Opened 2 years ago

Closed 2 years ago

#5376 closed defect (complete)

Kea 1.3.0-beta - mixed results with dhcp-server-identifier

Reported by: jlixfeld Owned by: marcin
Priority: medium Milestone: Kea1.3-final
Component: Unclassified Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

Under my current configuration, option 54 is retuning a mixed bag of results, none of which are working.

For some subnets, this error in the logs:

2017-10-02 13:41:19.252 DEBUG [kea-dhcp4.bad-packets/32179] DHCP4_PACKET_DROP_0007 [hwtype=1 00:01:47:e3:2f:60], cid=[00:31:34:38:38:38:38:30], tid=0x37861758: failed to process packet: Option 54 already present in this message.

In other results, the server is just sending the incorrect address (but without the DHCP4_PACKET_DROP_0007 error):

2017-10-02 13:33:44.233 DEBUG [kea-dhcp4.packets/32179] DHCP4_RESPONSE_DATA [hwtype=1 40:3c:fc:00:04:38], cid=[01:40:3c:fc:00:04:38], tid=0xc1c26267: responding with packet DHCPACK (type 5), packet details: local_address=10.219.66.10:67, remote_address=10.219.45.114:67, msg_type=DHCPACK (5), transid=0xc1c26267,
options:
type=001, len=004: 4294967280 (uint32)
type=003, len=004: 72.15.63.193
type=006, len=008: 66.207.192.6 206.223.173.7
type=012, len=008: "BlackBox?" (string)
type=051, len=004: 300 (uint32)
type=053, len=001: 5 (uint8)
type=054, len=004: 10.219.66.10
type=058, len=004: 900 (uint32)
type=059, len=004: 1800 (uint32)
type=061, len=007: 01:40:3c:fc:00:04:38
type=082, len=039:,
options:

type=001, len=006: 00:04:0b:b9:02:02
type=002, len=011: 01:09:72:67:77:30:31:2e:6c:61:62
type=005, len=004: 48:0f:3f:c0
type=151, len=004: 00:64:70:69
type=152, len=004: 48:0f:3f:c1

root@kea1:/var/log/kea# ifconfig ens32
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 10.219.66.10 netmask 255.255.255.0 broadcast 10.219.66.255
inet6 fe80::20c:29ff:fe5f:d32f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5f:d3:2f txqueuelen 1000 (Ethernet)
RX packets 2486318 bytes 1046395863 (997.9 MiB)
RX errors 0 dropped 29 overruns 0 frame 0
TX packets 3388300 bytes 723159007 (689.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

root@kea1:/var/log/kea#

root@kea1:/var/log/kea# more /usr/local/etc/kea/rgw01.lab.conf
{

"name": "RGW01.LAB-PUBLIC",
"subnet4": [

{

"client-class" : "rgw01.lab",
"subnet": "72.15.63.192/28",
"valid-lifetime": 300,
"option-data": [

{

"name": "domain-name-servers",
"code": 6,
"space": "dhcp4",
"csv-format": true,
"data": "66.207.192.6, 206.223.173.7"

},
{

"name": "routers",
"data": "72.15.63.193"

},
{

"name": "dhcp-server-identifier",
"data": "72.15.63.193"

}

],
"pools": [

{

"pool": "72.15.63.194 - 72.15.63.198"

}

]

}

]

},
{

"name": "RGW01.LAB-MANAGEMENT",
"subnet4": [

{

"client-class" : "rgw01.lab",
"subnet": "10.63.255.0/24",
"valid-lifetime": 300,
"option-data": [

{

"name": "domain-name-servers",
"code": 6,
"space": "dhcp4",
"csv-format": true,
"data": "10.32.0.8, 10.32.0.39"

},
{

"name": "tftp-server-name",
"data": "10.63.255.1"

},
{

"name": "classless-static-routes",
"data": "180A20000A3FFF01"

},
{

"name": "dhcp-server-identifier",
"data": "10.63.255.1"

}

],
"pools": [

{

"pool": "10.63.255.2 - 10.63.255.254"

}

]

}

]

},
{

"name": "RGW01.LAB-TV",
"subnet4": [

{

"client-class" : "rgw01.lab",
"subnet": "172.23.255.0/24",
"valid-lifetime": 300,
"option-data": [

