+2306. [func] tmark
+ The parameter "client-class" (a single class name) in
+ shared networks, subnets, and pools has been replaced with
+ "client-classes" (a list of one or more class names).
+ This applies to both kea-dhcp4 and kea-dhcp6.
+ (Gitlab #3592)
+
2305. [func] fdupont
Added a new "http-headers" parameter to the CA and
HTTP control socket configuration sections which can
generating DDNS update requests when leases are
being reused due to lease caching.
(Gitlab #3257)
-
+
Kea 2.7.4 (development) released on October 30, 2024
2302. [func] tmark
Configuring Subnets With Class Information
==========================================
+.. note:
+
+ As of Kea 2.7.5, ``client-class`` (a single class name) has been replaced
+ with ``client-classes`` (a list of one or more class names) and is now
+ deprecated. It will still be accepted as input for a time to allow users
+ to migrate but will eventually be unsupported.
+
In certain cases it is beneficial to restrict access to certain subnets
-only to clients that belong to a given class, using the ``client-class``
-keyword when defining the subnet.
+only to clients that belong to a given class, using the ``client-classes``
+parameter when defining the subnet. This parameter may be used to sepcify
+a list of one or more classes to which clients must belong in order to
+use the subnet.
Let's assume that the server is connected to a network segment that uses the
192.0.2.0/24 prefix. The administrator of that network has decided that
"id": 1,
"subnet": "192.0.2.0/24",
"pools": [ { "pool": "192.0.2.10 - 192.0.2.20" } ],
- "client-class": "Client_foo"
+ "client-classes": [ "Client_foo" ]
},
...
],
"id": 1,
"subnet": "2001:db8:1::/64",
"pools": [ { "pool": "2001:db8:1::-2001:db8:1::ffff" } ],
- "client-class": "Client_enterprise"
+ "client-classes": "Client_enterprise"
}
],
...
Configuring Pools With Class Information
========================================
+.. note:
+
+ As of Kea 2.7.5, ``client-class`` (a single class name) has been replaced
+ with ``client-classes`` (a list of one or more class names) and is now
+ deprecated. It will still be accepted as input for a time to allow users
+ to migrate but will eventually be unsupported.
+
Similar to subnets, in certain cases access to certain address or prefix
-pools must be restricted to only clients that belong to a given class,
-using the ``client-class`` when defining the pool.
+pools must be restricted to only clients that belong to at least one of a
+list of one or more classes, using the ``client-classes`` when defining
+the pool.
Let's assume that the server is connected to a network segment that uses the
192.0.2.0/24 prefix. The administrator of that network has decided that
"pools": [
{
"pool": "192.0.2.10 - 192.0.2.20",
- "client-class": "Client_foo"
+ "client-classes": [ "Client_foo" ]
}
]
},
"pools": [
{
"pool": "2001:db8:1::-2001:db8:1::ffff",
- "client-class": "Client_foo"
+ "client-classes": [ "Client_foo" ]
}
]
},
"id": 1,
"subnet": "192.0.2.0/24",
"pools": [ { "pool": "192.0.2.10 - 192.0.2.20" } ],
- "client-class": "VENDOR_CLASS_docsis3.0"
+ "client-classes": [ "VENDOR_CLASS_docsis3.0" ]
}
],
...
"id": 1,
"subnet": "192.0.2.0/24",
"pools": [ { "pool": "192.0.2.10 - 192.0.2.20" } ],
- "client-class": "Client_foo"
+ "client-classes": [ "Client_foo" ]
},
...
],
Client classes can be specified in the Kea configuration file and/or via
host reservations. The classes specified in the Kea configuration file are
evaluated immediately after receiving the DHCP packet and therefore can be
-used to influence subnet selection using the ``client-class`` parameter
+used to influence subnet selection using the ``client-classes`` parameter
specified in the subnet scope. The classes specified within the host
reservations are fetched and assigned to the packet after the server has
already selected a subnet for the client. This means that the client
"pools": [
{
"pool": "192.0.2.10-192.0.2.20",
- "client-class": "reserved_class"
+ "client-classes": [ "reserved_class" ]
},
{
"pool": "192.0.2.30-192.0.2.40",
- "client-class": "unreserved_class"
+ "client-classes": [ "unreserved_class" ]
}
]
}
"pools": [
{
"pool": "192.0.2.10-192.0.2.20",
- "client-class": "reserved_class"
+ "client-classes": [ "reserved_class" ]
}
]
},
"pools": [
{
"pool": "192.0.3.10-192.0.3.20",
- "client-class": "unreserved_class"
+ "client-classes": [ "unreserved_class" ]
}
]
}
global scope (global reservation) and ``reservations-global`` must be
set to ``true``.
