KEA DHCP - lacking features

maverickws · Nov 7, 2023, 7:05 PM

Hiya,

I have taken a look into the new DHCP Server service, KEA, only to find out that when enabled, the Additional BOOTP/DHCP Options disappear.

Now, Additional BOOTP/DHCP Options is a real thing that provides said DHCP config options to the client.
I have dozens of machines that require this option, and by setting the MTU on the correspondent interface, that doesn't make the clients set the proper MTU.
That's DHCP option 26.

This is a critical component and honestly if pfSense is dropping this, I will have to find another firewall software that supports it. Even if I finally have to go Cisco, I mean, I'm completely baffled by this.

johnpoz · Nov 7, 2023, 7:11 PM

@maverickws This is a "preview" as they move from isc to kea - I find it highly unlikely that this is final with all possible options available, etc.

https://docs.netgate.com/pfsense/en/latest/releases/23-09.html#rn-23-09-kea
Netgate developers have started the migration to Kea DHCP server from ISC as a replacement for ISC DHCPD for IPv4 and IPv6 DHCP service. Basic functionality is present, but not all features are supported at this time.

If it is missing something you need/use/want then I would just stick with the isc dhcpd for now.

Reminds me when they migrated to unbound from just dnsmasq.. It was at first just a package, and then after a while it became integrated and the default.

RobbieTT · Nov 7, 2023, 8:14 PM

@maverickws

Before it went live it was suggested that encouraging users to leave ISC for Kea was rather over done, considering its immaturity.

I did switch to Kea during the beta period and it was seamless with no apparent drawbacks but once I released some basics were missing and that it was relying on previous ISC managed data to function, had me switching back.

As I understand it, simple static mappings / reservations from Kea are not actually supported. However, it may give an illusion of functionality if you have run ISC previously. Existing mappings / reservations will still be resolvable as the hosts file still contains them as a hang-over from running ISC. Any new mappings added or modified will not be resolvable.

To me, the ability to set a static mapping / reservation is a basic cornerstone of networking. I think there will be a cascade of confusion as and when the previous hosts file becomes out-of-date.

️

johnpoz · Nov 7, 2023, 8:20 PM

@RobbieTT said in KEA DHCP - lacking features:

reservations from Kea are not actually supported.

Like in the full product, or with pfsense current deployment of it.. How can a dhcp server not have reservations?

edit: ok it has to just be in pfsense deployment of it currently

https://www.isc.org/kea/
Kea supports two database backends; MySQL and PostgreSQL. Choose to store leases, host reservations, or shared configuration data in a separate database backend. Benefits of this include:

RobbieTT · Nov 7, 2023, 8:46 PM

@johnpoz

I'm only talking pfSense.

️

michmoor · Nov 7, 2023, 9:02 PM

@RobbieTT said in KEA DHCP - lacking features:

efore it went live it was suggested that encouraging users to leave ISC for Kea was rather over done, considering its immaturity.

Yep and this was definitely confusing. We know its BETA but also the strong encouragement to use it now as a replacement didnt make sense. Its not feature-complete.

maverickws · Nov 8, 2023, 10:06 AM

Thank you all for your replies.

Ok will be looking forward for the final product and stick to ISC for now, but notice there's deprecation warnings everywhere suggesting people to migrate, it makes one believe it is already a matured implementation. Cheers

RobbieTT · Nov 8, 2023, 10:10 AM

@maverickws

Well we may question veracity of the warnings but they did provide a check-box to disable it.

️

maverickws · Nov 8, 2023, 10:12 AM

@RobbieTT well yeah, I mean if it still needs so much polishing, and that's fine, just don't push the warnings like that just yet. Announce it some other way, have the January release put the warnings (if hopefully the implementation is more advanced).
That'd be a strategy I'd understand.

RobbieTT · Nov 8, 2023, 10:15 AM

@maverickws - Yep.

jimp · Nov 8, 2023, 1:17 PM

There is a bit of confusion above. Static mappings/"reservations" in Kea work. It's the DNS resolution/integration that does not work yet.

