Configuration Examples
This is the set of configuration examples included in doc/examples in the
sources of Kea version 3.1.10-git.
ddns
ddns/all-keys-netconf.json
1// WARNING: This example configuration is not meant for production use.
2// The Kea Kea's DHCP-DDNS server can refuse this configuration because
3// it may contain mutually exclusive configuration parameters.
4//
5// The primary purpose of the example file is to provide a comprehensive
6// list of parameters supported by the Kea DHCP-DDNS server along with the
7// brief description of each parameter.
8//
9// This stable version is used for YANG as we do not want to update code
10// and models each time a keyword is added to the syntax.
11{
12 // Kea DHCP-DDNS server configuration begins here.
13 "DhcpDdns": {
14
15 // Global Parameters
16
17 // IP address D2 will listen for update requests at.
18 // Default is 127.0.0.1
19 "ip-address": "127.0.0.1",
20
21 // Port D2 will listen for update requests on.
22 // Default is 53001.
23 "port": 53001,
24
25 // Maximum time to we will wait for a DNS server to respond to us.
26 // Unit is the millisecond, default is 100ms.
27 "dns-server-timeout" : 100,
28
29 // Protocol to use for Name Change Requests from a Kea DHCP server.
30 // Currently only 'UDP' is supported.
31 "ncr-protocol": "UDP",
32
33 // Format to use for Name Change Requests from a Kea DHCP server.
34 // Currently only 'JSON' is supported.
35 "ncr-format": "JSON",
36
37 // Command control socket configuration parameters for Kea DHCP-DDNS server.
38 "control-socket": {
39
40 // Location of the UNIX domain socket file the DHCP-DDNS server uses
41 // to receive control commands from the local server administrator.
42 "socket-name": "kea-ddns-ctrl-socket",
43
44 // Control socket type used by the Kea DHCP-DDNS server.
45 // The 'unix' socket is currently the only supported type.
46 "socket-type": "unix"
47 },
48
49 // List of hook libraries and their specific configuration parameters
50 // to be loaded by Kea DHCP-DDNS server.
51 "hooks-libraries": [
52 {
53 // Location of the hook library to be loaded.
54 "library": "ddns-server-commands.so",
55
56 // Hook library-specific configuration parameters.
57 "parameters": { }
58 }
59 ],
60
61 // Forward DDNS (Dynamic DNS).
62 "forward-ddns": {
63
64 // List of DDNS domains.
65 "ddns-domains": [
66 {
67 // Name of the zone (required).
68 "name": "example.com.",
69
70 // Name of the TSIG key used to protect DNS updates for
71 // names in the domain.
72 "key-name": "d2.md5.key",
73
74 // List of DNS servers where to send DNS updates.
75 "dns-servers": [
76 {
77 // DNS server IP address (required).
78 "ip-address": "2001:db8:1::10",
79
80 // DNS server UDP port. Default is 53 (DNS service).
81 "port": 7802,
82
83 // Name of the TSIG key used to protect DNS updates
84 // sent to the DNS server.
85 "key-name": "d2.sha1.key"
86 }
87 ]
88 }
89 ]
90 },
91
92 // Reverse DDNS (Dynamic DNS).
93 "reverse-ddns": {
94
95 // List of DDNS domains.
96 "ddns-domains": [
97 {
98 // Name of the zone (required).
99 "name": "2.0.192.in-addr.arpa.",
100
101 // Name of the TSIG key used to protect DNS updates for
102 // names in the domain.
103 "key-name": "d2.sha1.key",
104
105 // List of DNS servers where to send DNS updates.
106 "dns-servers": [
107 {
108 // DNS server IP address (required).
109 "ip-address": "172.16.1.1",
110
111 // DNS server UDP port. Default is 53 (DNS service).
112 "port": 5301,
113
114 // Name of the TSIG key used to protect DNS updates
115 "key-name": "d2.md5.key"
116 }
117 ]
118 }
119 ]
120 },
121
122 // List of TSIG keys used to protect DNS updates.
123 "tsig-keys": [
124 {
125 // Name of the TSIG key (required).
126 "name": "d2.md5.key",
127
128 // Algorithm of the TSIG key (required).
129 // The value must be a valid algorithm name e.g.
130 // HMAC-MD5, HMAC-SHA1, HMAC-SHA224, ...
131 "algorithm": "HMAC-MD5",
132
133 // Number of bits in the digest. Default is 0 which means
134 // to use all bits provided by the algorithm. Too short values
135 // (depending on the algorithm) are rejected.
136 "digest-bits": 0,
137
138 // Secret of the TSIG key (required) in base-64.
139 "secret": "LSWXnfkKZjdPJI5QxlpnfQ=="
140 }
141 ],
142
143 // List of loggers used by the servers using this configuration file.
144 "loggers": [
145 {
146 // Debug level, a value between 0..99. The greater the value
147 // the more detailed the debug log.
148 "debuglevel": 99,
149
150 // Name of the logger.
151 "name": "kea-dhcp-ddns",
152
153 // Configures how the log should be output.
154 "output-options": [
155 {
156 // Determines whether the log should be flushed to a file.
157 "flush": true,
158
159 // Specifies maximum filesize before the file is rotated.
160 "maxsize": 10240000,
161
162 // Specifies the maximum number of rotated files to be kept.
163 "maxver": 1,
164
165 // Specifies the logging destination.
166 "output": "stdout",
167
168 // Specifies log entry content
169 "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
170 }
171 ],
172
173 // Specifies logging severity, i.e. "ERROR", "WARN", "INFO", "DEBUG".
174 "severity": "INFO"
175 }
176 ],
177
178 // Look at sample1 example for the use of user-contexts.
179 "user-context": { }
180}
181
182}
ddns/all-keys.json
1// WARNING: This example configuration is not meant for production use.
2// The Kea Kea's DHCP-DDNS server can refuse this configuration because
3// it may contain mutually exclusive configuration parameters.
4//
5// The primary purpose of the example file is to provide a comprehensive
6// list of parameters supported by the Kea DHCP-DDNS server along with the
7// brief description of each parameter.
8//
9// This current version should be up to date, i.e. new keywords should be
10// added in this file at the same time as in the parser specification.
11{
12 // Kea DHCP-DDNS server configuration begins here.
13 "DhcpDdns": {
14
15 // Global Parameters
16
17 // IP address D2 will listen for update requests at.
18 // Default is 127.0.0.1
19 "ip-address": "127.0.0.1",
20
21 // Port D2 will listen for update requests on.
22 // Default is 53001.
23 "port": 53001,
24
25 // Maximum time to we will wait for a DNS server to respond to us.
26 // Unit is the millisecond, default is 100ms.
27 "dns-server-timeout" : 100,
28
29 // Protocol to use for Name Change Requests from a Kea DHCP server.
30 // Currently only 'UDP' is supported.
31 "ncr-protocol": "UDP",
32
33 // Format to use for Name Change Requests from a Kea DHCP server.
34 // Currently only 'JSON' is supported.
35 "ncr-format": "JSON",
36
37 // Command control socket configuration parameters for Kea DHCP-DDNS server.
38 "control-sockets": [
39 {
40 // Control socket type used by the Kea DHCP-DDNS server.
41 // Must be unix, http or https.
42 "socket-type": "unix",
43
44 // Location of the UNIX domain socket file the DHCP-DDNS
45 // server uses to receive control commands from the
46 // local server administrator.
47 "socket-name": "kea-ddns-ctrl-socket"
48 },
49 {
50 // Control socket type used by the Kea DHCP-DDNS server.
51 // Must be unix, http or https.
52 "socket-type": "https",
53
54 // Address of the HTTPS socket the Kea DHCP-DDNS server should
55 // listen for incoming queries.
56 "socket-address": "127.0.0.1",
57
58 // Port of the HTTPS socket the Kea DHCP-DDNS server
59 // should listen for incoming queries.
60 "socket-port": 8053,
61
62 // TLS trust anchor (Certificate Authority). This is a
63 // file name or a directory path. Make sense with other
64 // TLS parameters only for the https control socket type.
65 "trust-anchor": "my-ca",
66
67 // TLS server certificate file name.
68 "cert-file": "my-cert",
69
70 // TLS server private key file name.
71 "key-file": "my-key",
72
73 // TLS require client certificates flag. Default is
74 // true and means require client certificates. False
75 // means they are optional.
76 "cert-required": true,
77
78 // Optional authentication.
79 "authentication": {
80 // Required authentication type. The only supported
81 // value is basic for the basic HTTP authentication.
82 "type": "basic",
83
84 // An optional parameter is the basic HTTP
85 // authentication realm. Its default is
86 // "kea-dhcp-ddns-server"
87 "realm": "kea-dhcp-ddns-server",
88
89 // This optional parameter can be used to specify a common
90 // prefix for files handling client credentials.
91 "directory": "/usr/local/share/kea/kea-creds",
92
93 // This list specifies the user ids and passwords to
94 // use for basic HTTP authentication. If empty or not
95 // present any client is authorized.
96 "clients": [
97 // This specifies an authorized client.
98 {
99 // The user id must not be empty or contain
100 // the ':' character. It is a mandatory parameter.
101 "user": "admin",
102
103 // If password is not specified an empty
104 // password is used.
105 "password": "1234"
106 },
107
108 // This specifies a hidden client.
109 {
110 // The user id is the content of the
111 // file /usr/local/share/kea/kea-creds/hiddenu.
112 "user-file": "hiddenu",
113
114 // The password is the content of the
115 // file /usr/local/share/kea/kea-creds/hiddenp.
116 "password-file": "hiddenp"
117 },
118
119 // This specifies a hidden client using a secret
120 // in a file.
121 {
122 // The secret is the content of the file
123 // /usr/local/share/kea/kea-creds/hiddens which must be in
124 // the <user-id>:<password> format.
125 "password-file": "hiddens"
126 }
127 ]
128 }
129 }
130 ],
131
132 // List of hook libraries and their specific configuration parameters
133 // to be loaded by Kea DHCP-DDNS server.
134 "hooks-libraries": [
135 {
136 // Location of the hook library to be loaded.
137 "library": "ddns-server-commands.so",
138
139 // Hook library-specific configuration parameters.
140 "parameters": { }
141 }
142 ],
143
144 // Forward DDNS (Dynamic DNS).
145 "forward-ddns": {
146
147 // List of DDNS domains.
148 "ddns-domains": [
149 {
150 // Name of the zone (required).
151 "name": "example.com.",
152
153 // Name of the TSIG key used to protect DNS updates for
154 // names in the domain.
155 "key-name": "d2.md5.key",
156
157 // List of DNS servers where to send DNS updates.
158 "dns-servers": [
159 {
160 // DNS server IP address (required).
161 "ip-address": "2001:db8:1::10",
162
163 // DNS server UDP port. Default is 53 (DNS service).
164 "port": 7802,
165
166 // Name of the TSIG key used to protect DNS updates
167 // sent to the DNS server.
168 "key-name": "d2.sha1.key"
169 }
170 ]
171 }
172 ]
173 },
174
175 // Reverse DDNS (Dynamic DNS).
176 "reverse-ddns": {
177
178 // List of DDNS domains.
179 "ddns-domains": [
180 {
181 // Name of the zone (required).
182 "name": "2.0.192.in-addr.arpa.",
183
184 // Name of the TSIG key used to protect DNS updates for
185 // names in the domain.
186 "key-name": "d2.sha1.key",
187
188 // List of DNS servers where to send DNS updates.
189 "dns-servers": [
190 {
191 // DNS server IP address (required).
192 "ip-address": "172.16.1.1",
193
194 // DNS server UDP port. Default is 53 (DNS service).
195 "port": 5301,
196
197 // Name of the TSIG key used to protect DNS updates
198 "key-name": "d2.md5.key"
199 }
200 ]
201 }
202 ]
203 },
204
205 // List of TSIG keys used to protect DNS updates.
206 "tsig-keys": [
207 {
208 // Name of the TSIG key (required).
209 "name": "d2.md5.key",
210
211 // Algorithm of the TSIG key (required).
212 // The value must be a valid algorithm name e.g.
213 // HMAC-MD5, HMAC-SHA1, HMAC-SHA224, ...
214 "algorithm": "HMAC-MD5",
215
216 // Number of bits in the digest. Default is 0 which means
217 // to use all bits provided by the algorithm. Too short values
218 // (depending on the algorithm) are rejected.
219 "digest-bits": 0,
220
221 // Secret of the TSIG key (required) in base-64.
222 "secret": "LSWXnfkKZjdPJI5QxlpnfQ=="
223 },
224 {
225 "name": "d2.sha1.key",
226 "algorithm": "HMAC-SHA1",
227
228 // An alternative to secret: specify a file where the secret
229 // can be found. i.e. the secret is the content of the file.
230 "secret-file": "/usr/local/share/kea/d2-sha1-secret"
231 }
232 ],
233
234 // List of loggers used by the servers using this configuration file.
235 "loggers": [
236 {
237 // Debug level, a value between 0..99. The greater the value
238 // the more detailed the debug log.
239 "debuglevel": 99,
240
241 // Name of the logger.
242 "name": "kea-dhcp-ddns",
243
244 // Configures how the log should be output.
245 "output-options": [
246 {
247 // Determines whether the log should be flushed to a file.
248 "flush": true,
249
250 // Specifies maximum filesize before the file is rotated.
251 "maxsize": 10240000,
252
253 // Specifies the maximum number of rotated files to be kept.
254 "maxver": 1,
255
256 // Specifies the logging destination.
257 "output": "stdout",
258
259 // Specifies log entry content
260 "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
261 }
262 ],
263
264 // Specifies logging severity, i.e. "ERROR", "WARN", "INFO", "DEBUG".
265 "severity": "INFO"
266 }
267 ],
268
269 // Look at sample1 example for the use of user-contexts.
270 "user-context": { }
271}
272
273}
ddns/comments.json
1// This is an example configuration file for D2, Kea's DHCP-DDNS processor.
2// It uses embedded comments which will be included in configuration objects
3// within user-contexts rather than stripped away by at lexical analysis.
4
5{
6"DhcpDdns":
7{
8
9 // Global scope
10 "comment": "A DHCP-DDNS server",
11 "ip-address": "127.0.0.1",
12 "port": 53001,
13 "dns-server-timeout" : 1000,
14
15 // In control sockets.
16 "control-sockets": [
17 {
18 "socket-type": "unix",
19 "socket-name": "kea-ddns-ctrl-socket",
20 "user-context": { "comment": "Indirect comment" }
21 },
22 {
23 "comment": "HTTP control socket",
24 "socket-type": "http",
25 "socket-address": "::1",
26 "socket-port": 8053,
27 // In authentication
28 "authentication": {
29 "comment": "basic HTTP authentication",
30 "type": "basic",
31 // In basic HTTP authentication clients
32 "clients": [ {
33 "comment": "admin is authorized",
34 "user": "admin",
35 "password": "1234"
36 } ]
37 }
38 }
39 ],
40
41 "forward-ddns":
42 {
43 "ddns-domains":
44 [
45 // In DDNS domain
46 {
47 "comment": "DdnsDomain for zone 'four.example.com.'",
48 "name": "four.example.com.",
49 "key-name": "d2.md5.key",
50 // In DNS server
51 "dns-servers":
52 [
53 {
54 "comment": "four.example.com. server",
55 "ip-address": "172.16.1.1"
56 }
57 ]
58 }
59 ]
60 },
61
62 // In TSIG key
63 "tsig-keys":
64 [
65 {
66 "comment": "four.example.com. key",
67 "name": "d2.md5.key",
68 "algorithm": "HMAC-MD5",
69 "secret": "LSWXnfkKZjdPJI5QxlpnfQ=="
70 }
71 ],
72
73 // In loggers
74 "loggers": [
75 {
76 "comment": "A logger",
77 "name": "kea-dhcp-ddns",
78 "severity": "info"
79 }
80 ]
81}
82
83}
ddns/gss-tsig.json
1// This is an example configuration file for D2, Kea's DHCP-DDNS processor.
2// It uses the GSS-TSIG hook library.
3{
4"DhcpDdns": {
5 // The following parameters are used to receive NCRs (NameChangeRequests)
6 // from the local Kea DHCP server. Make sure your kea-dhcp4 and kea-dhcp6
7 // matches this.
8 "ip-address": "127.0.0.1",
9 "port": 53001,
10 "dns-server-timeout" : 1000,
11
12 // Forward zone: secure.example.org. It uses GSS-TSIG. It is served
13 // by two DNS servers, which listen for DDNS requests at 192.0.2.1
14 // and 192.0.2.2.
15 "forward-ddns":
16 {
17 "ddns-domains":
18 [
19 // DdnsDomain for zone "secure.example.org."
20 {
21 "name": "secure.example.org.",
22 "comment": "DdnsDomain example",
23 "dns-servers":
24 [
25 {
26 // This server has an entry in gss/servers and
27 // thus will use GSS-TSIG.
28 "ip-address": "192.0.2.1"
29 },
30 {
31 // This server also has an entry there, so will
32 // use GSS-TSIG, too.
