Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS
We have been rolling out Kea in our environment, but have run into a major snag, which is not being able to configure multiple subdomains for DDNS. As we have been moving networks off of ISC DHCPD, we ran into this limitation. (We've moved networks with simple configurations first) This limitation is discussed here: http://kea.isc.org/ticket/5048#ticket Our environment has many, many departments that use different subdomains and DDNS. Please make an effort to include this in the software. We are quite pleased with Kea up to this point, and would greatly appreciate the ability to specify multiple suffixes for DDNS. Thank you, Walt Texas State University -Original Message- From: Kea-users [mailto:kea-users-boun...@lists.isc.org] On Behalf Of Francis Dupont Sent: Friday, January 19, 2018 5:14 PM To: Tobias - <loksk...@live.se> Cc: kea-users@lists.isc.org Subject: Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS Tobias - writes: > First: > > I'm trying to put my virtual machines in a separate subnet. The > virtual mac= hines have the vendor prefix of 52:54:00. > > If I would do this in code, I would use AND to mask away the last > three oct= ets and then compare against 52:54:00:00:00:00 but I seem > to be unable to d= o that. > > Since I was unable to fnd an example for Kea, I tried to do what > people sug= gested for dhcpd since the expression looked similar to > what is availible i= n Kea, but it didn't work. => in theory a substring(pkt4.mac, 0, 3) does the jobs BTW you can debug classification expression (admin guide, 13.9. Debugging Expressions). It should explain why it does not work in your example. > Second: > > How would I configure DDNS to have two qualifying suffixes? The two > subnets= have different subdomains. I've been unable to find anything > that works so= I'm still stuck only having DDNS for the first subnet. => Unfortunately it is not yet supported (it was recognized as an useful feature to add but no milestone was selected for this work and current one (1.4) is already fully booked). Thanks Francis Dupont <fdup...@isc.org> ___ Kea-users mailing list Kea-users@lists.isc.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fkea-users=02%7C01%7Cwyantis%40txstate.edu%7Caf07725aec834856bf4608d55f924c49%7Cb19c134a14c94d4caf65c420f94c8cbb%7C0%7C0%7C636520004308015598=x7IYBz1kQQCCi2qA11w4GCOPm28HgO4wdcU1wtkD8mc%3D=0 ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS
> Tobias - writes: Forget option 81: I believed that by FQDN you meaned the option 81 but in fact now I believe it is the FQDN used in DDNS. BTW you have no control on the option 81: this option or the host name one (code 12) are more from the client, and your config says to replace it. Thanks Francis DupontPS: of course when clients know their name and provide it things are simpler (:-)! ___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS
On 2018-01-20 09:55, Francis Dupont wrote: > I can't see what is in the ... in subnet definitions but I am afraid > there is no "interface": "br0" so no subnet can't be selected from > the incoming packet. I sent in this a description of the algorithm > of the subnet selection. To summary with a broadcast packet from a > directly connected client without specific options the only thing > which works is to match the interface. When you have a class guard > in a subnet definition either the packet is in the class and this > subnet is selected, or it is not and this subnet is rejected and > the next (in the config file order) subnet is tried. Note this > applies to subnets in a shared network, i.e. a class guard in > a subnet entry is strict: pools or reservations under the subnet > are only for class members (i.e. it is not the ISC DHCP behavior > and class for pools (which I expect to be merged next week) > will be different too). > > About the classes themselves I expect the branch where I added logical > expressions using classes will be reviewed soon so you should no longer > need to evaluate twice the substring equal expression. > > For the "not using the classes" I can't say because I lack infos. > If you use Kea 1.3 perhaps you should try a shared network > as pools and host reservations in a shared network are for the whole > shared network as soon as they are not under a subnet with a class guard. > > Pools with class could help too but they are not yet available. > > Thanks > > Francis DupontHi Francis! Thank you for helping me out.Yes, I run version 1.3.0. I managed to get the reservation going after using "shared-networks" like you suggested and specifying the interface in the subnets. Everything is fine except that the FQDN sent back to the client is in the domain specified in subnet 1 but it gets the rest of the configuration