// hundreds of thausands of clients), you may need to increase it
// further. The default value is 60000ms (60 seconds).
"sync-timeout": 60000,
+ // To not experience performance degradation when the Kea server is
+ // processing packets on multiple threads, the High Availablility module
+ // must be configured in a similar way.
"multi-threading": {
"enable-multi-threading": true,
// When running in MT mode, the dedicated listener is used to handle
// This is the configuration of this server instance.
{
"name": "server1",
- // This specifies the URL of our server instance. The
- // Control Agent is not required run along with our DHCPv4 server
- // instance. The "http-host" and "http-port" values must be
- // set to different values then the Control Agent.
+ // This specifies the URL of this server instance. The
+ // Control Agent is not required to run along with this DHCPv4 server
+ // instance if multi-threading is enabled.
+ // The "http-host" and "http-port" values must be set to different
+ // values then the ones used by the Control Agent.
"url": "http://192.168.56.33:8000/",
// Trust anchor aka certificate authority file or directory.
"trust-anchor": "/usr/lib/kea/CA.pem",
"cert-file": "/usr/lib/kea/server1_cert.pem",
// Private key file name.
"key-file": "/usr/lib/kea/server1_key.pem",
+ // Client certificates are required and verified.
+ "require-client-certs": true,
// This server is primary. The other one must be
// secondary.
"role": "primary"
},
- // This is the configuration of our HA peer.
+ // This is the configuration of the HA peer.
{
"name": "server2",
// Specifies the URL on which the partner's control
// channel can be reached. The Control Agent is not required
- // to run on the partner's machine. The "http-host" and
- // "http-port" values must be set to different values then the
- // Control Agent.
+ // to run on the partner's machine if multi-threading is enabled.
+ // The "http-host" and "http-port" values must be set to different
+ // values then the ones used by the Control Agent.
"url": "http://192.168.56.66:8000/",
// Trust anchor aka certificate authority file or directory.
"trust-anchor": "/usr/lib/kea/CA.pem",
"cert-file": "/usr/lib/kea/server2_cert.pem",
// Private key file name.
"key-file": "/usr/lib/kea/server2_key.pem",
- // The partner is a secondary. Our is primary.
+ // Client certificates are required and verified.
+ "require-client-certs": true,
+ // The partner is secondary. This server is primary.
"role": "secondary"
}
]
// hundreds of thausands of clients), you may need to increase it
// further. The default value is 60000ms (60 seconds).
"sync-timeout": 60000,
+ // To not experience performance degradation when the Kea server is
+ // processing packets on multiple threads, the High Availablility module
+ // must be configured in a similar way.
"multi-threading": {
"enable-multi-threading": true,
// When running in MT mode, the dedicated listener is used to handle
"http-client-threads": 4
},
"peers": [
- // This is the configuration of this server instance.
+ // This is the configuration of the HA peer.
{
"name": "server1",
- // This specifies the URL of our server instance. The
- // Control Agent is not required run along with our DHCPv4 server
- // instance. The "http-host" and "http-port" values must be
- // set to different values then the Control Agent.
+ // Specifies the URL on which the partner's control
+ // channel can be reached. The Control Agent is not required
+ // to run on the partner's machine if multi-threading is enabled.
+ // The "http-host" and "http-port" values must be set to different
+ // values then the ones used by the Control Agent.
"url": "http://192.168.56.33:8000/",
- // This server is primary. The other one must be
- // secondary.
+ // The partner is primary. This server is secondary.
"role": "primary"
},
- // This is the configuration of our HA peer.
+ // This is the configuration of this server instance.
{
"name": "server2",
- // Specifies the URL on which the partner's control
- // channel can be reached. The Control Agent is not required
- // to run on the partner's machine. The "http-host" and
- // "http-port" values must be set to different values then the
- // Control Agent.
+ // This specifies the URL of this server instance. The
+ // Control Agent is not required to run along with this DHCPv4 server
+ // instance if multi-threading is enabled.
+ // The "http-host" and "http-port" values must be set to different
+ // values then the ones used by the Control Agent.
"url": "http://192.168.56.66:8000/",
- // The partner is a secondary. Our is primary.
+ // This server is secondary. The other one must be
+ // primary.
"role": "secondary"
}
]
"cert-file": "/usr/lib/kea/server_cert.pem",
// Private key file name.
"key-file": "/usr/lib/kea/server_key.pem",
+ // Client certificates are required and verified.
+ "require-client-certs": true,
"peers": [
- // This is the configuration of our HA peer.
+ // This is the configuration of this server instance.
{
"name": "server1",
- // Specifies the URL on which the partner's control
- // channel can be reached. The Control Agent is required
- // to run on the partner's machine with "http-host" and
- // "http-port" values set to the corresponding values.
+ // This specifies the URL of this server instance. The
+ // Control Agent must run along with this DHCPv6 server
+ // instance and the "http-host" and "http-port" must be
+ // set to the corresponding values.
"url": "http://192.168.56.33:8000/",
- // The partner is primary. Our is standby.
+ // This server is primary. The other one must be
+ // standby.
"role": "primary"
},
- // This is the configuration of this server instance.
+ // This is the configuration of the HA peer.
