Congratulations for the video very clear explanation. I am deploying KEA DHCP server in my company. - How to register subnets and pools and register MAC, gateway, DNS and Domain addresses so that the DHCP KEA server assigns randomly identifying the "IPs" available in the pool and delivering what is available to the machines. Thank you, a hug from Brazil.
great video. i've used isc-dhcp for years and saw there was a way to just migrate existing config to kea but I wanted to try building it from scratch. your video was very helpful. thank you.
Thank you for this instructive Video! Since editing the configuration is error-prone due to the JSON-Notation, i found this Command particularly helpful: kea-dhcp4 -t /path/to/config tells you all the omitted or superfluous commas, brackets etc.
I've been enjoying your videos and subscribed to your channel. Just a suggestion. How about doing a video on tying Kea DHCP to Bind9 to create, update and delete DNS records when clients get an IP address. I have done this in the past with ISC-DHCP and rndc keys, but it looks like Kea uses TSIG keys and I'm having trouble finding out how to integrate this with Bind9. Thank you and keep sharing the knowledge!
Thanks for the sub and feedback I am planning to do a video for the DDNS module of Kea but I have a few other videos to do first I'm in the middle of rebuilding my main network as well as my lab and that's an ideal time for me to cover videos, including things like Kea But I also have some products which need to be covered before I put them to use in my main network
Fantastic video!!! I have installed four KEAs and for the backend, I've chosen MariaDB for DHCP leases. The problem is when I do a lease dump with the kea admin tool to a CSV, truncate the table, and then upload the same CSV with the kea admin tool, the DHCP shows a lease update error and can't update any of the existing IPs. Also, if the CSV has more than 500 records, it can't be uploaded... Have you ever encountered this issue? My plan is that if I need to upgrade, I take down one of the four, upgrade it, export the leases from the database to a CSV, change in the specific to read mem file, bring it back online, and then take down the other three, upgrade them, apply the new schema, import the CSV file, and open the other two to handle traffic. Then I immediately take down the one with the CSV to ensure there's no downtime at all.😵💫😵💫
Not something I've run into as I did a clean transfer from ISC to KEA for instance I don't keep copies of leases either Reserved IPs for things like servers and printers should be fine as they're stored in the configuration file But ideally any leases for PCs would have expired before the work gets done and you can reduce the lease times ahead of the work to help, although you'd want computers to get turned off that day The last time I was involved in a major upgrade like that though, we had plenty of IT staff going round checking in with users the next day and manually resetting the leasing on PCs if they had a conflict
I have two DHCP server (primary and secondary) to prevent problems in case of hardware failure. I know KEA doesn't have primary and secondary, but a "HA" feature equal to support that. I read, i need an additional "CA" to handle that. I'm a bit confused to do that, because in my mind "CA" stands for "certification authority" 🙂
I leave HA for the hypervisor as the load isn't high, so in theory my only issue should be a software bug But Kea does support redundancy, including load balancing kea.readthedocs.io/en/latest/arm/hooks.html#load-balancing-configuration A bit further down is an example for hot-standby if you'd prefer that
Watched this and also your how to configure DDNS for automatic updating of the DNS (bind9) server, and found it very clear and informative. However my DHCP server is not working, it starts ok, issues no errors but does not actually listen - nmap says the port is closed. I've checked there is no firewall blocking it and it's running directly on the Ubuntu server alongside bind9. The name resolution is working fine. Any tips for how to diagnose? My goal is to move the DHCP from a tp-link router / gateway and run it on a server I have always on.