from subnet 2. The complete configuration looks like this: > { > "Dhcp4": { > "interfaces-config": { > "interfaces": [ > "br0" > ], > "dhcp-socket-type": "raw" > }, > "control-socket": { > "socket-type": "unix", > "socket-name": "/tmp/kea-dhcp4-ctrl.sock" > }, > "lease-database": { > "type": "mysql", > "name": "kea", > "user": "kea", > "password": "password", > "lfc-interval": 3600 > }, > "hosts-database": { > "type": "mysql", > "name": "kea", > "user": "kea", > "password": "password" > }, > "valid-lifetime": 4000, > "renew-timer": 1000, > "rebind-timer": 2000, > "option-data": [ > { > "name": "default-ip-ttl", > "data": "0xf0" > } > ], > "client-classes": [ > { > "name": "none", > "test": "not (substring(pkt4.mac, 0, 3) == 0x525400)" > }, > { > "name": "vm", > "test": "substring(pkt4.mac, 0, 3) == 0x525400" > } > ], > "shared-networks": [ > { > "name": "local-networks", > "interface": "br0", > "subnet4": [ > { > "subnet": "192.168.0.0/24", > "id": 1, > "client-class": "none", > "pools": [ > { > "pool": "192.168.0.50 - 192.168.0.199" > } > ], > "reservation-mode": "out-of-pool", > "option-data": [ > { > "name": "domain-name-servers", > "data": "192.168.0.1" > }, > { > "name": "domain-name", > "data": "dhcp.local.intra" > }, > { > "name": "domain-search", > "data": "local.intra, vm.local.intra, dhcp.local.intra" > }, > { > "name": "routers", > "data": "192.168.0.1" > } > ] > }, > { > "subnet": "192.168.1.0/24", > "id": 2, > "client-class": "vm", > "pools": [ > { > "pool": "192.168.1.224 - 192.168.1.254" > } > ], > "reservation-mode": "out-of-pool", > "option-data": [ > { > "name": "domain-name-servers", > "data": "192.168.1.1" > }, > { > "name": "domain-name", > "data": "vm.local.intra" > }, > { > "name": "domain-search", > "data": "local.intra, vm.local.intra, dhcp.local.intra" > }, > { > "name": "routers", > "data": "192.168.1.1" > } > ] > } > ] > } > ], > "dhcp-ddns": { > "enable-updates": false, > "override-client-update": true, > "override-no-update":
Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS
I can't see what is in the ... in subnet definitions but I am afraid there is no "interface": "br0" so no subnet can't be selected from the incoming packet. I sent in this a description of the algorithm of the subnet selection. To summary with a broadcast packet from a directly connected client without specific options the only thing which works is to match the interface. When you have a class guard in a subnet definition either the packet is in the class and this subnet is selected, or it is not and this subnet is rejected and the next (in the config file order) subnet is tried. Note this applies to subnets in a shared network, i.e. a class guard in a subnet entry is strict: pools or reservations under the subnet are only for class members (i.e. it is not the ISC DHCP behavior and class for pools (which I expect to be merged next week) will be different too). About the classes themselves I expect the branch where I added logical expressions using classes will be reviewed soon so you should no longer need to evaluate twice the substring equal expression. For the "not using the classes" I can't say because I lack infos. If you use Kea 1.3 perhaps you should try a shared network as pools and host reservations in a shared network are for the whole shared network as soon as they are not under a subnet with a class guard. Pools with class could help too but they are not yet available. Thanks Francis Dupont___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
Re: [Kea-users] Client classification based on MAC vendor prefix + multi-subnet DDNS
Tobias - writes: > First: > > I'm trying to put my virtual machines in a separate subnet. The virtual mac= > hines have the vendor prefix of 52:54:00. > > If I would do this in code, I would use AND to mask away the last three oct= > ets and then compare against 52:54:00:00:00:00 but I seem to be unable to d= > o that. > > Since I was unable to fnd an example for Kea, I tried to do what people sug= > gested for dhcpd since the expression looked similar to what is availible i= > n Kea, but it didn't work. => in theory a substring(pkt4.mac, 0, 3) does the jobs BTW you can debug classification expression (admin guide, 13.9. Debugging Expressions). It should explain why it does not work in your example. > Second: > > How would I configure DDNS to have two qualifying suffixes? The two subnets= > have different subdomains. I've been unable to find anything that works so= > I'm still stuck only having DDNS for the first subnet. => Unfortunately it is not yet supported (it was recognized as an useful feature to add but no milestone was selected for this work and current one (1.4) is already fully booked). Thanks Francis Dupont___ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users