-In the example above, the ``client-class`` could also be specified at the
+In the example above, the ``client-classes`` could also be specified at the
subnet level rather than the pool level, and would yield the same effect.
.. _multiple-reservations-same-ip4:
Sometimes it is desirable to segregate clients into specific subnets
based on certain properties. This mechanism is called client
-classification and is described in :ref:`classify`. Client
-classification can be applied to subnets belonging to shared networks in
+classification and is described in :ref:`classify`.
+
+Client classification can be applied to subnets belonging to shared networks in
the same way as it is used for subnets specified outside of shared
networks. It is important to understand how the server selects subnets
for clients when client classification is in use, to ensure that the
appropriate subnet is selected for a given client type.
-If a subnet is associated with a class, only the clients belonging to
-this class can use this subnet. If there are no classes specified for a
-subnet, any client connected to a given shared network can use this
-subnet. A common mistake is to assume that a subnet that includes a client
-class is preferred over subnets without client classes. Consider the
-following example:
+If a subnet is associated with one or more classes, only the clients belonging
+to at least one of these classes may this subnet. If there are no classes
+specified for a subnet, any client connected to a given shared network can use
+this subnet. A common mistake is to assume that a subnet that includes a client
+class is preferred over subnets without client classes.
+
+The ``client-classes`` parameter may be specified at the shared network, subnet,
+and/or pool scopes. If specified for a shared network, clients must belong to at
+least one of the classes specified for that network to be considered for subnets
+within that network. If specified for a subnet, clients must belong to at least
+one of the classes specified for that subnet to be considered for any of that
+subnet's pools. If sepcified for a pool, clients must belong to at least one
+of the classes specified for that pool to be given a lease from that pool.
+
+.. note:
+
+ As of Kea 2.7.5, ``client-class`` (a single class name) has been replaced
+ with ``client-classes`` (a list of one or more class names) and is now
+ deprecated. It will still be accepted as input for a time to allow users
+ to migrate but will eventually be unsupported.
+
+Consider the following example:
::
"id": 2,
"subnet": "10.0.0.0/24",
"pools": [ { "pool": "10.0.0.2 - 10.0.0.250" } ],
- "client-class": "b-devices"
+ "client-classes": [ "b-devices" ]
}
]
}
"id": 1,
"subnet": "192.0.2.0/26",
"pools": [ { "pool": "192.0.2.1 - 192.0.2.63" } ],
- "client-class": "a-devices"
+ "client-classes": [ "a-devices" ]
},
{
"id": 2,
"subnet": "10.0.0.0/24",
"pools": [ { "pool": "10.0.0.2 - 10.0.0.250" } ],
- "client-class": "b-devices"
+ "client-classes": [ "b-devices" ]
}
]
}
"id": 1,
"subnet": "10.1.1.0/24",
"pools": [ { "pool": "10.1.1.2 - 10.1.1.20" } ],
- "client-class": "docsis3.0",
+ "client-classes": [ "docsis3.0" ],
"relay": {
"ip-addresses": [ "10.1.1.1" ]
}
"id": 1,
"subnet": "2001:db8:1::/64",
"pools": [ { "pool": "2001:db8:1::-2001:db8:1::ffff" } ],
- "client-class": "Client_enterprise"
+ "client-classes": [ "Client_enterprise" ]
}
],
...
"pool": "2001:db8:1::-2001:db8:1::ffff"
}
],
- "client-class": "VENDOR_CLASS_eRouter1.0"
+ "client-classes": [ "VENDOR_CLASS_eRouter1.0" ]
}
],
...
Client classes can be specified both in the Kea configuration file and/or
via host reservations. The classes specified in the Kea configuration file are
evaluated immediately after receiving the DHCP packet and therefore can be
-used to influence subnet selection using the ``client-class`` parameter
+used to influence subnet selection using the ``client-classes`` parameter
specified in the subnet scope. The classes specified within the host
reservations are fetched and assigned to the packet after the server has
already selected a subnet for the client. This means that the client
"pools": [
{
"pool": "2001:db8:1::10-2001:db8:1::20",
- "client-class": "reserved_class"
+ "client-classes": [ "reserved_class" ]
},
{
"pool": "2001:db8:1::30-2001:db8:1::40",
- "client-class": "unreserved_class"
+ "client-classes": [ "unreserved_class" ]
}
]
}
"pools": [
{
"pool": "2001:db8:1::10-2001:db8:1::20",
- "client-class": "reserved_class"
+ "client-classes": [ "reserved_class" ]
}
]
},
"pools": [
{
"pool": "2001:db8:2::10-2001:db8:2::20",
- "client-class": "unreserved_class"
+ "client-classes": [ "unreserved_class" ]
}
]
}
global scope (global reservation) and ``reservations-global`` must be
set to ``true``.
