OldarKose June 29, 2019 at 18:42

Kea-based failover DHCP server

From the sandbox

Kea DHCP Failover Server Installation and Basic Setup Instructions

Kea DHCP is an open-source DHCP server developed by Internet Systems Consortium (ISC) with support for DHCPv4 and DHCPv6.

ISCs are the same guys who develop our favorite bind and dhcpd. Kea - developed on the basis of BIND 10.

Kea allows you to run a dhcp server for both small systems and large telecom / corporate companies. Of the innovations - the use of the API to manage the service, the ability to store the lease database in the DBMS and the use of hooks for additional functions.
At the time of writing (June 2019), the latest stable version is 1.5.0.

I will not go into the detailed work of the DHCP protocol, then the article will be two or three times more. There is a good article on Habré .

DHCP protocol works over UDP protocol (ports 67-68), it is used for dynamic allocation of ip-addresses. It uses four steps to receive / issue ip-addresses - discover-offer-request-acknowledge (DORA) . DHCP also uses the concept of lease - address lease, the lease term for a device is lease-time .

Why kea

Kea's DHCP server has several advantages - speed of operation, the ability to create a failover cluster, great functionality and the ability to purchase technical support from developers.

This product will be used by our telecom operator, which plans to issue about 2 million addresses, with 2000 requests per second. It was chosen because of the speed of work and the possibility of creating a cluster of two servers.

Supported OS

• CentOS Linux - 7.1804 (aka 7.5)
• Fedora - 28, 29
• Ubuntu - 16.04, 18.04
• Debian GNU / Linux - 7, 8, 9
• FreeBSD - 11.0
• macOS - 10.13, 10.14

There are no Kea launch plans for Windows.

Lease base storage

Kea DHCP - supports storing the database of issued addresses in a local CSV file (memfile) or in one of three DBMSs - MySQL, PostgreSQL and Cassandra.

The differences are in speed and storage capabilities. Memfile is 10 times faster, but storing the database in the DBMS allows you to store additional fields and DHCP options. Speed comparison:

A very large analysis of the use of various databases and local storage here .

In our project, we decided to start from the base in memfile, since the number of requests per second will be more than 2000.

Installation

As an example, Kea will be deployed based on CentOS 7 (minimal edition):

[root@localhost ~]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)

Before installing the service itself, you must install all the necessary dependencies:

Boost C ++ Libraries (http://www.boost.org/). # run-time c ++ environment to run Kea itself
Crypto library Botan (ver. 1.9) or OpenSSL (ver. 1.0.1). I advise openssl, since botan will not be supported since Kea 1.6.0
log4cplus (ver. 1.0.3) development # is needed to create logs
C ++ compiler
Libraries automake, libtool, pkg-config # for building and installing Kea itself
If you will use a DBMS then install MySQL, PostgreSQL or Cassandra.

Optional if you need RADIUS or NETCONF / YANG (in English)

FreeRADIUS client library when --with-freeradius configuration flag used.
Sysrepo (version 0.7.6 or later) and libyang (version 0.16-r2 or later) when - with-sysrepo configuration flag used.
googletest (version 1.8 or later), when using the --with-gtest configuration option to build the unit tests.
The documentation generation tools elinks, docbook-xsl, libxslt and Doxygen, if using the --enable-generate-docs configuration option to create the documentation.

Step 1. Install the necessary dependencies

# wget нужен для скачивания файлов 
sudo yum install wget
# репозиторий community программ
sudo yum install epel-release
# нужен для создания логов
sudo yum install log4cplus-devel
# run-time среда с++ для запуска самого Kea
sudo yum install boost-devel
# для генериации ssl сертификатов, нужен именно *-devel, иначе не поставиться
sudo yum install openssl-devel
# для сборки и установки Kead
sudo yum install automake libtool
# компилятор gcс, поставил Development Tools, т.к. другие варианты установки выдавали ошибку при установке 
sudo yum groupinstall Development\ Tools

Step 2. If all the dependencies got up normally, proceed to installing Kea itself

# скачиваем исходники Kea (или скачиваем с сайта https://ftp.isc.org/isc/kea/1.5.0/ и передаем на сервер)
wget -nd https://ftp.isc.org/isc/kea/1.5.0/kea-1.5.0.tar.gz
# распаковываем архив
tar zxvf kea-1.5.0.tar.gz
# переходим в папку из архива
cd kea-1.5.0
# проверяем нужные библиотеки и готовимся к установке
#./configure [нужные опции здесь] я устанавливал без дополнительных опций
./configure

* Here you need to mention the necessary options - if you plan to use the DBMS, you need to check this option.

