Opened 2 years ago

Closed 2 years ago

#5367 closed defect (fixed)

Document subnet selection with client classification better

Reported by: wlodekwencel Owned by: UnAssigned
Priority: medium Milestone: Kea1.3-final
Component: dhcp6 Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description (last modified by tomek)

Previous title: client classification in shared-networks doesn't work

I have those classes configured:

        "client-classes": [
        {
            "name": "Client_f2f1",
            "test": "substring(option[1].hex,8,2) == 0xf2f1",
                "option-data":[
                {
                    "csv-format":true,
                    "code":23,
                    "data":"2001:db8::666",
                    "name":"dns-servers",
                    "space":"dhcp6"
                }
                ]
        },
        {
            "name": "Client_f2f2",
            "test": "substring(option[1].hex,8,2) == 0xf2f2"
        }
    ],

Two different classes based on 2 last bytes of client-id (I'm using variations of 00:03:00:01:f6:f5:f4:f3:XX:XX)

Shared-network is configured:

        "shared-networks":[
        {
            "name":"name-abc",
            "interface":"eth2",
                "option-data":[
                {
                    "csv-format":true,
                    "code":23,
                    "data":"2001:db8::1",
                    "name":"dns-servers",
                    "space":"dhcp6"
                }],
            "subnet6":[
            {
                "subnet":"2001:db8:a::/64",
                "pools":[
                {
                    "pool":"2001:db8:a::1-2001:db8:a::1"
                }
                ]
            }
            ,

            {
                "subnet":"2001:db8:b::/64",
                "pools":[
                {
                    "pool":"2001:db8:b::1-2001:db8:b::1"
                }
                ],
                "client-class": "Client_f2f1"
            }
            ,

            {
                "subnet":"2001:db8:c::/64",
                "pools":[
                {
                    "pool":"2001:db8:c::1-2001:db8:c::1"
                }
                ],
                "client-class": "Client_f2f2"
            }
            ]
        }
        ]

So clients that cilent-id ends with f2f1 should get address 2001:db8:b::1 with different option 23 value. And client with f2f2 at the end should get address 2001:db8:c::1. They don't. Logs:

DEBUG [kea-dhcp6.packets/32697] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e: SOLICIT (type 1) received from fe80::800:27ff:fe00:1 to ff02::1:2 on interface eth2
DEBUG [kea-dhcp6.packets/32697] DHCP6_QUERY_DATA duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e, packet details: localAddr=[ff02::1:2]:0 remoteAddr=[fe80::800:27ff:fe00:1]:546
msgtype=1(SOLICIT), transid=0x746e2e
type=00001, len=00010: 00:03:00:01:f6:f5:f4:f3:f2:f1
type=00003(IA_NA), len=00012: iaid=68535, t1=0, t2=0
type=00006, len=00002: 23(uint16)
No relays traversed.

DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_OPTION Pushing option 1 with value 0x00030001F6F5F4F3F2F1
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_STRING Pushing text string '8'
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_STRING Pushing text string '2'
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_SUBSTRING Popping length 2, start 8, string 0x00030001F6F5F4F3F2F1 pushing result 0xF2F1
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_HEXSTRING Pushing hex string 0xF2F1
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_EQUAL Popping 0xF2F1 and 0xF2F1 pushing result 'true'
INFO  [kea-dhcp6.dhcp6/32697] EVAL_RESULT Expression Client_f2f1 evaluated to 1
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_OPTION Pushing option 1 with value 0x00030001F6F5F4F3F2F1
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_STRING Pushing text string '8'
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_STRING Pushing text string '2'
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_SUBSTRING Popping length 2, start 8, string 0x00030001F6F5F4F3F2F1 pushing result 0xF2F1
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_HEXSTRING Pushing hex string 0xF2F2
DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_EQUAL Popping 0xF2F2 and 0xF2F1 pushing result 'false'
DEBUG [kea-dhcp6.dhcp6/32697] EVAL_RESULT Expression Client_f2f2 evaluated to 0
DEBUG [kea-dhcp6.dhcpsrv/32697] DHCPSRV_CFGMGR_SUBNET6_IFACE selected subnet 2001:db8:a::/64 for packet received over interface eth2
DEBUG [kea-dhcp6.packets/32697] DHCP6_SUBNET_SELECTED duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e: the subnet with ID 1 was selected for client assignments
DEBUG [kea-dhcp6.packets/32697] DHCP6_SUBNET_DATA duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e: the selected subnet details: 2001:db8:a::/64
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 1, identified by hwaddr=F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: hwaddr=F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=F6F5F4F3F2F1, found 0 host(s)
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier hwaddr=F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 1, identified by duid=00030001F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: duid=00030001F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier duid=00030001F6F5F4F3F2F1, found 0 host(s)
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier duid=00030001F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 2, identified by hwaddr=F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: hwaddr=F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=F6F5F4F3F2F1, found 0 host(s)
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 2 and identifier hwaddr=F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 2, identified by duid=00030001F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: duid=00030001F6F5F4F3F2F1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier duid=00030001F6F5F4F3F2F1, found 0 host(s)
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 2 and identifier duid=00030001F6F5F4F3F2F1
DEBUG [kea-dhcp6.leases/32697] DHCP6_PROCESS_IA_NA_REQUEST duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e: server is processing IA_NA option with iaid=68535 and hint=(no hint)
DEBUG [kea-dhcp6.dhcpsrv/32697] DHCPSRV_MEMFILE_GET_IAID_SUBID_DUID obtaining IPv6 leases for IAID 68535, Subnet ID 1, DUID 00:03:00:01:f6:f5:f4:f3:f2:f1 and lease type IA_NA
DEBUG [kea-dhcp6.dhcpsrv/32697] DHCPSRV_MEMFILE_GET_IAID_SUBID_DUID obtaining IPv6 leases for IAID 68535, Subnet ID 2, DUID 00:03:00:01:f6:f5:f4:f3:f2:f1 and lease type IA_NA
DEBUG [kea-dhcp6.dhcpsrv/32697] DHCPSRV_MEMFILE_GET_IAID_SUBID_DUID obtaining IPv6 leases for IAID 68535, Subnet ID 3, DUID 00:03:00:01:f6:f5:f4:f3:f2:f1 and lease type IA_NA
DEBUG [kea-dhcp6.alloc-engine/32697] ALLOC_ENGINE_V6_ALLOC_UNRESERVED no static reservations available - trying to dynamically allocate leases for client duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS6 get one host with reservation for subnet id 1 and including IPv6 address 2001:db8:a::1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS6 get all hosts with reservations for subnet id 1 and IPv6 address 2001:db8:a::1
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS6_COUNT using subnet id 1 and address 2001:db8:a::1, found 0 host(s)
DEBUG [kea-dhcp6.hosts/32697] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS6_NULL host not found using subnet id 1 and address 2001:db8:a::1
DEBUG [kea-dhcp6.dhcpsrv/32697] DHCPSRV_MEMFILE_GET_ADDR6 obtaining IPv6 lease for address 2001:db8:a::1 and lease type IA_NA
DEBUG [kea-dhcp6.dhcpsrv/32697] DHCPSRV_MEMFILE_GET_ADDR6 obtaining IPv6 lease for address 2001:db8:a::1 and lease type IA_NA
INFO  [kea-dhcp6.leases/32697] DHCP6_LEASE_ADVERT duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e: lease for address 2001:db8:a::1 and iaid=68535 will be advertised
DEBUG [kea-dhcp6.leases/32697] DHCP6_LEASE_DATA duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e: detailed lease information for iaid=68535: Type:          IA_NA(0)
Address:       2001:db8:a::1
Prefix length: 128
IAID:          68535
Pref life:     3000
Valid life:    4000
Cltt:          1506384950
DUID:          00:03:00:01:f6:f5:f4:f3:f2:f1
Hardware addr: f6:f5:f4:f3:f2:f1
Subnet ID:     2
State:         default

DEBUG [kea-dhcp6.dhcp6/32697] DHCP6_CLASS_ASSIGNED duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e: client packet has been assigned to the following class(es): Client_f2f1
DEBUG [kea-dhcp6.packets/32697] DHCP6_RESPONSE_DATA responding with packet type 2 data is localAddr=[ff02::1:2]:547 remoteAddr=[fe80::800:27ff:fe00:1]:546
msgtype=2(ADVERTISE), transid=0x746e2e
type=00001, len=00010: 00:03:00:01:f6:f5:f4:f3:f2:f1
type=00002, len=00014: 00:01:00:01:20:7e:60:5c:08:00:27:19:b8:2a
type=00003(IA_NA), len=00040: iaid=68535, t1=1000, t2=2000,
options:
  type=00005(IAADDR), len=00024: address=2001:db8:a::1, preferred-lft=3000, valid-lft=4000
type=00023, len=00016: 2001:db8::1
No relays traversed.