And yes there are several missing features yet but bear in mind a significant portion of users don't use all of the available features. Most just use the basic functionality.

RobbieTT · Nov 8, 2023, 1:51 PM

@jimp

No real confusion, just an absence of formal documentation. Other than the release notes I have not seen anything substantive on the subject. There is nothing in the pfSense online documentation and there is no mention of Kea under DHCP. If there was a white-paper / technical paper on the subject I have yet to find it.

The only concern I was aware of in the dev/beta stage was the inclusion of a warning banner encouraging a switch away from ISC. As the release notes for v23.09 make clear, Kea on pfSense is only in 'Feature Preview' Stage and gaps are expected.

As we stand, there is a GUI warning about continuing to use ISC and a warning in the release notes about using Kea. I'm not sure having a warning in place for both ISC and Kea is appropriate in production software.

️

jimp · Nov 8, 2023, 1:58 PM

The docs don't mention Kea because the goal is eventually to have feature and UI parity and having to keep all the docs updated as things are addressed would be quite a lot more work that would just be undone in a couple months. Once it's complete there won't be many differences in the UI between ISC/Kea.

The warnings are both accurate. ISC is EOL and people should consider switching. The features needed for the bulk of users are there and work and many if not most users could switch and barely notice a difference in behavior. However, since it isn't feature complete, the warning about that in the release notes/blog/etc is necessary and accurate.

The users who post on the forum/social media in general tend to be more advanced and sure they may want/need some features that aren't there yet, but you have to remember they are not necessarily representative of the hundreds of thousands of other users.

RobbieTT · Nov 8, 2023, 2:06 PM

@jimp said in KEA DHCP - lacking features:

ISC is EOL and people should consider switching. The features needed for the bulk of users are there and work and many if not most users could switch and barely notice a difference in behavior.

Thanks Jim and a 'note' in the GUI that reflected the above quote is close to ideal. To avoid startling any non-technical folk you could soften it further by stating that "ISC remains fully supported but is nearing EOL and...".

I can testify that it is indeed remarkably easy and painless to switch between the two; something I commented positively on during the dev stage.

️

michmoor · Nov 8, 2023, 2:17 PM

@jimp said in KEA DHCP - lacking features:

The users who post on the forum/social media in general tend to be more advanced and sure they may want/need some features that aren't there yet, but you have to remember they are not necessarily representative of the hundreds of thousands of other users.

This is a fair point.
Follow up - Do we need to wait for 24.03 to get the feature complete Kea or can it be delivered in an update prior?

jimp · Nov 8, 2023, 2:20 PM

@michmoor said in KEA DHCP - lacking features:

Follow up - Do we need to wait for 24.03 to get the feature complete Kea or can it be delivered in an update prior?

Most likely it will take enough time to implement that it will be close to the release before it's ready anyhow, but if it's ready before then, we are considering different methods of distribution (e.g. as a system patches update if possible). Though it will likely require additional binaries/daemons to manage the DNS API integration which would limit the viable methods. But we're keeping our options open for the moment.

JonathanLee · Nov 8, 2023, 5:48 PM

@maverickws said in KEA DHCP - lacking features:

DHCP option 26.
Also . . .

Option 252 WPAD
Option 42 NTP
Option 3 Gateway
Option 6 DNS

mcury · Nov 8, 2023, 5:50 PM

@JonathanLee said in KEA DHCP - lacking features:

@maverickws said in KEA DHCP - lacking features:

DHCP option 26.
Also . . .

Option 252 WPAD
Option 42 NTP
Option 3 Gateway
Option 6 DNS

I only use DHCP 43, I use it to adopt Unifi switch Mini to Unifi controller, but since it is already adopted, I don't need it anymore, so I'm already testing KEA and so far, so good..

maverickws · Nov 8, 2023, 5:52 PM

I guess we'll end up realising that there are more users using "advanced" options that initially thought.

RobbieTT · Nov 8, 2023, 5:57 PM

Option 6 was the first one I noticed. Missing Option 42 was ok as everything I currently have points to an internal IP address.

️