33 "ip-address": "192.0.2.2",
34 "port": 5300
35 }
36 ]
37 }
38 ]
39 },
40
41 // Reverse zone: we want to update the reverse zone "2.0.192.in-addr.arpa".
42 "reverse-ddns":
43 {
44 "ddns-domains":
45 [
46 {
47 "name": "2.0.192.in-addr.arpa.",
48 "dns-servers":
49 [
50 {
51 // There is GSS-TSIG definition for this server (see
52 // DhcpDdns/gss-tsig/servers), so it will use
53 // Krb/GSS-TSIG.
54 "ip-address": "192.0.2.1"
55 }
56 ]
57 }
58 ]
59 },
60
61 // The GSS-TSIG hook is loaded and its configuration is specified here.
62 "hooks-libraries": [
63 {
64 "library": "libddns_gss_tsig.so",
65 "parameters": {
66 // This section governs the GSS-TSIG integration. Each server
67 // mentioned in forward-ddns and/or reverse-ddns needs to have
68 // an entry here to be able to use GSS-TSIG defaults (optional,
69 // if specified they apply to all the GSS-TSIG servers, unless
70 // overwritten on specific server level).
71
72 "server-principal": "DNS/server.example.org@EXAMPLE.ORG",
73 "client-principal": "DHCP/admin.example.org@EXAMPLE.ORG",
74
75 // client-keytab and credentials-cache can both be used to
76 // store client keys. As credentials cache is more flexible,
77 // it is recommended to use it. Typically, using both at the
78 // same time may cause problems.
79 // "client-keytab": "FILE:/etc/dhcp.keytab", // toplevel only
80 "credentials-cache": "FILE:/etc/ccache", // toplevel only
81
82 "gss-replay-flag": true, // GSS anti replay service
83 "gss-sequence-flag": false, // no GSS sequence service
84 "tkey-lifetime": 3600, // 1 hour
85 "rekey-interval": 2700, // 45 minutes
86 "retry-interval": 120, // 2 minutes
87 "tkey-protocol": "TCP",
88 "fallback": false,
89
90 // The list of GSS-TSIG capable servers
91 "servers": [
92 {
93 // First server (identification is required)
94 "id": "server1",
95 "domain-names": [ ], // if not specified or empty, will
96 // match all domains that want to
97 // use this IP+port pair
98 "ip-address": "192.0.2.1",
99 "port": 53,
100 "server-principal": "DNS/server1.example.org@EXAMPLE.ORG",
101 "client-principal": "DHCP/admin1.example.org@EXAMPLE.ORG",
102 "gss-replay-flag": false, // no GSS anti replay service
103 "gss-sequence-flag": false, // no GSS sequence service
104 "tkey-lifetime": 7200, // 2 hours
105 "rekey-interval": 5400, // 90 minutes
106 "retry-interval": 240, // 4 minutes
107 "tkey-protocol": "TCP",
108 "fallback": true // if no key is available fallback to the
109 // standard behavior (vs skip this server)
110 },
111 {
112 // The second server (it has most of the parameters missing
113 // as those are using the defaults specified above)
114 "id": "server2",
115 "ip-address": "192.0.2.2",
116 "port": 5300
117 }
118 ]
119 }
120 }
121 ]
122
123 // Additional parameters, such as logging, control socket and
124 // others omitted for clarity.
125}
126
127}
ddns/sample1.json
1// This is an example configuration file for D2, Kea's DHCP-DDNS processor.
2// It supports updating two Forward DNS zones "four.example.com" and
3// "six.example.com"; and one Reverse DNS zone, "2.0.192.in-addr.arpa."
4
5{
6// ------------------ DHCP-DDNS ---------------------
7"DhcpDdns":
8{
9
10// -------------- Global Parameters ----------------
11// D2 will listen for update requests for Kea DHCP servers at 127.0.0.1
12// on port 53001. Maximum time to we will wait for a DNS server to
13// respond to us is 1000 ms.
14
15 "ip-address": "127.0.0.1",
16 "port": 53001,
17 "dns-server-timeout" : 1000,
18
19// One extra feature that requires some explanation is
20// user-context. This is a structure that you can define at global scope,
21// in ddns domain, dns server, tsig key and others. It is parsed by
22// Kea, but not used directly. It is intended to keep anything you
23// may want to put there - comments, extra designations, floor or
24// department names etc.
25// A comment entry is translated into a user-context with a "comment"
26// property so you can include comments inside the configuration itself.
27
28 "user-context": { "version": 1 },
29
30// ----------------- Control Socket -----------------
31
32 "control-socket":
33 {
34 "socket-type": "unix",
35 "socket-name": "kea-ddns-ctrl-socket"
36 },
37
38// ----------------- Hooks Libraries -----------------
39
40 "hooks-libraries":
41 [
42 // Hook libraries list may contain more than one library.
43 {
44 // The only necessary parameter is the library filename.
45 "library": "ddns-server-commands.so",
46
47 // Some libraries may support parameters. Make sure you
48 // type this section carefully, as the server does not validate
49 // it (because the format is library-specific).
50 "parameters":
51 {
52 "param1": "foo"
53 }
54 }
55 ],
56
57// ----------------- Forward DDNS ------------------
58// 1. Zone - "four.example.com.
59// It uses TSIG, key name is "d2.md5.key"
60// It is served by one DNS server which listens for DDNS requests at
61// 172.16.1.1 on the default port 53 (standard DNS port)
62// 2. Zone - "six.example.com."
63// It does not use TSIG.
64// It is server by one DNS server at "2001:db8:1::10" on port 7802
65
66 "forward-ddns":
67 {
68 "ddns-domains":
69 [
70// DdnsDomain for zone "four.example.com."
71 {
72 "comment": "DdnsDomain example",
73 "name": "four.example.com.",
74 "key-name": "d2.md5.key",
75 "dns-servers":
76 [
77 {
78 "ip-address": "172.16.1.1"
79 }
80 ]
81 },
82
83// DdnsDomain for zone "six.example.com."
84 {
85 "name": "six.example.com.",
86 "dns-servers":
87 [
88 {
89 "ip-address": "2001:db8:1::10",
90 "port": 7802
91 }
92 ]
93 }
94 ]
95 },
96
97// ----------------- Reverse DDNS ------------------
98// We will update Reverse DNS for one zone "2.0.192.in-addr-arpa". It
99// uses TSIG with key "d2.sha1.key" and is served by two DNS servers:
100// one listening at "172.16.1.1" on 53001 and the other at "192.168.2.10".
101 "reverse-ddns":
102 {
103 "ddns-domains":
104 [
105 {
106 "name": "2.0.192.in-addr.arpa.",
107 "key-name": "d2.sha1.key",
108 "dns-servers":
109 [
110 {
111 "ip-address": "172.16.1.1",
112 "port": 53001
113 },
114 {
115 "ip-address": "192.168.2.10"
116 }
117 ]
118 }
119 ]
120 },
121
122// ------------------ TSIG keys ---------------------
123// Each key has a name, an algorithm (HMAC-MD5, HMAC-SHA1, HMAC-SHA224...)
124// and a base-64 encoded shared secret.
125 "tsig-keys":
126 [
127 {
128 "name": "d2.md5.key",
129 "algorithm": "HMAC-MD5",
130 "secret": "LSWXnfkKZjdPJI5QxlpnfQ=="
131 },
132 {
133 "name": "d2.sha1.key",
134 "algorithm": "HMAC-SHA1",
135 "secret": "hRrp29wzUv3uzSNRLlY68w=="
136 },
137 {
138 "name": "d2.sha256.key",
139 "algorithm": "HMAC-SHA256",
140 "secret-file": "/usr/local/share/kea/d2-sha256-secret"
141 },
142 {
143 "name": "d2.sha512.key",
144 "algorithm": "HMAC-SHA512",
145 "digest-bits": 256,
146 "secret": "/4wklkm04jeH4anx2MKGJLcya+ZLHldL5d6mK+4q6UXQP7KJ9mS2QG29hh0SJR4LA0ikxNJTUMvir42gLx6fGQ=="
147 }
148 ],
149
150// The following configures logging. It assumes that messages with at least
151// informational level (info, warn, error and fatal) should be logged to stdout.
152// It also specifies a custom log pattern.
153 "loggers": [
154 {
155 "name": "kea-dhcp-ddns",
156 "output-options": [
157 {
158 "output": "stdout",
159 // Several additional parameters are possible in addition
160 // to the typical output. Flush determines whether logger
161 // flushes output to a file. Maxsize determines maximum
162 // filesize before the file is rotated. maxver
163 // specifies the maximum number of rotated files being
164 // kept.
165 "flush": true,
166 "maxsize": 204800,
167 "maxver": 4,
168 "pattern": "%d [%c/%i] %m\n"
169 }
170 ],
171 "debuglevel": 0,
172 "severity": "INFO"
173 }
174 ]
175}
176
177}
ddns/template.json
1// This file may be used a template for constructing DHCP-DDNS JSON
2// configuration.
3// It must start with a left-curly-bracket.
4{
5
6"DhcpDdns" :
7{
8// -------------- Global Parameters ----------------
9// All of the global parameters have default values as shown. If these
10// are satisfactory you may omit them.
11// "ip-address" : "127.0.0.1",
12// "port" : 53001,
13// "dns-server-timeout" : 100,
14// "ncr-protocol" : "UDP"
15// "ncr-format" : "JSON"
16
17// ----------------- Control Socket -----------------
18
19// "control-socket":
20// {
21// "socket-type": "unix",
22// "socket-name": "kea-ddns-ctrl-socket"
23// },
24
25// ----------------- Forward DDNS ------------------
26 "forward-ddns" :
27 {
28 "ddns-domains" :
29 [
30// {
31// "name" : "<zone name 1>",
32// "key-name" : "<key name>",
33// "dns-servers" :
34// [
35// {
36// "ip-address" : "<ip address>"
37// ,"port" : 53
38// }
39// ,
40// {
41// next DNS server for this DdnsDomain
42// }
43// :
44// ]
45// }
46// ,
47// {
48// next Forward DdnsDomain
49// }
50// :
51 ]
52 },
53
54// ----------------- Reverse DDNS ------------------
55 "reverse-ddns" :
56 {
57 "ddns-domains" :
58 [
59// {
60// "name" : "<reverse zone name 1>",
61// "key-name" : "<key name>",
62// "dns-servers" :
63// [
64// {
65// "ip-address" : "<ip address>"
66// ,"port" : 53
67// }
68// ,
69// {
70// next DNS server for this DdnsDomain
71// }
72// :
73// ]
74// }
75// ,
76// {
77// next Reverse DdnsDomain
78// }
79// :
80 ]
81 },
82// ------------------ TSIG keys ---------------------
83 "tsig-keys" :
84 [
85// {
86// "name" : "<key name>",
87// "algorithm" : "<algorithm name>",
88// Valid values for algorithm are: HMAC-MD5, HMAC-SHA1,
89// HMAC-SHA224, HMAC-SHA256,
90// HMAC-SHA384, HMAC-SHA512
91// "digest-bits" : 256,
92// Minimum truncated length in bits.
93// Default 0 (means truncation is forbidden).
94// "secret" : "1234" (shared secret value)
95// }
96// ,
97// {
98// next TSIG Key
99// }
100 ]
101
102// Logging
103// ,"loggers":
104// [
105// {
106// "name": "kea-dhcp-ddns",
107// "severity": "info"
108// }
109// ]
110}
111
112// It must end with an right-curly-bracket.
113}
kea4
kea4/advanced.json
1// This is an example configuration file for DHCPv4 server in Kea.
2// It covers some of the more advanced features. This file may not be coherent
3// as its main purpose is to demonstrate the features. They don't necessarily
4// have to make sense used together.
5
6// The new parser supports 3 comment styles:
7
8// This is C++ style.
9
10# This is a bash style.
11
12/* This is a C style comment. */
13
14/* C style comment
15 can span
16 multiple lines */
17
18{ "Dhcp4":
19
20{
21 // Kea is told to listen on eth0 interface only.
22 "interfaces-config": {
23 "interfaces": [ "eth0" ],
24
25 // This specifies what type of socket Kea uses. Currently supported
26 // are 'raw' (which is the default) and 'udp'. Raw has the benefit
27 // of receiving all traffic every time and a downside of bypassing
28 // all firewall rules and having marginally bigger performance impact.
29 // 'udp' is generally better if you have only relayed traffic. Kea
30 // than opens up normal UDP socket and the kernel does all the
31 // Ethernet/IP stack processing.
32 "dhcp-socket-type": "udp",
33
34 // Typically the DHCP server will send its response back on the same
35 // interface the query came in. This is the default ("same-as-inbound").
36 // However, sometimes it is useful to have the ability to send the
37 // packet as plain UDP packet and let the kernel and the routing tables
38 // determine the right interface ("use-routing"). This option only works
39 // for "dhcp-socket-type" set to "udp" and is ignored otherwise.
40 "outbound-interface": "use-routing",
41
42 // This makes interfaces to be re-detected at each (re-)configuration.
43 // By default it is true.
44 "re-detect": true
45 },
46
47 "sanity-checks": {
48 // This parameter determines what to do when a new lease appears in the
49 // system (i.e. either is read from disk during memfile startup or is
50 // added via lease commands). There are five modes supported:
51 // none - do nothing, accept them as is
52 // warn - if subnet-id problems are detected, print a warning, but
53 // otherwise load the lease as is. This is the default value.
54 // fix - attempt to fix the lease by finding appropriate subnet-id value.
55 // if there is no suitable subnet, the lease is loaded as is.
56 // fix-del - attempt to fix the lease by finding appropriate subnet-id
57 // value. If there is no suitable subnet, the lease is deleted.
58 // del - delete leases that have incorrect subnet-id values.
59 "lease-checks": "fix-del"
60 },
61
62 // Option 43 last resort definition can make well-formed messages
63 // to be rejected because they use not compatible "raw" value,
64 // and different vendors may define different sub-options.
65 // The option definition should be applied to avoid these problems,
66 // for instance by defining at the global scope the option as binary.
67 // In client-classes the option may be redefined as carrying vendor
68 // dependent sub-options.
69 "option-def": [ {
70 "name": "vendor-encapsulated-options",
71 "code": 43,
72 "type": "binary"
73 } ],
74
75 // We need to specify the database used to store leases. As of
76 // June 2022, three database backends are supported: MySQL,
77 // PostgreSQL and the in-memory database, Memfile.
78 // We'll use memfile because it doesn't require any prior set up.
79 // For memfile, it's important to always specify lfc-interval, so
80 // the lease file would not grow without bounds and be sanitized
81 // once per hour.
82 "lease-database": {
83 "type": "memfile",
84 "lfc-interval": 3600
85 },
86
87 // This defines a control socket. If defined, Kea will open a UNIX socket
88 // and will listen for incoming commands. See section 15 of the Kea User's
89 // Guide for list of supported commands.
90 "control-socket": {
91 "socket-type": "unix",
92 "socket-name": "kea4-ctrl-socket"
93 },
94
95 // Addresses will be assigned with a lifetime of 4000 seconds.
96 // The client is told to start renewing after 1000 seconds. If the server
97 // does not respond within 2000 seconds of the lease being granted, client
98 // is supposed to start REBIND procedure (emergency renewal that allows
99 // switching to a different server).
100 "valid-lifetime": 4000,
101 "renew-timer": 1000,
102 "rebind-timer": 2000,
103
104 // RFC6842 says that the server is supposed to echo back client-id option.
105 // However, some older clients do not support this and are getting confused
106 // when they get their own client-id. Kea can disable RFC6842 support.
107 "echo-client-id": false,
108
109 // Some clients don't use stable client identifier, but rather
110 // generate them during each boot. This may cause a client that
111 // reboots frequently to get multiple leases, which may not be
112 // desirable. As such, sometimes admins prefer to tell their DHCPv4
113 // server to ignore client-id value altogether and rely exclusively
114 // on MAC address. This is a parameter that is defined globally, but
115 // can be overridden on a subnet level.
116 "match-client-id": true,
117
118 // By default, Kea ignores requests by clients for unknown IP addresses,
119 // because other non-cooperating DHCP servers could reside on the same
120 // network (RFC 2131). This parameter is defined globally, but can be
121 // overridden on a subnet level
122 "authoritative": false,
123
124 // The following list defines subnets. Each subnet consists of at
125 // least subnet and pool entries. One extra feature that requires
126 // some explanation is user-context. This is a structure that you can
127 // define in subnets, pools and others. It is parsed by Kea, but not
128 // used directly. It is intended to keep anything you may want to
129 // put there - comments, extra designations, floor or department
130 // names etc. These structures will be made available to Kea hooks.
131 // A comment entry is translated into a user-context with a
132 // "comment" property so you can include comments inside the
133 // configuration itself.
134 "subnet4": [
135 {
136 "pools": [ {
137 "pool": "192.0.2.1 - 192.0.2.200",
138 "user-context": { "info": "what a large pool" }
139 } ],
140 "id": 1,
141 "subnet": "192.0.2.0/24",
142 "user-context": {
143 "comment": "Our first subnet!"
144 }
145 // Equivalent using smart parser
146 // "comment": "Our first subnet!"
147 },
148 {
149 // This particular subnet has match-client-id value changed.