{

"name": "ntp-servers",
"code": 42,
"space": "dhcp4",
"csv-format": true,
"data": "172.16.0.66, 10.32.0.9"

},
{

"name": "classless-static-routes",
"data": "18AC1000AC17FF0118AC1005AC17FF011CAC100220AC17FF01"

},
{

"name": "dhcp-server-identifier",
"data": "172.23.255.1"

}

],
"pools": [

{

"pool": "172.23.255.2 - 172.23.255.254"

}

]

}

]

},
{

"name": "RGW01.LAB-VOIP",
"subnet4": [

{

"client-class" : "rgw01.lab",
"subnet": "172.31.255.0/28",
"valid-lifetime": 300,
"option-data": [

{

"name": "classless-static-routes",
"data": "18AC1800AC1FFF01"

},
{

"name": "dhcp-server-identifier",
"data": "172.31.255.1"

}

],
"pools": [

{

"pool": "172.31.255.2 - 172.31.255.14"

}

]

}

]

}
root@kea1:/var/log/kea#

Subtickets

Change History (8)

comment:1 Changed 2 years ago by tomek

  • Milestone changed from Kea-proposed to Kea1.3-final

As discussed on 2017-10-04 call, moving to 1.3-final.

comment:2 Changed 2 years ago by marcin

  • Owner set to marcin
  • Status changed from new to accepted

comment:3 Changed 2 years ago by marcin

  • Owner changed from marcin to UnAssigned
  • Status changed from accepted to reviewing

It is now allowed to specify dhcp-server-identifier option and it is unconditionally sent back to the clients (PRL option is not required in the client's message). The most problematic part of this ticket was how to make the server accept server identifiers that are based on IP addresses on which the server doesn't listen. I added a search mechanism within options specified on the global level, shared network level and subnet level. If the server identifier is found on any of those levels, the message with this server identifier is accepted. The search mechanism uses indexing so should perform pretty well. To avoid additional complexity I am not verifying server identifiers specified on the class level, host reservation level etc. I'd be surprised if people actually used server identifiers specified on the host reservation or class level. If I am wrong, we can always extend the code.

One additional enhancement to consider is re-checking server identifier after selecting a subnet and dropping the packet in case of mismatch. I didn't implement it here though, because I don't know if this is really required if the server is properly configured. I also treat this as an experimental feature which should go through tests in the field before we become more restrictive.

Proposed ChangeLog entry:

13XX.	[func]		marcin
	Added support for DHCPv4 option 54 (dhcp-server-identifier).
	(Trac #5376, git cafe)

comment:4 Changed 2 years ago by tmark

  • Owner changed from UnAssigned to tmark

comment:5 Changed 2 years ago by tmark

  • Owner changed from tmark to marcin

Overall, the changes look good. Just a couple of things:

dhcp4-srv.xml

Your text in dhcp4-srv.xml regarding specifying it on class and host is a
little confusing. In reality, specifying it at host or class is sort of
dysfunctional isn't it? I'm wondering if we should prohibit it during
parsing. At the very least I think the text should more directly
discourage users from doing it.

cfg_shared_networks.cc/.h

bool CfgSharedNetworks4::hasSubnetWithServerId(const IOAddress& server_id)

This method is wrongly named. It returns a bool if any shared-networks
contain the given server-id, not if any subnets within any shared-networks do.

All the unit tests passed under OS-X.

comment:6 Changed 2 years ago by marcin

  • Owner changed from marcin to tmark

Thanks for the review. I am not very fond of prohibiting the server identifier specification on the class and host level. in my opinion it adds complexity without too much gain. If someone wants to do it, why not. There may be some cases when it could work. I did update the documentation to say what we do support.

I also renamed the function as suggested.

comment:7 Changed 2 years ago by tmark

  • Owner changed from tmark to marcin

Changes are fine. Please merge

comment:8 Changed 2 years ago by marcin

  • Resolution set to complete
  • Status changed from reviewing to closed

Merged with commit 1db580e20c874ec05bb06c8798021b7c6b5784ab

Note: See TracTickets for help on using tickets.