Kea-dhcp Static Mapping DHCPv6 issue

caustic

My release is 26.03.1-RELEASE (amd64) .
IPv6 traffic is allowed.
My WAN interface is configured via PPPoE for ipv4 and DHCP6 and seems to work proper.
The LAN interface is a virtual Interface which is configured proper with static ipv4 and ipv6 has to track interface WAN and a unique IPv6 Prefix ID (in my case 5).
So far so good evrythings seems to work proper.
Routeradvertisment with SLAAC is working proper.
Now the trouble begins, I've tried to change to managed and disabled DNS.
After I activated an DHCPv6-Server (kea) setup seems to be working fine.
But nothing happens on my machines and this is the output from DHCP Log:

May 31 18:20:20 kea-dhcp6 17734 WARN [kea-dhcp6.dhcpsrv.0x25036c069010] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
May 31 18:20:20 kea-dhcp6 17734 WARN [kea-dhcp6.dhcp6.0x25036c069010] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
May 31 18:20:20 kea-dhcp4 17106 WARN [kea-dhcp4.dhcpsrv.0x39168e469010] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
May 31 18:20:20 kea-dhcp4 17106 WARN [kea-dhcp4.dhcp4.0x39168e469010] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
May 31 21:15:30 kea-dhcp4 85374 WARN [kea-dhcp4.dhcpsrv.0x52a6e3469010] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
May 31 21:15:30 kea-dhcp4 85374 WARN [kea-dhcp4.dhcp4.0x52a6e3469010] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
May 31 21:15:30 kea-dhcp6 85472 WARN [kea-dhcp6.dhcpsrv.0x2e19c8869010] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
May 31 21:15:30 kea-dhcp6 85472 WARN [kea-dhcp6.dhcp6.0x2e19c8869010] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
May 31 21:17:32 kea-dhcp6 18683 WARN [kea-dhcp6.dhcpsrv.0x2d38d3e69010] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
May 31 21:17:32 kea-dhcp6 18683 WARN [kea-dhcp6.dhcp6.0x2d38d3e69010] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
May 31 21:17:32 kea-dhcp4 18325 WARN [kea-dhcp4.dhcpsrv.0x403f14869010] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
May 31 21:17:32 kea-dhcp4 18325 WARN [kea-dhcp4.dhcp4.0x403f14869010] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
May 31 21:17:32 kea2unbound 23686 Include updated: /var/unbound/leases/leases4.conf (f195561a71a4656b)
May 31 21:17:32 kea2unbound 23686 Unbound fast reloaded: /var/unbound/unbound.conf
May 31 21:17:32 kea2unbound 23686 Synchronization completed: 42.4681ms
May 31 21:17:32 kea2unbound 26246 Include updated: /var/unbound/leases/leases6.conf (f195561a71a4656b)
May 31 21:17:32 kea2unbound 26246 Unbound fast reloaded: /var/unbound/unbound.conf
May 31 21:17:32 kea2unbound 26246 Synchronization completed: 36.8490ms

After while sometimes a PC or server receives an IPv6 adress. (After 20 restarts and renwe commands...)
If I've got al lease I've tried to mange to propagate a static mapping with DUID nothing happens again.
(IPv6 for static mapping is not in DHCPv6 Adresspool.)
After 20 restarts and some new ipconfg release and renew commands in windows wow IPv6 is up.
Firewall rules are made to allow traffic ICMPv6 is allowed for the Interface and Clients.
But no internettraffic via IPv6.

Solution:
No setup changes only one.
Switched DHCP Backend to ... ISC DHCP evrything is working fine...not one error in the log files...
Internettraffic is working proper.

Please fixup Kea completely and test test test ... before you remove ISC DHCP.
Thanks in advance!
caustic

Gertjan

@caustic said in Kea-dhcp Static Mapping DHCPv6 issue:

But nothing happens on my machines and this is the output from DHCP Log:

The kea DHCP (v4 and v6) doesn't have what ISC had : the logging of leases.
In this part forum (DHCP and DNS) you can find a "custom config", like this :

and from now on will have these lease logs (v4 in this case) in the mentioned sub folder.
Here are mine :

Good to know : as the setup 'xml' says : kea will rotate, and eventually flush the files.
These file can't be seen in the GUI (but they are pretty boring anyway, and only needed when there are issues).