150 // This causes Kea to ignore client-id values in this subnet
151 // and rely exclusively on MAC addresses.
152 "pools": [ { "pool": "192.0.3.100 - 192.0.3.200" } ],
153 "id": 2,
154 "subnet": "192.0.3.0/24",
155 "match-client-id": false
156 },
157 {
158 "pools": [ { "pool": "192.0.4.1 - 192.0.4.254" } ],
159 "id": 3,
160 "subnet": "192.0.4.0/24",
161
162 // Sometimes the relay may use an IPv4 address that does
163 // not match the subnet. This is discouraged, but there are
164 // valid cases when it makes sense. One case is when there
165 // is a shared subnet.
166 "relay": {
167 "ip-addresses": [ "192.168.1.1" ]
168 }
169 },
170 {
171 // This particular subnet has the authoritative value changed.
172 // This causes Kea to reply to requests for unknown IP addresses
173 // with a DHCPNAK message.
174 "pools": [ { "pool": "192.0.5.100 - 192.0.5.200" } ],
175 "id": 4,
176 "subnet": "192.0.5.0/24",
177 "authoritative": true
178 }
179 ],
180
181 // The following configures logging. It assumes that messages with
182 // at least informational level (info, warn, error and fatal) should
183 // be logged to stdout.
184 "loggers": [
185 {
186 "name": "kea-dhcp4",
187 "output-options": [
188 {
189 "output": "stdout",
190 // Several additional parameters are possible in addition
191 // to the typical output. Flush determines whether logger
192 // flushes output to a file. Maxsize determines maximum
193 // filesize before the file is rotated. maxver
194 // specifies the maximum number of rotated files being
195 // kept.
196 "flush": true,
197 "maxsize": 204800,
198 "maxver": 4,
199 // We use pattern to specify custom log message layout
200 "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
201 }
202 ],
203 "severity": "INFO"
204 }
205 ]
206 }
207
208}
kea4/all-keys-netconf.json
1// WARNING: This example configuration is not meant for production use.
2// The Kea DHCPv4 server will refuse this configuration because it contains
3// mutually exclusive configuration parameters.
4//
5// The primary purpose of the example file is to provide a comprehensive
6// list of parameters supported by the Kea DHCPv4 server, along with a brief
7// description of each parameter.
8//
9// This stable version is used for YANG, as we do not want to update code
10// and models each time a keyword is added to the syntax.
11{
12 // Kea DHCPv4 server configuration begins here.
13 "Dhcp4": {
14 // Global flag selecting an IP address allocation strategy for all
15 // subnets. Use "random" for a random allocation strategy.
16 "allocator": "iterative",
17
18 // Global authoritative flag to handle requests by clients for
19 // unknown IP addresses (ignore if disabled, NAK if enabled).
20 "authoritative": false,
21
22 // Global bootfile name to be set in the 'file' field.
23 "boot-file-name": "/dev/null",
24
25 // Ordered list of client classes used by the DHCPv4 server.
26 "client-classes": [
27 {
28 // Class-specific bootfile name to be set in the 'file' field.
29 "boot-file-name": "/usr/local/share/kea/bootfile.efi",
30
31 // Class name.
32 "name": "phones_server1",
33
34 // Class-specific next server address to use in bootstrap, which
35 // is set in 'siaddr' field.
36 "next-server": "10.2.3.4",
37
38 // Class-specific DHCPv4 options list.
39 "option-data": [],
40
41 // Class-specific DHCPv4 option definitions, i.e. custom formats
42 // specified for non-standard options.
43 "option-def": [],
44
45 // Class-specific optional server hostname, which is set in
46 // 'sname' field.
47 "server-hostname": "",
48
49 // Class selection expression. The DHCP packet is assigned to this
50 // class when the given expression evaluates to true.
51 "test": "member('HA_server1')",
52
53 // Class valid lifetime.
54 "valid-lifetime": 6000,
55
56 // Class min valid lifetime.
57 "min-valid-lifetime": 4000,
58
59 // Class max valid lifetime.
60 "max-valid-lifetime": 8000,
61
62 // If greater than zero, it is the lifetime of leases temporarily allocated
63 // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
64 "offer-lifetime" : 65
65 },
66 {
67 // Default value of the class-specific bootfile name. An empty name
68 // means that the bootfile name is unspecified.
69 "boot-file-name": "",
70
71 // Second class name.
72 "name": "phones_server2",
73
74 // Default value of the class-specific next server address. The
75 // zero IPv4 address means that it is unspecified.
76 "next-server": "0.0.0.0",
77
78 // Class-specific DHCPv4 options list.
79 "option-data": [],
80
81 // Class-specific DHCPv4 option definitions, i.e. custom formats
82 // specified for non-standard options.
83 "option-def": [],
84
85 // Class-specific optional server hostname, which is set in
86 // 'sname' field.
87 "server-hostname": "",
88
89 // Class selection expression. The DHCP packet is assigned to this
90 // class when the given expression evaluates to true.
91 "test": "member('HA_server2')"
92 },
93 {
94 // Third class name.
95 "name": "late",
96
97 // Boolean flag indicating whether the class expression is only evaluated
98 // when the selected configuration (i.e. pool, subnet, shared-network)
99 // includes this class name in its "evaluate-additional-classes" list. The
100 // default value false means that the class test expression must
101 // always be evaluated.
102 "only-in-additional-list": true,
103
104 // Class selection expression.
105 "test": "member('ALL')"
106 },
107 {
108 // Fourth class name.
109 "name": "my-template-class",
110
111 // Template class flag that holds the expression used to generate the names for all
112 // the spawned subclasses. In this case, the classes are named after the client ID.
113 "template-test": "substring(option[61].hex, 0, all)"
114 }
115 ],
116
117 // Parameters for triggering behaviors compatible with broken or
118 // non-compliant clients, relays, or other agents
119 "compatibility": {
120 // Ignore DHCP Server Identifier option if set to true.
121 // Enabling this will cause Kea to accept any query, even
122 // if the address in the option belongs to another server,
123 // instead of dropping it. This config option defaults to
124 // false, as enabling it breaks RFC compliance.
125 "ignore-dhcp-server-identifier": false,
126
127 // Ignore Relay Agent Information Link Selection suboption if set
128 // to true. Enabling this will cause Kea to use normal subnet
129 // selection logic instead of attempting to use the subnet
130 // specified in the suboption. This config option defaults to
131 // false, as enabling it breaks RFC compliance.
132 "ignore-rai-link-selection": false,
133
134 // Parse options more leniently where fields can be deduced
135 // deterministically, even if against RFC or common practice.
136 "lenient-option-parsing": true,
137
138 // Boolean flag indicating whether .0 and .255 addresses
139 // must be considered as never free in subnets with a prefix length
140 // of 24 or less. The default is false, as these addresses are not
141 // special; only the first and the last addresses are.
142 "exclude-first-last-24": false
143 },
144
145 // Command control socket configuration parameters for the Kea DHCPv4 server.
146 "control-sockets": [
147 {
148 // Control socket type used by the Kea DHCPv4 server.
149 // Must be unix, http or https.
150 "socket-type": "unix",
151
152 // Location of the UNIX domain socket file the DHCPv4
153 // server uses to receive control commands from the
154 // local server administrator.
155 "socket-name": "kea4-ctrl-socket"
156 },
157 {
158 // Control socket type used by the Kea DHCPv4 server.
159 // Must be unix, http or https.
160 "socket-type": "https",
161
162 // Address of the HTTPS socket the Kea DHCPv4 server should
163 // listen for incoming queries.
164 "socket-address": "127.0.0.1",
165
166 // Port of the HTTPS socket the Kea DHCPv4 server
167 // should listen for incoming queries. If enabling HA
168 // and multi-threading, the 8000 port is used by the
169 // HA hook library http listener. When using HA hook
170 // library with multi-threading to function, make sure
171 // the port used by dedicated listener is different
172 // (e.g. 8001) than the one specified here. Note the
173 // commands should still be sent to a control socket.
174 // The dedicated listener is specifically for HA
175 // updates only.
176 "socket-port": 8004,
177
178 // TLS trust anchor (Certificate Authority). This is a
179 // file name or a directory path. Make sense with other
180 // TLS parameters only for the https control socket type.
181 "trust-anchor": "my-ca",
182
183 // TLS server certificate file name.
184 "cert-file": "my-cert",
185
186 // TLS server private key file name.
187 "key-file": "my-key",
188
189 // TLS require client certificates flag. Default is
190 // true and means require client certificates. False
191 // means they are optional.
192 "cert-required": true,
193
194 // Extra HTTP headers to add in responses.
195 "http-headers":
196 [
197 {
198 // Optional user context.
199 "user-context": { "comment": "HSTS header" },
200
201 // Required HTTP header name.
202 "name": "Strict-Transport-Security",
203
204 // Required HTTP header value.
205 "value": "max-age=31536000"
206 }
207 ],
208
209 // Optional authentication.
210 "authentication": {
211
212 // Required authentication type. The only
213 // supported value is basic for the basic HTTP
214 // authentication.
215 "type": "basic",
216
217 // An optional parameter is the basic HTTP
218 // authentication realm. Its default is
219 // "kea-dhcpv4-server"
220 "realm": "kea-dhcpv4-server",
221
222 // This optional parameter can be used to specify a common
223 // prefix for files handling client credentials.
224 "directory": "/usr/local/share/kea/kea-creds",
225
226 // This list specifies the user ids and passwords
227 // to use for basic HTTP authentication. If empty
228 // or not present any client is authorized.
229 "clients": [
230 // This specifies an authorized client.
231 {
232 // The user id must not be empty or
233 // contain the ':' character. It is a
234 // mandatory parameter.
235 "user": "admin",
236
237 // If password is not specified an empty
238 // password is used.
239 "password": "1234"
240 },
241
242 // This specifies a hidden client.
243 {
244 // The user id is the content of the
245 // file /usr/local/share/kea/kea-creds/hiddenu.
246 "user-file": "hiddenu",
247
248 // The password is the content of the
249 // file /usr/local/share/kea/kea-creds/hiddenp.
250 "password-file": "hiddenp"
251 },
252
253 // This specifies a hidden client using a
254 // secret in a file.
255 {
256 // The secret is the content of the file
257 // /usr/local/share/kea/kea-creds/hiddens which must be in
258 // the <user-id>:<password> format.
259 "password-file": "hiddens"
260 }
261 ]
262 }
263 }
264 ],
265
266 // Specifies a prefix to be prepended to the generated Client FQDN.
267 // It may be specified at the global, shared-network, and subnet levels.
268 "ddns-generated-prefix": "myhost",
269
270 // Boolean flag indicating whether the server should ignore DHCP client
271 // wishes to update DNS on its own. With that flag set to true,
272 // the server will send DNS updates for both forward and
273 // reverse DNS data. The default value is false, which indicates
274 // that the server will delegate a DNS update to the client when
275 // requested. It may be specified at the global, shared-network,
276 // and subnet levels.
277 "ddns-override-client-update": false,
278
279 // Boolean flag indicating whether the server should override the DHCP
280 // client's wish to not update the DNS. With this parameter
281 // set to true, the server will send a DNS update even when
282 // the client requested no update. It may be specified at the
283 // global, shared-network, and subnet levels.
284 "ddns-override-no-update": false,
285
286 // Suffix appended to the partial name sent to the DNS. The
287 // default value is an empty string, which indicates that no
288 // suffix is appended. It may be specified at the global,
289 // shared-network, and subnet levels.
290 "ddns-qualifying-suffix": "",
291
292 // Enumeration specifying whether the server should honor
293 // the hostname or Client FQDN sent by the client or replace
294 // this name. The acceptable values are: "never" (use the
295 // name the client sent), "always" (replace the name the
296 // client sent), "when-present" (replace the name the client
297 // sent, but do not generate one when the client didn't send
298 // the name), "when-not-present" (generate the name when
299 // client didn't send one, otherwise leave the name the
300 // client sent). The default value is "never". It may be
301 // specified at the global, shared-network, and subnet levels.
302 "ddns-replace-client-name": "never",
303
304 // Boolean flag which enables or disables DDNS updating. It
305 // defaults to true. It may be specified at the global, shared-
306 // network, and subnet levels. It works in conjunction with
307 // dhcp-ddns:enable-updates, which must be true to enable connectivity
308 // to kea-dhcp-ddns.
309 "ddns-send-updates": true,
310
311 // Boolean flag, which when true instructs the server to always
312 // update DNS when leases are renewed, even if the DNS information
313 // has not changed. The server's default behavior (i.e. flag is false)
314 // is to only update DNS if the DNS information has changed. It
315 // may be specified at the global, shared-network, and subnet levels.
316 "ddns-update-on-renew": true,
317
318 // Boolean flag which is passed to kea-dhcp-ddns with each DDNS
319 // update request, to indicate whether DNS update conflict
320 // resolution as described in RFC 4703 should be employed for the
321 // given update request. The default value for this flag is true.
322 // It may be specified at the global, shared-network, and subnet levels.
323 // This field has been replaced by ddns-conflict-resolution-mode.
324 // Parsing is maintained only for backwards compatibility.
325 // "ddns-use-conflict-resolution": true,
326
327 // Enumeration, which is passed to kea-dhcp-ddns with each DDNS
328 // update request to indicate the mode used for resolving conflicts
329 // while performing DDNS updates. The acceptable values are:
330 // check-with-dhcid (this includes adding a DHCID record and checking
331 // that record via conflict detection as per RFC 4703,
332 // no-check-with-dhcid (this will ignore conflict detection but add
333 // a DHCID record when creating/updating an entry),
334 // check-exists-with-dhcid (this will check if there is an existing
335 // DHCID record but does not verify the value of the record matches
336 // the update. This will also update the DHCID record for the entry),
337 // no-check-without-dhcid (this ignores conflict detection and will
338 // not add a DHCID record when creating/updating a DDNS entry).
339 // The default value is "check-with-dhcid". It may be
340 // specified at the global, shared-network and subnet levels.
341 "ddns-conflict-resolution-mode": "check-with-dhcid",
342
343 // When greater than 0.0, it is the percent of the lease's lifetime
344 // to use for the DNS TTL.
345 "ddns-ttl-percent": 0.75,
346
347 // When greater than 0 it will be used as the DNS TTL. Specified in seconds.
348 // You cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min, or
349 // ddns-ttl-max. They are mutually exclusive.
350 // "ddns-ttl": 500,
351
352 // When greater than 0 it used as the lower boundary for calculated DNS TTL values.
353 // Specified in seconds.
354 "ddns-ttl-min": 24000,
355
356 // When greater than 0 it used as the upper boundary for calculated DNS TTL values.
357 // Specified in seconds.
358 "ddns-ttl-max": 64000,
359
360 // Time in seconds specifying how long a declined lease should be
361 // excluded from DHCP assignments. The default value is 86400 (24 hours).
362 "decline-probation-period": 86400,
363
364 // Name Change Request forwarding configuration for the Kea DHCPv4 server.
365 // NCRs are sent to the Kea D2 module to update DNS upon allocation of
366 // DHCP leases.
367 "dhcp-ddns": {
368 // Boolean flag indicating whether Kea DHCPv4 server should connect to
369 // kea-dhcp-ddns. This must be true for NCRs to be created and
370 // sent to kea-dhcp-ddns. By default, NCRs are not generated.
371 "enable-updates": false,
372
373 // Specifies maximum number of NCRs to queue waiting to be sent
374 // to the Kea D2 server.
375 "max-queue-size": 1024,
376
377 // Packet format to use when sending NCRs to the Kea D2 server.
378 // Currently, only JSON format is supported.
379 "ncr-format": "JSON",
380
381 // Socket protocol to use when sending NCRs to D2. Currently,
382 // only UDP is supported.
383 "ncr-protocol": "UDP",
384
385 // IP address that the Kea DHCPv4 server should use to send
386 // NCRs to D2. The default value of zero indicates that Kea
387 // should pick a suitable address.
388 "sender-ip": "0.0.0.0",
389
390 // Port number that the Kea DHCPv4 server should use to send
391 // NCRs to D2. The default value of zero indicates that Kea
392 // should pick a suitable port.
393 "sender-port": 0,
394
395 // IP address on which D2 listens for NCRs.
396 "server-ip": "127.0.0.1",
397
398 // Port number on which D2 listens for NCRs.
399 "server-port": 53001
400 },
401
402 // Specifies the first of the two consecutive ports of the UDP
403 // sockets used for communication between DHCPv6 and DHCPv4
404 // servers. See RFC 7341. (defaults to 0 - disabled).
405 // If enabled, use e.g. 786.
406 "dhcp4o6-port": 0,
407
408 // Boolean flag indicating whether the Kea DHCPv4 server
409 // should send back the Client Identifier option in its responses.
410 // The default value is true, which indicates that the option
411 // must be sent back if the client included it. The false
412 // value instructs the server to not send this option for
413 // backward compatibility with older DHCP specifications, which
414 // stated that Client Identifier must not be sent back.
415 "echo-client-id": true,
416
417 // Collection of Kea DHCPv4 server parameters configuring how
418 // the server should process expired DHCP leases.
