KEA DHCP leases don't behave like ISC DHCP

Started by os914964619, August 18, 2025, 07:33:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 18, 2025, 07:33:20 PM Last Edit: August 18, 2025, 07:36:40 PM by os914964619
Just switched everything over from using ISC DHCP to KEA DHCP. I noticed one annoyance.

Assume IPv4 only and a 1 hour DHCP lease for both ISC and KEA:

In ISC DHCP, If I have a host that I only turn on every few days or so, it will always get the same address from the pool.

In KEA DHCP, If I have a host that I only turn on every few days or so, it will get a different address from the pool.

So for example, if the reservation range is from .100 to .120, one day I may get .101, and another day I might get .100 if I didn't give out any IPs since the last time the machine was on.

I don't want to increase the lease time because I want the client to request a new lease frequently in case something changes.

ISC DHCP was much better about giving previous addresses out. I never exhaust the pool range, so it was pretty much similar to having static entries without needing to make static entries.

With ISC DHCP, I can have the machine off for weeks and still get the same dynamic IP address it gave me  a while back.

Is there any way to make KEA remember IP addresses better and behave like ISC in that regard?
August 18, 2025, 08:07:50 PM #1
It's the client that remembers its old address across reboots and asks if it is available, first. If free, the server is supposed to acknowledge it and hand out a new lease for the same address. I cannot picture Kea no following that part of the RFC.

What I can picture though, is Kea more aggressively reusing addresses for which the lease has expired and handing them out to a different client.

I would make a protocol with tcpdump when you power on such a client after a couple of days to watch if that is what happens.

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 18, 2025, 08:14:38 PM #2 Last Edit: August 18, 2025, 08:17:02 PM by os914964619
Quote from: Patrick M. Hausen on August 18, 2025, 08:07:50 PMWhat I can picture though, is Kea more aggressively reusing addresses for which the lease has expired and handing them out to a different client.
I would make a protocol with tcpdump when you power on such a client after a couple of days to watch if that is what happens.

That's exactly what's going on. Same clients I've been using for years. I ran tcpdump and fed the pcap into wireshark to look at. KEA is just recycling addresses much more aggressively than ISC.

I don't see an option to change this behavior in the opnsense web gui, so I'd probably have to change something in the KEA conf file.

I'm not sure, but I think that the conf file would get overwritten by opnsense on boot/upgrade/config change, so I'd have to manually change the KEA conf file every time, unless there is a better way to do this? Ideally like a "free-form" "advanced options" that can get appended to the KEA Conf file via the opnsense web gui. I've seen opnsense do this for other things like OpenVPN settings.
August 18, 2025, 08:19:51 PM #3
Basically, the good news is KEA does expose some tunables to make it behave like ISC with regard to lease recycling. The bad news is, opnsense doesn't expose any of that to the user via the web gui.
August 18, 2025, 08:20:09 PM #4
You could first check with whatever platform the Kea community uses - or maybe just their documentation - if they support changing the allocation strategy at all.

And if yes, then create an issue on Github to include that option in the UI.

Kind regards,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 02:10:49 AM #5 Last Edit: Today at 03:20:20 AM by hharry
kea 2.6.3 supports DHCP lease affinity, but the configuration options haven't yet been exposed in OPNsense GUI

https://forum.opnsense.org/index.php?topic=48462.0

https://github.com/opnsense/core/issues/9094

In current OPNsense 25.7.1_1 release, manually editing the kea config file to add the options, are overwritten / removed when kea service is re-started ( from either OPNsense GUI or cli)...
OPNsense 25.7.1_1-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, sftp-backup plugins. limited kea DHCP server deployment.
Today at 03:34:51 AM #6
Quote from: hharry on Today at 02:10:49 AMkea 2.6.3 supports DHCP lease affinity, but the configuration options haven't yet been exposed in OPNsense GUI

https://forum.opnsense.org/index.php?topic=48462.0

https://github.com/opnsense/core/issues/9094

In current OPNsense 25.7.1_1 release, manually editing the kea config file to add the options, are overwritten / removed when kea service is re-started ( from either OPNsense GUI or cli)...

Thanks for posting this. https://github.com/opnsense/core/issues/9094 is exactly what we would need to address the issue.
Today at 05:04:18 AM #7
Quote from: os914964619 on Today at 03:34:51 AMThanks for posting this. https://github.com/opnsense/core/issues/9094 is exactly what we would need to address the issue.

To help get better visibility on customer demand, perhaps add a comment in https://github.com/opnsense/core/issues/9094 to express your interest in the existing kea DHCP lease affinity capability configuration options, being added to OPNsense GUI...
OPNsense 25.7.1_1-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, sftp-backup plugins. limited kea DHCP server deployment.
Print
Go Up Pages1
User actions