Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    KEA DHCP - lacking features

    DHCP and DNS
    15
    60
    16.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • maverickwsM
      maverickws
      last edited by

      Hiya,

      I have taken a look into the new DHCP Server service, KEA, only to find out that when enabled, the Additional BOOTP/DHCP Options disappear.

      Now, Additional BOOTP/DHCP Options is a real thing that provides said DHCP config options to the client.
      I have dozens of machines that require this option, and by setting the MTU on the correspondent interface, that doesn't make the clients set the proper MTU.
      That's DHCP option 26.

      This is a critical component and honestly if pfSense is dropping this, I will have to find another firewall software that supports it. Even if I finally have to go Cisco, I mean, I'm completely baffled by this.

      johnpozJ RobbieTTR JonathanLeeJ R 4 Replies Last reply Reply Quote 5
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @maverickws
        last edited by johnpoz

        @maverickws This is a "preview" as they move from isc to kea - I find it highly unlikely that this is final with all possible options available, etc.

        https://docs.netgate.com/pfsense/en/latest/releases/23-09.html#rn-23-09-kea
        Netgate developers have started the migration to Kea DHCP server from ISC as a replacement for ISC DHCPD for IPv4 and IPv6 DHCP service. Basic functionality is present, but not all features are supported at this time.

        If it is missing something you need/use/want then I would just stick with the isc dhcpd for now.

        Reminds me when they migrated to unbound from just dnsmasq.. It was at first just a package, and then after a while it became integrated and the default.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 4
        • RobbieTTR
          RobbieTT @maverickws
          last edited by

          @maverickws

          Before it went live it was suggested that encouraging users to leave ISC for Kea was rather over done, considering its immaturity.

          I did switch to Kea during the beta period and it was seamless with no apparent drawbacks but once I released some basics were missing and that it was relying on previous ISC managed data to function, had me switching back.

          As I understand it, simple static mappings / reservations from Kea are not actually supported. However, it may give an illusion of functionality if you have run ISC previously. Existing mappings / reservations will still be resolvable as the hosts file still contains them as a hang-over from running ISC. Any new mappings added or modified will not be resolvable.

          To me, the ability to set a static mapping / reservation is a basic cornerstone of networking. I think there will be a cascade of confusion as and when the previous hosts file becomes out-of-date.

          ☕️

          johnpozJ M 2 Replies Last reply Reply Quote 2
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @RobbieTT
            last edited by johnpoz

            @RobbieTT said in KEA DHCP - lacking features:

            reservations from Kea are not actually supported.

            Like in the full product, or with pfsense current deployment of it.. How can a dhcp server not have reservations?

            edit: ok it has to just be in pfsense deployment of it currently

            https://www.isc.org/kea/
            Kea supports two database backends; MySQL and PostgreSQL. Choose to store leases, host reservations, or shared configuration data in a separate database backend. Benefits of this include:

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            RobbieTTR 1 Reply Last reply Reply Quote 0
            • RobbieTTR
              RobbieTT @johnpoz
              last edited by

              @johnpoz

              I'm only talking pfSense.

              ☕️

              1 Reply Last reply Reply Quote 0
              • M
                michmoor LAYER 8 Rebel Alliance @RobbieTT
                last edited by

                @RobbieTT said in KEA DHCP - lacking features:

                efore it went live it was suggested that encouraging users to leave ISC for Kea was rather over done, considering its immaturity.

                Yep and this was definitely confusing. We know its BETA but also the strong encouragement to use it now as a replacement didnt make sense. Its not feature-complete.

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                1 Reply Last reply Reply Quote 0
                • maverickwsM
                  maverickws
                  last edited by

                  Thank you all for your replies.

                  Ok will be looking forward for the final product and stick to ISC for now, but notice there's deprecation warnings everywhere suggesting people to migrate, it makes one believe it is already a matured implementation. Cheers

                  RobbieTTR 1 Reply Last reply Reply Quote 0
                  • RobbieTTR
                    RobbieTT @maverickws
                    last edited by

                    @maverickws

                    Well we may question veracity of the warnings but they did provide a check-box to disable it.

                    ☕️

                    maverickwsM 1 Reply Last reply Reply Quote 0
                    • maverickwsM
                      maverickws @RobbieTT
                      last edited by

                      @RobbieTT well yeah, I mean if it still needs so much polishing, and that's fine, just don't push the warnings like that just yet. Announce it some other way, have the January release put the warnings (if hopefully the implementation is more advanced).
                      That'd be a strategy I'd understand.

                      RobbieTTR 1 Reply Last reply Reply Quote 1
                      • RobbieTTR
                        RobbieTT @maverickws
                        last edited by

                        @maverickws - Yep.

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          There is a bit of confusion above. Static mappings/"reservations" in Kea work. It's the DNS resolution/integration that does not work yet.

                          And yes there are several missing features yet but bear in mind a significant portion of users don't use all of the available features. Most just use the basic functionality.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          RobbieTTR 1 Reply Last reply Reply Quote 0
                          • RobbieTTR
                            RobbieTT @jimp
                            last edited by

                            @jimp

                            No real confusion, just an absence of formal documentation. Other than the release notes I have not seen anything substantive on the subject. There is nothing in the pfSense online documentation and there is no mention of Kea under DHCP. If there was a white-paper / technical paper on the subject I have yet to find it.

