-
Print
-
PDF
Kea Configuration for a Simple, Single-site Organization
Design Summary
In this template configuration, a simple, single-site organization has the following requirements. If these requirements are similar to your requirements, this template may work for your Kea configuration.
- Three DHCPv4 /24 subnets serve different parts of the network including guest wifi.
- As no reason was identified for using database storage at this small organization, simplicity dictates using memfile for lease storage and High Availability in hot-standby mode for redundancy.
- Twenty host reservations for various purposes are included in the wired subnet.
- Robust logging is configured, with several separate files for the various different types of logging possible.
Consider the following network diagram that depicts the network configuration of this small organization.
Key Features | This Design |
---|---|
# Servers | 2 Kea servers |
HA design | Hot Standby |
DHCP Protocol | DHCPv4 |
Dynamic DNS | Not required |
# Subnets | 3 |
Client differentiation | Wired, WiFi and guest WiFi networks available. |
Client Classes | Not required |
Leases | Stored in memfile |
Host Reservations | Stored in Kea config |
Monitoring | Basic local logging |
Deployment Considerations
As there will be a maximum of 759 hosts connected to this network with an 8 hour lease for each, there are not any performance concerns. Of larger concern would be having enough disk space for the potential log storage. With the loggers
configuration included, up to 900MB of space could be used by log files. This might make deployment on some hardware (such as Raspberry Pi) infeasable. With storage available for the OS and Kea deployment of at least 100GB, 2GB of RAM and 1 CPU, almost any modern hardware with Linux (or FreeBSD) based OS could be used, however.
In this scenario, there are two Kea servers in a High Availability pair:
- Kea 1 (server 1) - this is the primary server that handles all requests. The IP address of this server is 192.168.115.128.
- Kea 2 (server 2) - this is the secondary server in passive standby mode. It will take over if the primary fails and certain other conditions are met. The IP address of this server is 192.168.115.129.
Both of these servers are part of a server farm that also includes two DNS servers at 192.168.115.130 and 192.168.115.131. The subnet of this server farm is 192.168.115.0/24.
All DHCP traffic is relayed to the Kea servers by the router shown in the diagram. The router has an interface and address in each of the subnets and so the relay source will always match one of the subnets in the configuration. Therefore, the interfaces section has dhcp-socket-type
set to udp
as there is no reason to listen on raw sockets since there will be no local DHCP traffic.
There are three other subnets configured in this network for client use, as well:
- 192.0.2.0/24 - This is a wired subnet for use with desktop computers, printers and other wired devices that belong in a client network. There are 20 host reservations in this subnet for clients that needed a stable IP address (such as a printer). These reservations are outside of the dynamic pool as is the best practice.
- 198.51.100.0/24 - This is a WiFi subnet for use by wireless client members of the organization for their various laptops, phones and other personal devices.
- 203.0.113.0/24 - This is a guest WiFi subnet for use by organization visitors for their personal devices.
To keep things simple, it is assumed that the reader has a sufficient level of UNIX knowledge to understand various startup scripts and config file placement and installation practices. If some guidance is needed in this area, see the ARM for details. It is further assumed that the reader has a certain level of knowledge about DHCPv4, and so concepts will be used that require a foundational knowledge about DHCPv4 to understand. Below are the steps to get started with this deployment:
Installation Using the Configuration Template
-
Install Kea from source or packages as desired. The ARM describes the various install methods.
-
Using the configuration template provided below, modify the configuration as follows to match your setup. Begin with server 1.
- In the interfaces-config, alter the interface name to match the interface on the system(s).
- Replace all of the instances of /path/ with the actual desired path to the file (in the cases of lease file and logs) or the actual path to the library referenced (in the case of the hooks).
- Alter the various subnets, router options, server IPs (High Availability hook) and
domain-name-servers
options to match the actual IP addressing of the network to be deployed. - Now copy the configuration to server 2.
- Alter the configuration on server 2 as necessary though, if similar hardware and OS were used, then the necessary changes should be limited only to changing the value of
this-server-name
toserver2
. - Now start both servers. Make sure that server1 can reach server2 by executing this curl command:
curl -X POST -H "Content-Type: application/json" -d '{ "command": "config-get", "service": [ "dhcp4" ] }' http://192.168.115.129:8001/
from 192.168.115.128 (or server1). Then attempt to reach 192.168.115.128:8001 from 192.168.115.129 using the samecurl
command with only the IP changed. In both cases, the configuration should be output to the terminal.
-
Now the servers should be ready to handle client traffic.
Possible Extensions
The below configuration could be extended in a few ways to support some possible enhancements to this configuration. Things to consider, in no particluar order, to make the deployment more robust:
- Using Stork for various monitoring and configuration tasks.
- Possibly using a database server for various tasks. Kea can use either MySQL or PostgreSQL for lease storage, host reservations and/or configuration storage. Stork requires PostgreSQL.
- A DHCPv6 deployment using Kea.
- Various recommendations found in Kea Security.
