Commit d50c2810 authored by Baptiste Jonglez's avatar Baptiste Jonglez
Browse files

Add IPv6 prefix delegation example

parent 85c3fa52
......@@ -56,6 +56,18 @@ it may be easier to just write a Kea hook yourself.
If you have more examples of usage, feel free to contribute your Kea
config and your scripts!
### Managing routes for IPv6 delegated prefixes
When delegating IPv6 prefixes with DHCPv6-PD, it is necessary to add the corresponding routes
in the kernel.
This example script adds/removes static IPv6 routes whenever Kea delegates an IPv6 prefix
through DHCPv6-PD or when the lease expires.
See the included [README](examples/ipv6_prefix_delegation/README.md) for more
explanations and the [source](examples/ipv6_prefix_delegation) with the script and
an example Kea configuration.
### Handing out IPv4 addresses in /32 subnets
This example allows to lease IPv4 addresses individually (/32 subnets), by
......
# Route management for IPv6 delegated prefixes
The goal here is to add/remove static IPv6 routes in the kernel whenever Kea delegates
an IPv6 prefix through DHCPv6-PD.
This is achieved by running [ipv6routes.sh](ipv6-routes.sh) with kea-hook-runscript.
The routes added by the script can then be picked up by a routing daemon
(e.g. [Bird](http://bird.network.cz/)) and propagated in a IGP like OSPF.
**Note:** the script also inserts routes for `IA_NA` addresses, because it is necessary
in our setup. If you only need routes for delegated prefixes, adapt the script accordingly.
## Limitations
There is a potential issue when the IPv6 prefix reserved to a client is changed (e.g. if it is
modified in the Postgresql data source). In that case, `lease6_release` / `lease6_expire` is
never called with the old prefix, so the corresponding route is never removed from the kernel.
It is not clear whether it is a bug in Kea or if it is related to the specific setup of the author.
In any case, this is something to watch out for.
#!/bin/sh
# This script adds and removes IPv6 routes in the Linux kernel whenever a DHCP client
# gets a lease or a lease expires.
# Protocol to use in "ip -6 route"
PROTO=static
add_ipv6_routes()
{
if [ "$KEA_LEASE6_TYPE" = "IA_NA" ]; then
# Add interface route towards client
ip -6 route replace "${KEA_LEASE6_ADDRESS}"/64 dev "${KEA_QUERY6_INTERFACE}" proto "${PROTO}"
fi
if [ "$KEA_LEASE6_TYPE" = "IA_PD" ]; then
# Add route for delegated prefix (next hop is the client)
ip -6 route replace "${KEA_LEASE6_DELEGATED_PREFIX}" via "${KEA_QUERY6_REMOTE_ADDRESS}" dev "${KEA_QUERY6_INTERFACE}" proto "${PROTO}"
fi
}
remove_ipv6_routes()
{
if [ "$KEA_LEASE6_TYPE" = "IA_NA" ]; then
ip -6 route delete "${KEA_LEASE6_ADDRESS}"/64 proto "${PROTO}"
fi
if [ "$KEA_LEASE6_TYPE" = "IA_PD" ]; then
ip -6 route delete "${KEA_LEASE6_DELEGATED_PREFIX}" proto "${PROTO}"
fi
}
case "$1" in
"lease6_select")
# Only add route if FAKE_ALLOCATION is set to 0
[ "${KEA_FAKE_ALLOCATION}" = "0" ] || break
add_ipv6_routes
;;
"lease6_renew")
add_ipv6_routes
;;
"lease6_release"|"lease6_expire")
remove_ipv6_routes
;;
esac
{
"Dhcp6":
{
"interfaces-config": {
"interfaces": [ "eth0" ]
},
"hooks-libraries": [
{
"library": "/path/to/kea-hook-runscript/kea-hook-runscript.so",
"parameters": {
"script": "/etc/kea/ipv6-routes.sh"
}
}
],
"lease-database": {
"type": "memfile"
},
/* Only use client MAC address, not Client ID */
"match-client-id": false,
"renew-timer": 1100,
"rebind-timer": 1150,
"preferred-lifetime": 1200,
"valid-lifetime": 1400,
/* Only use mac address to identify clients */
"host-reservation-identifiers": ["hw-address"],
"subnet6": [
{
/* Add your IPv6 subnet declaration here */
}
]
},
"Logging":
{
"loggers": [
{
"name": "kea-dhcp6",
"output_options": [
{
"output": "stdout"
#"output": "/var/log/kea-dhcp6.log"
}
,
"severity": "DEBUG",
"debuglevel": 0
}
]
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment