KEA DHCP6 hw-address support

Started by dieter42, July 15, 2025, 10:30:03 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 15, 2025, 10:30:03 AM
Due to end of live and as suggested, i changed my setup from ISC to KEA DHCP.
DHCP4 works pretty well, but for DHCP6 i'm barely missing hw-address type support.
Rational:
- For some devices, I'd like to have static mappings.
- Especially some of these devices provide a DUID type, not usuable for a static mapping.

KEA DHCP6 supports hw-address type mapping.
As of now I marked the checkbox "Manual config" in KEA DHCP6, and added the mapping to the config file.
This works pretty well and as expected.

My question: Are there any plans to support hw-address type mapping from within the GUI?

July 15, 2025, 10:41:28 AM #1 Last Edit: July 15, 2025, 10:50:26 AM by Patrick M. Hausen
(deleted - overlooked the IPv6 part)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 15, 2025, 10:44:37 AM #2
Have you really thought this through? The DUID variant is the one that is officially condoned by IPv6. Because of IPv6 supporting multiple IPv6 addresses at once, you should consider using different ones for making your devices addressable and making connections themselves.

In order to reach devices via IPv6, you probably do not want to type in IPv6 addresses anyway, so what matters most, is the DNS mapping.

For example, if you use SLAAC, which is preferable to DHCPv6 anyway in most cases (as explained here), you already get a predictable, permanent address you can use to find your devices by registering those in DNS.

For outbound access, you may prefer to use IPv6 privacy extensions.

I can imagine only one purpose not to use a devices EUI-64 to build its GUA: When I want to make it accessible from outside and not expose the manufacturer of the NIC or device. But in those cases, I use a reverse proxy anyway, so even for that purpose, I do not need "arbitrary" IPv6 addresses.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
July 16, 2025, 09:13:54 AM #3
In general i agree .. however my setup is a private home setup rather than a DC, or some other commercial network.

One rational, i'd like to have my own namespace for devices.
Especially not the name, some consumer devices come up with (sometimes not even modifiable).
I saw some other posts in this forum about mapping of just the DNS name.
However, issue is the same as mine!

Positive side effect on IP address assignment: Having "similar" suffixes for IPv4 and IPv6 addresses eases debugging.

Then, i was wondering about further use cases ..
I.e. for some reason i assume ISC implemented DUID as well as hw-address mapping.

July 16, 2025, 09:32:46 AM #4
I was not arguing for any business setup. There, you usually do have static IPv6 and this all is not a problem. I was strictly speaking of home and small business setups only.

You can have your namespace, but with IPv4 - I seek yet of someone who can sensibly say why they need their devices to have IPv6 DNS aliases, except for making them accessible from the outside via IPv6 (and I already answered that: use a reverse proxy).

I am at a loss why everybody thinks they need to adopt IPv6 and IPv6 only.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
July 16, 2025, 10:31:25 AM #5
Sorry, here i'm lost ..
Are you saying IPv6 is just an addon rather than a replacement of IPv4?!
July 16, 2025, 11:04:18 AM #6
Well it says here that it's valid to use either hw-address or duid for the ipv6 reservation.

https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp6-srv.html#host-reservations-in-dhcpv6

"In the DHCPv6 context, the identifier is usually a DUID, but it can also be a hardware or MAC address."
Hardware:
DEC740
July 16, 2025, 12:28:19 PM #7 Last Edit: July 16, 2025, 12:33:36 PM by meyergru
It is currently far from a replacement for consumer setups. You can see that many websites only work with IPv4, many mobile networks do, too. If you happen to have a DS-lite internet access, you will find it hard to become accessible from everywhere via IPv6, aside from using a tunnel solution like Cloudflare.

But that is besides the point. I only say that with usual consumer premises equipment and dynamic IPv6 prefixes, you should use IPv4 in your internal network and IPv6 only for outbound access. If you require IPv6 inbound, use a reverse proxy.

Anything else will be a hassle to set up and you are easier off with IPv4.

As for DUIDs: There originally were 4 DUID types, which include a DUID-LL as well, but since this was suboptimal for certain applications, RFC 6939 was invented to identify clients by their MACs again. IPv6 was meant to be the egg-laying jack of all trades, but rather complex. And as you can see, not all recommendations are being followed even by ISPs, e.g. the "static prefix" one: The ISPs simply do not want you to offer services over their consumer lines.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Print
Go Up Pages1
User actions