Custom Query (4462 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (19 - 21 of 4462)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Ticket Resolution Summary Owner Reporter
#5617 complete Reselect subnet after RADIUS response fdupont tomek
Description

A RADIUS hook user is dealing with the following issue:

PROBLEM:

He has two subnets. First with two pools ("gamers" and "fp"), second with different pools ("internet", "test"). Both subnets have the same relay ip-addresses specified. This is uncommon, but legal setup. One relay can handle multiple subnets.

The RADIUS response has Framed-Pool attribute that points to "internet". Unfortunately, Kea first selects the first subnet, then tries to select a pool from that subnet, but unfortunately there is no such pool, so pool and lease selection fails.

Here's the redacted config:

"subnet4": [
                {
                        "subnet": "1.2.3.16/28",
                        "id": 13100,
                        "pools": [
                                { "pool": "1.2.3.18 -  1.2.3.21" , "client-class": "gamers" } ,
                                { "pool": "1.2.3.22 -  1.2.3.25" , "client-class": "fp" }
                        ],
                        "relay": { "ip-addresses": ["1.2.5.20","1.2.5.21"] },
                        "option-data": [ { "name": "routers", "data": "1.2.3.17"  } ]
                },

                {    
                        "subnet": "1.2.3.20/28",
                        "id": 13103,
                        "pools": [
                                { "pool": "1.2.3.24 -  1.2.3.30" , "client-class": "internet" } ,
                                { "pool": "1.2.3.17 -  1.2.3.19" , "client-class": "test" }
                        ],
                        "relay": { "ip-addresses": ["1.2.5.20","1.2.5.21"] },
                        "option-data": [ { "name": "routers", "data": "1.2.5.20"  }  ]
                }
    ]

SOLUTION:

  1. Add configuration parameter reselect-subnet. If enabled, it will enable the following mechanism. The default should be false.
  1. extend the RADIUS callout installed on subnet4_select with this code (which is modified version of CfgSubnets4::selectSubnet(selector)
    • go over each subnet:
      • if relay ip-address dont' match, go to the next subnet
      • go over all pools if there is one that can be used based on Framed-Pool, use this subnet
      • if not, go to the next subnet

If Access-Reject is returned, the callout should return NULL (telling kea to use no subnets, effectively causing Kea to not respond).

#5615 fixed Asio use threads but build flag still says the opposite. fdupont fdupont
Description

Change BOOST_ASIO_DISABLE_THREADS in configure to reflect the current use of threads by boot asio. Note this is a suspect in random crashes in unit tests using both asio and threads.

#5613 fixed The documentation on where to install hooks needs to be clearer marcin cathya
Description

The Kea guide explains how to configure to load hooks libraries - both for the various services (kea-dhcp4, kea-dhcp6 etc) and for the Kea Control Agent (kea-ctrl-agent), showing the syntax for each.

This is fine, because in Kea there is great flexibility, and it might well be that in the future it makes a lot of sense to have a hook loaded and operated by the CA versus one of the services. In fact the Kea guide even alludes to a situation where that could be desirable.

But currently, ISC does not distribute or sell any hooks that are intended to be installed/loaded by the CA - but this is not at all clear in the documentation and there have been at least two instances now (to my knowledge, there may be more) where a new user of a hooks libraries have either loaded them on the CA, or on both the CA and kea-dhcp4 or kea-dhcp6.

When they do this, because of the order of precedence applied by the CA, the commands (even with service properly specified) never get to the service they're intended for and are consumed locally - this causes a lot of bafflement and wasted time troubleshooting why the hook doesn't appear to work, even when the commands issued specify the service that they're intended for.

Needed:

  1. Better clarification on where hooks can be installed and why this gives such great flexibility to Kea DHCP
  1. Update the lists and details for current (and future) hooks to indicate where they can/should be installed

(Future work - this is just a request for documentation improvements - could make it impossible to load a hook in the wrong service/CA).

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Note: See TracQuery for help on using queries.