Kea and DHCPv6 - start [APNIC TRAINING WIKI] · © 2019 - Internet Systems Consortium Kea and...

© 2019 - Internet Systems Consortium

Kea and DHCPv6 ISC’s take on DHCP

Tomek Mrugalski Sep 2019, APNIC’48

�1


About presenter• MSc (2003), PhD (2010), both about DHCPv6

• 7 years at Intel

• IETF (since 2009)

• DHC WG co-chair at IETF

• 11 RFCs published, the latest is RFC8415

• ISC (since 2011)

• Engineer started Kea project

• Currently Director of DHCP engineering

• Managing ISC DHCP, Kea and Stork projects

• Several RIPE, UKNOF, PLNOG presentations

• Open source enthusiast

!2

© 2018 ISC

What is ISC?History • Silicon Valley • founded in 1994

Philosophy • Non-profit • Open source • But our engineers

need to eat…

People • 30+ world wide • 4 continents • Poland, Europe

(RIPE NCC)

© 2018 ISC

What we do?▪ We do DNS

– BIND – F root servers, 200+ instances

▪ We do IETF standards (86 RFCs so far)▪ We do DHCP

– ISC DHCP – Kea

© 2018 ISC

If you never heard about Kea…

▪ DHCPv4 and DHCPv6 server▪ Performance (1000s leases/sec)▪ Scalable (millions of devices)▪ Databases (CSV, MySQL,

PostgreSQL, Cassandra)▪ Hooks (C++ libraries)▪ REST management API▪ Linux, BSDs, MacOS, …▪ Open source (MPL2)


Let’s compare!ISC DHCP ISC Kea

Started Prehistory (1995) Recent (2011)

Code Not adding anything big Active development with tons of new features

Code repository gitlab, github, tarball github, gitlab, tarball, packages

Testing ~30 unit-tests 6000+ unit-testsMemory leak tests (valgrind)700+ system testsFuzz testing

Docs Man pages User’s Guide (500+ pages)Developer’s Guide

Logs Fixed log message Every possible log entry is documented and described

IPv6 readiness IPv4 originally, IPv6 added later IPv4 optional

!6


Kea vs ISC DHCPISC DHCP ISC Kea

Performance OK (with ramdisk tricks) Great (many 1000s leases/sec)

Management OMAPI (custom C interface) JSON over REST API/http,JSON over Unix socket

HA DHCPv4 failover HA for DHCPv4 and DHCPv6, multiple options for DB clustering

Extensibility Shell scripts (out only), configuration language

JSON everywhere,Hooks (C++), stable API

Configuration Custom complex syntax (almost programming language)

JSON with optional DB storage for most elements (more to come)

Leases information Custom CSV, MySQL, PgSQL, Cassandra

Hosts information Custom config JSON, MySQL, PgSQL, Cassandra

Configuration Custom config JSON, or MySQL (1.6)

To translate an existing ISC DHCP configuration See Kea Migration Assistant presentation at isc.org/presentations

!7

Tomek Mrugalski, 2018-03-05

Client classification and flexible identifier

How to identify hosts:

Open source • Identifiers: MAC, duid, circuit-id,

client-id • Client classification

Premium identifier (flex-id) • Almost anything could be used

(35 different expressions) • Options (client, relay, vendor) • Fixed fields • Concat, substring • Meta-data (interface name,

src/dst IP, …)

concat(pkt4.mac, relay4[2].hex)


The backend concept

• Leases (addresses, prefixes)

• Host reservations (per host details)

• Options • Pools• Subnets• Shared networks• Option definitions• Global parameters

MySQL

Rare

ly

Ofte

n

Lease backend

Hosts backend

Configuration backend v1.6.0

DHCPv4, DHCPv6server

Cha

ngin

g

!9


Server tags

bkkbkk cnx

Subnet id: 100,

server-tags: [“all”]

Subnet id: 102,

server-tags: [“bkk, “cnx”]

Subnet id: 101,

server-tags: [“bkk”]

Subnet id: 103,

server-tags: [“cnx”]

Subnet id: 104,

server-tags: [ ]

Kea servers retrieve IPv6 subnets from CB

Different servers ‘subscribe’ to different subnets

!10


CB applications

• Sharing configuration between HA partners

• Frequently changing configuration (options, pools, subnets, shared networks)

• Automated configuration deployment

• Large configuration (1000+ subnets)

• Large scale deployments (many DHCP servers)

• Scaling up or down (add new or delete not needed VM servers)

