Page MenuHomeVyOS Platform
Create Task
Maniphest T6211

kea DHCP server not vrf aware
Open, NormalPublicBUG
Actions

Description

kea dhcp-server does not initialize when some of the interfaces are in a vrf.

using this config:

set interfaces ethernet eth1 address '192.168.1.1/24'
set interfaces ethernet eth2 address '192.168.2.1/24'
set interfaces ethernet eth2 vrf 'test1'
set interfaces ethernet eth3 address '192.168.3.1/24'
set interfaces ethernet eth4 address '192.168.4.1/24'
set interfaces ethernet eth4 vrf 'test2'
set interfaces ethernet eth7 address '192.168.0.1/30'
set service dhcp-server shared-network-name eth1 option default-router '192.168.1.1'
set service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 lease '300'
set service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default start '192.168.1.10'
set service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default stop '192.168.1.100'
set service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 subnet-id '1'
set service dhcp-server shared-network-name eth2 option default-router '192.168.2.1'
set service dhcp-server shared-network-name eth2 subnet 192.168.2.0/24 lease '300'
set service dhcp-server shared-network-name eth2 subnet 192.168.2.0/24 range default start '192.168.2.10'
set service dhcp-server shared-network-name eth2 subnet 192.168.2.0/24 range default stop '192.168.2.100'
set service dhcp-server shared-network-name eth2 subnet 192.168.2.0/24 subnet-id '2'
set service dhcp-server shared-network-name eth3 option default-router '192.168.3.1'
set service dhcp-server shared-network-name eth3 subnet 192.168.3.0/24 lease '300'
set service dhcp-server shared-network-name eth3 subnet 192.168.3.0/24 range default start '192.168.3.10'
set service dhcp-server shared-network-name eth3 subnet 192.168.3.0/24 range default stop '192.168.3.100'
set service dhcp-server shared-network-name eth3 subnet 192.168.3.0/24 subnet-id '3'
set service dhcp-server shared-network-name eth4 option default-router '192.168.4.1'
set service dhcp-server shared-network-name eth4 subnet 192.168.4.0/24 lease '300'
set service dhcp-server shared-network-name eth4 subnet 192.168.4.0/24 range default start '192.168.4.10'
set service dhcp-server shared-network-name eth4 subnet 192.168.4.0/24 range default stop '192.168.4.100'
set service dhcp-server shared-network-name eth4 subnet 192.168.4.0/24 subnet-id '4'
set vrf bind-to-all
set vrf name management table '100'
set vrf name test1 table '1001'
set vrf name test2 table '1002'

logs show that it fails to initialize on the interfaces that are within a vrf and clients do not get a lease. interfaces on the default vrf are unaffected and dhcp server assigns leases normally.

[...]
Apr 06 16:42:53 kea-dhcp4[2540]: 2024-04-06 16:42:53.647 WARN  [kea-dhcp4.dhcpsrv/2540.140360373832128] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open socket on interface eth2, reason: failed to bind fallback socket to address 192.168.2.1, port 67, reason: Cannot assign requested address - is another DHCP server running?
Apr 06 16:42:53 kea-dhcp4[2540]: 2024-04-06 16:42:53.652 WARN  [kea-dhcp4.dhcpsrv/2540.140360373832128] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open socket on interface eth4, reason: failed to bind fallback socket to address 192.168.4.1, port 67, reason: Cannot assign requested address - is another DHCP server running?
Apr 06 16:42:53 kea-dhcp4[2540]: 2024-04-06 16:42:53.661 WARN  [kea-dhcp4.dhcpsrv/2540.140360373832128] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open socket on interface test1, reason: failed to bind fallback socket to address 127.0.0.1, port 67, reason: Address already in use - is another DHCP server running?
Apr 06 16:42:53 kea-dhcp4[2540]: 2024-04-06 16:42:53.661 WARN  [kea-dhcp4.dhcpsrv/2540.140360373832128] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open socket on interface test2, reason: failed to bind fallback socket to address 127.0.0.1, port 67, reason: Address already in use - is another DHCP server running?
[...]

Details

Difficulty level
Unknown (require assessment)
Version
1.5-rolling-202404030018
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

Thunderstorm created this task.Apr 6 2024, 9:54 PM
dmbaturin closed this task as Resolved.Apr 7 2024, 6:08 AM
dmbaturin claimed this task.
dmbaturin reopened this task as Open.Apr 7 2024, 8:17 AM
pasik subscribed.Apr 7 2024, 9:55 AM
Viacheslav removed dmbaturin as the assignee of this task.Apr 11 2024, 12:15 PM
Viacheslav triaged this task as Normal priority.
Viacheslav added a subscriber: dmbaturin.
tuxnet subscribed.May 23 2024, 7:52 PM
tuxnet added a comment.May 24 2024, 5:16 AM

The following can be configured as a quick and dirty workaround:

insert the following lines in the file /config/scripts/vyos-postconfig-bootup.script and restart
(the VRFNAME must be replaced with the desired vrf name)

killall kea-dhcp4
ip vrf exec VRFNAME /usr/sbin/kea-dhcp4 -c /run/kea/kea-dhcp4.conf
Apachez subscribed.May 24 2024, 5:57 AM

I assume that workaround would only work for a single VRF or can one do something like this?

killall kea-dhcp4
ip vrf exec VRF_TEST1 /usr/sbin/kea-dhcp4 -c /run/kea/kea-dhcp4.conf
ip vrf exec VRF_TEST2 /usr/sbin/kea-dhcp4 -c /run/kea/kea-dhcp4.conf
tuxnet added a comment.May 24 2024, 10:55 AM

you have to adapt a few more things, if absolutely necessary it also works with several VRFs - but it is very ugly...