{
"name": "server2",
- // This specifies the URL of our server instance. The
- // Control Agent must run along with our DHCPv6 server
- // instance and the "http-host" and "http-port" must be
- // set to the corresponding values.
+ // Specifies the URL on which the partner's control
+ // channel can be reached. The Control Agent is required
+ // to run on the partner's machine with "http-host" and
+ // "http-port" values set to the corresponding values.
"url": "http://192.168.56.66:8000/",
- // Out server is standby. The partner is primary.
+ // The partner is standby. This server is primary.
"role": "standby"
}
]
// the partner but appear to not receive any response.
"max-unacked-clients": 5,
"peers": [
- // This is the configuration of our HA peer.
+ // This is the configuration of the HA peer.
{
"name": "server1",
// Specifies the URL on which the partner's control
// to run on the partner's machine with "http-host" and
// "http-port" values set to the corresponding values.
"url": "http://192.168.56.33:8000/",
- // The partner is primary. Our is standby.
+ // The partner is primary. This server is standby.
"role": "primary"
},
// This is the configuration of this server instance.
{
"name": "server2",
- // This specifies the URL of our server instance. The
- // Control Agent must run along with our DHCPv6 server
+ // This specifies the URL of this server instance. The
+ // Control Agent must run along with this DHCPv6 server
// instance and the "http-host" and "http-port" must be
// set to the corresponding values.
"url": "http://192.168.56.66:8000/",
- // Out server is standby. The partner is primary.
+ // This server is standby. The other one must be
+ // primary.
"role": "standby"
}
]
Deployment Considerations
~~~~~~~~~~~~~~~~~~~~~~~~~
-The setup is not expected to scale automatically. This example uses 4 thread for
+The setup is not expected to scale automatically. This example uses 4 threads for
processing DHCP traffic, 4 threads for listening and handling HA peer HTTP requests
and 4 threads for sending lease updates to the HA peer. The thread queue used to
-store incomming HDCP requests is set to 64, but specific values for better
+store incomming DHCP requests is set to 64, but specific values for better
performance must be determined on the deployment setup by doing proper testing
and benchmarks.
"cert-file": "/usr/lib/kea/server1_cert.pem",
// Private key file name.
"key-file": "/usr/lib/kea/server1_key.pem",
+ // Client certificates are required and verified.
+ "require-client-certs": true,
// This server is primary. The other one must be
// secondary.
"role": "primary"
"cert-file": "/usr/lib/kea/server2_cert.pem",
// Private key file name.
"key-file": "/usr/lib/kea/server2_key.pem",
+ // Client certificates are required and verified.
+ "require-client-certs": true,
// The other server is secondary. This one must be
// primary.
"role": "standby"
//
// - uses High Availability hooks library and Lease Commands hooks library
// to enable High Availability function for the DHCP server. This config
-// file is for the primary (the active) server.
+// file is for the secondary (the standby) server.
// - uses memfile, which stores lease data in a local CSV file
// - it assumes a single /24 addressing over a link that is directly reachable
// (no DHCP relays)
"cert-file": "/usr/lib/kea/server1_cert.pem",
// Private key file name.
"key-file": "/usr/lib/kea/server1_key.pem",
+ // Client certificates are required and verified.
+ "require-client-certs": true,
// The other server is primary. This one must be
// secondary.
"role": "primary"
"cert-file": "/usr/lib/kea/server2_cert.pem",
// Private key file name.
"key-file": "/usr/lib/kea/server2_key.pem",
+ // Client certificates are required and verified.
+ "require-client-certs": true,
// This server is secondary. The other one must be
// primary.
"role": "standby"
"config-backend.json",
"dhcpv4-over-dhcpv6.json",
"global-reservations.json",
- "ha-load-balancing-primary-mt-with-tls.json",
- "ha-load-balancing-secondary-mt.json",
+ "ha-load-balancing-server1-mt-with-tls.json",
+ "ha-load-balancing-server2-mt.json",
"hooks.json",
"hooks-radius.json",
"leases-expiration.json",
"dhcpv4-over-dhcpv6.json",
"duid.json",
"global-reservations.json",
- "ha-hot-standby-primary-with-tls.json",
- "ha-hot-standby-secondary.json",
+ "ha-hot-standby-server1-with-tls.json",
+ "ha-hot-standby-server2.json",
"hooks.json",
"iPXE.json",
"leases-expiration.json",
"config-backend.json",
"dhcpv4-over-dhcpv6.json",
"global-reservations.json",
- "ha-load-balancing-primary-mt-with-tls.json",
- "ha-load-balancing-secondary-mt.json",
+ "ha-load-balancing-server1-mt-with-tls.json",
+ "ha-load-balancing-server2-mt.json",
"hooks.json",
"hooks-radius.json",
"leases-expiration.json",
"dhcpv4-over-dhcpv6.json",
"duid.json",
"global-reservations.json",
- "ha-hot-standby-primary-with-tls.json",
- "ha-hot-standby-secondary.json",
+ "ha-hot-standby-server1-with-tls.json",
+ "ha-hot-standby-server2.json",
"hooks.json",
"iPXE.json",
"leases-expiration.json",
projects / thirdparty / kea.git / commitdiff