419 "expired-leases-processing": {
420 // Specifies the number of seconds since the last removal of
421 // the expired leases, when the next removal should occur.
422 // If both "flush-reclaimed-timer-wait-time" and
423 // "hold-reclaimed-time" are not 0, when the client sends a release
424 // message the lease is expired instead of being deleted from
425 // lease storage.
426 "flush-reclaimed-timer-wait-time": 25,
427
428 // Specifies the length of time in seconds to keep expired
429 // leases in the lease database (lease affinity).
430 // If both "flush-reclaimed-timer-wait-time" and
431 // "hold-reclaimed-time" are not 0, when the client sends a release
432 // message the lease is expired instead of being deleted from
433 // lease storage.
434 "hold-reclaimed-time": 3600,
435
436 // Specifies the maximum number of expired leases that can be
437 // processed in a single attempt to clean up expired leases
438 // from the lease database. If there are more
439 // expired leases, they will be processed during the next
440 // cleanup attempt.
441 "max-reclaim-leases": 100,
442
443 // Specifies the maximum time in milliseconds that a single attempt
444 // to clean up expired leases from the lease database may take.
445 "max-reclaim-time": 250,
446
447 // Specifies the length of time in seconds since the last attempt
448 // to process expired leases before initiating the next attempt.
449 "reclaim-timer-wait-time": 10,
450
451 // Specifies the maximum number of expired lease-processing cycles
452 // which didn't result in full cleanup of expired leases from the
453 // lease database, after which a warning message is issued.
454 "unwarned-reclaim-cycles": 5
455 },
456
457 // List of hook libraries and their specific configuration parameters
458 // to be loaded by Kea DHCPv4 server.
459 "hooks-libraries": [
460 {
461 // Location of the hook library to be loaded.
462 "library": "libdhcp_lease_cmds.so",
463
464 // Hook library-specific configuration parameters.
465 "parameters": { }
466 },
467 {
468 // The MySQL host backend hook library required for host storage.
469 "library": "libdhcp_mysql.so"
470 },
471 {
472 // The PostgreSQL host backend hook library required for host storage.
473 "library": "libdhcp_pgsql.so"
474 }
475 ],
476
477 // List of access credentials to external sources of IPv4 reservations,
478 "hosts-databases": [
479 {
480 // Name of the database to connect to.
481 "name": "keatest",
482
483 // Host on which the database resides.
484 "host": "localhost",
485
486 // Database password.
487 "password": "1234",
488
489 // Port on which the database is available.
490 "port": 3306,
491
492 // Type of database, e.g. "mysql", "postgresql".
493 "type": "mysql",
494
495 // Username to be used to access the database.
496 "user": "keatest",
497
498 // Read-only mode.
499 "readonly": false,
500
501 // The next entries are for OpenSSL support in MySQL.
502
503 // Trust anchor aka certificate authority file or directory.
504 "trust-anchor": "my-ca",
505
506 // Client certificate file name.
507 "cert-file": "my-cert",
508
509 // Private key file name.
510 "key-file": "my-key",
511
512 // Cipher list (see the OpenSSL ciphers command manual).
513 "cipher-list": "AES",
514
515 // Connection reconnect wait time.
516 // This parameter governs how long Kea waits before attempting
517 // to reconnect. Expressed in milliseconds. The default is 0
518 // (disabled) for MySQL and PostgreSQL.
519 "reconnect-wait-time": 3000,
520
521 // Connection maximum reconnect tries.
522 "max-reconnect-tries": 3,
523
524 // Action to take when connection recovery fails.
525 // Supported values: stop-retry-exit, serve-retry-exit,
526 // serve-retry-continue
527 "on-fail": "stop-retry-exit",
528
529 // Flag which indicates if the DB recovery should be attempted
530 // at server startup and on reconfiguration events.
531 "retry-on-startup": false,
532
533 // Connection connect timeout in seconds.
534 "connect-timeout": 100,
535
536 // Timeout of database read operations in seconds.
537 "read-timeout": 120,
538
539 // Timeout of database write operations in seconds.
540 "write-timeout": 180
541 },
542 {
543 // Name of the database to connect to.
544 "name": "keatest",
545
546 // Host on which the database resides.
547 "host": "localhost",
548
549 // Database password.
550 "password": "1234",
551
552 // Port on which the database is available.
553 "port": 5432,
554
555 // Type of database, e.g. "mysql", "postgresql".
556 "type": "postgresql",
557
558 // Username to be used to access the database.
559 "user": "keatest",
560
561 // TCP user timeout while communicating with the database.
562 // It is specified in seconds.
563 "tcp-user-timeout": 100,
564
565 // Trust anchor aka certificate authority file or directory.
566 "trust-anchor": "my-ca",
567
568 // Client certificate file name.
569 "cert-file": "my-cert",
570
571 // Private key file name.
572 "key-file": "my-key",
573
574 // SSL mode.
575 "ssl-mode": "verify-ca"
576 }
577 ],
578
579 // List of host reservation identifier types to be used by the
580 // Kea DHCPv4 server to fetch static reservations for
581 // DHCP clients. All identifiers are used by default, which
582 // means that the server will issue multiple queries to the
583 // database to find if there is a reservation for a particular
584 // client. If a particular deployment uses only a subset, e.g.
585 // one identifier type, this identifier should be only listed
586 // here to prevent unnecessary queries to the database.
587 "host-reservation-identifiers": [
588 "hw-address",
589 "duid",
590 "circuit-id",
591 "client-id",
592 "flex-id"
593 ],
594
595 // Specifies configuration of interfaces on which the Kea DHCPv4
596 // server is listening to the DHCP queries.
597 "interfaces-config": {
598 // Specifies whether the server should use "udp" sockets or
599 // "raw" sockets to listen to DHCP traffic. The "raw"
600 // sockets are useful when direct DHCP traffic is being
601 // received.
602 "dhcp-socket-type": "udp",
603
604 // Specifies a list of interfaces on which the Kea DHCPv4
605 // server should listen to DHCP requests.
606 "interfaces": [
607 "eth0"
608 ],
609
610 // Enumeration which indicates what interface should be used
611 // to send DHCP responses to the client. The default value is
612 // "same-as-inbound", which indicates that the response should
613 // be sent via the interface on which the client's query
614 // was received. The "use-routing" value indicates that the
615 // Kea server should use the kernel's routing table to find a
616 // suitable interface.
617 "outbound-interface": "same-as-inbound",
618
619 // Boolean flag indicating whether the available interfaces should
620 // be re-detected upon server reconfiguration. The default value
621 // is true, which means that the interfaces are always
622 // re-detected.
623 "re-detect": true,
624
625 // Kea tries to bind the service sockets during initialization, but it may
626 // fail due to a port being already opened or a misconfiguration. Kea can
627 // suppress these errors and only log them. This flag prevents starting
628 // the DHCP server without binding all sockets. If unspecified, it
629 // defaults to false.
630 "service-sockets-require-all": true,
631
632 // Kea tries to bind the service sockets during initialization. This
633 // option specifies how many times binding to interface will be retried.
634 // The default value is 0, which means that the operation will not be
635 // repeated.
636 "service-sockets-max-retries": 5,
637
638 // The time interval in milliseconds to wait before the next attempt to
639 // retry opening a service socket.
640 "service-sockets-retry-wait-time": 5000
641 },
642
643 // Boolean parameter which controls whether an early global host
644 // reservations lookup should be performed. This lookup takes place
645 // before subnet selection and when a global reservation is found
646 // with some client classes, it triggers a second phase classification.
647 // It can also be used to drop queries using host reservations as a
648 // decision table indexed by reservation identifiers.
649 "early-global-reservations-lookup": true,
650
651 // Boolean parameter which controls the DHCP server's behavior with respect
652 // to creating host reservations for the same IP address. By default
653 // this flag is set to true, in which case the server prevents creation
654 // of multiple host reservations for the same IP address. When this
655 // parameter is set to false, the server allows for creating multiple
656 // reservations for the same IP address within a subnet. This setting
657 // is useful in deployments in which a given host may be communicating
658 // with a DHCP server over multiple interfaces and, depending on the
659 // chosen interface, a different MAC address (or other identifier) will
660 // be used to identify the host. Note that some host backends do not
661 // support the mode in which multiple reservations for the same IP
662 // address are used. If these backends are in use and this setting
663 // is attempted, a configuration error will occur. The MySQL and
664 // PostgreSQL backends do support this mode.
665 "ip-reservations-unique": true,
666
667 // Boolean parameter which controls whether host reservations lookup
668 // should be performed before lease lookup. This parameter has effect
669 // only when multi-threading is disabled. When multi-threading is
670 // enabled, host reservations lookup is always performed first to avoid
671 // lease-lookup resource locking.
672 "reservations-lookup-first": true,
673
674 // Specifies credentials to access lease database.
675 "lease-database": {
676 // memfile backend-specific parameter specifying the interval
677 // in seconds at which the lease file should be cleaned up (outdated
678 // lease entries are removed to prevent the lease file from growing
679 // infinitely).
680 "lfc-interval": 3600,
681
682 // Maximum number of lease-file read errors allowed before
683 // loading the file is abandoned. Defaults to 0 (no limit).
684 "max-row-errors": 100,
685
686 // Name of the lease file. In the case of a database it specifies the
687 // database name.
688 "name": "kea-leases4.csv",
689
690 // memfile-specific parameter indicating whether leases should
691 // be saved on persistent storage (disk) or not. The true value
692 // is the default and it indicates that leases are stored in
693 // persistent storage. This setting must be used in production.
694 // The false value should only be used for testing purposes
695 // because non-stored leases will be lost upon Kea server restart.
696 "persist": true,
697
698 // Lease database backend type, i.e. "memfile", "mysql" or
699 // "postgresql".
700 "type": "memfile"
701 },
702
703 // Boolean value indicating whether the Kea DHCPv4 server should use the client
704 // identifier value sent by the client or ignore it. The default value
705 // is true, which indicates that the server should use the client identifier
706 // and that it takes precedence over the client's MAC address. In deployments
707 // where MAC address should take precedence, this value can be set to
708 // false, in which case the clients will be identified by MAC address.
709 // This is specifically useful when clients don't generate unique
710 // identifiers or these identifiers are not stable, etc.
711 "match-client-id": false,
712
713 // Global value of the next server address set in 'siaddr' field.
714 // The global value may be overridden in lower-level configuration
715 // scopes.
716 "next-server": "192.0.2.123",
717
718 // Global value which limits the number of client packets (e.g.
719 // DHCPREQUESTs) that may be parked while waiting for hook library
720 // work to complete, prior to a response (e.g. DHCPACK) being sent
721 // back to the client. A typical example is when kea-dhcp4 parks a
722 // DHCPREQUEST while it sends the lease update(s) to its HA peer(s).
723 // The packet is unparked once the update(s) have been acknowledged.
724 // This value limits the number of packets that can be held pending
725 // the updates. In times of heavy client traffic, this value can keep
726 // kea-dhcp4 from building an insurmountable backlog of updates.
727 "parked-packet-limit": 256,
728
729 // List of global DHCP options that the Kea DHCPv4 server assigns to
730 // clients.
731 "option-data": [
732 {
733 // Boolean flag indicating whether the given option is always
734 // sent in response or only when requested. The default
735 // value of false indicates that it is only sent when
736 // requested.
737 "always-send": false,
738
739 // An optional list of classes for which this option applies.
740 // If the the client matches any of the classes in this list the
741 // option will be applied. If the list is empty or is
742 // omitted this option will be applied regardless of class
743 // membership.
744 "client-classes": [ "class1", "class2" ],
745
746 // Option code. It is not required if the option name is
747 // provided.
748 "code": 6,
749
750 // Boolean value indicating whether the option data specified
751 // in the "data" field is specified as a string of hexadecimal
752 // digits or in human-readable CSV format.
753 "csv-format": true,
754
755 // Option data to be stored in the option payload.
756 "data": "192.0.3.1, 192.0.3.2",
757
758 // Option name. It is not required if the option code is
759 // provided.
760 "name": "domain-name-servers",
761
762 // Boolean flag indicating whether the given option is never
763 // sent in response. The default value of false indicates
764 // that it is sent when it should be. When true, the option
765 // is not sent despite any other setting, i.e. it is
766 // a final flag.
767 "never-send": false,
768
769 // Option space. The default is the "dhcp4" option space which
770 // groups top-level DHCPv4 options.
771 "space": "dhcp4"
772 }
773 ],
774
775 // List of global option definitions, i.e. option formats, that the
776 // Kea DHCPv4 server is using.
777 "option-def": [
778 {
779 // Boolean flag indicating whether the option definition comprises
780 // an array of values of some type, e.g. an array of IPv4 addresses.
781 // The default value of false means that the option does not
782 // comprise an array of values.
783 "array": false,
784
785 // Option code.
786 "code": 6,
787
788 // Holds a name of the option space encapsulated by this option.
789 // All options that belong to this option space will be sent
790 // as sub-options of this option. An empty string means that this
791 // option doesn't encapsulate any option.
792 "encapsulate": "",
793
794 // Option name.
795 "name": "my-option",
796
797 // Specifies the types of fields within the option if the option
798 // is said to be a "record" (see "type"). In this particular example
799 // this option comprises two fields, 1 byte and 2 bytes long.
800 "record-types": "uint8, uint16",
801
802 // Name of the option space to which this option belongs.
803 "space": "my-space",
804
805 // Option type. All possible types are listed in the Kea
806 // Administrator Reference Manual.
807 "type": "record"
808 }
809 ],
810
811 // Global value for the rebind timer, i.e. the time after which the
812 // DHCP client enters the rebind state if it fails to renew the lease.
813 "rebind-timer": 40,
814
815 // Global value for the renew timer, i.e. the time after which the
816 // DHCP client renews the lease.
817 "renew-timer": 30,
818
819 // Global value to store extended information (e.g. relay agent
820 // information) with each lease.
821 "store-extended-info": true,
822
823 // Statistics keep some samples per observation point.
824 // There are two default values: maximum count and maximum age.
825 // Setting the maximum count to zero disables it.
826 "statistic-default-sample-count": 0,
827
828 // When the maximum count is 0 the maximum age (in seconds) applies.
829 "statistic-default-sample-age": 60,
830
831 // Multi-threading parameters.
832 "multi-threading": {
833 // By default, Kea processes packets on multiple threads if the hardware permits.
834 "enable-multi-threading": true,
835
836 // When multi-threading is enabled, Kea will process packets on a
837 // number of multiple threads configurable through this option. The
838 // value must be a positive integer (0 means auto-detect).
839 "thread-pool-size": 0,
840
841 // When multi-threading is enabled, Kea will read packets from the
842 // interface and append a working item to the thread pool. This
843 // option configures the maximum number of items that can be queued.
844 // The value must be a positive integer (0 means unlimited).
845 "packet-queue-size": 0
846 },
847
848 // Governs how the Kea DHCPv4 server should deal with invalid
849 // data received from the client.
850 "sanity-checks": {
851 // Specifies how the Kea DHCPv4 server should behave when invalid
852 // data is read for a lease from the lease file. The following
853 // values are supported: "none" (don't attempt to correct the
854 // lease information), "warn" (print a warning for subnet-id
855 // related inconsistencies), "fix" (correct the subnet id by
856 // trying to find the suitable subnet), "fix-del" (similar
857 // to "fix" but delete the lease if no suitable subnet found),
858 // "del" (delete the lease if the lease has invalid subnet
859 // identifier value).
860 "lease-checks": "warn",
861
862 // Specifies how Kea DHCPv4 server should behave when invalid
863 // extended info is read for a lease from the lease file, or
864 // whether to upgrade from the old format. The following values
865 // are supported: "none" (don't attempt to correct or upgrade
866 // the extended info), "fix" (fix common inconsistencies and
867 // upgrade from the old format; this is the default), "strict"
868 // (fix inconsistencies with an impact on Leasequery),
869 // "pedantic" (enforce full Kea code format).
870 "extended-info-checks": "fix"
871 },
872
873 // List of shared networks used by the Kea DHCPv4 server. The shared
874 // networks group subnets together.
875 "shared-networks": [
876 {
877 // A flag selecting an IP address allocation strategy for all
878 // subnets in this shared network.
879 "allocator": "random",
880
881 // Shared-network level authoritative flag.
882 "authoritative": false,
883
884 // Shared-network level bootfile name.
885 "boot-file-name": "/dev/null",
886
887 // Restricts this shared network to allow only clients
888 // that belong to at least one class in this list. If omitted
889 // or an empty list is provided, no restriction is applied.
890 "client-classes": [],
891
892 // Shared-network level value. See description at the global level.
893 "ddns-generated-prefix": "myhost",
894
895 // Shared-network level value. See description at the global level.
896 "ddns-override-client-update": false,
897
898 // Shared-network level value. See description at the global level.
899 "ddns-override-no-update": false,
900
901 // Shared-network level value. See description at the global level.
902 "ddns-qualifying-suffix": "",
903
904 // Shared-network level value. See description at the global level.
905 "ddns-replace-client-name": "never",
906
907 // Shared-network level value. See description at the global level.
908 "ddns-send-updates": true,
909
910 // Shared-network level value. See description at the global level.