All options during assembly:

--prefix
Define the installation location (the default is / usr / local).
--with-boost-include
Define the path to find the Boost headers.
--with-botan-config
Specify the path to the botan-config script to build with Botan for cryptographic functions.
--with-mysql
Build Kea with code to allow it to store leases and host reservations in a MySQL database.
--with-pgsql
Build Kea with code to allow it to store leases and host reservations in a PostgreSQL database.
--with-cql
Build Kea with code to allow it to store leases and host reservations in a Cassandra (CQL) database.
--with-gtest, --with-gtest-source
Enable the building of the C ++ Unit Tests using the Google Test framework. This option specifies the path to the gtest source. (If the framework is not installed on your system, it can be downloaded from github.com/google/googletest .) From github.com/google/googletest .)
--With-benchmark, --with-benchmark-source
Enable the building of the database backend benchmarks using the Google Benchmark framework. This option specifies the path to the gtest source. (If the framework is not installed on your system, it can be downloaded from github.com/google/benchmark .) - with
-log4cplus
Define the path to find the Log4cplus headers and libraries.
--with-openssl
Replace Botan by the OpenSSL the cryptographic library. By default configure searches for a valid Botan installation: if one is not found, it searches for OpenSSL.

It is assembled for a relatively long time, during assembly it may produce errors if some kind of dependency is not established. At the end you will see the assembly result:

Step 3. Install

make
sudo make install

The make operation takes a very long time (an hour or so). Make install for about a minute.

Launch and setup

It is launched from the installed directory:

keactrl start

There are still options stop, reload (reloading the configuration) and status

When starting, it starts three processes - kea-dhcp4, kea-dhcp6 kea-ctrl-agent - an agent for managing and managing server communications

If you do not need dhcp6, you can only start dhcp4, do not forget to start the agent:

keactrl start -s dhcp4, ctrl_agent

Configuration

The main configuration file for dhcp4 is /usr/local/etc/kea/kea-dhcp4.conf The

file is well described, there are a lot of comments and examples of settings, you won’t get confused, I will write only the main settings: We
indicate the interface or address through which dhcp4 will work:

"interfaces-config": {
         // interface name (e.g. "eth0" or specific IPv4 address on that
        // interface name (e.g. "eth0/192.0.2.1").
        "interfaces": [ ]
}

Specify where to store the lease base

"lease-database": {
        // Memfile is the simplest and easiest backend to use. It's a in-memory
        // C++ database that stores its state in CSV file.
        "type": "memfile",
        "lfc-interval": 3600
    },

What DNS servers will be presented to clients

"option-data": [
       {
            "name": "domain-name-servers",
            "data": "192.0.2.1, 192.0.2.2"
        },

Your organization’s domain name

{
            "name": "domain-search",
            "data": "mydomain.example.com, example.com"
        },

And the main setting is subnets, pools and default gateway:

"subnet4": [
{ //subnet обязательный параметр, указывает Kea из какой подсети выдавать адреса
"subnet": "192.0.2.0/24",
            //пул адресов, который будут использоваться для выдачи клиентам
            "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
"option-data": [
                {
                  // указываем default gateway для этой подсети
                    "name": "routers",
                    "data": "192.0.2.1"
                }
            ],

Well, the last parameter is needed to reserve addresses from the pool / subnet, the specified addresses will not be issued to clients, they are needed for server / device addresses that are registered statically:


"reservations": [
                {
                    "hw-address": "1a:1b:1c:1d:1e:1f",
                    "ip-address": "192.0.2.201"
                }
]

Here are the main settings, after changing the configuration, you need to restart the service -

keacrtl stop
keactrl start -s dhcp4,ctrl_agent

CSV base

The local database is stored here - /usr/local/var/kea/kea-leases4.csv

Logs

Logs are stored by default - / usr / local / var / log /

Here, each of the components has a separate file:

kea-dhcp4.log
kea-dhcp6.log
kea-ctrl-agent.log

In a separate article I will describe how to start a cluster of two servers and configure synchronization of the lease output database.

Used materials

Official Manual
Setup from the ISC website

Tags: