From: Francis Dupont <fdupont@isc.org>
Date: Fri, 3 Nov 2017 22:34:21 +0000 (+0100)
Subject: [5425] Added class/pool in doc and examples
X-Git-Tag: trac5374_base~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53440e83787db21b79b47c1be41ba92e0cb02542;p=thirdparty%2Fkea.git

[5425] Added class/pool in doc and examples
---

diff --git a/doc/examples/kea4/classify.json b/doc/examples/kea4/classify.json
index 6964960e22..e769e581f0 100644
--- a/doc/examples/kea4/classify.json
+++ b/doc/examples/kea4/classify.json
@@ -97,7 +97,27 @@
             "client-classes": [ "VoIP" ]
         } ],
         "interface": "ethX"
-    }
+    },
+
+// The following list defines a subnet with pools. For some pools
+// we defined a class that is allowed in that pool. If not specified
+// everyone is allowed. When a class is specified, only packets belonging
+// to that class are allowed for that pool.
+     {
+        "pools": [
+           {
+// This one is for VoIP devices only.
+              "pool":  "192.0.4.1 - 192.0.4.200",
+              "client-class": "VoIP"
+           },
+// This one doesn't have any client-class specified, so everyone
+// is allowed in.
+           {
+               "pool":  "192.0.5.1 - 192.0.5.200"
+           } ],
+           "subnet": "192.0.4.0/23",
+           "interface": "ethY"
+     }
   ]
 },
 
diff --git a/doc/examples/kea6/classify.json b/doc/examples/kea6/classify.json
index eaa37beec4..b6e184b618 100644
--- a/doc/examples/kea6/classify.json
+++ b/doc/examples/kea6/classify.json
@@ -73,7 +73,19 @@
             "client-classes": [ "cable-modems" ]
         } ],
         "interface": "ethX"
+    },
+// The following subnet contains a pool with a class constraint: only
+// clients which belong to the class are allowed to use this pool.
+    {
+        "pools": [
+           {
+               "pool": "2001:db8:3::/80",
+               "client-class": "cable-modems"
+           } ],
+         "subnet": "2001:db8:4::/64",
+         "interface": "ethY"
     }
+
   ]
 },
 
diff --git a/doc/guide/classify.xml b/doc/guide/classify.xml
index cfc515f9a1..bd5ab03907 100644
--- a/doc/guide/classify.xml
+++ b/doc/guide/classify.xml
@@ -801,6 +801,56 @@ concatenation of the strings</entry></row>
       </para>
   </section>
 
+ <section id="classification-pools">
+   <title>Configuring Pools With Class Information</title>
+     <para>
+       Similar to subnets in certain cases access to certain address or
+       prefix pools must be restricted to only clients that belong to a
+       given class, using the "client-class" when defining the pool.
+     </para>
+
+     <para>
+       Let's assume that the server is connected to a network segment that uses
+       the 192.0.2.0/24 prefix. The Administrator of that network has decided
+       that addresses from range 192.0.2.10 to 192.0.2.20 are going to be
+       managed by the DHCP4 server. Only clients belonging to client class
+       Client_foo are allowed to use this pool. Such a
+       configuration can be achieved in the following way:
+       <screen>
+"Dhcp4": {
+    "client-classes": [
+        {
+            "name": "Client_foo",
+            "test": "substring(option[61].hex,0,3) == 'foo'",
+            "option-data": [
+                {
+                    "name": "domain-name-servers",
+                    "code": 6,
+                    "space": "dhcp4",
+                    "csv-format": true,
+                    "data": "192.0.2.1, 192.0.2.2"
+                }
+            ]
+        },
+        ...
+    ],<userinput>
+    "subnet4": [
+        {
+            "subnet": "192.0.2.0/24",
+            "pools": [
+                {
+                    "pool": "192.0.2.10 - 192.0.2.20",
+                    "client-class": "Client_foo"
+                }
+            ]
+        },
+        ...
+    ],</userinput>,
+    ...
+}</screen>
+      </para>
+  </section>
+
   <section>
     <title>Using Classes</title>
       <para>
diff --git a/doc/guide/dhcp4-srv.xml b/doc/guide/dhcp4-srv.xml
index b0070184be..bdd58cf015 100644
--- a/doc/guide/dhcp4-srv.xml
+++ b/doc/guide/dhcp4-srv.xml
@@ -2081,6 +2081,15 @@ It is merely echoed by the server
       class restrictions on subnets, see <xref linkend="classification-subnets"/>.
       </para>
 
+      <para>
+      When subnets belong to a shared network the classification applies
+      to subnet selection but not to pools, e.g., a pool in a subnet
+      limited to a particular class can still be used by clients which do not
+      belong to the class if the pool they are expected to use is exhausted.
+      So the limit access based on class information is also available
+      at the pool level, see <xref linkend="classification-pools"/>.
+      </para>
+
       <para>
       The process of doing classification is conducted in three steps. The first step
       is to assess an incoming packet and assign it to zero or more classes.  The
diff --git a/doc/guide/dhcp6-srv.xml b/doc/guide/dhcp6-srv.xml
index 06d5717aed..a577843c37 100644
--- a/doc/guide/dhcp6-srv.xml
+++ b/doc/guide/dhcp6-srv.xml
@@ -1940,6 +1940,16 @@ should include options from the isc option space:
       class restrictions on subnets, see <xref linkend="classification-subnets"/>.
       </para>
 
+      <para>
+      When subnets belong to a shared network the classification applies
+      to subnet selection but not to pools, e.g., a pool in a subnet
+      limited to a particular class can still be used by clients which do not
+      belong to the class if the pool they are expected to use is exhausted.
+      So the limit access based on class information is also available
+      at the address/prefix pool level, see <xref
+      linkend="classification-pools"/>.
+      </para>
+
       <para>
       The process of doing classification is conducted in three steps. The first step
       is to assess an incoming packet and assign it to zero or more classes.  The