   },
>   {
> "subnet": "192.168.1.0/24",
> "id": 2,
> "client-class": "vm",
> "pools": [
>   {
> "pool": "192.168.1.224 - 192.168.1.254"
>   }
> ],
> "reservation-mode": "out-of-pool",
> "option-data": [
>   {
> "name": "domain-name-servers",
> "data": "192.168.1.1"
>   },
>   {
> "name": "domain-name",
> "data": "vm.local.intra"
>   },
>   {
> "name": "domain-search",
> "data": "local.intra, vm.local.intra, dhcp.local.intra"
>   },
>   {
> "name": "routers",
> "data": "192.168.1.1"
>   }
> ]
>   }
> ]
>   }
> ],
> "dhcp-ddns": {
>   "enable-updates": false,
>   "override-client-update": true,
>   "override-no-update":

Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS

2018-01-20 Thread Francis Dupont 
I can't see what is in the ... in subnet definitions but I am afraid
there is no "interface": "br0" so no subnet can't be selected from
the incoming packet. I sent in this a description of the algorithm
of the subnet selection. To summary with a broadcast packet from a
directly connected client without specific options the only thing
which works is to match the interface. When you have a class guard
in a subnet definition either the packet is in the class and this
subnet is selected, or it is not and this subnet is rejected and
the next (in the config file order) subnet is tried. Note this
applies to subnets in a shared network, i.e. a class guard in
a subnet entry is strict: pools or reservations under the subnet
are only for class members (i.e. it is not the ISC DHCP behavior
and class for pools (which I expect to be merged next week)
will be different too).

About the classes themselves I expect the branch where I added logical
expressions using classes will be reviewed soon so you should no longer
need to evaluate twice the substring equal expression.

For the "not using the classes" I can't say because I lack infos.
If you use Kea 1.3 perhaps you should try a shared network
as  pools and host reservations in a shared network are for the whole
shared network as soon as they are not under a subnet with a class guard.

Pools with class could help too but they are not yet available.

Thanks

Francis Dupont 
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS

2018-01-19 Thread Francis Dupont 
Tobias - writes:
> First:
> 
> I'm trying to put my virtual machines in a separate subnet. The virtual mac=
> hines have the vendor prefix of 52:54:00.
> 
> If I would do this in code, I would use AND to mask away the last three oct=
> ets and then compare against 52:54:00:00:00:00 but I seem to be unable to d=
> o that.
> 
> Since I was unable to fnd an example for Kea, I tried to do what people sug=
> gested for dhcpd since the expression looked similar to what is availible i=
> n Kea, but it didn't work.

=> in theory a substring(pkt4.mac, 0, 3) does the jobs
BTW you can debug classification expression (admin guide, 13.9. Debugging
Expressions). It should explain why it does not work in your example.

> Second:
> 
> How would I configure DDNS to have two qualifying suffixes? The two subnets=
>  have different subdomains. I've been unable to find anything that works so=
>  I'm still stuck only having DDNS for the first subnet.

=> Unfortunately it is not yet supported (it was recognized as an useful
feature to add but no milestone was selected for this work and current
one (1.4) is already fully booked).

Thanks

Francis Dupont 
___
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users