If you check the service status it might give you some hints if it's down sudo systemctl status isc-kea-dhcp4-server If it is up and running you can check syslog for clues sudo tail /var/log/syslog I've noticed the service starts after installation with a default config and it needs a restart to load a new one So it could be worth restarting the service BUT before you do that open another terminal session to the server and watch the log file in that window sudo tail -f /var/log/syslog Then restart the service in another window sudo systemctl restart isc-kea-dhcp4-server If it doesn't start, there's probably a typo in the config file On the other hand, if the service is running I would still check the config file and make sure it suits your computer sudo nano /etc/kea/kea-dhcp4.conf For instance, mine has an interface called ens160, so that's why my example config has that mentioned in line 4 Yours is probably different so make sure the name matches what's on your computer I just go with whatever is mentioned when I run ip a Any change will need a service restart sudo systemctl restart isc-kea-dhcp4-server
@@TechTutorialsDavidMcKone thank you so much for the detailed reply and suggestions. One thing I notice is my service is called kea-dhcp4-server ie without the leading kea. My interface card is eno1 and I've checked that the service is reading my config by putting eth0 (invalid) device, and it then reports an error. As it stands it starts up, is shown as running by systemctl status, but seemingly does not listen to the broadcast or on port 67. I've tried the config setting "service-sockets-require-all" but get an error saying this is not a valid parameter. So summary is, no errors reported on startup (even using verbose logging) but not listening !
@@KevinMarlow_uk It's been a while since I did this video so I suppose the service name may have been changed Mind you, I'm using Debian instead of Ubuntu so maybe that's what it is Does your config have a subnet covering the one that the server's interface is in? Even if you don't plan on leasing IP addresses in that subnet, I think it still needs one as the previous ISC DHCP server did It sounds like the service has nothing to listen for on that interface The only other thing I can suggest is to check this webpage kea.readthedocs.io/en/latest/arm/config.html#json-configuration And compare your config to that one That adds a line to listen for raw sockets i.e. broadcasts in the local subnet that DHCP mostly uses It also sets up a specific logging file that might shed more light on what's going on
@@TechTutorialsDavidMcKone I found the issue after installing the 2.5 version which gave more debug info. Seems that dhcpmasq is by default installed on Ubuntu and whilst not listening on port 67 (so not showing on nmap) it was however holding onto the port and stopping dhcp4 from starting. Thanks for the suggestions without which I was stumped.
6 หลายเดือนก่อน +1
Hey, great video, thanks for sharing. I learned how to config kea thanks to your videos. Maybe you can point me to the right direction. I installed kea and is working, however, client machines have no internet access, I have 2 interfaces, one is plugged to my router and the other one is being used by Kea to provide ips (and hopefully Internet), but internet is not working on clients. Should I configure something else?
DHCP needs a DHCP relay agent when computers are in a different network If I understand this correctly, the clients use one interface of the router, but Kea uses another In which case, the router interface on the client side needs to be configured with a DHCP relay agent That relay agent will also need configuring with the IP address of Kea What will then happen is the clients will send out DHCP broadcast messages The DHCP relay agent will then create unicast messages and send them to Kea, i.e. acting as a relay between the clients and DHCP server Without that relay agent, the broadcasts just get ignored because routers don't forward broadcast messages by design
6 หลายเดือนก่อน
@@TechTutorialsDavidMcKone thanks for answering, The idea is use a mini pc as router, in that case the clients should use the Kea interface and the traffic must be redirected to internet: +---------+ client | kea_if ext_if | cloud +---------+ But you mention the relay, has Kea a relay configuration or should I add something extra to work as a relay agent?
@ If the clients are in the same network as the DHCP server then it should be picking up the broadcasts itself Check the logs as it's usually quite helpful, for instance Kea might receive a request but it couldn't provide an IP because there wasn't a suitable subnet configured for instance I tend to open a terminal session and run this command on a Linux computer sudo tail -f /var/log/syslog You'll then see live output And you can use Ctrl-C to cancel that Another thing to point is there may be something else using the DHCP server port I had someone mention they were using Ubuntu and dhcpmasq was installed and running That had to be removed to allow Kea to work Another thought, is there a personal firewall installed and does it allow access to UDP port 67?
