[READY] - kea dhcpv6 config and service

socallinuxexpo / scale-network

SCaLE's on-site expo network configurations, wifi, tooling, and scripts

https://www.socallinuxexpo.org/

BSD 3-Clause "New" or "Revised" License

40 stars 16 forks source link

[READY] - kea dhcpv6 config and service #671

Closed sarcasticadmin closed 4 months ago

sarcasticadmin commented 4 months ago

Description of PR

Fixes: #596 Depends on: #670 (Will have to rebase after)

Kea DHCPv6 using all of the existing vlans from switch configurations

A lot of this was made very easy by previous work (thanks @kylerisse ): https://github.com/socallinuxexpo/scale-network/pull/252 ,inventory.py ipv6 support, and the retired isc-dhcpv6. This was all very useful as reference for this implementation.

Previous Behavior

kea didnt have dhcpv6
lease time was set to 4000 sec for dhcpv4

New Behavior

kea dhcpv6 configuration (dhcp6-server.conf.txt (ignore the .txt apartly github doesnt let you upload a .conf :laughing:)
kea dhcpv6 service enabled on core
dhcpv6 specific runNixOSTest for core test
kea dhcpv4/v6 lease time for mgmt vlan is now 5 min
kea dhcpv4/v6 lease time for all other subnets is 24min
updates to python facts tests for new dhcpv6 configurations

Tests

Core sanity check in runNixOSTests runs well:

$ build -L .#checks.x86_64-linux.core

sarcasticadmin commented 4 months ago

@owendelong thanks for the comments.

Also, would it be possible to arrange so that dynamically issued (not reservations) DHCPv6 addresses come from a pool in each subnet numbered 2001:470:f026::d8c::: where X/Y/Z are dynamically assigned?

Yes I believe this is possible and we would just have to toggle the "reservations-in-subnet": False kea config option and/or the other related options.

So as an example: our dynamic range for vlan 112 would be:

2001:470:f026:112:d8c::1
2001:470:f026:112:d8c::800

d8c because its close to dhcp :wink:

Then have a reservation within vlan 112 would be:

2001:470:f026:112:::100

Just want to make sure Im following here.

owendelong commented 4 months ago

@owendelong thanks for the comments.

Also, would it be possible to arrange so that dynamically issued (not reservations) DHCPv6 addresses come from a pool in each subnet numbered 2001:470:f026::d8c::: where X/Y/Z are dynamically assigned?

Yes I believe this is possible and we would just have to toggle the "reservations-in-subnet": False kea config option and/or the other related options.

So as an example: our dynamic range for vlan 112 would be:
2001:470:f026:112:d8c::1
2001:470:f026:112:d8c::800
d8c because its close to dhcp 😉

Then have a reservation within vlan 112 would be:
2001:470:f026:112:::100
Just want to make sure Im following here.

Yes, that's correct.

--- Correction... Just realized there's a typo:

2001:470:f026:112:::100

Should not have 3 :::, it should be:

2001:470:f026:112::100

owendelong commented 4 months ago

I don't care how wide we make the dynamic range within the VLAN (up to 48 bits), TBH. So ::1 ::800 is fine, but so would ::0 through :ffff:ffff:ffff as far as I'm concerned.

(The first would result in :d8c::1 through :d8c::800, the latter would result in :d8c::1 through :d8c:ffff:ffff:ffff).

I'd also be fine if we started from ::0, since in IPv6, there's nothing special about the ::0 address.

sarcasticadmin commented 4 months ago

(The first would result in :d8c::1 through :d8c::800, the latter would result in :d8c::1 through :d8c:ffff:ffff:ffff).

My initial hesitation here was due to the problems we saw with isc-dhcpv6 when the range was so large: https://github.com/socallinuxexpo/scale-network/pull/252 This is me being superstitious but we wont need all of those addresses anyway.

I'd also be fine if we started from ::0, since in IPv6, there's nothing special about the ::0 address.

Good point

owendelong commented 4 months ago

As I stated, I'm fine with the current smaller range and fine with it as is. Let me know when you've made the :d8c: change and I'll approve and merge.

sarcasticadmin commented 4 months ago

@owendelong thanks for helping debug the kea dhcpv6 stuff the other day, saved me from banging my head against the wall.

Theres one small limitation in this config related to dhcpv6 relaying and Ill be spinning out for a follow up: Since we cant declare the same interface (eth0) in two subnet6 blocks well have to dynamically allocate the local subnet6 block and interface for the corresponding expo and conf core. The core will only ever be local to the subnet that its in the building for.

This is called out here in the kea config: https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp6-srv.html#ipv6-subnet-selection

For now I have the interface set to expo since thats how the core runNixOSTest is configured and theres good value were getting out of those test cases for confirming dhcpv6 is working.

Other than that I think this is ready to go @kylerisse @owendelong