911 "ddns-update-on-renew": true,
912
913 // Shared-network level value. See description at the global level.
914 // This field has been replaced by ddns-conflict-resolution-mode.
915 // Parsing is maintained only for backwards compatibility.
916 // "ddns-use-conflict-resolution": true,
917
918 // Shared-network level value. See description at the global level.
919 "ddns-conflict-resolution-mode": "check-with-dhcid",
920
921 // Shared-network level value. See description at the global level.
922 "ddns-ttl-percent": 0.65,
923
924 // Shared-network level value. See description at the global level.
925 // You cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min, or
926 // ddns-ttl-max. They are mutually exclusive.
927 // "ddns-ttl": 500,
928
929 // Shared-network level value. See description at the global level.
930 "ddns-ttl-min": 10000,
931
932 // Shared-network level value. See description at the global level.
933 "ddns-ttl-max": 20000,
934
935 // Shared-network level value. See description at the global level.
936 "hostname-char-replacement": "x",
937
938 // Shared-network level value. See description at the global level.
939 "hostname-char-set": "[^A-Za-z0-9.-]",
940
941 // Specifies that this shared network is selected for
942 // requests received on a particular interface.
943 "interface": "eth0",
944
945 // Shared-network level flag specifying whether the client
946 // identifier should be used for identifying clients.
947 "match-client-id": true,
948
949 // Shared network name.
950 "name": "my-secret-network",
951
952 // Shared-network level specification of the next server
953 // to be sent in 'siaddr'.
954 "next-server": "192.0.2.123",
955
956 // If greater than zero, it is the lifetime of leases temporarily allocated
957 // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
958 "offer-lifetime" : 60,
959
960 // List of shared network-specific DHCP options.
961 "option-data": [],
962
963 // List of IPv4 relay addresses for which this shared
964 // network is selected.
965 "relay": {
966 "ip-addresses": []
967 },
968
969 // Shared-network level rebind timer.
970 "rebind-timer": 41,
971
972 // Shared-network level renew timer.
973 "renew-timer": 31,
974
975 // Shared-network level compute T1 and T2 timers.
976 "calculate-tee-times": true,
977
978 // T1 = valid lifetime * .5.
979 "t1-percent": .5,
980
981 // T2 = valid lifetime * .75.
982 "t2-percent": .75,
983
984 // Cache threshold = valid lifetime * .25.
985 "cache-threshold": .25,
986
987 // Cache maximum: when the client last-transmission time
988 // is close enough, the lease is not renewed and the current
989 // lease is returned as it was "cached".
990 "cache-max-age": 1000,
991
992 // Adaptive lease time threshold (1.0 is disabled).
993 "adaptive-lease-time-threshold": 0.8,
994
995 // Specify whether the server should look up global reservations.
996 "reservations-global": false,
997
998 // Specify whether the server should look up in-subnet reservations.
999 "reservations-in-subnet": true,
1000
1001 // Specify whether the server can assume that all reserved addresses
1002 // are out-of-pool.
1003 // Ignored when reservations-in-subnet is false.
1004 // If specified, it is inherited by "subnet4" levels.
1005 "reservations-out-of-pool": false,
1006
1007 // List of client classes which must be evaluated when this shared
1008 // network is selected for client assignments.
1009 "evaluate-additional-classes": [ "late" ],
1010
1011 // Turn off storage of extended information (e.g. relay agent
1012 // information) with each lease for this shared network.
1013 "store-extended-info": false,
1014
1015 // Shared-network level server hostname set in 'sname' field.
1016 "server-hostname": "",
1017
1018 // List of IPv4 subnets belonging to this shared network.
1019 "subnet4": [
1020 {
1021 // Interface name matched against inbound interface name.
1022 // Used in DHCPv4o6. See RFC 7341.
1023 "4o6-interface": "",
1024
1025 // Interface ID option value. See RFC 7341.
1026 "4o6-interface-id": "",
1027
1028 // Prefix matched against source address. See RFC7341.
1029 "4o6-subnet": "2001:db8:1:1::/64",
1030
1031 // A flag selecting an IP address allocation strategy for
1032 // the subnet.
1033 "allocator": "iterative",
1034
1035 // Subnet-level authoritative flag.
1036 "authoritative": false,
1037
1038 // Subnet-level bootfile name, set in 'file' field.
1039 "boot-file-name": "",
1040
1041 // Restricts this subnet to allow only clients
1042 // that belong to at least one class in this list. If omitted
1043 // or an empty list is provided, no restriction is applied.
1044 "client-classes": [],
1045
1046 // Subnet-level value. See description at the global level.
1047 "ddns-generated-prefix": "myhost",
1048
1049 // Subnet-level value. See description at the global level.
1050 "ddns-override-client-update": false,
1051
1052 // Subnet-level value. See description at the global level.
1053 "ddns-override-no-update": false,
1054
1055 // Subnet-level value. See description at the global level.
1056 "ddns-qualifying-suffix": "",
1057
1058 // Subnet-level value. See description at the global level.
1059 "ddns-replace-client-name": "never",
1060
1061 // Subnet-level value. See description at the global level.
1062 "ddns-send-updates": true,
1063
1064 // Subnet-level value. See description at the global level.
1065 "ddns-update-on-renew": true,
1066
1067 // Shared-network level value. See description at the global level.
1068 // This field has been replaced by ddns-conflict-resolution-mode.
1069 // Parsing is maintained only for backwards compatibility.
1070 // "ddns-use-conflict-resolution": true,
1071
1072 // Subnet-level value. See description at the global level.
1073 "ddns-conflict-resolution-mode": "check-with-dhcid",
1074
1075 // Subnet-level value. See description at the global level.
1076 // "ddns-ttl-percent": 0.55,
1077
1078 // Subnet-level value. See description at the global level.
1079 // You cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min, or
1080 // ddns-ttl-max. They are mutually exclusive.
1081 "ddns-ttl": 500,
1082
1083 // Subnet-level value. See description at the global level.
1084 // "ddns-ttl-min": 10000,
1085
1086 // Subnet-level value. See description at the global level.
1087 // "ddns-ttl-max": 20000,
1088
1089 // Subnet-level value. See description at the global level.
1090 "hostname-char-replacement": "x",
1091
1092 // Subnet-level value. See description at the global level.
1093 "hostname-char-set": "[^A-Za-z0-9.-]",
1094
1095 // Subnet unique identifier.
1096 "id": 1,
1097
1098 // Specifies that this subnet is selected for requests
1099 // received on a particular interface.
1100 "interface": "eth0",
1101
1102 // Subnet-level flag specifying whether the client identifier
1103 // should be used for identifying clients.
1104 "match-client-id": true,
1105
1106 // Subnet-level specification of the next server to be sent
1107 // in 'siaddr'.
1108 "next-server": "0.0.0.0",
1109
1110 // If greater than zero, it is the lifetime of leases temporarily allocated
1111 // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
1112 "offer-lifetime" : 60,
1113
1114 // Turn on storage of extended information (e.g. relay agent
1115 // information) with each lease for this subnet.
1116 "store-extended-info": true,
1117
1118 // Subnet-level list of DHCP options.
1119 "option-data": [
1120 {
1121 // Boolean flag indicating whether the particular option
1122 // should be always sent or sent only when requested.
1123 "always-send": false,
1124
1125 // An optional list of classes for which this option applies.
1126 // If the the client matches any of the classes in this list the
1127 // option will be applied. If the list is empty or is
1128 // omitted this option will be applied regardless of class
1129 // membership.
1130 "client-classes": [],
1131
1132 // Option code.
1133 "code": 3,
1134
1135 // Boolean flag indicating whether the option value specified
1136 // in "data" is a string of hexadecimal values or human-readable
1137 // CSV value.
1138 "csv-format": true,
1139
1140 // Option data to be included in the option payload.
1141 "data": "192.0.3.1",
1142
1143 // Option name.
1144 "name": "routers",
1145
1146 // Boolean flag indicating whether the given option is never
1147 // sent in response.
1148 "never-send": false,
1149
1150 // Option space. The default value "dhcp4" designates the
1151 // top-level option space.
1152 "space": "dhcp4"
1153 }
1154 ],
1155
1156 // List of IP address pools belonging to the subnet.
1157 "pools": [
1158 {
1159 // Restricts this pool to allow only clients
1160 // that belong to at least one class in this list. If omitted
1161 // or an empty list is provided, no restriction is applied.
1162 "client-classes": [ "phones_server1" ],
1163
1164 // Pool-level list of DHCP options.
1165 "option-data": [],
1166
1167 // Address range used for client assignments.
1168 "pool": "192.1.0.1 - 192.1.0.200",
1169
1170 // List of client classes which must be evaluated when this pool
1171 // is selected for client assignments.
1172 "evaluate-additional-classes": [ "late" ],
1173
1174 // Pool-level value. See description at the global level.
1175 "ddns-generated-prefix": "mypool",
1176
1177 // Pool-level value. See description at the global level.
1178 "ddns-override-client-update": false,
1179
1180 // Pool-level value. See description at the global level.
1181 "ddns-override-no-update": false,
1182
1183 // Pool-level value. See description at the global level.
1184 "ddns-qualifying-suffix": "pool.example.com.",
1185
1186 // Pool-level value. See description at the global level.
1187 "ddns-replace-client-name": "always",
1188
1189 // Pool-level value. See description at the global level.
1190 "ddns-send-updates": true,
1191
1192 // Pool-level value. See description at the global level.
1193 "ddns-update-on-renew": false,
1194
1195 // Pool-level value. See description at the global level.
1196 "ddns-conflict-resolution-mode": "check-with-dhcid",
1197
1198 // Pool-level value. See description at the global level.
1199 "ddns-ttl-percent": 0.55,
1200
1201 // Pool-level value. See description at the global level.
1202 // You cannot specify both ddns-ttl and any of ddns-ttl-percent,
1203 // ddns-ttl-min, or ddns-ttl-max. They are mutually exclusive.
1204 // "ddns-ttl": 500,
1205
1206 // Pool-level value. See description at the global level.
1207 "ddns-ttl-min": 10000,
1208
1209 // Pool-level value. See description at the global level.
1210 "ddns-ttl-max": 20000,
1211
1212 // Pool-level value. See description at the global level.
1213 "hostname-char-replacement": "x",
1214
1215 // Pool-level value. See description at the global level.
1216 "hostname-char-set": "[^A-Za-z0-9.-]"
1217 },
1218 {
1219 // Restricts this pool to allow only clients
1220 // that belong to at least one class in this list. If omitted
1221 // or an empty list is provided, no restriction is applied.
1222 "client-classes": [ "phones_server2" ],
1223
1224 // Pool-level list of DHCP options.
1225 "option-data": [],
1226
1227 // Address range used for client assignments.
1228 "pool": "192.3.0.1 - 192.3.0.200",
1229
1230 // List of client classes which must be evaluated when this pool
1231 // is selected for client assignments.
1232 "evaluate-additional-classes": [],
1233
1234 // Pool identifier used to enable statistics for this pool.
1235 // The pool ID does not need to be unique within the subnet
1236 // or across subnets.
1237 // If not unconfigured, it defaults to 0. The statistics
1238 // regarding this pool will be combined with the other statistics
1239 // of all other pools with the same pool ID in this subnet.
1240 "pool-id": 1
1241 }
1242 ],
1243
1244 // Subnet-level value of the rebind timer.
1245 "rebind-timer": 40,
1246
1247 // List of IPv4 relay addresses for which this subnet is selected.
1248 "relay": {
1249 "ip-addresses": [
1250 "192.168.56.1"
1251 ]
1252 },
1253
1254 // Subnet-level value of the renew timer.
1255 "renew-timer": 30,
1256
1257 // Specify whether the server should look up global reservations.
1258 "reservations-global": false,
1259
1260 // Specify whether the server should look up in-subnet reservations.
1261 "reservations-in-subnet": true,
1262
1263 // Specify whether the server can assume that all reserved
1264 // addresses are out-of-pool.
1265 // Ignored when reservations-in-subnet is false.
1266 "reservations-out-of-pool": false,
1267
1268 // Subnet-level compute T1 and T2 timers.
1269 "calculate-tee-times": true,
1270
1271 // T1 = valid lifetime * .5.
1272 "t1-percent": .5,
1273
1274 // T2 = valid lifetime * .75.
1275 "t2-percent": .75,
1276
1277 // Cache threshold = valid lifetime * .25.
1278 "cache-threshold": .25,
1279
1280 // Subnet-level cache maximum.
1281 "cache-max-age": 1000,
1282
1283 // Adaptive lease time threshold (1.0 is disabled).
1284 "adaptive-lease-time-threshold": 0.8,
1285
1286 // List of static IPv4 reservations assigned to clients belonging
1287 // to this subnet. For a detailed example, see reservations.json.
1288 "reservations": [
1289 {
1290 // Identifier used for client matching. Supported values are
1291 // "hw-address", "client-id", "duid", "circuit-id", "flex-id".
1292 "circuit-id": "01:11:22:33:44:55:66",
1293
1294 // Reserved IP address.
1295 "ip-address": "192.0.2.204",
1296
1297 // Hostname.
1298 "hostname": "foo.example.org",
1299
1300 // Reservation-specific option data.
1301 "option-data": [
1302 {
1303 // Option name.
1304 "name": "vivso-suboptions",
1305
1306 // Option data.
1307 "data": "4491"
1308 }
1309 ]
1310 }
1311 ],
1312
1313 // List of client classes which must be evaluated when this subnet
1314 // is selected for client assignments.
1315 "evaluate-additional-classes": [ "late" ],
1316
1317 // Subnet-level server hostname set in 'sname' field.
1318 "server-hostname": "",
1319
1320 // Subnet prefix.
1321 "subnet": "192.0.0.0/8",
1322
1323 // Subnet-level (default) valid lifetime.
1324 "valid-lifetime": 6000,
1325
1326 // Subnet-level min valid lifetime.
1327 "min-valid-lifetime": 4000,
1328
1329 // Subnet-level max valid lifetime.
1330 "max-valid-lifetime": 8000
1331 }
1332 ],
1333
1334 // Shared-network level (default) valid lifetime.
1335 "valid-lifetime": 6001,
1336
1337 // Shared-network level min valid lifetime.
1338 "min-valid-lifetime": 4001,
1339
1340 // Shared-network level max valid lifetime.
1341 "max-valid-lifetime": 8001
1342 }
1343 ],
1344
1345 // Global server hostname set in the 'sname' field.
1346 "server-hostname": "",
1347
1348 // Stash agent options (aka RAI) to make direct queries to come
1349 // through a relay.
1350 "stash-agent-options": false,
1351
1352 // List of IPv4 subnets which don't belong to any shared network.
1353 "subnet4": [],
1354
1355 // Global valid lifetime value.
1356 "valid-lifetime": 6000,
1357
1358 // Global min valid lifetime value.
1359 "min-valid-lifetime": 4000,
1360
1361 // Global max valid lifetime value.
1362 "max-valid-lifetime": 8000,
1363
1364 // Reservations (examples are in other files).
1365 "reservations": [],
1366
1367 // Configuration control (currently not used, i.e. this syntax
1368 // is already defined but the corresponding feature is not implemented).
1369 "config-control": {
1370 // Only the configuration databases entry is defined.
1371 "config-databases": [
1372 {
1373 // Name of the database to connect to.
1374 "name": "config",
1375
1376 // Type of database, e.g. "mysql", "postgresql".
1377 "type": "mysql"
1378 }
1379 ],
1380 // Interval between attempts to fetch configuration updates
1381 // via the configuration backends used.
1382 "config-fetch-wait-time": 30
1383 },
1384
1385 // Server tag.
1386 "server-tag": "my DHCPv4 server",
1387
1388 // DHCP queue-control parameters.
1389 "dhcp-queue-control": {
1390 // Enable queue is mandatory.
1391 "enable-queue": true,
1392
1393 // Queue type is mandatory.
1394 "queue-type": "kea-ring4",
1395
1396 // Capacity is optional.
1397 "capacity": 64
1398 },
1399
1400 // Specify whether the server should look up global reservations.
1401 "reservations-global": false,
1402
1403 // Specify whether the server should look up in-subnet reservations.
1404 "reservations-in-subnet": true,
1405
1406 // Specify whether the server can assume that all reserved addresses
1407 // are out-of-pool.
1408 // Ignored when reservations-in-subnet is false.
1409 // If specified, it is inherited by "shared-networks" and
1410 // "subnet4" levels.
1411 "reservations-out-of-pool": false,
1412
1413 // Global compute T1 and T2 timers.
1414 "calculate-tee-times": true,
1415
1416 // T1 = valid lifetime * .5.
1417 "t1-percent": .5,
1418
1419 // T2 = valid lifetime * .75.
1420 "t2-percent": .75,
1421
1422 // Cache threshold = valid lifetime * .25.
1423 "cache-threshold": .25,
1424
1425 // Global cache maximum.
1426 "cache-max-age": 1000,
1427
1428 // Adaptive lease time threshold (1.0 is disabled).
