[IPv6][ISC Kea][自分用メモ] ISC Kea使用環境でstateless DHCPv6でDNS情報が配布されない。

2019-04-24 10:53:21AIX、UNIX、LinuxDHCP, DHCP6_SUBNET_SELECTED, DHCP6_SUBNET_SELECTION_FAILED, DHCPd, dhcpv6, ipv6, Kea, linux, RDNSS, stateless, Windows10

Screenshot_2019-04-24 [Kea-users] DHCPv6, anybody got it working

時間を見つけては、ISC DHCPdからISC Keaへの移行が出来るか設定変更してみています。

とりあえずKeaのAdministrator Reference Manualのサンプルコンフィグを弄った程度で、実際にWindows10なクライアントPCにDNSサーバ情報が設定されるか確認していたのですが、なんかうまくいきません。

以前の記事はこちら。

確認環境は以下の通り。

$ keactrl version
keactrl: 1.5.0
kea-dhcp4: 1.5.0
kea-dhcp6: 1.5.0
kea-dhcp-ddns: 1.5.0
kea-ctrl-agent: 1.5.0

とりあえず設定内容は以下のような感じです。

{
"Dhcp6": {
    "valid-lifetime": 86400,
    "renew-timer": 3600,
    "rebind-timer": 7200,
    "preferred-lifetime": 54000,
    "decline-probation-period": 3600,
    "interfaces-config": {
        "interfaces": ["eth0"]
    },
    "lease-database": {
        "type": "memfile",
        "persist": true,
        "name": "/var/lib/kea/dhcp6.leases"
    },
    "option-data": [
        {
            "name": "dns-servers",
            "data": "2001:db8:1::cafe, 2001:db8:1::babe"
        },
        {
            "name": "domain-search",
            "data": "kometch.private"
        }
    ],
    "subnet6": [
        {
            "subnet": "2001:db8:1::/64",
            "pools": [
                 {
                     "pool": "2001:db8:1::/64"
                 }
             ]
        }
    ]
},
"Logging": {
    "loggers": [
        {
            "name": "kea-dhcp6.packets",
            "output_options": [
                {
                    "output": "stdout"
                }
            ],
            "severity": "DEBUG",
            "debuglevel": 99
        }
    ]
}
}

“Dhcp6″句はドキュメントのサンプルをベースにしています。下半分の"Logging"句は、この問題でDNS情報がどうして配布されないのか確認するため、パケットのやり取りをdebug情報として出力するための設定になります。今回指定しているlogggerは"kea-dhcp6.packets“ですが、他にも幾つかあるので公式ドキュメントを確認してみてください。

で、Windows10なクライアントPCで接続すると、Kea側には以下のようなlogが出力されているのを確認しました。

2019-04-23 23:36:28.781 DEBUG [kea-dhcp6.packets/8] DHCP6_BUFFER_RECEIVED received buffer from fe80::4bd:5177:3b39:e00e:546 to ff02::1:2:0 over interface eth0
2019-04-23 23:36:28.782 DEBUG [kea-dhcp6.packets/8] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0x7684a0: SOLICIT (type 1) received from fe80::4bd:5177:3b39:e00e to ff02::1:2 on interface eth0
2019-04-23 23:36:28.782 DEBUG [kea-dhcp6.packets/8] DHCP6_QUERY_DATA duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0x7684a0, packet details: localAddr=[ff02::1:2]:0 remoteAddr=[fe80::4bd:5177:3b39:e00e]:546
msgtype=1(SOLICIT), transid=0x7684a0
type=00001, len=00014: 00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b
type=00003(IA_NA), len=00012: iaid=94422409, t1=0, t2=0
type=00006, len=00008: 17(uint16) 23(uint16) 24(uint16) 39(uint16)
type=00008, len=00002: 1 (uint16)
type=16, len=14,  enterprise id=0x137, data-len0=8, vendor-class-data0='MSFT 5.0'
type=39(CLIENT_FQDN), flags: (N=0, O=0, S=0), domain-name='mi-shary' (partial)
No relays traversed.
2019-04-23 23:36:28.783 DEBUG [kea-dhcp6.packets/8] DHCP6_SUBNET_SELECTION_FAILED duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0x7684a0: failed to select subnet for the client
2019-04-23 23:36:28.783 DEBUG [kea-dhcp6.packets/8] DHCP6_RESPONSE_DATA responding with packet type 2 data is localAddr=[ff02::1:2]:547 remoteAddr=[fe80::4bd:5177:3b39:e00e]:546
msgtype=2(ADVERTISE), transid=0x7684a0
type=00001, len=00014: 00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b
type=00002, len=00014: 00:01:00:01:24:51:d7:a8:1a:c0:c9:ca:a9:5e
type=00003(IA_NA), len=00064: iaid=94422409, t1=0, t2=0,
options:
  type=00013, len=00048: NoAddrsAvail(2) "Server could not select subnet for this client"
type=00023, len=00080: 2001:db8:1::cafe, 2001:db8:1::babe
type=00024, len=00017: "kometch.private." (fqdn)
type=39(CLIENT_FQDN), flags: (N=1, O=0, S=0), domain-name='mi-shary.' (full)
No relays traversed.