/config/scripts/vyos-postconfig-bootup.script

killall kea-dhcp4
cp /run/kea/kea-dhcp4.conf /run/kea/kea-dhcp4-test1.conf
cp /run/kea/kea-dhcp4.conf /run/kea/kea-dhcp4-test2.conf
sed -i 's\*\eth0\g' /run/kea/kea-dhcp4-test1.conf
sed -i 's\*\eth1\g' /run/kea/kea-dhcp4-test2.conf
sed -i 's\dhcp4-ctrl-socket\dhcp4-ctrl-socket-test1\g' /run/kea/kea-dhcp4-test1.conf
sed -i 's\dhcp4-ctrl-socket\dhcp4-ctrl-socket-test2\g' /run/kea/kea-dhcp4-test2.conf
ip vrf exec test1 /usr/sbin/kea-dhcp4 -c /run/kea/kea-dhcp4-test1.conf & ip vrf exec test2 /usr/sbin/kea-dhcp4 -c /run/kea/kea-dhcp4-test2.conf

Tests after reboot

vyos@vyos1:~$ ss -tulpn | grep 67
udp   UNCONN 0      0      10.1.1.1%test1:67        0.0.0.0:*          
udp   UNCONN 0      0      10.2.2.1%test2:67        0.0.0.0:*    

vyos@vyos1:~$ cat /config/dhcp/dhcp4-leases.csv
address,hwaddr,client_id,valid_lifetime,expire,subnet_id,fqdn_fwd,fqdn_rev,hostname,state,user_context,pool_id
10.1.1.100,50:00:00:02:00:00,,86400,1716630302,1,0,0,vyos,0,,0
10.2.2.100,50:00:00:02:00:01,,86400,1716634205,2,0,0,vyos,0,,0
Viacheslav subscribed.May 24 2024, 12:04 PM

Probably the best way will be moving the config to the vrf section (not implemented)
For example:

set vrf name foo service dhcp-server shared-network-name eth1 option default-router '192.168.1.1'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 lease '300'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default start '192.168.1.10'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default stop '192.168.1.100'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 subnet-id '1'

And start several instances, each with its configuration.

tuxnet added a comment.May 24 2024, 1:34 PM

yes, that would be a very good solution/implementation

Tim subscribed.Jun 17 2024, 7:48 AM
stephenmcmahon subscribed.EditedJul 5 2024, 9:27 AM
In T6211#189615, @Viacheslav wrote:

Probably the best way will be moving the config to the vrf section (not implemented)
For example:

set vrf name foo service dhcp-server shared-network-name eth1 option default-router '192.168.1.1'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 lease '300'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default start '192.168.1.10'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default stop '192.168.1.100'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 subnet-id '1'

And start several instances, each with its configuration.

๐Ÿ‘‹ New VyOS user and just ran into this issue myself. Your syntax makes the most sense to me as someone new to VyOS but after standing up the configurations and dealing with the CLI for interfaces within VyOS specifically I would expect something like this:

set service dhcp-server shared-network-name VLAN192 subnet 192.168.1.0/24 default-router '192.168.1.1'
set service dhcp-server shared-network-name VLAN192 subnet 192.168.1.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name VLAN192 vrf HelloWorld

Keeping in line with this type of configuration:

set interfaces bonding bond0 mode 802.3ad
set interfaces bonding bond0 member interface eth0
set interfaces bonding bond0 vif 192 description 'VLAN10'
set interfaces bonding bond0 vif 192 address '192.168.1.1/24'
set interfaces bonding bond0 vif 192 vrf HelloWorld
fernando subscribed.Jul 5 2024, 7:34 PM
fernando added a comment.Jul 5 2024, 7:42 PM
In T6211#194799, @stephenmcmahon wrote:
In T6211#189615, @Viacheslav wrote:

Probably the best way will be moving the config to the vrf section (not implemented)
For example:

set vrf name foo service dhcp-server shared-network-name eth1 option default-router '192.168.1.1'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 lease '300'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default start '192.168.1.10'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default stop '192.168.1.100'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 subnet-id '1'

I think the logic proposed by @Viacheslav make more sense , if you use vrf-aware, there several scenario where you probably have same ip address/subnets or simplest to read when you have many vrf with different DHCP services.

stephenmcmahon added a comment.Jul 6 2024, 2:30 AM

After spending more time handling VRFs within VyOS the answer from @Viacheslav is best

dmbaturin added a project: Restricted Project.Sep 15 2024, 5:03 PM
chambas subscribed.Sep 23 2024, 11:33 AM

I also ran into this issue and lost a couple of hours trying to figure it out.
I stand for the solution purpose by @Viacheslav .

isithran subscribed.Fri, Oct 25, 9:09 PM