« Previous 1 2 3 Next »
Modern implementation of DHCP with Kea
Address Jockey
Creating the Initial Configuration
Among other things, the /usr/local/etc/kea directory contains the configuration files of the modules for DHCPv4 and DHCPv6, the dynamic DNS registry, and the parameterization of the keactrl script.
To customize the configuration, use either the configuration files or the RESTful API. The associated daemon is named Kea Control Agent, which also lets you connect to your own management systems. However, it does not provide encrypted access natively. You would have to connect a reverse proxy such as Apache or Nginx to enable encrypted management access – which is of course recommended.
After the initial configuration, start the DHCPv4 service with
keactrl start -s dhcp4
and verify the status by typing keactrl status.
Static Config vs. Database
To begin, start with the static DHCPv4 configuration in a configuration file (Listing 3). Note that these sample configurations are not intended for production and partly include IP addresses from reserved address ranges specifically for documenting the process.
Listing 3
DHCPv4 Config File for Memfile
{
"Dhcp4": {
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"interfaces-config": {
"interfaces": ["ens33"],
"dhcp-socket-type": "raw"
},
"lease-database": {
"type": "memfile",
"persist": true,
"lfc-interval": 3600
},
"option-data": [
{
"name": "domain-name-servers",
"data": "192.0.2.1"
},
{
"code": 15,
"data": "lab.pfisterit.de"
},
{
"name": "domain-search",
"data": "lab.pfisterit.de"
}
],
"subnet4": [
{
"subnet": "192.0.2.0/24",
"pools": [
{
"pool": "192.0.2.20 -- 192.0.2.199"
}
],
"option-data":[
{
"name": "routers",
"data": "192.0.2.1"
}],
"reservations": [
{
"hw-address":
"1a:1b:1c:1d:1e:1f",
"ip-address": "192.0.2.201"
}
]
}
],
"loggers": [ {
"name": "kea-dhcp4",
"output_options": [ {
"output": "/tmp/kea-dhcp4.log"
} ],
"severity": "WARNINGS",
"debuglevel": 0
} ]
}
}
A DHCPv4 configuration file initially starts and ends with the outer element "Dhcp4": { }. The individual parameters must be comma-separated cleanly to create a valid JSON file. This example first defines some timers, including timers for the maximum validity of a DHCP lease and for the extension of a lease with the previous DHCP server or with other DHCP servers. After that, it defines the interface on which a service binding will be made and determines that it accepts raw requests with dhcp-socket-type.
Alternatively, to accept DHCP requests by a DHCP relay on the DHCP server, you could parameterize the socket type as udp. Next, the file configures the leases database to be a memfile type and stores it persistently in the /var/lib/kea/dhcp4.leases directory. Next are the global DHCP options. The example defines the DNS server of the organization, the domain name, and the search domain.
Additionally, it creates a DHCP scope with the option to assign the default gateway; that is, it has set up a DHCP reservation for the MAC address 1a:1b:1c:1d:1e:1f and the IP address 192.0.2.201. The path /usr/local/var/log/kea-dhcp4.log is used as the logging destination. The corresponding log level is set to WARNINGS.
Figure 1 shows a DHCPv4 process in Wireshark as an example. The global DHCP option for the lab.pfisterit.de DNS domain was passed to the client in the offer from the DHCP server residing on the IPv4 address 192.168.178.194.
Figure 1: Example of a packet capture of a DHCP offer. The global option of the domain name was adopted.
In contrast to the example in Listing 3, with a memfile lease database, the next example connects to a MySQL database by storing the corresponding connection parameters such as the TCP port, database name, and corresponding credentials in the configuration snippet (Listing 4).
Listing 4
IPv4 Config File for MySQL
{
"Dhcp4": {
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"interfaces-config": {
"interfaces": ["ens33"],
"dhcp-socket-type": "raw"
},
"lease-database": {
"type": "mysql",
"name": "dhcp",
"host": "",
"connect-timeout" : 5,
"max-reconnect-tries": 5,
"reconnect-wait-time": 3000,
"user": "dhcpsvc",
"password": "t0ps3cr3t",
"port": 3306,
"persist": true,
"lfc-interval": 3600
},
"option-data": [
{
"name": "domain-name-servers",
"data": "192.0.2.1"
},
{
"code": 15,
"data": "lab.pfisterit.de"
},
{
"name": "domain-search",
"data": "lab.pfisterit.de"
}
] ,
"subnet4": [
{
"subnet": "192.168.178.0/24",
"pools": [
{
"pool": "192.168.178.20 -- 192.168.178.199"
}
],
"option-data":[
{
"name": "routers",
"data": "192.168.178.1"
}],
"reservations": [
{
"hw-address":
"1a:1b:1c:1d:1e:1f",
"ip-address": "192.168.178.201"
}
]
}
],
"loggers": [ {
"name": "kea-dhcp4",
"output_options": [ {
"output": "/tmp/kea-dhcp4.log"
} ],
"severity": "WARNINGS",
"debuglevel": 0
} ]
}
}
DHCPv6 and Data Models
The example in Listing 5 uses a dedicated configuration file for IPv6. The matching timers and interface bindings are already known from the IPv4 configuration. The central differences are recognizable in this very simple JSON example in the form of specifications for Dhcp6 instead of Dhcp4, as well as subnet6 instead of subnet4 for the corresponding scopes.
Listing 5
IPv6 Sample Config
{
"Dhcp6": {
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"interfaces-config": {
"interfaces": ["ens33"],
},
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/dhcp6.leases"
},
"subnet6": [
{
"subnet": "2001:db8:1::/64",
"pools": [
{
"pool": "2001:db8:1::5 - 2001:db8:1::ffff"
}
]
}
]
}
}
As the level of automation in the network environment increases, the YANG (Yet Another Next Generation) data model has become increasingly popular. A unified data model is particularly recommended on heterogeneous networks. Kea also offers YANG support based on the open source Sysrepo engine. To work with this data model, the NETOPEER2 NETCONF server, which is under BSD license, offers an interface for configuration adjustments.
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Kea, the ISC's successor to the DHCP daemon
The Internet Systems Consortium announced the end of life for the standard DHCP daemon in Fall 2022. Its designated successor Kea has been in development for years. -
Setting up and managing IPv6 on Windows Server 2016
Windows Server 2016 automatically prefers IPv6 addresses, if available, but the manual configuration steps differ from IPv4 and necessitate new tools. Here's how to approach IPv6 in your daily admin work. -
Exploring dhcpy6d, a DHCP server for IPv6 networks
Even if you don't have to have DHCP on your IPv6 network, you might want it anyway. Dhcpy6d is a promising DHCP option for IPv6. -
Autoconfiguring IPv6 Clients
Most clients on a network need both an address and some environmental information such as a name server or a web proxy. This article investigates whether a recent operating system on an IPv6-only LAN can handle this.
-
Automation with PXE Boot
We show how to save time and stress by automating your system installations with PXE boot.