1429 "adaptive-lease-time-threshold": 0.8,
1430
1431 // String of zero or more characters with which to replace each
1432 // invalid character in the hostname or Client FQDN. The default
1433 // value is an empty string, which will cause invalid characters
1434 // to be omitted rather than replaced.
1435 "hostname-char-replacement": "x",
1436
1437 // Regular expression describing the invalid character set in
1438 // the hostname or Client FQDN.
1439 "hostname-char-set": "[^A-Za-z0-9.-]",
1440
1441 // List of loggers used by the servers using this configuration file.
1442 "loggers": [
1443 {
1444 // Debug level, a value between 0..99. The greater the value
1445 // the more detailed the debug log.
1446 "debuglevel": 99,
1447
1448 // Name of the logger.
1449 "name": "kea-dhcp4",
1450
1451 // Configures how the log should be output.
1452 "output-options": [
1453 {
1454 // Determines whether the log should be flushed to a file.
1455 "flush": true,
1456
1457 // Specifies maximum filesize before the file is rotated.
1458 "maxsize": 10240000,
1459
1460 // Specifies the maximum number of rotated files to be kept.
1461 "maxver": 1,
1462
1463 // Specifies the logging destination.
1464 "output": "stdout",
1465
1466 // Specifies log entry content
1467 "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
1468 }
1469 ],
1470
1471 // Specifies logging severity, i.e. "ERROR", "WARN", "INFO", "DEBUG".
1472 "severity": "INFO"
1473 }
1474 ],
1475
1476 // If greater than zero, it is the lifetime of leases temporarily allocated
1477 // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
1478 "offer-lifetime" : 60,
1479
1480 // Look at advanced examples for the use of user-contexts.
1481 "user-context": { }
1482 }
1483}
kea4/all-keys.json
1// WARNING: This example configuration is not meant for production use.
2// The Kea DHCPv4 server will refuse this configuration because it contains
3// mutually exclusive configuration parameters.
4//
5// The primary purpose of the example file is to provide a comprehensive
6// list of parameters supported by the Kea DHCPv4 server, along with a brief
7// description of each parameter.
8//
9// This current version should be up to date, i.e. new keywords should be
10// added in this file at the same time as in the parser specification.
11{
12 // Kea DHCPv4 server configuration begins here.
13 "Dhcp4": {
14 // Global flag selecting an IP address allocation strategy for all
15 // subnets. Use "random" for a random allocation strategy.
16 "allocator": "iterative",
17
18 // Global authoritative flag to handle requests by clients for
19 // unknown IP addresses (ignore if disabled, NAK if enabled).
20 "authoritative": false,
21
22 // Global bootfile name to be set in the 'file' field.
23 "boot-file-name": "/dev/null",
24
25 // Ordered list of client classes used by the DHCPv4 server.
26 "client-classes": [
27 {
28 // Class-specific bootfile name to be set in the 'file' field.
29 "boot-file-name": "/usr/local/share/kea/bootfile.efi",
30
31 // Class name.
32 "name": "phones_server1",
33
34 // Class-specific next server address to use in bootstrap, which
35 // is set in 'siaddr' field.
36 "next-server": "10.2.3.4",
37
38 // Class-specific DHCPv4 options list.
39 "option-data": [],
40
41 // Class-specific DHCPv4 option definitions, i.e. custom formats
42 // specified for non-standard options.
43 "option-def": [],
44
45 // Class-specific optional server hostname, which is set in
46 // 'sname' field.
47 "server-hostname": "",
48
49 // Class selection expression. The DHCP packet is assigned to this
50 // class when the given expression evaluates to true.
51 "test": "member('HA_server1')",
52
53 // Class valid lifetime.
54 "valid-lifetime": 6000,
55
56 // Class min valid lifetime.
57 "min-valid-lifetime": 4000,
58
59 // Class max valid lifetime.
60 "max-valid-lifetime": 8000,
61
62 // If greater than zero, it is the lifetime of leases temporarily allocated
63 // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
64 "offer-lifetime" : 65
65 },
66 {
67 // Default value of the class-specific bootfile name. An empty name
68 // means that the bootfile name is unspecified.
69 "boot-file-name": "",
70
71 // Second class name.
72 "name": "phones_server2",
73
74 // Default value of the class-specific next server address. The
75 // zero IPv4 address means that it is unspecified.
76 "next-server": "0.0.0.0",
77
78 // Class-specific DHCPv4 options list.
79 "option-data": [],
80
81 // Class-specific DHCPv4 option definitions, i.e. custom formats
82 // specified for non-standard options.
83 "option-def": [],
84
85 // Class-specific optional server hostname, which is set in
86 // 'sname' field.
87 "server-hostname": "",
88
89 // Class selection expression. The DHCP packet is assigned to this
90 // class when the given expression evaluates to true.
91 "test": "member('HA_server2')"
92 },
93 {
94 // Third class name.
95 "name": "late",
96
97 // Boolean flag indicating whether the class expression is only evaluated
98 // when the selected configuration (i.e. pool, subnet, shared-network)
99 // includes this class name in its "evaluate-additional-classes" list. The
100 // default value false means that the class test expression must
101 // always be evaluated.
102 "only-in-additional-list": true,
103
104 // Class selection expression.
105 "test": "member('ALL')"
106 },
107 {
108 // Fourth class name.
109 "name": "my-template-class",
110
111 // Template class flag that holds the expression used to generate the names for all
112 // the spawned subclasses. In this case, the classes are named after the client ID.
113 "template-test": "substring(option[61].hex, 0, all)"
114 }
115 ],
116
117 // Parameters for triggering behaviors compatible with broken or
118 // non-compliant clients, relays, or other agents
119 "compatibility": {
120 // Ignore DHCP Server Identifier option if set to true.
121 // Enabling this will cause Kea to accept any query, even
122 // if the address in the option belongs to another server,
123 // instead of dropping it. This config option defaults to
124 // false, as enabling it breaks RFC compliance.
125 "ignore-dhcp-server-identifier": false,
126
127 // Ignore Relay Agent Information Link Selection suboption if set
128 // to true. Enabling this will cause Kea to use normal subnet
129 // selection logic instead of attempting to use the subnet
130 // specified in the suboption. This config option defaults to
131 // false, as enabling it breaks RFC compliance.
132 "ignore-rai-link-selection": false,
133
134 // Parse options more leniently where fields can be deduced
135 // deterministically, even if against RFC or common practice.
136 "lenient-option-parsing": true,
137
138 // Boolean flag indicating whether .0 and .255 addresses
139 // must be considered as never free in subnets with a prefix length
140 // of 24 or less. The default is false, as these addresses are not
141 // special; only the first and the last addresses are.
142 "exclude-first-last-24": false
143 },
144
145 // Command control socket configuration parameters for the Kea DHCPv4 server.
146 "control-sockets": [
147 {
148 // Control socket type used by the Kea DHCPv4 server.
149 // Must be unix, http or https.
150 "socket-type": "unix",
151
152 // Location of the UNIX domain socket file the DHCPv4
153 // server uses to receive control commands from the
154 // local server administrator.
155 "socket-name": "kea4-ctrl-socket"
156 },
157 {
158 // Control socket type used by the Kea DHCPv4 server.
159 // Must be unix, http or https.
160 "socket-type": "https",
161
162 // Address of the HTTPS socket the Kea DHCPv4 server should
163 // listen for incoming queries.
164 "socket-address": "127.0.0.1",
165
166 // Port of the HTTPS socket the Kea DHCPv4 server
167 // should listen for incoming queries. If enabling HA
168 // and multi-threading, the 8000 port is used by the
169 // HA hook library http listener. When using HA hook
170 // library with multi-threading to function, make sure
171 // the port used by dedicated listener is different
172 // (e.g. 8001) than the one specified here. Note the
173 // commands should still be sent to a control socket.
174 // The dedicated listener is specifically for HA
175 // updates only.
176 "socket-port": 8004,
177
178 // TLS trust anchor (Certificate Authority). This is a
179 // file name or a directory path. Make sense with other
180 // TLS parameters only for the https control socket type.
181 "trust-anchor": "my-ca",
182
183 // TLS server certificate file name.
184 "cert-file": "my-cert",
185
186 // TLS server private key file name.
187 "key-file": "my-key",
188
189 // TLS require client certificates flag. Default is
190 // true and means require client certificates. False
191 // means they are optional.
192 "cert-required": true,
193
194 // Extra HTTP headers to add in responses.
195 "http-headers":
196 [
197 {
198 // Optional user context.
199 "user-context": { "comment": "HSTS header" },
200
201 // Required HTTP header name.
202 "name": "Strict-Transport-Security",
203
204 // Required HTTP header value.
205 "value": "max-age=31536000"
206 }
207 ],
208
209 // Optional authentication.
210 "authentication": {
211
212 // Required authentication type. The only
213 // supported value is basic for the basic HTTP
214 // authentication.
215 "type": "basic",
216
217 // An optional parameter is the basic HTTP
218 // authentication realm. Its default is
219 // "kea-dhcpv4-server"
220 "realm": "kea-dhcpv4-server",
221
222 // This optional parameter can be used to specify a common
223 // prefix for files handling client credentials.
224 "directory": "/usr/local/share/kea/kea-creds",
225
226 // This list specifies the user ids and passwords
227 // to use for basic HTTP authentication. If empty
228 // or not present any client is authorized.
229 "clients": [
230 // This specifies an authorized client.
231 {
232 // The user id must not be empty or
233 // contain the ':' character. It is a
234 // mandatory parameter.
235 "user": "admin",
236
237 // If password is not specified an empty
238 // password is used.
239 "password": "1234"
240 },
241
242 // This specifies a hidden client.
243 {
244 // The user id is the content of the
245 // file /usr/local/share/kea/kea-creds/hiddenu.
246 "user-file": "hiddenu",
247
248 // The password is the content of the
249 // file /usr/local/share/kea/kea-creds/hiddenp.
250 "password-file": "hiddenp"
251 },
252
253 // This specifies a hidden client using a
254 // secret in a file.
255 {
256 // The secret is the content of the file
257 // /usr/local/share/kea/kea-creds/hiddens which must be in
258 // the <user-id>:<password> format.
259 "password-file": "hiddens"
260 }
261 ]
262 }
263 }
264 ],
265
266 // Specifies a prefix to be prepended to the generated Client FQDN.
267 // It may be specified at the global, shared-network, and subnet levels.
268 "ddns-generated-prefix": "myhost",
269
270 // Boolean flag indicating whether the server should ignore DHCP client
271 // wishes to update DNS on its own. With that flag set to true,
272 // the server will send DNS updates for both forward and
273 // reverse DNS data. The default value is false, which indicates
274 // that the server will delegate a DNS update to the client when
275 // requested. It may be specified at the global, shared-network,
276 // and subnet levels.
277 "ddns-override-client-update": false,
278
279 // Boolean flag indicating whether the server should override the DHCP
280 // client's wish to not update the DNS. With this parameter
281 // set to true, the server will send a DNS update even when
282 // the client requested no update. It may be specified at the
283 // global, shared-network, and subnet levels.
284 "ddns-override-no-update": false,
285
286 // Suffix appended to the partial name sent to the DNS. The
287 // default value is an empty string, which indicates that no
288 // suffix is appended. It may be specified at the global,
289 // shared-network, and subnet levels.
290 "ddns-qualifying-suffix": "",
291
292 // Enumeration specifying whether the server should honor
293 // the hostname or Client FQDN sent by the client or replace
294 // this name. The acceptable values are: "never" (use the
295 // name the client sent), "always" (replace the name the
296 // client sent), "when-present" (replace the name the client
297 // sent, but do not generate one when the client didn't send
298 // the name), "when-not-present" (generate the name when
299 // client didn't send one, otherwise leave the name the
300 // client sent). The default value is "never". It may be
301 // specified at the global, shared-network, and subnet levels.
302 "ddns-replace-client-name": "never",
303
304 // Boolean flag which enables or disables DDNS updating. It
305 // defaults to true. It may be specified at the global, shared-
306 // network, and subnet levels. It works in conjunction with
307 // dhcp-ddns:enable-updates, which must be true to enable connectivity
308 // to kea-dhcp-ddns.
309 "ddns-send-updates": true,
310
311 // Boolean flag, which when true instructs the server to always
312 // update DNS when leases are renewed, even if the DNS information
313 // has not changed. The server's default behavior (i.e. flag is false)
314 // is to only update DNS if the DNS information has changed. It
315 // may be specified at the global, shared-network, and subnet levels.
316 "ddns-update-on-renew": true,
317
318 // Boolean flag which is passed to kea-dhcp-ddns with each DDNS
319 // update request, to indicate whether DNS update conflict
320 // resolution as described in RFC 4703 should be employed for the
321 // given update request. The default value for this flag is true.
322 // It may be specified at the global, shared-network, and subnet levels.
323 // This field has been replaced by ddns-conflict-resolution-mode.
324 // Parsing is maintained only for backwards compatibility.
325 // "ddns-use-conflict-resolution": true,
326
327 // Enumeration, which is passed to kea-dhcp-ddns with each DDNS
328 // update request to indicate the mode used for resolving conflicts
329 // while performing DDNS updates. The acceptable values are:
330 // check-with-dhcid (this includes adding a DHCID record and checking
331 // that record via conflict detection as per RFC 4703,
332 // no-check-with-dhcid (this will ignore conflict detection but add
333 // a DHCID record when creating/updating an entry),
334 // check-exists-with-dhcid (this will check if there is an existing
335 // DHCID record but does not verify the value of the record matches
336 // the update. This will also update the DHCID record for the entry),
337 // no-check-without-dhcid (this ignores conflict detection and will
338 // not add a DHCID record when creating/updating a DDNS entry).
339 // The default value is "check-with-dhcid". It may be
340 // specified at the global, shared-network and subnet levels.
341 "ddns-conflict-resolution-mode": "check-with-dhcid",
342
343 // When greater than 0.0, it is the percent of the lease's lifetime
344 // to use for the DNS TTL.
345 "ddns-ttl-percent": 0.75,
346
347 // When greater than 0 it will be used as the DNS TTL. Specified in seconds.
348 // You cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min, or
349 // ddns-ttl-max. They are mutually exclusive.
350 // "ddns-ttl": 500,
351
352 // When greater than 0 it used as the lower boundary for calculated DNS TTL values.
353 // Specified in seconds.
354 "ddns-ttl-min": 24000,
355
356 // When greater than 0 it used as the upper boundary for calculated DNS TTL values.
357 // Specified in seconds.
358 "ddns-ttl-max": 64000,
359
360 // Time in seconds specifying how long a declined lease should be
361 // excluded from DHCP assignments. The default value is 86400 (24 hours).
362 "decline-probation-period": 86400,
363
364 // Name Change Request forwarding configuration for the Kea DHCPv4 server.
365 // NCRs are sent to the Kea D2 module to update DNS upon allocation of
366 // DHCP leases.
367 "dhcp-ddns": {
368 // Boolean flag indicating whether Kea DHCPv4 server should connect to
369 // kea-dhcp-ddns. This must be true for NCRs to be created and
370 // sent to kea-dhcp-ddns. By default, NCRs are not generated.
371 "enable-updates": false,
372
373 // Specifies maximum number of NCRs to queue waiting to be sent
374 // to the Kea D2 server.
375 "max-queue-size": 1024,
376
377 // Packet format to use when sending NCRs to the Kea D2 server.
378 // Currently, only JSON format is supported.
379 "ncr-format": "JSON",
380
381 // Socket protocol to use when sending NCRs to D2. Currently,
382 // only UDP is supported.
383 "ncr-protocol": "UDP",
384
385 // IP address that the Kea DHCPv4 server should use to send
386 // NCRs to D2. The default value of zero indicates that Kea
387 // should pick a suitable address.
388 "sender-ip": "0.0.0.0",
389
390 // Port number that the Kea DHCPv4 server should use to send
391 // NCRs to D2. The default value of zero indicates that Kea
392 // should pick a suitable port.
393 "sender-port": 0,
394
395 // IP address on which D2 listens for NCRs.
396 "server-ip": "127.0.0.1",
397
398 // Port number on which D2 listens for NCRs.
399 "server-port": 53001
400 },
401
402 // Specifies the first of the two consecutive ports of the UDP
403 // sockets used for communication between DHCPv6 and DHCPv4
404 // servers. See RFC 7341. (defaults to 0 - disabled).
405 // If enabled, use e.g. 786.
406 "dhcp4o6-port": 0,
407
408 // Boolean flag indicating whether the Kea DHCPv4 server
409 // should send back the Client Identifier option in its responses.
410 // The default value is true, which indicates that the option
411 // must be sent back if the client included it. The false
412 // value instructs the server to not send this option for
413 // backward compatibility with older DHCP specifications, which
414 // stated that Client Identifier must not be sent back.
415 "echo-client-id": true,
416
417 // Collection of Kea DHCPv4 server parameters configuring how
418 // the server should process expired DHCP leases.
419 "expired-leases-processing": {
420 // Specifies the number of seconds since the last removal of
421 // the expired leases, when the next removal should occur.
422 // If both "flush-reclaimed-timer-wait-time" and
423 // "hold-reclaimed-time" are not 0, when the client sends a release
424 // message the lease is expired instead of being deleted from
425 // lease storage.