13行目と20行目にあるように、"Server could not select subnet for this client"と出力され、"option-data"句で設定したパラメータが、"subnet6″で設定されたサブネットに配布されません。

このメッセージの詳細はドキュメントだと以下のように記述されています。

DHCP6_SUBNET_SELECTION_FAILED failed to select a subnet for incoming packet, src=%1 type=%2

This warning message is output when a packet was received from a subnet for which the DHCPv6 server has not been configured. The cause is most likely due to a misconfiguration of the server. The packet processing will continue, but the response will only contain generic configuration parameters and no addresses or prefixes.

https://ftp.isc.org/isc/kea/0.9.1-beta/kea-messages.html

構成ミスではないかとのことですが、サンプルを使用しているのに失敗するのはなんでかなーと思い、Keaのメーリングリストを確認すると以下のスレッドが見つかりました。

Your “subnet6" declaration should be updated to include an “interface"
or “relay" parameter to indicate when this particular subnet should be
selected.

https://lists.isc.org/pipermail/kea-users/2017-June/001013.html

特定のサブネットがいつ選択されるべきなのかを示すために、"Interface“または"relay“パラメータを設定するべき、とのこと。

上のレベルで記述してあれば、グローバルでパラメータが使用されるんじゃないのか・・・と勘違いしておりました。このメーリングリストより以下のように設定を変更しました。

{
"Dhcp6": {
    "valid-lifetime": 86400,
    "renew-timer": 3600,
    "rebind-timer": 7200,
    "preferred-lifetime": 54000,
    "decline-probation-period": 3600,
    "interfaces-config": {
        "interfaces": ["eth0"]
    },
    "lease-database": {
        "type": "memfile",
        "persist": true,
        "name": "/var/lib/kea/dhcp6.leases"
    },
    "option-data": [
        {
            "name": "dns-servers",
            "data": "2001:db8:1::cafe, 2001:db8:1::babe"
        },
        {
            "name": "domain-search",
            "data": "kometch.private"
        }
    ],
    "subnet6": [
        {
            "subnet": "2001:db8:1::/64",
            "pools": [{
                     "pool": "2001:db8:1::/64"
             }],
             "id": 1,
             "interface": "eth0"
        }
    ]
}
}

