Seeing Kea DHCP Issues after upgrade to 24.11

3aandl

@cmcdonald Don't they use "Host Reservations" in KEA which from what I understand are basically the same thing or am I not understanding this correctly?

https://kb.isc.org/docs/what-are-host-reservations-how-to-use-them

Gertjan

@3aandl said in Seeing Kea DHCP Issues after upgrade to 24.11:

https://kb.isc.org/docs/what-are-host-reservations-how-to-use-them

That's what my /usr/local/etc/kea/kea-dhcp4.conf shows :

                "reservations": [
                    {
                        "hw-address": "00:4e:01:ca:ca:9c",
                        "ip-address": "192.168.1.2",
                        "hostname": "bureau2"
                    },
                    {
                        "hw-address": "ac:15:a2:42:b0:0b",
                        "ip-address": "192.168.1.3",
                        "hostname": "TL-SG108E"
                    },
                    {
                        "hw-address": "00:15:71:f6:ce:77",
                        "ip-address": "192.168.1.4",
                        "hostname": "poweredget310"
                    },
.......

3aandl

@ysam We had 7 VLANS here that were all /24 and we had no issues switching back. It is possible you may see a few hiccups as things renew IPs but overall, it was not a big deal. We also had boatloads of static leases.

ysam

@3aandl Yup, you're right, we tested switching back standby pfsense and all went smooth so we also switched primary as well, no issues, but we also lost HA dhcp as well so now we stopped dhcp on standby for now..

vMAC

Is there a solution to this, as this is now the second time that this has happened in my network and I don't remember what the original solution was/is. I had this happen about 6 months ago and I think to fix it I just had to bump up the size of the subnet.

I tried the below online and via putty and it doesn't generate any logs or outputs that I could find.

@cmcdonald said in Seeing Kea DHCP Issues after upgrade to 24.11:

@3aandl can you run at Diagnostics > Command Prompt

echo '{"command":"config-get"}' | nc -U /var/run/kea4-ctrl-socket | jq

and

echo '{"command":"lease4-get-all"}' | nc -U /var/run/kea4-ctrl-socket | jq

3aandl

@vMAC I never heard anything back after uploading the files and from reading several forums it seems there are still a number of issues with KEA and it does not seem to be ready for "primetime". All of my issues disappeared after moving back to ISC

Gertjan

@vMAC said in Seeing Kea DHCP Issues after upgrade to 24.11:

echo '{"command":"config-get"}' | nc -U /var/run/kea4-ctrl-socket | jq

and

echo '{"command":"lease4-get-all"}' | nc -U /var/run/kea4-ctrl-socket | jq

doesn't return a lot of info for you ?
Wow .... not 'normal'.
Actually, the process kea-ctrl (the kea control process) isn't listening to its "socket" for commands (you send to it using the commands shown above).
It stopped running, or the socket is disconnected for 'some reason'.

When I execute - onsodle or SSH ! - both commands shown, I receive a lot of info : the running state of the kea processes.

Knowing that I severally modified the official config 24.11 kea IPv4 and IPv4 servers, and the control process "for testing new, not yet official implemented capabilities" see here and this was last week, and kea, all the process, are rock solid.
I even have a new process now : kea-dhcp-ddns for my personal amusement (DNS IPv6 updates and reverse PTR updates) :

[24.11-RELEASE][root@pfSense.bhf.tld]/root: ps ax | grep 'kea'
30883  -  S        0:18.55 /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
31322  -  S        0:06.73 /usr/local/sbin/kea-dhcp6 -c /usr/local/etc/kea/kea-dhcp6.conf
37777  0- I        0:02.07 /usr/local/sbin/kea-dhcp-ddns -c /usr/local/etc/kea/kea-dhcp-ddns.conf
41629  0- I        0:00.08 /usr/local/sbin/kea-ctrl-agent -c /usr/local/etc/kea/kea-ctrl-agent.conf

True, this concerns 24.11, and I'm very happy about it.
As good as ISC for me right now (touch wood).