                            The only concern I was aware of in the dev/beta stage was the inclusion of a warning banner encouraging a switch away from ISC. As the release notes for v23.09 make clear, Kea on pfSense is only in 'Feature Preview' Stage and gaps are expected.

                            As we stand, there is a GUI warning about continuing to use ISC and a warning in the release notes about using Kea. I'm not sure having a warning in place for both ISC and Kea is appropriate in production software.

                            ☕️

                            1 Reply Last reply Reply Quote 0
                            • jimpJ
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              The docs don't mention Kea because the goal is eventually to have feature and UI parity and having to keep all the docs updated as things are addressed would be quite a lot more work that would just be undone in a couple months. Once it's complete there won't be many differences in the UI between ISC/Kea.

                              The warnings are both accurate. ISC is EOL and people should consider switching. The features needed for the bulk of users are there and work and many if not most users could switch and barely notice a difference in behavior. However, since it isn't feature complete, the warning about that in the release notes/blog/etc is necessary and accurate.

                              The users who post on the forum/social media in general tend to be more advanced and sure they may want/need some features that aren't there yet, but you have to remember they are not necessarily representative of the hundreds of thousands of other users.

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              RobbieTTR M 2 Replies Last reply Reply Quote 3
                              • RobbieTTR
                                RobbieTT @jimp
                                last edited by

                                @jimp said in KEA DHCP - lacking features:

                                ISC is EOL and people should consider switching. The features needed for the bulk of users are there and work and many if not most users could switch and barely notice a difference in behavior.

                                Thanks Jim and a 'note' in the GUI that reflected the above quote is close to ideal. To avoid startling any non-technical folk you could soften it further by stating that "ISC remains fully supported but is nearing EOL and...".

                                I can testify that it is indeed remarkably easy and painless to switch between the two; something I commented positively on during the dev stage.

                                ☕️

                                1 Reply Last reply Reply Quote 0
                                • M
                                  michmoor LAYER 8 Rebel Alliance @jimp
                                  last edited by

                                  @jimp said in KEA DHCP - lacking features:

                                  The users who post on the forum/social media in general tend to be more advanced and sure they may want/need some features that aren't there yet, but you have to remember they are not necessarily representative of the hundreds of thousands of other users.

                                  This is a fair point.
                                  Follow up - Do we need to wait for 24.03 to get the feature complete Kea or can it be delivered in an update prior?

                                  Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                  Routing: Juniper, Arista, Cisco
                                  Switching: Juniper, Arista, Cisco
                                  Wireless: Unifi, Aruba IAP
                                  JNCIP,CCNP Enterprise

                                  jimpJ 1 Reply Last reply Reply Quote 0
                                  • jimpJ
                                    jimp Rebel Alliance Developer Netgate @michmoor
                                    last edited by

                                    @michmoor said in KEA DHCP - lacking features:

                                    Follow up - Do we need to wait for 24.03 to get the feature complete Kea or can it be delivered in an update prior?

                                    Most likely it will take enough time to implement that it will be close to the release before it's ready anyhow, but if it's ready before then, we are considering different methods of distribution (e.g. as a system patches update if possible). Though it will likely require additional binaries/daemons to manage the DNS API integration which would limit the viable methods. But we're keeping our options open for the moment.

                                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                    Need help fast? Netgate Global Support!

                                    Do not Chat/PM for help!

                                    1 Reply Last reply Reply Quote 3
                                    • JonathanLeeJ
                                      JonathanLee @maverickws
                                      last edited by JonathanLee

                                      @maverickws said in KEA DHCP - lacking features:

                                      DHCP option 26.
                                      Also . . .

                                      Option 252 WPAD
                                      Option 42 NTP
                                      Option 3 Gateway
                                      Option 6 DNS

                                      Make sure to upvote

                                      M 1 Reply Last reply Reply Quote 2
                                      • M
                                        mcury @JonathanLee
                                        last edited by

                                        @JonathanLee said in KEA DHCP - lacking features:

                                        @maverickws said in KEA DHCP - lacking features:

                                        DHCP option 26.
                                        Also . . .

                                        Option 252 WPAD
                                        Option 42 NTP
                                        Option 3 Gateway
                                        Option 6 DNS

                                        I only use DHCP 43, I use it to adopt Unifi switch Mini to Unifi controller, but since it is already adopted, I don't need it anymore, so I'm already testing KEA and so far, so good..

                                        dead on arrival, nowhere to be found.

                                        1 Reply Last reply Reply Quote 3
                                        • maverickwsM
                                          maverickws
                                          last edited by

                                          I guess we'll end up realising that there are more users using "advanced" options that initially thought.

                                          RobbieTTR 1 Reply Last reply Reply Quote 3
                                          • RobbieTTR
                                            RobbieTT @maverickws
                                            last edited by

                                            Option 6 was the first one I noticed. Missing Option 42 was ok as everything I currently have points to an internal IP address.

                                            ☕️

                                            JonathanLeeJ maverickwsM 3 Replies Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.