※"Logging"句は削除しました。

結果は長いのですが以下のようになりました。

2019-04-24 00:08:04.734 DEBUG [kea-dhcp6.packets/10] DHCP6_BUFFER_RECEIVED received buffer from fe80::4bd:5177:3b39:e00e:546 to ff02::1:2:0 over interface eth0
2019-04-24 00:08:04.735 DEBUG [kea-dhcp6.packets/10] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9: SOLICIT (type 1) received from fe80::4bd:5177:3b39:e00e to ff02::1:2 on interface eth0
2019-04-24 00:08:04.735 DEBUG [kea-dhcp6.packets/10] DHCP6_QUERY_DATA duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9, packet details: localAddr=[ff02::1:2]:0 remoteAddr=[fe80::4bd:5177:3b39:e00e]:546
msgtype=1(SOLICIT), transid=0xce3ac9
type=00001, len=00014: 00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b
type=00003(IA_NA), len=00012: iaid=94422409, t1=0, t2=0
type=00006, len=00008: 17(uint16) 23(uint16) 24(uint16) 39(uint16)
type=00008, len=00002: 0 (uint16)
type=16, len=14,  enterprise id=0x137, data-len0=8, vendor-class-data0='MSFT 5.0'
type=39(CLIENT_FQDN), flags: (N=0, O=0, S=0), domain-name='mi-shary' (partial)
No relays traversed.
2019-04-24 00:08:04.735 DEBUG [kea-dhcp6.packets/10] DHCP6_SUBNET_SELECTED duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9: the subnet with ID 1 was selected for client assignments
2019-04-24 00:08:04.735 DEBUG [kea-dhcp6.packets/10] DHCP6_SUBNET_DATA duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9: the selected subnet details: 2001:db8:1::/64
2019-04-24 00:08:04.736 DEBUG [kea-dhcp6.packets/10] DHCP6_RESPONSE_DATA responding with packet type 2 data is localAddr=[ff02::1:2]:547 remoteAddr=[fe80::4bd:5177:3b39:e00e]:546
msgtype=2(ADVERTISE), transid=0xce3ac9
type=00001, len=00014: 00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b
type=00002, len=00014: 00:01:00:01:24:51:d7:a8:1a:c0:c9:ca:a9:5e
type=00003(IA_NA), len=00040: iaid=94422409, t1=3600, t2=7200,
2019-04-24 00:08:04.736 INFO  [kea-dhcp6.leases/10] DHCP6_LEASE_ADVERT duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9: lease for address 2001:db8:1:: and iaid=94422409 will be advertised
options:
  type=00005(IAADDR), len=00024: address=2001:db8:1::, preferred-lft=54000, valid-lft=86400
type=00023, len=00080: 2001:db8:1::cafe, 2001:db8:1::babe
type=39(CLIENT_FQDN), flags: (N=1, O=0, S=0), domain-name='mi-shary.' (full)
No relays traversed.
2019-04-24 00:08:05.721 DEBUG [kea-dhcp6.packets/10] DHCP6_BUFFER_RECEIVED received buffer from fe80::4bd:5177:3b39:e00e:546 to ff02::1:2:0 over interface eth0
2019-04-24 00:08:05.722 DEBUG [kea-dhcp6.packets/10] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9: REQUEST (type 3) received from fe80::4bd:5177:3b39:e00e to ff02::1:2 on interface eth0
2019-04-24 00:08:05.722 DEBUG [kea-dhcp6.packets/10] DHCP6_QUERY_DATA duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9, packet details: localAddr=[ff02::1:2]:0 remoteAddr=[fe80::4bd:5177:3b39:e00e]:546
msgtype=3(REQUEST), transid=0xce3ac9
type=00001, len=00014: 00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b
type=00002, len=00014: 00:01:00:01:24:51:d7:a8:1a:c0:c9:ca:a9:5e
type=00003(IA_NA), len=00040: iaid=94422409, t1=3600, t2=7200,
options:
  type=00005(IAADDR), len=00024: address=2001:db8:1::, preferred-lft=54000, valid-lft=86400
type=00006, len=00008: 17(uint16) 23(uint16) 24(uint16) 39(uint16)
type=00008, len=00002: 0 (uint16)
type=16, len=14,  enterprise id=0x137, data-len0=8, vendor-class-data0='MSFT 5.0'
type=39(CLIENT_FQDN), flags: (N=0, O=0, S=0), domain-name='mi-shary' (partial)
No relays traversed.
2019-04-24 00:08:05.722 DEBUG [kea-dhcp6.packets/10] DHCP6_SUBNET_SELECTED duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9: the subnet with ID 1 was selected for client assignments