6 หลายเดือนก่อน
@@TechTutorialsDavidMcKone nothing else installed, I will try with dhcpmask, thanks 😃👍
Hello sir, I have been able to setup this for my company. I even downloaded kea control agent and setup the lease commands. But I have a doubt.This kea dhcp server has been installed and setup in GCP VM. Will it be able to capture the port 67,68 packets and allocate Ip address to cisco and ciena devices which will send request to the VM IP address through relay. What kind of a interface do I need to use in that kind of situation?
The DHCP server will listen for packets from the local subnet Any devices outside of that will have to rely on a DHCP relay agent in their own subnet Usually that will be handled by the gateway for the subnet e.g. a L3 switch or a firewall Once the relay is configured to send traffic to the IP of the VM, you need to make sure the DHCP server is configured with IP pools for each of those subnets The relay will forward broadcast requests to the VM Once a device has an IP address it will communicate directly with the DHCP server So if you any firewalls in the path, including on the DHCP server itself, make sure all of the subnets have access to the DHCP server
ISC have a project called Stork to manage Kea stork.isc.org/ Webmin is popular for Bind webmin.com/ I haven't used them myself though as I'm focusing on infrastructure as code
@@TechTutorialsDavidMcKone Checked Stork. Not what i'm looking. Im searching an IPAM like bluecat. Found netbox. Too many useless other features for me
You rock! On my Ubuntu this was not working, so I read the note and remove -server apt install isc-kea-dhcp4-server -y Reading package lists... Done Building dependency tree... Done Reading state information... Done Package isc-kea-dhcp4-server is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source However the following packages replace it: isc-kea-dhcp4 E: Package 'isc-kea-dhcp4-server' has no installation candidate root@NOC-Lab:~# apt install isc-kea-dhcp4 -y
Congratulations for the video very clear explanation. I am deploying KEA DHCP server in my company. - How to register subnets and pools and register MAC, gateway, DNS and Domain addresses so that the DHCP KEA server assigns randomly identifying the "IPs" available in the pool and delivering what is available to the machines. Thank you, a hug from Brazil.
Thanks for the feedback
Good to know the video was helpful
great video. i've used isc-dhcp for years and saw there was a way to just migrate existing config to kea but I wanted to try building it from scratch. your video was very helpful. thank you.
I did think about using the migration option, but I opted to start from scratch as well
Good to know the video was helpful
Thank you for this instructive Video!
Since editing the configuration is error-prone due to the JSON-Notation, i found this Command particularly helpful: kea-dhcp4 -t /path/to/config tells you all the omitted or superfluous commas, brackets etc.
Thanks for sharing that, very useful indeed
I've been enjoying your videos and subscribed to your channel. Just a suggestion. How about doing a video on tying Kea DHCP to Bind9 to create, update and delete DNS records when clients get an IP address. I have done this in the past with ISC-DHCP and rndc keys, but it looks like Kea uses TSIG keys and I'm having trouble finding out how to integrate this with Bind9. Thank you and keep sharing the knowledge!
Thanks for the sub and feedback
I am planning to do a video for the DDNS module of Kea but I have a few other videos to do first
I'm in the middle of rebuilding my main network as well as my lab and that's an ideal time for me to cover videos, including things like Kea
But I also have some products which need to be covered before I put them to use in my main network
Hola papa muchas gracias por el tutorial. me sirvio mucho. tu hijo gonzalo terra te agradece
Me alegra saber que el video fue útil
Fantastic video!!! I have installed four KEAs and for the backend, I've chosen MariaDB for DHCP leases. The problem is when I do a lease dump with the kea admin tool to a CSV, truncate the table, and then upload the same CSV with the kea admin tool, the DHCP shows a lease update error and can't update any of the existing IPs. Also, if the CSV has more than 500 records, it can't be uploaded... Have you ever encountered this issue? My plan is that if I need to upgrade, I take down one of the four, upgrade it, export the leases from the database to a CSV, change in the specific to read mem file, bring it back online, and then take down the other three, upgrade them, apply the new schema, import the CSV file, and open the other two to handle traffic. Then I immediately take down the one with the CSV to ensure there's no downtime at all.😵💫😵💫
Not something I've run into as I did a clean transfer from ISC to KEA for instance