426 "flush-reclaimed-timer-wait-time": 25,
427
428 // Specifies the length of time in seconds to keep expired
429 // leases in the lease database (lease affinity).
430 // If both "flush-reclaimed-timer-wait-time" and
431 // "hold-reclaimed-time" are not 0, when the client sends a release
432 // message the lease is expired instead of being deleted from
433 // lease storage.
434 "hold-reclaimed-time": 3600,
435
436 // Specifies the maximum number of expired leases that can be
437 // processed in a single attempt to clean up expired leases
438 // from the lease database. If there are more
439 // expired leases, they will be processed during the next
440 // cleanup attempt.
441 "max-reclaim-leases": 100,
442
443 // Specifies the maximum time in milliseconds that a single attempt
444 // to clean up expired leases from the lease database may take.
445 "max-reclaim-time": 250,
446
447 // Specifies the length of time in seconds since the last attempt
448 // to process expired leases before initiating the next attempt.
449 "reclaim-timer-wait-time": 10,
450
451 // Specifies the maximum number of expired lease-processing cycles
452 // which didn't result in full cleanup of expired leases from the
453 // lease database, after which a warning message is issued.
454 "unwarned-reclaim-cycles": 5
455 },
456
457 // List of hook libraries and their specific configuration parameters
458 // to be loaded by Kea DHCPv4 server.
459 "hooks-libraries": [
460 {
461 // Location of the hook library to be loaded.
462 "library": "libdhcp_lease_cmds.so",
463
464 // Hook library-specific configuration parameters.
465 "parameters": { }
466 },
467 {
468 // The MySQL host backend hook library required for host storage.
469 "library": "libdhcp_mysql.so"
470 },
471 {
472 // The PostgreSQL host backend hook library required for host storage.
473 "library": "libdhcp_pgsql.so"
474 }
475 ],
476
477 // List of access credentials to external sources of IPv4 reservations,
478 "hosts-databases": [
479 {
480 // Name of the database to connect to.
481 "name": "keatest",
482
483 // Host on which the database resides.
484 "host": "localhost",
485
486 // Database password.
487 "password": "1234",
488
489 // Port on which the database is available.
490 "port": 3306,
491
492 // Type of database, e.g. "mysql", "postgresql".
493 "type": "mysql",
494
495 // Username to be used to access the database.
496 "user": "keatest",
497
498 // Read-only mode.
499 "readonly": false,
500
501 // The next entries are for OpenSSL support in MySQL.
502
503 // Trust anchor aka certificate authority file or directory.
504 "trust-anchor": "my-ca",
505
506 // Client certificate file name.
507 "cert-file": "my-cert",
508
509 // Private key file name.
510 "key-file": "my-key",
511
512 // Cipher list (see the OpenSSL ciphers command manual).
513 "cipher-list": "AES",
514
515 // Connection reconnect wait time.
516 // This parameter governs how long Kea waits before attempting
517 // to reconnect. Expressed in milliseconds. The default is 0
518 // (disabled) for MySQL and PostgreSQL.
519 "reconnect-wait-time": 3000,
520
521 // Connection maximum reconnect tries.
522 "max-reconnect-tries": 3,
523
524 // Action to take when connection recovery fails.
525 // Supported values: stop-retry-exit, serve-retry-exit,
526 // serve-retry-continue
527 "on-fail": "stop-retry-exit",
528
529 // Flag which indicates if the DB recovery should be attempted
530 // at server startup and on reconfiguration events.
531 "retry-on-startup": false,
532
533 // Connection connect timeout in seconds.
534 "connect-timeout": 100,
535
536 // Timeout of database read operations in seconds.
537 "read-timeout": 120,
538
539 // Timeout of database write operations in seconds.
540 "write-timeout": 180
541 },
542 {
543 // Name of the database to connect to.
544 "name": "keatest",
545
546 // Host on which the database resides.
547 "host": "localhost",
548
549 // Database password.
550 "password": "1234",
551
552 // Port on which the database is available.
553 "port": 5432,
554
555 // Type of database, e.g. "mysql", "postgresql".
556 "type": "postgresql",
557
558 // Username to be used to access the database.
559 "user": "keatest",
560
561 // TCP user timeout while communicating with the database.
562 // It is specified in seconds.
563 "tcp-user-timeout": 100,
564
565 // Trust anchor aka certificate authority file or directory.
566 "trust-anchor": "my-ca",
567
568 // Client certificate file name.
569 "cert-file": "my-cert",
570
571 // Private key file name.
572 "key-file": "my-key",
573
574 // SSL mode.
575 "ssl-mode": "verify-ca"
576 }
577 ],
578
579 // List of host reservation identifier types to be used by the
580 // Kea DHCPv4 server to fetch static reservations for
581 // DHCP clients. All identifiers are used by default, which
582 // means that the server will issue multiple queries to the
583 // database to find if there is a reservation for a particular
584 // client. If a particular deployment uses only a subset, e.g.
585 // one identifier type, this identifier should be only listed
586 // here to prevent unnecessary queries to the database.
587 "host-reservation-identifiers": [
588 "hw-address",
589 "duid",
590 "circuit-id",
591 "client-id",
592 "flex-id"
593 ],
594
595 // Specifies configuration of interfaces on which the Kea DHCPv4
596 // server is listening to the DHCP queries.
597 "interfaces-config": {
598 // Specifies whether the server should use "udp" sockets or
599 // "raw" sockets to listen to DHCP traffic. The "raw"
600 // sockets are useful when direct DHCP traffic is being
601 // received.
602 "dhcp-socket-type": "udp",
603
604 // Specifies a list of interfaces on which the Kea DHCPv4
605 // server should listen to DHCP requests.
606 "interfaces": [
607 "eth0"
608 ],
609
610 // Enumeration which indicates what interface should be used
611 // to send DHCP responses to the client. The default value is
612 // "same-as-inbound", which indicates that the response should
613 // be sent via the interface on which the client's query
614 // was received. The "use-routing" value indicates that the
615 // Kea server should use the kernel's routing table to find a
616 // suitable interface.
617 "outbound-interface": "same-as-inbound",
618
619 // Boolean flag indicating whether the available interfaces should
620 // be re-detected upon server reconfiguration. The default value
621 // is true, which means that the interfaces are always
622 // re-detected.
623 "re-detect": true,
624
625 // Kea tries to bind the service sockets during initialization, but it may
626 // fail due to a port being already opened or a misconfiguration. Kea can
627 // suppress these errors and only log them. This flag prevents starting
628 // the DHCP server without binding all sockets. If unspecified, it
629 // defaults to false.
630 "service-sockets-require-all": true,
631
632 // Kea tries to bind the service sockets during initialization. This
633 // option specifies how many times binding to interface will be retried.
634 // The default value is 0, which means that the operation will not be
635 // repeated.
636 "service-sockets-max-retries": 5,
637
638 // The time interval in milliseconds to wait before the next attempt to
639 // retry opening a service socket.
640 "service-sockets-retry-wait-time": 5000
641 },
642
643 // Boolean parameter which controls whether an early global host
644 // reservations lookup should be performed. This lookup takes place
645 // before subnet selection and when a global reservation is found
646 // with some client classes, it triggers a second phase classification.
647 // It can also be used to drop queries using host reservations as a
648 // decision table indexed by reservation identifiers.
649 "early-global-reservations-lookup": true,
650
651 // Boolean parameter which controls the DHCP server's behavior with respect
652 // to creating host reservations for the same IP address. By default
653 // this flag is set to true, in which case the server prevents creation
654 // of multiple host reservations for the same IP address. When this
655 // parameter is set to false, the server allows for creating multiple
656 // reservations for the same IP address within a subnet. This setting
657 // is useful in deployments in which a given host may be communicating
658 // with a DHCP server over multiple interfaces and, depending on the
659 // chosen interface, a different MAC address (or other identifier) will
660 // be used to identify the host. Note that some host backends do not
661 // support the mode in which multiple reservations for the same IP
662 // address are used. If these backends are in use and this setting
663 // is attempted, a configuration error will occur. The MySQL and
664 // PostgreSQL backends do support this mode.
665 "ip-reservations-unique": true,
666
667 // Boolean parameter which controls whether host reservations lookup
668 // should be performed before lease lookup. This parameter has effect
669 // only when multi-threading is disabled. When multi-threading is
670 // enabled, host reservations lookup is always performed first to avoid
671 // lease-lookup resource locking.
672 "reservations-lookup-first": true,
673
674 // Specifies credentials to access lease database.
675 "lease-database": {
676 // memfile backend-specific parameter specifying the interval
677 // in seconds at which the lease file should be cleaned up (outdated
678 // lease entries are removed to prevent the lease file from growing
679 // infinitely).
680 "lfc-interval": 3600,
681
682 // Maximum number of lease-file read errors allowed before
683 // loading the file is abandoned. Defaults to 0 (no limit).
684 "max-row-errors": 100,
685
686 // Name of the lease file. In the case of a database it specifies the
687 // database name.
688 "name": "kea-leases4.csv",
689
690 // memfile-specific parameter indicating whether leases should
691 // be saved on persistent storage (disk) or not. The true value
692 // is the default and it indicates that leases are stored in
693 // persistent storage. This setting must be used in production.
694 // The false value should only be used for testing purposes
695 // because non-stored leases will be lost upon Kea server restart.
696 "persist": true,
697
698 // Lease database backend type, i.e. "memfile", "mysql" or
699 // "postgresql".
700 "type": "memfile"
701 },
702
703 // Boolean value indicating whether the Kea DHCPv4 server should use the client
704 // identifier value sent by the client or ignore it. The default value
705 // is true, which indicates that the server should use the client identifier
706 // and that it takes precedence over the client's MAC address. In deployments
707 // where MAC address should take precedence, this value can be set to
708 // false, in which case the clients will be identified by MAC address.
709 // This is specifically useful when clients don't generate unique
710 // identifiers or these identifiers are not stable, etc.
711 "match-client-id": false,
712
713 // Global value of the next server address set in 'siaddr' field.
714 // The global value may be overridden in lower-level configuration
715 // scopes.
716 "next-server": "192.0.2.123",
717
718 // Global value which limits the number of client packets (e.g.
719 // DHCPREQUESTs) that may be parked while waiting for hook library
720 // work to complete, prior to a response (e.g. DHCPACK) being sent
721 // back to the client. A typical example is when kea-dhcp4 parks a
722 // DHCPREQUEST while it sends the lease update(s) to its HA peer(s).
723 // The packet is unparked once the update(s) have been acknowledged.
724 // This value limits the number of packets that can be held pending
725 // the updates. In times of heavy client traffic, this value can keep
726 // kea-dhcp4 from building an insurmountable backlog of updates.
727 "parked-packet-limit": 256,
728
729 // List of global DHCP options that the Kea DHCPv4 server assigns to
730 // clients.
731 "option-data": [
732 {
733 // Boolean flag indicating whether the given option is always
734 // sent in response or only when requested. The default
735 // value of false indicates that it is only sent when
736 // requested.
737 "always-send": false,
738
739 // An optional list of classes for which this option applies.
740 // If the the client matches any of the classes in this list the
741 // option will be applied. If the list is empty or is
742 // omitted this option will be applied regardless of class
743 // membership.
744 "client-classes": [ "class1", "class2" ],
745
746 // Option code. It is not required if the option name is
747 // provided.
748 "code": 6,
749
750 // Boolean value indicating whether the option data specified
751 // in the "data" field is specified as a string of hexadecimal
752 // digits or in human-readable CSV format.
753 "csv-format": true,
754
755 // Option data to be stored in the option payload.
756 "data": "192.0.3.1, 192.0.3.2",
757
758 // Option name. It is not required if the option code is
759 // provided.
760 "name": "domain-name-servers",
761
762 // Boolean flag indicating whether the given option is never
763 // sent in response. The default value of false indicates
764 // that it is sent when it should be. When true, the option
765 // is not sent despite any other setting, i.e. it is
766 // a final flag.
767 "never-send": false,
768
769 // Option space. The default is the "dhcp4" option space which
770 // groups top-level DHCPv4 options.
771 "space": "dhcp4"
772 }
773 ],
774
775 // List of global option definitions, i.e. option formats, that the
776 // Kea DHCPv4 server is using.
777 "option-def": [
778 {
779 // Boolean flag indicating whether the option definition comprises
780 // an array of values of some type, e.g. an array of IPv4 addresses.
781 // The default value of false means that the option does not
782 // comprise an array of values.
783 "array": false,
784
785 // Option code.
786 "code": 6,
787
788 // Holds a name of the option space encapsulated by this option.
789 // All options that belong to this option space will be sent
790 // as sub-options of this option. An empty string means that this
791 // option doesn't encapsulate any option.
792 "encapsulate": "",
793
794 // Option name.
795 "name": "my-option",
796
797 // Specifies the types of fields within the option if the option
798 // is said to be a "record" (see "type"). In this particular example
799 // this option comprises two fields, 1 byte and 2 bytes long.
800 "record-types": "uint8, uint16",
801
802 // Name of the option space to which this option belongs.
803 "space": "my-space",
804
805 // Option type. All possible types are listed in the Kea
806 // Administrator Reference Manual.
807 "type": "record"
808 }
809 ],
810
811 // Global value for the rebind timer, i.e. the time after which the
812 // DHCP client enters the rebind state if it fails to renew the lease.
813 "rebind-timer": 40,
814
815 // Global value for the renew timer, i.e. the time after which the
816 // DHCP client renews the lease.
817 "renew-timer": 30,
818
819 // Global value to store extended information (e.g. relay agent
820 // information) with each lease.
821 "store-extended-info": true,
822
823 // Statistics keep some samples per observation point.
824 // There are two default values: maximum count and maximum age.
825 // Setting the maximum count to zero disables it.
826 "statistic-default-sample-count": 0,
827
828 // When the maximum count is 0 the maximum age (in seconds) applies.
829 "statistic-default-sample-age": 60,
830
831 // Multi-threading parameters.
832 "multi-threading": {
833 // By default, Kea processes packets on multiple threads if the hardware permits.
834 "enable-multi-threading": true,
835
836 // When multi-threading is enabled, Kea will process packets on a
837 // number of multiple threads configurable through this option. The
838 // value must be a positive integer (0 means auto-detect).
839 "thread-pool-size": 0,
840
841 // When multi-threading is enabled, Kea will read packets from the
842 // interface and append a working item to the thread pool. This
843 // option configures the maximum number of items that can be queued.
844 // The value must be a positive integer (0 means unlimited).
845 "packet-queue-size": 0
846 },
847
848 // Governs how the Kea DHCPv4 server should deal with invalid
849 // data received from the client.
850 "sanity-checks": {
851 // Specifies how the Kea DHCPv4 server should behave when invalid
852 // data is read for a lease from the lease file. The following
853 // values are supported: "none" (don't attempt to correct the
854 // lease information), "warn" (print a warning for subnet-id
855 // related inconsistencies), "fix" (correct the subnet id by
856 // trying to find the suitable subnet), "fix-del" (similar
857 // to "fix" but delete the lease if no suitable subnet found),
858 // "del" (delete the lease if the lease has invalid subnet
859 // identifier value).
860 "lease-checks": "warn",
861
862 // Specifies how Kea DHCPv4 server should behave when invalid
863 // extended info is read for a lease from the lease file, or
864 // whether to upgrade from the old format. The following values
865 // are supported: "none" (don't attempt to correct or upgrade
866 // the extended info), "fix" (fix common inconsistencies and
867 // upgrade from the old format; this is the default), "strict"
868 // (fix inconsistencies with an impact on Leasequery),
869 // "pedantic" (enforce full Kea code format).
870 "extended-info-checks": "fix"
871 },
872
873 // List of shared networks used by the Kea DHCPv4 server. The shared
874 // networks group subnets together.
875 "shared-networks": [
876 {
877 // A flag selecting an IP address allocation strategy for all
878 // subnets in this shared network.
879 "allocator": "random",
880
881 // Shared-network level authoritative flag.
882 "authoritative": false,
883
884 // Shared-network level bootfile name.
885 "boot-file-name": "/dev/null",
886
887 // Restricts this shared network to allow only clients
888 // that belong to at least one class in this list. If omitted
889 // or an empty list is provided, no restriction is applied.
890 "client-classes": [],
891
892 // Shared-network level value. See description at the global level.
893 "ddns-generated-prefix": "myhost",
894
895 // Shared-network level value. See description at the global level.
896 "ddns-override-client-update": false,
897
898 // Shared-network level value. See description at the global level.
899 "ddns-override-no-update": false,
900
901 // Shared-network level value. See description at the global level.
902 "ddns-qualifying-suffix": "",
903
904 // Shared-network level value. See description at the global level.
905 "ddns-replace-client-name": "never",
906
907 // Shared-network level value. See description at the global level.
908 "ddns-send-updates": true,
909
910 // Shared-network level value. See description at the global level.
911 "ddns-update-on-renew": true,
912
913 // Shared-network level value. See description at the global level.
914 // This field has been replaced by ddns-conflict-resolution-mode.
915 // Parsing is maintained only for backwards compatibility.
