The Issue
The default system limits prevent KEA from listening on a large number of interfaces. Testing revealed that 503 DHCP instances failed due to hitting the soft limit for open files.
Current default limits for the KEA DHCP server process:
vyos@vyos:~$ cat /proc/$(sudo systemctl show -p MainPID --value isc-kea-dhcp4-server.service)/limits Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size 0 unlimited bytes Max resident set unlimited unlimited bytes Max processes 31633 31633 processes Max open files 1024 524288 files Max locked memory 8388608 8388608 bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 31633 31633 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us
After increasing the limit, a successful start with 503 instances consumed 1026 file descriptors (sudo ls /proc/$(sudo systemctl show -p MainPID --value isc-kea-dhcp4-server.service)/fd | wc -l).
Suggested solution
The simplest fix is to override the systemd service limit by adding:
[Service] LimitNOFILE=<new value>
This approach has been tested and confirmed to work. The new value can either be set to a sufficiently high number or calculated precisely if we determine the exact formula.
Note
Pay attention - the same change may be necessary for the IPv6 server as well.
Workaround
To solve the issue temporarily:
sudo sed -i '/^\[Service\]/a LimitNOFILE=1048576' /etc/systemd/system/isc-kea-dhcp4-server.service.d/override.conf sudo systemctl daemon-reload
It is better to reboot afterwards.