Next trick : Packet capturing :

Pick your interface,
Ask for full details,
UDP of course,
and ports 546 and 547.
And hit start.

From now on, you see the DHCPv6 client and server traffic - every bit of it.

@caustic said in Kea-dhcp Static Mapping DHCPv6 issue:

some new ipconfg release and renew

Be aware : for IPv6 its

ipconfig /renew6

or

ipconfig /release6

When you do a packet capture as shown above, and type

ipconfig /renew6

on your PC, you will see instantly see the DHCPv6 traffic.

I've set up most of my LAN devices with a static-mac-dhcp lease (v4) and v6, the latter using a DUID, not a MAC.
This works fine for me since ... more then a year.

IPv6 and the good old IPv4 works fine more since for nearly 2 years now.

@caustic said in Kea-dhcp Static Mapping DHCPv6 issue:

Please fixup Kea completely and test test test ... before you remove ISC DHCP.

True.
Kea is from the same author as ISC-DHCP, they had to abandon ISC as it was to old, became a mess, so they wrote something new that respects strictly to the official RFCs (these are my words, on their site they tell you the exact motivation).

Extra info :
My ISP rarely changes my IPv6 prefix.
I don't use Android stuff.
I use pfSense 26.03.1

@caustic said in Kea-dhcp Static Mapping DHCPv6 issue:

After while sometimes a PC or server receives an IPv6 adress. (After 20 restarts and renwe commands...)

Be assured : when a device starts, it will, as soon as it network interface comes up, emit a DHCPv4 and DHCXPv6 request. There can't be a waiting time. If there was a waiting time, it would be like "your PC has fully booted now, but no networking for you as I (the PC) will do a DHCP (v4 and v6) request when I see fit".
So A DHCP (v4 and v6) request is send a out right away.
The real question is more probably : did this DHCP request packet arrive @pfSense, so it's DHCP server (v4and or v6) can answer ?
You can check that with the packet capturing on pfSense.

caustic

@Gertjan
Hi,
I'm not sure – did you understand what I wrote?
Something is wrong with Kea's IPv6 handling.
I cannot get a stable configuration. Sometimes it works, sometimes it doesn't.
And the log clearly shows that there is a problem.
The developer community talks about Kea being a rock-solid DHCP server. That seems to be a fairy tale – though maybe that's just for me.

A few months ago, there were similar posts about Kea stopping serving leases for IPv4, which was connected to certain WireGuard configurations. In my opinion, there is a common issue with Kea: it is simply not stable.

This post is just a hint. If someone spends hours trying to configure Kea with IPv6 and static mappings and cannot get it to work, they should try ISC instead.

Another question, which Kea release is distributed with pfSense?

Reading the Kea 3 release notes, it becomes clear to me that as long as pfSense keeps using the Kea 2.6 release, these problems will persist...

Gertjan

@caustic said in Kea-dhcp Static Mapping DHCPv6 issue:

Another question, which Kea release is distributed with pfSense?

[26.03.1-RELEASE][root@pfSense.bhf.tld]/root: /usr/local/sbin/kea-dhcp6 -v
3.0.2

So you have 3.0.2 also.

@caustic said in Kea-dhcp Static Mapping DHCPv6 issue:

I'm not sure – did you understand what I wrote?

Yeah, Got that, you've issues with kea-dhcp6.
I really would like to suggest you to "do this .." and case solved.

I'm using kea-dhcp6, several months after it was made avaible for pfSense. As soon as I found out how to add 'DHCP options' I started using it.
I have env. 30 static 'DUID' IPv6 leases and I also use the IPv6 pool for unknown IPv6 capable devices.
No Slaac for me - I've no Android devices.

What I wrote above are suggestions to make more data - log info - avaible.