Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Kea DHCP - High Availability/HA Setup/Migration
« previous
next »
Print
Pages: [
1
]
Author
Topic: Kea DHCP - High Availability/HA Setup/Migration (Read 2457 times)
RayM
Newbie
Posts: 3
Karma: 3
Kea DHCP - High Availability/HA Setup/Migration
«
on:
May 21, 2024, 06:12:14 pm »
Hey All,
I went ahead and did the transition from ISC to Full HA Kea on 24, and it was a pretty smooth transition. As I find the current documentation for HA between 2 OPNSense/CARP a bit lacking, I tought I was going to create a post that might help someone in the future.
Here are the steps I took (all actions were done on the Primary - no configuration needed on the Secondary other than config sync) :
1) Created the subnets -
UNCHECK Auto collect option data
- As we need to configure our CARP IPs here.
2) I created 1 reservation and exported to CSV - So I could use the CSV to import my ISC reservations - and it was much faster. I opened a new window and looked at all the leases in ISC - then it's a copy-paste game.
3) Import reservations
4) Enabled the Control Agent (Be sure not to use a port that already is used. I used 8101 for agent, and 8111 for Peers configuration - they need to be different)
5) Enable HA in Kea -> Settings -> High Availability, take note of the hostname there.
6) Add The Peers in the Peers tab - I used both of the PFSYNC interface IPs for my primary and secondary OPNSense. I am not sure this is the best practice, but I tough it was going to be ideal as other than PFSYNC - there is no other traffic on that network.
a.
- Primary: Hostname (as showed in the HA section of Settings - basically your OPNSense hostname)
- URL: PFSYNC Interface IP (
http://x.x.x.1:8111/
) - make sure whatever port you use is free - it cannot be the same as the agent.
b.
- Standby: Hostname: Your Secondary OPNSense Hostname
- URL: Your secondary OPNSense PFSYNC interface IP (
http://x.x.x.2:8111/
) make sure whatever port you use is free - it cannot be the same as the agent.
6) In System - HA - Settings, I checked the "Kea DHCP" service - Save
7) System - HA - Status - Trigger a full Sync
Check that the HA peer received the Kea Configuration after the Sync
9) Go in ISC DHCP, and disable all interfaces 1 by 1 - you should then see the "dhcpd" service disapear from the services in the dashboard. Once all interfaces are disabled, dhcpd should be completly stopped.
10) Kea -> Settings -> Check "Enabled" - Save. This should start the Kea Service - you can check at the logs if it doesn't start (I made a typo in one of the pool, and it prevents the service from starting but it does tell you where the issue is).
11) Resync HA Unit from System -> HA
12) Checked the logs to make sure that communication is working between both Kea Peers - check the logs and you should see stuff like "INFO [kea-dhcp4.commands.0x835f1ed00] COMMAND_RECEIVED Received command 'ha-heartbeat'"
13) Test your new DHCP.
It's now up and running, and everything runs smoothly for my needs with the current feature set.
Feel free to point out any areas of improvement or potential issues - as there might be stuff I neglected/didn't know...
Regards
Logged
FraLem
Jr. Member
Posts: 83
Karma: 2
Re: Kea DHCP - High Availability/HA Setup/Migration
«
Reply #1 on:
June 11, 2024, 01:39:19 pm »
Thanks for sharing.
We am facing some difficulties in getting the backup server to start responding to dhcp clients on a test environment with just 5 clients. Sync running as expected.
Any tip would be appreciated.
Logged
FraLem
Jr. Member
Posts: 83
Karma: 2
Re: Kea DHCP - High Availability/HA Setup/Migration
«
Reply #2 on:
June 11, 2024, 01:58:20 pm »
Found it,
from logs " 6 clients unacked so far, 0 clients left before transitioning to the partner-down state"
Thanks again for sharing.
Logged
quantumjohnny
Newbie
Posts: 7
Karma: 0
Re: Kea DHCP - High Availability/HA Setup/Migration
«
Reply #3 on:
August 07, 2024, 10:28:43 am »
Thank you for the instructions, very helpful.
Despite that I was struggling to get this to work because I did not correctly follow step 7):
"Trigger a full sync" is an obscure little button in the form of a cloud. I somehow presumed that by pressing "Perform Synchronization" in System/High Availability/Settings the Sync would be triggered. But no, you need to click this little cloud.
After that the sync worked and everything else suddenly made sense. Hope that helps other people
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Kea DHCP - High Availability/HA Setup/Migration