From: Thomas Markwalder Date: Tue, 21 Aug 2018 12:58:18 +0000 (-0400) Subject: [#13,!6] - Updated v6 admin guide sections with global reservation info X-Git-Tag: gitlab20_base~17^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03c13b8d53f15b320adf67919a4585694ebd913e;p=thirdparty%2Fkea.git [#13,!6] - Updated v6 admin guide sections with global reservation info --- diff --git a/doc/guide/dhcp6-srv.xml b/doc/guide/dhcp6-srv.xml index cf9cf3987c..3d44dec23a 100644 --- a/doc/guide/dhcp6-srv.xml +++ b/doc/guide/dhcp6-srv.xml @@ -3103,7 +3103,7 @@ should include options from the isc option space: - + This feature is currently implemented for memfile backend. @@ -3268,6 +3268,24 @@ should include options from the isc option space: reservation checks when dealing with existing leases. Therefore, system administrators are encouraged to use out-of-pool reservations if possible. + + Beginning with Kea 1.5.0, there is now support for global + host reservations. These are reservations that are specified at the + global level within the configuration and that do not belong to any + specific subnet. Kea will still match inbound client packets to a + subnet as before, but when the subnet's reservation mode is set to + "global", Kea will look for host reservations only + among the global reservations defined. Typcially, such resrvations would + be used to reserve hostnames for clients which may move from one subnet + to another. + + + You can reserve any ip-address or prefix in a global reservation. + Just keep in mind that Kea will not do any sanity checking on the address + or prefix and that for Kea 1.5.0, support for global reservations should + be considered experimental. + +
@@ -3317,6 +3335,15 @@ should include options from the isc option space: out-of-pool reservations. If the reserved address does not belong to a pool, there is no way that other clients could get this address. + + + The conflict resolution mechanism does not work for global + reservations. As of Kea 1.5.0, it is generally recommended to not use + global reservations for addresses or prefixes. If you want to use it + anyway, you have to manually ensure that the reserved values are not + in the dynamic pools. + +
@@ -3538,10 +3565,10 @@ should include options from the isc option space: Allowed values are: - all - enables all host reservation - types. This is the default value. This setting is the safest and the most - flexible. It allows in-pool and out-of-pool reservations. As all checks - are conducted, it is also the slowest. + all - enables both in-pool + and out-of-pool host reservation types. This is the default value. This + setting is the safest and the most flexible. As all checks are conducted, + it is also the slowest. This does not check against global reservations. out-of-pool - allows only out of @@ -3551,7 +3578,18 @@ should include options from the isc option space: with in-pool addresses, thus improving performance. Do not use this mode if any of your reservations use in-pool address. Caution is advised when using this setting. Kea does not sanity check the reservations against - reservation-mode and misconfiguration may cause problems. + reservation-mode and misconfiguration may cause + problems. + + + global - allows only global + host reservations. With this setting in place, the server searches for + reservations for a client only among the defined global reservations. + If an address is specified, the server will skip the reservation checks + done when dealing in other modes, thus improving performance. + Caution is advised when using this setting: Kea does not sanity check + the reservations when global and + misconfiguration may cause problems. @@ -3576,9 +3614,44 @@ should include options from the isc option space: } ] } - + + + An example configuration using global reservations is shown below: + +"Dhcp6": { + + + "reservations": [ + { + "duid": "00:03:00:01:11:22:33:44:55:66", + "hostname": "host-one" + }, + { + "duid": "00:03:00:01:99:88:77:66:55:44", + "hostname": "host-two" + } + ], + + "subnet6": [ + { + "subnet": "2001:db8:1::/64", + "reservation-mode": "global", + ... + }, + { + "subnet": "2001:db8:2::/64", + "reservation-mode": "global", + ... + } + ] +} + + For more details regarding global reservations, see + . + + Another aspect of the host reservations are different types of identifiers. Kea 1.1.0 supports two types of identifiers in DHCPv6: hw-address and duid, but more identifier types @@ -3620,6 +3693,76 @@ If not specified, the default value is: + +
+
+ Global reservations in DHCPv6 + + In some deployments, such as mobile, clients can roam within the + network and there is a desire to specify certain parameters regardless of + the client's current location. To facilitate such a need, a global + reservation mechanism has been implemented. The idea behind it is that + regular host reservations are tied to specific subnets, by using specific + subnet-id. Kea 1.5.0 introduced a new capability to specify global + reservation that can be used in every subnet that has global reservations + enabled. + + This feature can be used to assign certain parameters, such as + hostname or other dedicated, host-specific options. It can also be used to + assign addresses or prefixes. However, global reservations that assign + either of these bypass the whole topology determination provided by DHCP + logic implemented in Kea. It is very easy to misuse this feature and get + configuration that is inconsistent. To give a specific example, imagine a + global reservation for an address 2001:db8:1111::1 and two subnets + 2001:db8:1111::/64 and 2001:db8:ffff::/48. If global reservations are used + in both subnets and a device matching global host reservations visits part + of the network that is covered by 2001:db8:ffff::/48, it will get an IP + address 2001:db8:ffff::/48, which will be outside of the prefix announced + by its local router using Router Advertisements. Such a configuration + would be unsuable or at the very least ridden with issues, such as the + downlink traffic not reaching the device. + + + To use global host reservations a configuration similar to the following + can be used: + + +"Dhcp6:" { + // This specifies global reservations. They will apply to all subnets that + // have global reservations enabled. + + "reservations": [ + { + "hw-address": "aa:bb:cc:dd:ee:ff", + "hostname": "hw-host-dynamic" + }, + { + "hw-address": "01:02:03:04:05:06", + "hostname": "hw-host-fixed", + + // Use of IP address is global reservation is risky. If used outside of + // matching subnet, such as 2001:db8:1::/64, it will result in a broken + // configuration being handled to the client. + "ip-address": "2001:db8:ff::77" + }, + { + "duid": "01:02:03:04:05", + "hostname": "duid-host" + } + ], + "valid-lifetime": 600, + "subnet4": [ { + "subnet": "2001:db8:1::/64", + "reservation-mode": "global", + "pools": [ { "pool": "2001:db8:1::-2001:db8:1::100" } ] + } ] +} + + + + When using database backends, the global host reservations are + distinguished from regular reservations by using subnet-id value of + zero.