!11


Kea API

JSON over unix socket



JSON over http(s)

kea-ctrl-agent

kea-dhcp4

kea-dhcp6

kea-dhcp-ddns

kea-shell socat




{ “command”: “list-commands”, “service”: [ “dhcp6” ] }

{ "arguments": [ "build-report", "config-get", . . . ], "result": 0 }

Command

Response

• JSON in, JSON out

• Over 140 commands supported

• New commands every release

• Some provided by hooks (optional libs)!12


API :: Basics

{ "arguments": [ "build-report", "config-get", "config-set", "config-test", "remote-global-parameter4-del", "remote-global-parameter4-get", "remote-global-parameter4-get-all”, . . . “remote-subnet6-list”, "server-tag-get", "shutdown", “statistic-{get,remove,reset}“, “statistic-{get,remove,reset}-all”, "version-get" ], "result": 0 }

1. Send list-commands command:# kea-shell --host ::1 --port 8080 --service dhcp6 list-commands^D

2. Get list of currently supported commands in return:{ “command”: “list-commands”, “service”: [ “dhcp6” ] }

!13


API :: List IPv6 subnets

[ { "arguments": { "count": 0, "subnets": [ ] }, "result": 3, "text": "0 IPv6 subnet(s) found." } ]

• Send list-commands command:# echo ' "server-tags": [ "all" ] ' | \ kea-shell --host ::1 --port 8000 --service dhcp6 remote-subnet6-list

• Get list of currently supported commands in return:

!14


API :: Add new IPv6 subnet

{ "arguments": { "subnets": [ { "id": 100, "subnet": "2001:db8:1::/64" } ] }, "result": 0, "text": "IPv6 subnet successfully set." }

• Send remote—subnet6-set command:

• Get list of currently supported commands in return:

echo ' "subnets": [ { "id": 100, "subnet": "2001:db8:1::/48", "shared-network-name": "", "pools": [ { "pool": "2001:db8:1::/64" } ] } ], "server-tags": [ "all" ] ' |kea-shell --host ::1 --port 8000 --service dhcp6 remote-subnet6-set

{ “command”: “remote-subnet6-set”, “arguments”: { "subnets": [ { "id": 100, "subnet": “2001:db8:1::/48", "shared-network-name": “”, “pools”: [ { “pool”: “2001:db8:1::/64” } ] } ], "server-tags": [ "all" ] }

!15


Getting in touch

https://gitlab.isc.org/isc-projects/kea!16

• Software is open source, free• There are some premium (paid) add-ons• ISC provides support with various levels• gitlab, github• kea-users, kea-dev mailing lists

https://gitlab.isc.org/isc-projects/kea


DHCPv6 quirks

!17


No routing configurationNot possible to configure default route using DHCPv6

• Why?

• Long argument in IETF

• RA exists to do that (don’t duplicatemechanisms)

• Fate sharing

• Multi-homing

!18


Relay-Forward

Relayed DHCPv6 traffic

!19

ServerClient Relay AgentSolicit Solicit

• Up to 8 relays • Usually 1 • CMTS • Each relay adds extra encapsulation layer

https://www.cloudshark.org/captures/a93239e296bchttps://www.cloudshark.org/captures/ed586947ac56 (single relay)

(two relays)


MAC vs DUID• DUID - unique identifier, one of 4 types:• LLT (MAC + time)• EN (Enterprise-id)• LL (MAC)• UUID

• Solved late 1990s problem - unreliable NICs• Brought a lot of new ones• Don’t know device’s DUID until its first boot• Not printed on the box• When you clone VM, you may get the same DUID• Dual boot device (win/linux or PXE) has different DUIDs

• Kea has a solution to that problem:• RFC6939 (client-link-layer address option)• Extract MAC address from 5 different sources, configurable• See https://kea.readthedocs.io/en/v1_6_0/arm/dhcp6-

srv.html#mac-hardware-addresses-in-dhcpv6 for details

!20

https://kea.readthedocs.io/en/v1_6_0/arm/dhcp6-srv.html#mac-hardware-addresses-in-dhcpv6




IAs, TAs, PDs

• Three different containers:• IA_NA - non-temporary (“normal”) addresses• IA_TA - temporary addresses, obsolete• IA_PD - Prefix delegation

• Each container can have multiple addresses/prefixes• e.g. old address with 0 lifetimes, new address

• There may be multiple containers per message• Frequent to request address and prefix in one go• May be multiple containers of the same type (“give me 3

prefixes”)

!21


isc.org/kea kea.readthedocs.io gitlab.isc.org/isc-projects/kea

!22

Questions?

http://isc.org/kea

http://kea.readthedocs.io

http://gitlab.isc.org/isc-projects/kea

Kea and DHCPv6 - start [APNIC TRAINING WIKI] · © 2019 - Internet Systems Consortium Kea and...

Documents

Transcript of Kea and DHCPv6 - start [APNIC TRAINING WIKI] · © 2019 - Internet Systems Consortium Kea and...