-In the example above, the ``client-class`` could also be specified at the
+In the example above, the ``client-classes`` could also be specified at the
subnet level rather than the pool level, and would yield the same effect.
.. _multiple-reservations-same-ip6:
this class can use this subnet. If there are no classes specified for a
subnet, any client connected to a given shared network can use this
subnet. A common mistake is to assume that the subnet that includes a client
-class is preferred over subnets without client classes. Consider the
-following example:
+class is preferred over subnets without client classes.
+
+The ``client-classes`` parameter may be specified at the shared network, subnet,
+and/or pool scopes. If specified for a shared network, clients must belong to at
+least one of the classes specified for that network to be considered for subnets
+within that network. If specified for a subnet, clients must belong to at least
+one of the classes specified for that subnet to be considered for any of that
+subnet's pools. If sepcified for a pool, clients must belong to at least one
+of the classes specified for that pool to be given a lease from that pool.
+
+.. note:
+
+ As of Kea 2.7.5, ``client-class`` (a single class name) has been replaced
+ with ``client-classes`` (a list of one or more class names) and is now
+ deprecated. It will still be accepted as input for a time to allow users
+ to migrate but will eventually be unsupported.
+
+Consider the following example:
.. code-block:: json
"id": 2,
"subnet": "2001:db8:3::/64",
"pools": [ { "pool": "2001:db8:3::20 - 2001:db8:3::ff" } ],
- "client-class": "b-devices"
+ "client-classes": "b-devices"
}
]
}
"id": 1,
"subnet": "2001:db8:1::/64",
"pools": [ { "pool": "2001:db8:1::20 - 2001:db8:1::ff" } ],
- "client-class": "a-devices"
+ "client-classes": [ "a-devices" ]
},
{
"id": 2,
"subnet": "2001:db8:3::/64",
"pools": [ { "pool": "2001:db8:3::20 - 2001:db8:3::ff" } ],
- "client-class": "b-devices"
+ "client-classes": [ "b-devices" ]
}
]
}
"pools": [
{ "pool": "3000::2 - 3000::ffff" }
],
- "client-class": "VENDOR_CLASS_docsis3.0",
+ "client-classes": [ "VENDOR_CLASS_docsis3.0" ],
"relay": {
"ip-addresses": [ "3000::1" ]
}
{
// BOOTP clients will be handled here
"pool": "192.0.2.200 - 192.0.2.254",
- "client-class": "BOOTP"
+ "client-classes": [ "BOOTP" ]
},
{
// Regular DHCP clients will be handled here
"pool": "192.0.2.1 - 192.0.2.199",
- "client-class": "DHCP"
+ "client-classes": [ "DHCP" ]
}],
...
},
"subnet": "192.0.3.0/24",
"pools": [{
"pool": "192.0.3.100 - 192.0.3.150",
- "client-class": "HA_server1"
+ "client-classes": [ "HA_server1 ]"
}, {
"pool": "192.0.3.200 - 192.0.3.250",
- "client-class": "HA_server2"
+ "client-classes": [ "HA_server2" ]
}],
"option-data": [{
"subnet": "192.0.3.0/24",
"pools": [{
"pool": "192.0.3.100 - 192.0.3.125",
- "client-class": "phones_server1"
+ "client-classes": [ "phones_server1" ]
}, {
"pool": "192.0.3.126 - 192.0.3.150",
- "client-class": "laptops_server1"
+ "client-classes": [ "laptops_server1" ]
}, {
"pool": "192.0.3.200 - 192.0.3.225",
- "client-class": "phones_server2"
+ "client-classes": [ "phones_server2" ]
}, {
"pool": "192.0.3.226 - 192.0.3.250",
- "client-class": "laptops_server2"
+ "client-classes": [ "laptops_server2" ]
}],
"option-data": [{
"subnet": "192.0.3.0/24",
"pools": [{
"pool": "192.0.3.100 - 192.0.3.250",
- "client-class": "HA_server1"
+ "client-classes": [ "HA_server1" ]
}],
"option-data": [{
projects / thirdparty / kea.git / commitdiff
