Failover Kea based DHCP server
Article instructions for installation and basic configuration of the Kea DHCP failover server
Kea DHCP is an open-source DHCP server developed by Internet Systems Consortium (ISC) with DHCPv4 and DHCPv6 support.
ISC are the same guys who develop our favorite bind and dhcpd. Kea - developed based on BIND 10.
')
Kea allows you to run a dhcp server for both small systems and large telecom / corporate companies. From the innovations - the use of API to manage the service, the ability to store the base of lease in the database and the use of hooks for additional functions.
At the time of this writing (June 2019) - the latest stable version is 1.5.0.
I will not go into the detailed work of the DHCP protocol, then the article will be two or three times more. There is a good article on Habré .
DHCP protocol works via UDP protocol (ports 67-68), it is used for dynamic allocation of ip-addresses. Uses four steps to get / issue ip-addresses - discover-offer-request-acknowledge (DORA) . DHCP also uses the concept of lease - the lease of the address, the lease term of the address by the device is lease-time .
Why kea
Kea's DHCP server has several advantages - speed, the ability to create a failover cluster, great functionality and the ability to purchase technical support from developers.
This product will be used by our telecom operator, which plans to issue about 2 million addresses, with 2000 requests per second. It was chosen because of the speed of work and the possibility of creating a cluster of two servers.
Supported OS
• CentOS Linux - 7.1804 (aka 7.5)
• Fedora - 28, 29
• Ubuntu - 16.04, 18.04
• Debian GNU / Linux - 7, 8, 9
• FreeBSD - 11.0
• macOS - 10.13, 10.14
There are no Kea Windows startup plans.
Storage base lease
Kea DHCP - supports storing the database of issued addresses in a local CSV file (memfile) or in one of three DBMSs - MySQL, PostgreSQL and Cassandra.
Differences - in speed and storage capabilities. Memfile is 10 times faster, but storing a database in a DBMS allows you to store additional fields and DHCP options. Comparison speed:
Very large analysis of the use of various databases and local storage here .
In our project we decided to start with a database in memfile, since the number of requests per second will be more than 2000.
Installation
As an example, Kea will be deployed based on CentOS 7 (minimal edition):
[root@localhost ~]# cat /etc/centos-release CentOS Linux release 7.6.1810 (Core) Before installing the service itself, you must install all the necessary dependencies:
- Boost C ++ Libraries (http://www.boost.org/). # run-time c ++ environment to run Kea itself
- Botan Crypto Library (ver. 1.9) or OpenSSL (ver. 1.0.1). I advise openssl, since botan will not be supported from Kea 1.6.0
- log4cplus (ver. 1.0.3) development # needed to create logs
- C ++ compiler
- Libraries automake, libtool, pkg-config # for building and installing Kea itself
- If you use a DBMS, then install MySQL, PostgreSQL or Cassandra.
Optionally if you need RADIUS or NETCONF / YANG (in English)
- FreeRADIUS client library when - with-freeradius configuration flag used.
- Sysrepo (version 0.7.6 or later) and libyang (version 0.16-r2 or later) when - with-sysrepo configuration flag used.
- googletest (version 1.8 or later), when using the configuration of the unit tests.
- Docbook-xsl, libxslt and doxygen, if using the --enable-generate-docs configuration option to create the documentation.
Step 1. Install the necessary dependencies
# wget sudo yum install wget # community sudo yum install epel-release # sudo yum install log4cplus-devel # run-time ++ Kea sudo yum install boost-devel # ssl , *-devel, sudo yum install openssl-devel # Kead sudo yum install automake libtool # gc, Development Tools, .. sudo yum groupinstall Development\ Tools Step 2. If all the dependencies rose normally, proceed to install Kea itself.
# Kea ( https://ftp.isc.org/isc/kea/1.5.0/ ) wget -nd https://ftp.isc.org/isc/kea/1.5.0/kea-1.5.0.tar.gz # tar zxvf kea-1.5.0.tar.gz # cd kea-1.5.0 # #./configure [ ] ./configure * Here you need to mention about the necessary options - if you plan to use a DBMS, you need to check this option.
All options at assembly:
--prefix
Define the installation location (the default is / usr / local).
--with-boost-include
Define the path to find the Boost headers.
--with-botan-config
Script for the cryptographic functions.
--with-mysql
Build Keys for MySQL database.
--with-pgsql
Bug Keg's PostgreSQL database.
--with-cql
Build Kease Cassandra (CQL) database.
--with-gtest, --with-gtest-source
Enable the building of the C ++ Unit Tests using the Google Test framework. This option specifies the path to the gtest source. (If it is not installed on your system, it can be downloaded from github.com/google/googletest .) From github.com/google/googletest .)
--with-benchmark, --with-benchmark-source
Enable the building backend benchmarks using the Google Benchmark framework. This option specifies the path to the gtest source. (If it is not installed on your system, it can be downloaded from github.com/google/benchmark .)
--with-log4cplus
Define the path to the Log4cplus headers and libraries.
--with-openssl
Replace Botan by the OpenSSL the cryptographic library. By default configure searches for a valid Botan installation: if one is not found, it searches for OpenSSL.
Define the installation location (the default is / usr / local).
--with-boost-include
Define the path to find the Boost headers.
--with-botan-config
Script for the cryptographic functions.
--with-mysql
Build Keys for MySQL database.
--with-pgsql
Bug Keg's PostgreSQL database.
--with-cql
Build Kease Cassandra (CQL) database.
--with-gtest, --with-gtest-source
Enable the building of the C ++ Unit Tests using the Google Test framework. This option specifies the path to the gtest source. (If it is not installed on your system, it can be downloaded from github.com/google/googletest .) From github.com/google/googletest .)
--with-benchmark, --with-benchmark-source
Enable the building backend benchmarks using the Google Benchmark framework. This option specifies the path to the gtest source. (If it is not installed on your system, it can be downloaded from github.com/google/benchmark .)
--with-log4cplus
Define the path to the Log4cplus headers and libraries.
--with-openssl
Replace Botan by the OpenSSL the cryptographic library. By default configure searches for a valid Botan installation: if one is not found, it searches for OpenSSL.
Going for a relatively long time, when assembling, it can produce errors if you do not install any dependency. At the end you will see the build summary:
Step 3. Install
make sudo make install The make operation takes a very long time (an hour or so). Make install for about a minute.
Startup and configuration
Runs from the installed directory:
keactrl start There are also options stop, reload (configuration reload) and status
At startup, it launches three processes - kea-dhcp4, kea-dhcp6 kea-ctrl-agent - an agent for managing and managing server communications
If you do not need dhcp6, then you can run only dhcp4, do not forget to start the agent:
keactrl start -s dhcp4, ctrl_agent Configuration
The main dhcp4 configuration file is /usr/local/etc/kea/kea-dhcp4.conf
The file is well described, a lot of comments and examples of settings, do not get confused, I will write only the main settings:
Specify the interface or address through which dhcp4 will work:
"interfaces-config": { // interface name (eg "eth0" or specific IPv4 address on that // interface name (eg "eth0/192.0.2.1"). "interfaces": [ ] } Specify where to store the base lease
"lease-database": { // Memfile is the simplest and easiest backend to use. It's a in-memory // C++ database that stores its state in CSV file. "type": "memfile", "lfc-interval": 3600 }, What DNS servers will be presented to clients
"option-data": [ { "name": "domain-name-servers", "data": "192.0.2.1, 192.0.2.2" }, Your organization's domain name
{ "name": "domain-search", "data": "mydomain.example.com, example.com" }, And the main settings are subnets, pools and default gateway:
"subnet4": [ { //subnet , Kea "subnet": "192.0.2.0/24", // , "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ], "option-data": [ { // default gateway "name": "routers", "data": "192.0.2.1" } ], Well, the last parameter is needed to reserve addresses from the pool / subnet, the specified addresses will not be issued to clients, they are needed for server / device addresses that are statically assigned:
"reservations": [ { "hw-address": "1a:1b:1c:1d:1e:1f", "ip-address": "192.0.2.201" } ] Here, perhaps the basic settings, after changing the configuration, you need to restart the service -
keacrtl stop keactrl start -s dhcp4,ctrl_agent CSV base
Local database is stored here - /usr/local/var/kea/kea-leases4.csv
Logs
Logs are stored by default - / usr / local / var / log /
Here each component has a separate file:
- kea-dhcp4.log
- kea-dhcp6.log
- kea-ctrl-agent.log
In a separate article I will describe how to start a cluster of two servers and configure the synchronization of the base of issue lease.
Used materials
Source: https://habr.com/ru/post/458180/
All Articles