I don't keep copies of leases either
Reserved IPs for things like servers and printers should be fine as they're stored in the configuration file
But ideally any leases for PCs would have expired before the work gets done and you can reduce the lease times ahead of the work to help, although you'd want computers to get turned off that day
The last time I was involved in a major upgrade like that though, we had plenty of IT staff going round checking in with users the next day and manually resetting the leasing on PCs if they had a conflict
@@TechTutorialsDavidMcKone Thank you very much for the advice, it helped a lot!!!!😁
I have two DHCP server (primary and secondary) to prevent problems in case of hardware failure. I know KEA doesn't have primary and secondary, but a "HA" feature equal to support that. I read, i need an additional "CA" to handle that. I'm a bit confused to do that, because in my mind "CA" stands for "certification authority" 🙂
I leave HA for the hypervisor as the load isn't high, so in theory my only issue should be a software bug
But Kea does support redundancy, including load balancing
kea.readthedocs.io/en/latest/arm/hooks.html#load-balancing-configuration
A bit further down is an example for hot-standby if you'd prefer that
@@TechTutorialsDavidMcKone Many Thx
Watched this and also your how to configure DDNS for automatic updating of the DNS (bind9) server, and found it very clear and informative.
However my DHCP server is not working, it starts ok, issues no errors but does not actually listen - nmap says the port is closed. I've checked there is no firewall blocking it and it's running directly on the Ubuntu server alongside bind9. The name resolution is working fine. Any tips for how to diagnose?
My goal is to move the DHCP from a tp-link router / gateway and run it on a server I have always on.
If you check the service status it might give you some hints if it's down
sudo systemctl status isc-kea-dhcp4-server
If it is up and running you can check syslog for clues
sudo tail /var/log/syslog
I've noticed the service starts after installation with a default config and it needs a restart to load a new one
So it could be worth restarting the service
BUT before you do that open another terminal session to the server and watch the log file in that window
sudo tail -f /var/log/syslog
Then restart the service in another window
sudo systemctl restart isc-kea-dhcp4-server
If it doesn't start, there's probably a typo in the config file
On the other hand, if the service is running I would still check the config file and make sure it suits your computer
sudo nano /etc/kea/kea-dhcp4.conf
For instance, mine has an interface called ens160, so that's why my example config has that mentioned in line 4
Yours is probably different so make sure the name matches what's on your computer
I just go with whatever is mentioned when I run
ip a
Any change will need a service restart
sudo systemctl restart isc-kea-dhcp4-server
@@TechTutorialsDavidMcKone thank you so much for the detailed reply and suggestions. One thing I notice is my service is called kea-dhcp4-server ie without the leading kea.
My interface card is eno1 and I've checked that the service is reading my config by putting eth0 (invalid) device, and it then reports an error.
As it stands it starts up, is shown as running by systemctl status, but seemingly does not listen to the broadcast or on port 67.
I've tried the config setting "service-sockets-require-all" but get an error saying this is not a valid parameter.
So summary is, no errors reported on startup (even using verbose logging) but not listening !
@@KevinMarlow_uk It's been a while since I did this video so I suppose the service name may have been changed
Mind you, I'm using Debian instead of Ubuntu so maybe that's what it is
Does your config have a subnet covering the one that the server's interface is in?
Even if you don't plan on leasing IP addresses in that subnet, I think it still needs one as the previous ISC DHCP server did
It sounds like the service has nothing to listen for on that interface
The only other thing I can suggest is to check this webpage
kea.readthedocs.io/en/latest/arm/config.html#json-configuration
And compare your config to that one
That adds a line to listen for raw sockets i.e. broadcasts in the local subnet that DHCP mostly uses
It also sets up a specific logging file that might shed more light on what's going on
@@TechTutorialsDavidMcKone will try these suggestions and let you know!
@@TechTutorialsDavidMcKone I found the issue after installing the 2.5 version which gave more debug info. Seems that dhcpmasq is by default installed on Ubuntu and whilst not listening on port 67 (so not showing on nmap) it was however holding onto the port and stopping dhcp4 from starting.
