Using the Kea DHCP DROP class

Sometimes clients send DHCP packets that you would like your DHCP server to ignore. For example, you may have modems that send DHCPRELEASE packets only to return a short time later looking for a new IP address, which can cause unwanted churn in the available address pools. Or sometimes you may want to ignore a certain client entirely. Perhaps the client may be very frequently sending DHCP packets, creating unnecessary load on the Kea server.

Kea 1.6 introduced a new built-in class, the DROP class, described in the Client Classification section of the Kea Administrator Reference Manual

Some examples

Adding a client by packet type to the DROP class

The DROP class can be used to classify and then ignore (drop) any client traffic that you can identify. Here's an example of the DROP class being used to ignore unwanted DHCPRELEASE packets:

"client-classes": [
   { "name": "DROP", "test": "pkt4.msgtype==7" },
   ...
],

(DHCPRELEASE packets have message type 7.)

Adding a client to the DROP class in a host reservation

It is also possible to add a client to the special DROP class without having defined the DROP class in the configuration at all. Here a bad client is added to the DROP class so that all of the traffic from that client will be ignored. This is done by adding the client to the class in a reservation matching the MAC address of the client. No "client-classes" statement exists elsewhere in the configuration defining the DROP class. The parameter early-global-reservations-lookup is set to "true", as this reservation is in the global portion of the configuration and the addition to the DROP class must happen before the subnet selection.

"early-global-reservations-lookup": true,
"reservations": [
    {
        "hw-address": "00:0c:01:02:03:04",
        "client-classes": [
            "DROP"
        ]
    }
],