Kea DHCPv6 server logging custom configuration
-
Utilizing DHCPv6 on my LAN to 'advertise' domain name and domain search list, and DNS and NTP services for any clients that know what to do with it—but not to actually assign any IPv6 leases.
However I recently noticed that pfSense's DHCP log was getting hammered with the following logged warnings in-sequence, per DHCPv6 client request:
WARN [kea-dhcp6.alloc-engine.0x000000000000] ALLOC_ENGINE_V6_ALLOC_FAIL_SUBNET duid=[xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx], [no hwaddr info], tid=0x000000: failed to allocate an IPv6 lease in the subnet [LAN tracked prefix]/64, subnet-id 1, shared network (none) WARN [kea-dhcp6.alloc-engine.0x000000000000] ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS duid=[xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx], [no hwaddr info], tid=0x000000: no pools were available for the lease allocation WARN [kea-dhcp6.alloc-engine.0x000000000000] ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES duid=[xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx], [no hwaddr info], tid=0x000000: Failed to allocate an IPv6 address for client with classes: ALL, UNKNOWNI'm talking ~100 entries/minute (!!!) on my relatively small network.
It finally occured to me today that custom Kea configuration can be added at both the
Dhcp6(i.e.,Services / DHCPv6 Server / Settings) andsubnet(i.e.,Services / DHCPv6 Server / [INTERFACE NAME]) object/map levels.After consulting the Kea documentation I discovered that, although the logging level of the
kea-dhcp6logger apparently cannot be modified with current pfSense intergration—the more specifickea-dhcp6.alloc-engine'sub'-logger (and any 'lower' loggers) can be modified by entering the following into theDhcp6(i.e.,Services / DHCPv6 Server / Settings) "Custom Configuration" "JSON Configuration" box:{ "loggers": [ { "name": "kea-dhcp6.alloc-engine", "output_options": [ { "output": "syslog" } ], "severity": "ERROR" } ] }(Obligatory mention of the proper JSON syntax sensitivity discussed here and here.)
This particular custom configuration is obviously only useful in my niche use case. But I figured I'd share in case it helps anyone do anything else with Kea custom configuration, logging or otherwise, given the state of current pfSense integration.
Configured on a system running CE
2.8.1-RELEASE.[Tagging @johnpoz since I swear I saw him recently post somewhere that he's foregoing Kea adoption in favor of deprecated ISC due to poor logging configurability.
] -
@tinfoilmatt said in Kea DHCPv6 server logging custom configuration:
foregoing Kea adoption in favor of deprecated ISC due to poor logging configurability
Yeah - true, waiting for better integration. What have read is yes kea logging is very customizable.. But I just don't feel like playing with it currently when isc does everything I currently need. But sure at some point here prob not too far off it will be a nice upgrade to isc..
-
@tinfoilmatt said in Kea DHCPv6 server logging custom configuration:
the logging level of the kea-dhcp6 logger apparently cannot
You saw "How to change Kea DHCP log level" ?
About the warnings :
Just a wild shot : the prefix is still available / valid ?@tinfoilmatt said in Kea DHCPv6 server logging custom configuration:
DHCPv6 on my LAN to 'advertise' ..... but not to actually assign any IPv6 leases
Isn't that a car without wheels ?
Why not stopping DHCPv6 and use Services > Router Advertisement > LAN instead ?
-
You saw "How to change Kea DHCP log level" ?
Had not! Thanks for linking.
Just a wild shot : the prefix is still available / valid ?
[ . . . ]
Isn't that a car without wheels ?Why not stopping DHCPv6 and use Services > Router Advertisement > LAN instead ?
Both SLAAC via RA (set to
Stateless DHCP), and additional DHCPv6-'advertised' configuration are operational on the LAN. These warnings were being generated by DHCPv6 clients that are, in fact, on downstream segments separate from the pfSense LAN interface. And ironically, all the clients I checked that were triggering these Kea warnings had already assigned themselves valid GUAs from their respective prefixes via SLAAC...