- Deployment of DHCP Dynamic DNS (Kea DHCP DDNS) between the Kea servers and the DNS servers. This allows the DNS server to be updated with details about clients that received addresses via DHCP.
Kea DHCPv4 Single-site Configuration
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "ens256" ],
"dhcp-socket-type": "udp"
},
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/path/leases.csv"
},
"reservations-global": false,
"reservations-in-subnet": true,
"reservations-out-of-pool": true,
"valid-lifetime": 86400,
"calculate-tee-times": true,
"hooks-libraries": [
{
"library": "/path/libdhcp_lease_cmds.so"
},
{
"library": "/path/libdhcp_ha.so",
"parameters": {
"high-availability": [
{
"this-server-name": "server1",
"mode": "hot-standby",
"multi-threading": {
"enable-multi-threading": true,
"http-dedicated-listener": true
},
"peers": [
{
"name": "server1",
"url": "http://192.168.115.128:8001/",
"role": "primary",
"auto-failover": true
},
{
"name": "server2",
"url": "http://192.168.115.129:8001/",
"role": "standby",
"auto-failover": true
}
]
}
]
}
}
],
"option-data": [
{
"name": "domain-name-servers",
"data": "192.168.115.130, 192.168.115.131"
}
],
"subnet4": [
{
"subnet": "192.0.2.0/24",
"pools": [
{
"pool": "192.0.2.21 - 192.0.2.254"
}
],
"option-data": [
{
"name": "routers",
"data": "192.0.2.1"
}
],
"reservations": [
{
"hw-address": "1a:1b:1c:00:ac:43",
"ip-address": "192.0.2.2"
},
{
"hw-address": "1a:1b:1c:ab:c1:f7",
"ip-address": "192.0.2.3"
},
{
"hw-address": "1a:1b:1c:34:ea:73",
"ip-address": "192.0.2.4"
},
{
"hw-address": "1a:1b:1c:ca:fe:be",
"ip-address": "192.0.2.5"
},
{
"hw-address": "1a:1b:1c:be:be:13",
"ip-address": "192.0.2.6"
},
{
"hw-address": "1a:1b:1c:13:37:ff",
"ip-address": "192.0.2.7"
},
{
"hw-address": "1a:1b:1c:d4:e1:aa",
"ip-address": "192.0.2.8"
},
{
"hw-address": "1a:1b:1c:4f:3f:2f",
"ip-address": "192.0.2.9"
},
{
"hw-address": "1a:1b:1c:18:21:87",
"ip-address": "192.0.2.10"
},
{
"hw-address": "1a:1b:1c:55:58:12",
"ip-address": "192.0.2.11"
},
{
"hw-address": "1a:1b:1c:86:75:30",
"ip-address": "192.0.2.12"
},
{
"hw-address": "1a:1b:18:67:53:09",
"ip-address": "192.0.2.13"
},
{
"hw-address": "1a:1b:1c:00:00:01",
"ip-address": "192.0.2.14"
},
{
"hw-address": "1a:1b:1c:99:99:99",
"ip-address": "192.0.2.15"
},
{
"hw-address": "1a:1b:1c:ff:ff:ff",
"ip-address": "192.0.2.16"
},
{
"hw-address": "1a:1b:1c:ee:ee:ee",
"ip-address": "192.0.2.17"
},
{
"hw-address": "1a:1b:1c:dd:dd:dd",
"ip-address": "192.0.2.18"
},
{
"hw-address": "1a:1b:1c:cc:cc:cc",
"ip-address": "192.0.2.19"
},
{
"hw-address": "1a:1b:1c:bb:bb:bb",
"ip-address": "192.0.2.20"
}
]
},
{
"subnet": "198.51.100.0/24",
"pools": [
{
"pool": "198.51.100.2 - 198.51.100.254"
}
],
"option-data": [
{
"name": "routers",
"data": "198.51.100.1"
}
]
},
{
"subnet": "203.0.113.0/24",
"pools": [
{
"pool": "203.0.113.2 - 203.0.113.254"
}
],
"option-data": [
{
"name": "routers",
"data": "203.0.113.1"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"severity": "INFO",
"output_options": [
{
"output": "/path/dhcp4.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.dhcpsrv",
"severity": "INFO",
"output_options": [
{
"output": "/path/dhcp4-dhcpsrv.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.leases",
"severity": "INFO",
"output_options": [
{
"output": "/path/dhcp4-leases.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.ha-hooks",
"severity": "INFO",
"output_options": [
{
"output": "/path/dhcp4-ha-hooks.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.commands",
"severity": "INFO",
"output_options": [
{
"output": "/path/dhcp4-commands.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.dhcp4",
"severity": "INFO",
"output_options": [
{
"output": "/path/dhcp4-dhcp4.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.hooks",
"severity": "INFO",
"output_options": [
{
"output": "/path/dhcp4-hooks.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.alloc-engine",
"severity": "INFO",
"output_options": [
{
"output": "/path/dhcp4-alloc-engine.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.commands",
"severity": "INFO",
"output_options": [
{
"output": "/path/dhcp4-commands.log",
"maxver": 10
}
]
}
]
}
}