2019-04-24 00:08:05.723 DEBUG [kea-dhcp6.packets/10] DHCP6_SUBNET_DATA duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9: the selected subnet details: 2001:db8:1::/64
2019-04-24 00:08:05.724 DEBUG [kea-dhcp6.packets/10] DHCP6_RESPONSE_DATA responding with packet type 7 data is localAddr=[ff02::1:2]:547 remoteAddr=[fe80::4bd:5177:3b39:e00e]:546
msgtype=7(REPLY), transid=0xce3ac9
type=00001, len=00014: 00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b
type=00002, len=00014: 00:01:00:01:24:51:d7:a8:1a:c0:c9:ca:a9:5e
type=00003(IA_NA), len=00040: iaid=94422409, t1=3600, t2=7200,
options:
  type=00005(IAADDR), len=00024: address=2001:db8:1::, preferred-lft=54000, valid-lft=86400
type=00023, len=00080: 2001:db8:1::cafe, 2001:db8:1::babe
type=00024, len=00017: "kometch.private." (fqdn)
type=39(CLIENT_FQDN), flags: (N=1, O=0, S=0), domain-name='mi-shary.' (full)
No relays traversed.
2019-04-24 00:08:05.723 INFO  [kea-dhcp6.leases/10] DHCP6_LEASE_ALLOC duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0xce3ac9: lease for address 2001:db8:1:: and iaid=94422409 has been allocated
2019-04-24 00:08:06.286 DEBUG [kea-dhcp6.packets/10] DHCP6_BUFFER_RECEIVED received buffer from fe80::4bd:5177:3b39:e00e:546 to ff02::1:2:0 over interface eth0
2019-04-24 00:08:06.287 DEBUG [kea-dhcp6.packets/10] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0x9f4a7d: DECLINE (type 9) received from fe80::4bd:5177:3b39:e00e to ff02::1:2 on interface eth0
2019-04-24 00:08:06.288 DEBUG [kea-dhcp6.packets/10] DHCP6_QUERY_DATA duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0x9f4a7d, packet details: localAddr=[ff02::1:2]:0 remoteAddr=[fe80::4bd:5177:3b39:e00e]:546
msgtype=9(DECLINE), transid=0x9f4a7d
type=00001, len=00014: 00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b
type=00002, len=00014: 00:01:00:01:24:51:d7:a8:1a:c0:c9:ca:a9:5e
type=00003(IA_NA), len=00040: iaid=94422409, t1=3600, t2=7200,
options:
  type=00005(IAADDR), len=00024: address=2001:db8:1::, preferred-lft=54000, valid-lft=86400
type=00008, len=00002: 0 (uint16)
No relays traversed.
2019-04-24 00:08:06.288 DEBUG [kea-dhcp6.packets/10] DHCP6_SUBNET_SELECTED duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0x9f4a7d: the subnet with ID 1 was selected for client assignments
2019-04-24 00:08:06.288 DEBUG [kea-dhcp6.packets/10] DHCP6_SUBNET_DATA duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0x9f4a7d: the selected subnet details: 2001:db8:1::/64
2019-04-24 00:08:06.289 INFO  [kea-dhcp6.leases/10] DHCP6_DECLINE_LEASE Client duid=[00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b], tid=0x9f4a7d sent DECLINE for address 2001:db8:1:: and the server marked it as declined. The lease will be recovered in 3600 seconds.
2019-04-24 00:08:06.289 DEBUG [kea-dhcp6.packets/10] DHCP6_RESPONSE_DATA responding with packet type 7 data is localAddr=[ff02::1:2]:547 remoteAddr=[fe80::4bd:5177:3b39:e00e]:546
msgtype=7(REPLY), transid=0x9f4a7d
type=00001, len=00014: 00:01:00:01:23:da:3b:5e:a0:c5:89:3f:2a:4b
type=00002, len=00014: 00:01:00:01:24:51:d7:a8:1a:c0:c9:ca:a9:5e
type=00003(IA_NA), len=00072: iaid=94422409, t1=0, t2=0,
options:
  type=00013, len=00056: Success(0) "Lease declined. Hopefully the next one will be better."
No relays traversed.

13行目、42行目にあるように"DHCP6_SUBNET_SELECTED“となり、今回設定したサブネット"2001:db8:1::/64“が選択されていることが分かります。そのあともDHCPのやり取りが行われ、51行目の"type=00023, len=00080: 2001:db8:1::cafe, 2001:db8:1::babe“でこちらが指定したDNSサーバの情報が渡っていることも確認出来ました。

ということで、今回の要点は以下のようになるかと思います。

POINT

  • Interfaces-config“以外に、配布する対象になる"subnet6“句のパラメータ毎に"interface“を設定するようにしましょう。
  • パラメータが配布されないと思ったら、"logging“句を追加してデバッグ情報を出力するようにしましょう。

StatelessなDHCPv6環境の勉強をもう少ししないとダメですね。

同じような問題でお困りの方の力になれれば幸いです。