Btw : My setup is pretty vanilla.
No VLAN's, just 3 classic LANs
LAN : 192.168.1.1/24 with a pool 192.168.1.100 -> 192.168.1.250 - most of my devices use static MAC DHCP leases - two APs, a couple of (my own) wifi devices.
LAN 2 : 192.168.2.1/24 with a pool 192.168.1.10 -> 192.168.1.250 - just 5 static leases (switch and 4 APs), as this is a captive portal. The rest is pool based = my captive portal visitors. Mostly wifi devices.
LAN 3 : 192.168.3.1/24 some others stuff. Only a DHCP pool, not many devices.

lazaro

@vMAC try with /tmp/kea4-ctrl-socket instead of /var/run/kea4-ctrl-socket

Gertjan

@lazaro said in Seeing Kea DHCP Issues after upgrade to 24.11:

of /var/run/kea4-ctrl-socket

That is where it is told to be / should be :

[25.03-BETA][root@pfSense.bhf.tld]/root: ll /var/run/kea4-ctrl-socket
srwxr-xr-x  1 root wheel 0 Jul  2 07:46 /var/run/kea4-ctrl-socket=

This :

25.03-BETA][root@pfSense.bhf.tld]/root: grep -R 'kea4-ctrl-socket' /usr/local/etc/kea/*
/usr/local/etc/kea/kea-ctrl-agent.conf:            "socket-name": "/tmp/kea4-ctrl-socket"
/usr/local/etc/kea/kea-ctrl-agent.conf.sample:            "socket-name": "/tmp/kea4-ctrl-socket"
/usr/local/etc/kea/kea-dhcp4.conf:            "socket-name": "/var/run/kea4-ctrl-socket"
/usr/local/etc/kea/kea-dhcp4.conf.sample:        "socket-name": "/tmp/kea4-ctrl-socket"

tells us that, for example, the "kea-ctrl-agent" process, that uses /usr/local/etc/kea/kea-ctrl-agent.conf as its config file, is told that the shared kea4-ctrl-socket is here : /tmp/
but ... the kea-ctrl-agent process isn't sued / started by pfSense.

[25.03-BETA][root@pfSense.bhf.tld]/usr/local/etc/kea: service kea status
DHCPv4 server: active
DHCPv6 server: active
DHCP DDNS: active
Control Agent: inactive
Kea DHCPv4 configuration file: /usr/local/etc/kea/kea-dhcp4.conf
Kea DHCPv6 configuration file: /usr/local/etc/kea/kea-dhcp6.conf
Kea DHCP DDNS configuration file: /usr/local/etc/kea/kea-dhcp-ddns.conf
Kea Control Agent configuration file: /usr/local/etc/kea/kea-ctrl-agent.conf
keactrl configuration file: /usr/local/etc/kea/keactrl.conf

Note : I used the "DHCP DDNS" process also. That's of my own doing, and not yet implement in the offiacal pfSense.

sporkme

@cmcdonald FWIW as of pfsense 2.8.1 this still seems to be happening. I had everything running fine for years with ISC and today opted to get rid of the KEA nag and it all just fell apart.

Most of my Ring devices just get this:

Oct 17 22:58:17	kea-dhcp4	20227	WARN [kea-dhcp4.alloc-engine.0x3ec6f4a16600] ALLOC_ENGINE_V4_ALLOC_FAIL_CLASSES [hwtype=1 90:48:6c:2d:4d:44], cid=[no info], tid=0x25b805e: Failed to allocate an IPv4 address for client with classes: ALL, pool_lan_0, UNKNOWN
Oct 17 22:58:17	kea-dhcp4	20227	WARN [kea-dhcp4.alloc-engine.0x3ec6f4a16600] ALLOC_ENGINE_V4_ALLOC_FAIL [hwtype=1 90:48:6c:2d:4d:44], cid=[no info], tid=0x25b805e: failed to allocate an IPv4 address after 41 attempt(s)
Oct 17 22:58:17	kea-dhcp4	20227	WARN [kea-dhcp4.alloc-engine.0x3ec6f4a16600] ALLOC_ENGINE_V4_ALLOC_FAIL_SUBNET [hwtype=1 90:48:6c:2d:4d:44], cid=[no info], tid=0x25b805e: failed to allocate an IPv4 lease in the subnet 10.3.2.0/24, subnet-id 1, shared network (none)

Going to switch back to ISC for a bit and see if anything changes. Config looks legit to me and I can't imagine a subset of Ring cameras (all the same make/model) would have a bug - it's a pretty common vendor really.