Thanks for the suggestions without which I was stumped.
Hey, great video, thanks for sharing. I learned how to config kea thanks to your videos. Maybe you can point me to the right direction. I installed kea and is working, however, client machines have no internet access, I have 2 interfaces, one is plugged to my router and the other one is being used by Kea to provide ips (and hopefully Internet), but internet is not working on clients. Should I configure something else?
DHCP needs a DHCP relay agent when computers are in a different network
If I understand this correctly, the clients use one interface of the router, but Kea uses another
In which case, the router interface on the client side needs to be configured with a DHCP relay agent
That relay agent will also need configuring with the IP address of Kea
What will then happen is the clients will send out DHCP broadcast messages
The DHCP relay agent will then create unicast messages and send them to Kea, i.e. acting as a relay between the clients and DHCP server
Without that relay agent, the broadcasts just get ignored because routers don't forward broadcast messages by design
@@TechTutorialsDavidMcKone thanks for answering, The idea is use a mini pc as router, in that case the clients should use the Kea interface and the traffic must be redirected to internet:
+---------+
client | kea_if ext_if | cloud
+---------+
But you mention the relay, has Kea a relay configuration or should I add something extra to work as a relay agent?
@ If the clients are in the same network as the DHCP server then it should be picking up the broadcasts itself
Check the logs as it's usually quite helpful, for instance Kea might receive a request but it couldn't provide an IP because there wasn't a suitable subnet configured for instance
I tend to open a terminal session and run this command on a Linux computer
sudo tail -f /var/log/syslog
You'll then see live output
And you can use Ctrl-C to cancel that
Another thing to point is there may be something else using the DHCP server port
I had someone mention they were using Ubuntu and dhcpmasq was installed and running
That had to be removed to allow Kea to work
Another thought, is there a personal firewall installed and does it allow access to UDP port 67?
@@TechTutorialsDavidMcKone nothing else installed, I will try with dhcpmask, thanks 😃👍
Hello sir,
I have been able to setup this for my company. I even downloaded kea control agent and setup the lease commands.
But I have a doubt.This kea dhcp server has been installed and setup in GCP VM. Will it be able to capture the port 67,68 packets and allocate Ip address to cisco and ciena devices which will send request to the VM IP address through relay.
What kind of a interface do I need to use in that kind of situation?
The DHCP server will listen for packets from the local subnet
Any devices outside of that will have to rely on a DHCP relay agent in their own subnet
Usually that will be handled by the gateway for the subnet e.g. a L3 switch or a firewall
Once the relay is configured to send traffic to the IP of the VM, you need to make sure the DHCP server is configured with IP pools for each of those subnets
The relay will forward broadcast requests to the VM
Once a device has an IP address it will communicate directly with the DHCP server
So if you any firewalls in the path, including on the DHCP server itself, make sure all of the subnets have access to the DHCP server
Okay understood. Working on the l3 switch part right now. Using a shared network and settings up relay up addresses to test this configuration
Good Video FR
Good to know you liked this video
Thanks G
Good to know the video was useful
What is your recommendation for managing with a GUI?
ISC have a project called Stork to manage Kea
stork.isc.org/
Webmin is popular for Bind
webmin.com/
I haven't used them myself though as I'm focusing on infrastructure as code
@@TechTutorialsDavidMcKone Checked Stork. Not what i'm looking. Im searching an IPAM like bluecat.
Found netbox. Too many useless other features for me
You rock!
On my Ubuntu this was not working, so I read the note and remove -server
apt install isc-kea-dhcp4-server -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package isc-kea-dhcp4-server is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
isc-kea-dhcp4
E: Package 'isc-kea-dhcp4-server' has no installation candidate
root@NOC-Lab:~# apt install isc-kea-dhcp4 -y
Instead of "sudo su -" you can just do "sudo -i".
Yes, I notice there are others ways to switch to root as well