Despite of correctly evaluated packet to class Client_f2f1

DEBUG [kea-dhcp6.eval/32697] EVAL_DEBUG_EQUAL Popping 0xF2F1 and 0xF2F1 pushing result 'true'
INFO  [kea-dhcp6.dhcp6/32697] EVAL_RESULT Expression Client_f2f1 evaluated to 1

it wasn't considered during address allocation:

DHCPSRV_CFGMGR_SUBNET6_IFACE selected subnet 2001:db8:a::/64 for packet received over interface eth2
...
DHCP6_LEASE_ADVERT duid=[00:03:00:01:f6:f5:f4:f3:f2:f1], tid=0x746e2e: lease for address 2001:db8:a::1 and iaid=68535 will be advertised

Update: we decided to accept this in 1.3-final, but the only change will be an improved documentation that explains how the code is working and why. There are some things that the user can do to improve the situation (like put subnets in different order in his config).

Subtickets

Change History (9)

comment:1 follow-up: Changed 2 years ago by wlodekwencel

Looks like client classes are working IF every single configured subnet has it's own class. If one subnet does NOT have class assigned - kea will choose it first (even if incoming packet match any configured class).

If pool of that non-class subnet is depleted - kea will assign addresses correctly, using classes.

Problem observed in v4, v6 with shared subnets and without(!)

comment:2 in reply to: ↑ 1 Changed 2 years ago by marcin

Replying to wlodekwencel:

Looks like client classes are working IF every single configured subnet has it's own class. If one subnet does NOT have class assigned - kea will choose it first (even if incoming packet match any configured class).

If pool of that non-class subnet is depleted - kea will assign addresses correctly, using classes.

Problem observed in v4, v6 with shared subnets and without(!)

I'll probably have to check with other folks, but our current classification mechanism doesn't really assume preference of subnets that have client classes vs those that don't. So, if there is a client that matches both subnet with classes and without classes they are treated equally. I think it used to work like this even without shared networks.

comment:3 follow-up: Changed 2 years ago by wlodekwencel

Ok, then we have to clarify that - my first guess would be that subntes with matching classes should be used first.

comment:4 in reply to: ↑ 3 Changed 2 years ago by marcin

Replying to wlodekwencel:

Ok, then we have to clarify that - my first guess would be that subntes with matching classes should be used first.

The interesting point is that a subnet that has no classes specified is always a subnet with matching classes.

comment:5 Changed 2 years ago by tomek

  • Description modified (diff)
  • Milestone changed from Kea-proposed to Kea1.3-final
  • Priority changed from high to medium
  • Summary changed from client classification in shared-networks doesn't work to Document subnet selection with client classification better

As discussed on 2017-10-05 call, moving to 1.3-final as medium. The scope of this ticket is to just document current behavior better. Also, create separate ticket for the code improvement and move it to outstanding.

comment:6 Changed 2 years ago by marcin

This ticket should wait until #5381 is merged to avoid conflicts.

comment:7 Changed 2 years ago by marcin

  • Owner set to marcin
  • Status changed from new to accepted

comment:8 Changed 2 years ago by marcin

  • Owner changed from marcin to UnAssigned
  • Status changed from accepted to reviewing

This ticket is now ready for review. I updated client classification for shared network sections in the user's guide.

Proposed ChangeLog entry:

13XX.	[doc]		marcin
	Better explained subnet selection within shared networks when
	client classification is in use.
	(Trac #5367, git cafe)

comment:9 Changed 2 years ago by marcin

  • Resolution set to fixed
  • Status changed from reviewing to closed

Wlodek reviewed the updates and said it was ok. Merged with commit 26b4d240c5a1ba73e5b61f45d5a832e52f6472dd

Note: See TracTickets for help on using tickets.