916 // "ddns-use-conflict-resolution": true,
917
918 // Shared-network level value. See description at the global level.
919 "ddns-conflict-resolution-mode": "check-with-dhcid",
920
921 // Shared-network level value. See description at the global level.
922 "ddns-ttl-percent": 0.65,
923
924 // Shared-network level value. See description at the global level.
925 // You cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min, or
926 // ddns-ttl-max. They are mutually exclusive.
927 // "ddns-ttl": 500,
928
929 // Shared-network level value. See description at the global level.
930 "ddns-ttl-min": 10000,
931
932 // Shared-network level value. See description at the global level.
933 "ddns-ttl-max": 20000,
934
935 // Shared-network level value. See description at the global level.
936 "hostname-char-replacement": "x",
937
938 // Shared-network level value. See description at the global level.
939 "hostname-char-set": "[^A-Za-z0-9.-]",
940
941 // Specifies that this shared network is selected for
942 // requests received on a particular interface.
943 "interface": "eth0",
944
945 // Shared-network level flag specifying whether the client
946 // identifier should be used for identifying clients.
947 "match-client-id": true,
948
949 // Shared network name.
950 "name": "my-secret-network",
951
952 // Shared-network level specification of the next server
953 // to be sent in 'siaddr'.
954 "next-server": "192.0.2.123",
955
956 // If greater than zero, it is the lifetime of leases temporarily allocated
957 // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
958 "offer-lifetime" : 60,
959
960 // List of shared network-specific DHCP options.
961 "option-data": [],
962
963 // List of IPv4 relay addresses for which this shared
964 // network is selected.
965 "relay": {
966 "ip-addresses": []
967 },
968
969 // Shared-network level rebind timer.
970 "rebind-timer": 41,
971
972 // Shared-network level renew timer.
973 "renew-timer": 31,
974
975 // Shared-network level compute T1 and T2 timers.
976 "calculate-tee-times": true,
977
978 // T1 = valid lifetime * .5.
979 "t1-percent": .5,
980
981 // T2 = valid lifetime * .75.
982 "t2-percent": .75,
983
984 // Cache threshold = valid lifetime * .25.
985 "cache-threshold": .25,
986
987 // Cache maximum: when the client last-transmission time
988 // is close enough, the lease is not renewed and the current
989 // lease is returned as it was "cached".
990 "cache-max-age": 1000,
991
992 // Adaptive lease time threshold (1.0 is disabled).
993 "adaptive-lease-time-threshold": 0.8,
994
995 // Specify whether the server should look up global reservations.
996 "reservations-global": false,
997
998 // Specify whether the server should look up in-subnet reservations.
999 "reservations-in-subnet": true,
1000
1001 // Specify whether the server can assume that all reserved addresses
1002 // are out-of-pool.
1003 // Ignored when reservations-in-subnet is false.
1004 // If specified, it is inherited by "subnet4" levels.
1005 "reservations-out-of-pool": false,
1006
1007 // List of client classes which must be evaluated when this shared
1008 // network is selected for client assignments.
1009 "evaluate-additional-classes": [ "late" ],
1010
1011 // Turn off storage of extended information (e.g. relay agent
1012 // information) with each lease for this shared network.
1013 "store-extended-info": false,
1014
1015 // Shared-network level server hostname set in 'sname' field.
1016 "server-hostname": "",
1017
1018 // List of IPv4 subnets belonging to this shared network.
1019 "subnet4": [
1020 {
1021 // Interface name matched against inbound interface name.
1022 // Used in DHCPv4o6. See RFC 7341.
1023 "4o6-interface": "",
1024
1025 // Interface ID option value. See RFC 7341.
1026 "4o6-interface-id": "",
1027
1028 // Prefix matched against source address. See RFC7341.
1029 "4o6-subnet": "2001:db8:1:1::/64",
1030
1031 // A flag selecting an IP address allocation strategy for
1032 // the subnet.
1033 "allocator": "iterative",
1034
1035 // Subnet-level authoritative flag.
1036 "authoritative": false,
1037
1038 // Subnet-level bootfile name, set in 'file' field.
1039 "boot-file-name": "",
1040
1041 // Restricts this subnet to allow only clients
1042 // that belong to at least one class in this list. If omitted
1043 // or an empty list is provided, no restriction is applied.
1044 "client-classes": [],
1045
1046 // Subnet-level value. See description at the global level.
1047 "ddns-generated-prefix": "myhost",
1048
1049 // Subnet-level value. See description at the global level.
1050 "ddns-override-client-update": false,
1051
1052 // Subnet-level value. See description at the global level.
1053 "ddns-override-no-update": false,
1054
1055 // Subnet-level value. See description at the global level.
1056 "ddns-qualifying-suffix": "",
1057
1058 // Subnet-level value. See description at the global level.
1059 "ddns-replace-client-name": "never",
1060
1061 // Subnet-level value. See description at the global level.
1062 "ddns-send-updates": true,
1063
1064 // Subnet-level value. See description at the global level.
1065 "ddns-update-on-renew": true,
1066
1067 // Shared-network level value. See description at the global level.
1068 // This field has been replaced by ddns-conflict-resolution-mode.
1069 // Parsing is maintained only for backwards compatibility.
1070 // "ddns-use-conflict-resolution": true,
1071
1072 // Subnet-level value. See description at the global level.
1073 "ddns-conflict-resolution-mode": "check-with-dhcid",
1074
1075 // Subnet-level value. See description at the global level.
1076 // "ddns-ttl-percent": 0.55,
1077
1078 // Subnet-level value. See description at the global level.
1079 // You cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min, or
1080 // ddns-ttl-max. They are mutually exclusive.
1081 "ddns-ttl": 500,
1082
1083 // Subnet-level value. See description at the global level.
1084 // "ddns-ttl-min": 10000,
1085
1086 // Subnet-level value. See description at the global level.
1087 // "ddns-ttl-max": 20000,
1088
1089 // Subnet-level value. See description at the global level.
1090 "hostname-char-replacement": "x",
1091
1092 // Subnet-level value. See description at the global level.
1093 "hostname-char-set": "[^A-Za-z0-9.-]",
1094
1095 // Subnet unique identifier.
1096 "id": 1,
1097
1098 // Specifies that this subnet is selected for requests
1099 // received on a particular interface.
1100 "interface": "eth0",
1101
1102 // Subnet-level flag specifying whether the client identifier
1103 // should be used for identifying clients.
1104 "match-client-id": true,
1105
1106 // Subnet-level specification of the next server to be sent
1107 // in 'siaddr'.
1108 "next-server": "0.0.0.0",
1109
1110 // If greater than zero, it is the lifetime of leases temporarily allocated
1111 // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
1112 "offer-lifetime" : 60,
1113
1114 // Turn on storage of extended information (e.g. relay agent
1115 // information) with each lease for this subnet.
1116 "store-extended-info": true,
1117
1118 // Subnet-level list of DHCP options.
1119 "option-data": [
1120 {
1121 // Boolean flag indicating whether the particular option
1122 // should be always sent or sent only when requested.
1123 "always-send": false,
1124
1125 // An optional list of classes for which this option applies.
1126 // If the the client matches any of the classes in this list the
1127 // option will be applied. If the list is empty or is
1128 // omitted this option will be applied regardless of class
1129 // membership.
1130 "client-classes": [],
1131
1132 // Option code.
1133 "code": 3,
1134
1135 // Boolean flag indicating whether the option value specified
1136 // in "data" is a string of hexadecimal values or human-readable
1137 // CSV value.
1138 "csv-format": true,
1139
1140 // Option data to be included in the option payload.
1141 "data": "192.0.3.1",
1142
1143 // Option name.
1144 "name": "routers",
1145
1146 // Boolean flag indicating whether the given option is never
1147 // sent in response.
1148 "never-send": false,
1149
1150 // Option space. The default value "dhcp4" designates the
1151 // top-level option space.
1152 "space": "dhcp4"
1153 }
1154 ],
1155
1156 // List of IP address pools belonging to the subnet.
1157 "pools": [
1158 {
1159 // Restricts this pool to allow only clients
1160 // that belong to at least one class in this list. If omitted
1161 // or an empty list is provided, no restriction is applied.
1162 "client-classes": [ "phones_server1" ],
1163
1164 // Pool-level list of DHCP options.
1165 "option-data": [],
1166
1167 // Address range used for client assignments.
1168 "pool": "192.1.0.1 - 192.1.0.200",
1169
1170 // List of client classes which must be evaluated when this pool
1171 // is selected for client assignments.
1172 "evaluate-additional-classes": [ "late" ],
1173
1174 // Pool-level value. See description at the global level.
1175 "ddns-generated-prefix": "mypool",
1176
1177 // Pool-level value. See description at the global level.
1178 "ddns-override-client-update": false,
1179
1180 // Pool-level value. See description at the global level.
1181 "ddns-override-no-update": false,
1182
1183 // Pool-level value. See description at the global level.
1184 "ddns-qualifying-suffix": "pool.example.com.",
1185
1186 // Pool-level value. See description at the global level.
1187 "ddns-replace-client-name": "always",
1188
1189 // Pool-level value. See description at the global level.
1190 "ddns-send-updates": true,
1191
1192 // Pool-level value. See description at the global level.
1193 "ddns-update-on-renew": false,
1194
1195 // Pool-level value. See description at the global level.
1196 "ddns-conflict-resolution-mode": "check-with-dhcid",
1197
1198 // Pool-level value. See description at the global level.
1199 "ddns-ttl-percent": 0.55,
1200
1201 // Pool-level value. See description at the global level.
1202 // You cannot specify both ddns-ttl and any of ddns-ttl-percent,
1203 // ddns-ttl-min, or ddns-ttl-max. They are mutually exclusive.
1204 // "ddns-ttl": 500,
1205
1206 // Pool-level value. See description at the global level.
1207 "ddns-ttl-min": 10000,
1208
1209 // Pool-level value. See description at the global level.
1210 "ddns-ttl-max": 20000,
1211
1212 // Pool-level value. See description at the global level.
1213 "hostname-char-replacement": "x",
1214
1215 // Pool-level value. See description at the global level.
1216 "hostname-char-set": "[^A-Za-z0-9.-]"
1217 },
1218 {
1219 // Restricts this pool to allow only clients
1220 // that belong to at least one class in this list. If omitted
1221 // or an empty list is provided, no restriction is applied.
1222 "client-classes": [ "phones_server2" ],
1223
1224 // Pool-level list of DHCP options.
1225 "option-data": [],
1226
1227 // Address range used for client assignments.
1228 "pool": "192.3.0.1 - 192.3.0.200",
1229
1230 // List of client classes which must be evaluated when this pool
1231 // is selected for client assignments.
1232 "evaluate-additional-classes": [],
1233
1234 // Pool identifier used to enable statistics for this pool.
1235 // The pool ID does not need to be unique within the subnet
1236 // or across subnets.
1237 // If not unconfigured, it defaults to 0. The statistics
1238 // regarding this pool will be combined with the other statistics
1239 // of all other pools with the same pool ID in this subnet.
1240 "pool-id": 1
1241 }
1242 ],
1243
1244 // Subnet-level value of the rebind timer.
1245 "rebind-timer": 40,
1246
1247 // List of IPv4 relay addresses for which this subnet is selected.
1248 "relay": {
1249 "ip-addresses": [
1250 "192.168.56.1"
1251 ]
1252 },
1253
1254 // Subnet-level value of the renew timer.
1255 "renew-timer": 30,
1256
1257 // Specify whether the server should look up global reservations.
1258 "reservations-global": false,
1259
1260 // Specify whether the server should look up in-subnet reservations.
1261 "reservations-in-subnet": true,
1262
1263 // Specify whether the server can assume that all reserved
1264 // addresses are out-of-pool.
1265 // Ignored when reservations-in-subnet is false.
1266 "reservations-out-of-pool": false,
1267
1268 // Subnet-level compute T1 and T2 timers.
1269 "calculate-tee-times": true,
1270
1271 // T1 = valid lifetime * .5.
1272 "t1-percent": .5,
1273
1274 // T2 = valid lifetime * .75.
1275 "t2-percent": .75,
1276
1277 // Cache threshold = valid lifetime * .25.
1278 "cache-threshold": .25,
1279
1280 // Subnet-level cache maximum.
1281 "cache-max-age": 1000,
1282
1283 // Adaptive lease time threshold (1.0 is disabled).
1284 "adaptive-lease-time-threshold": 0.8,
1285
1286 // List of static IPv4 reservations assigned to clients belonging
1287 // to this subnet. For a detailed example, see reservations.json.
1288 "reservations": [
1289 {
1290 // Identifier used for client matching. Supported values are
1291 // "hw-address", "client-id", "duid", "circuit-id", "flex-id".
1292 "circuit-id": "01:11:22:33:44:55:66",
1293
1294 // Reserved IP address.
1295 "ip-address": "192.0.2.204",
1296
1297 // Hostname.
1298 "hostname": "foo.example.org",
1299
1300 // Reservation-specific option data.
1301 "option-data": [
1302 {
1303 // Option name.
1304 "name": "vivso-suboptions",
1305
1306 // Option data.
1307 "data": "4491"
1308 }
1309 ]
1310 }
1311 ],
1312
1313 // List of client classes which must be evaluated when this subnet
1314 // is selected for client assignments.
1315 "evaluate-additional-classes": [ "late" ],
1316
1317 // Subnet-level server hostname set in 'sname' field.
1318 "server-hostname": "",
1319
1320 // Subnet prefix.
1321 "subnet": "192.0.0.0/8",
1322
1323 // Subnet-level (default) valid lifetime.
1324 "valid-lifetime": 6000,
1325
1326 // Subnet-level min valid lifetime.
1327 "min-valid-lifetime": 4000,
1328
1329 // Subnet-level max valid lifetime.
1330 "max-valid-lifetime": 8000
1331 }
1332 ],
1333
1334 // Shared-network level (default) valid lifetime.
1335 "valid-lifetime": 6001,
1336
1337 // Shared-network level min valid lifetime.
1338 "min-valid-lifetime": 4001,
1339
1340 // Shared-network level max valid lifetime.
1341 "max-valid-lifetime": 8001
1342 }
1343 ],
1344
1345 // Global server hostname set in the 'sname' field.
1346 "server-hostname": "",
1347
1348 // Stash agent options (aka RAI) to make direct queries to come
1349 // through a relay.
1350 "stash-agent-options": false,
1351
1352 // List of IPv4 subnets which don't belong to any shared network.
1353 "subnet4": [],
1354
1355 // Global valid lifetime value.
1356 "valid-lifetime": 6000,
1357
1358 // Global min valid lifetime value.
1359 "min-valid-lifetime": 4000,
1360
1361 // Global max valid lifetime value.
1362 "max-valid-lifetime": 8000,
1363
1364 // Reservations (examples are in other files).
1365 "reservations": [],
1366
1367 // Configuration control (currently not used, i.e. this syntax
1368 // is already defined but the corresponding feature is not implemented).
1369 "config-control": {
1370 // Only the configuration databases entry is defined.
1371 "config-databases": [
1372 {
1373 // Name of the database to connect to.
1374 "name": "config",
1375
1376 // Type of database, e.g. "mysql", "postgresql".
1377 "type": "mysql"
1378 }
1379 ],
1380 // Interval between attempts to fetch configuration updates
1381 // via the configuration backends used.
1382 "config-fetch-wait-time": 30
1383 },
1384
1385 // Server tag.
1386 "server-tag": "my DHCPv4 server",
1387
1388 // DHCP queue-control parameters.
1389 "dhcp-queue-control": {
1390 // Enable queue is mandatory.
1391 "enable-queue": true,
1392
1393 // Queue type is mandatory.
1394 "queue-type": "kea-ring4",
1395
1396 // Capacity is optional.
1397 "capacity": 64
1398 },
1399
1400 // Specify whether the server should look up global reservations.
1401 "reservations-global": false,
1402
1403 // Specify whether the server should look up in-subnet reservations.
1404 "reservations-in-subnet": true,
1405
1406 // Specify whether the server can assume that all reserved addresses
1407 // are out-of-pool.
1408 // Ignored when reservations-in-subnet is false.
1409 // If specified, it is inherited by "shared-networks" and
1410 // "subnet4" levels.
1411 "reservations-out-of-pool": false,
1412
1413 // Global compute T1 and T2 timers.
1414 "calculate-tee-times": true,
1415
1416 // T1 = valid lifetime * .5.
1417 "t1-percent": .5,
1418
1419 // T2 = valid lifetime * .75.
1420 "t2-percent": .75,
1421
1422 // Cache threshold = valid lifetime * .25.
1423 "cache-threshold": .25,
1424
1425 // Global cache maximum.
1426 "cache-max-age": 1000,
1427
1428 // Adaptive lease time threshold (1.0 is disabled).
1429 "adaptive-lease-time-threshold": 0.8,
1430
1431 // String of zero or more characters with which to replace each
1432 // invalid character in the hostname or Client FQDN. The default
1433 // value is an empty string, which will cause invalid characters
1434 // to be omitted rather than replaced.
1435 "hostname-char-replacement": "x",
1436
1437 // Regular expression describing the invalid character set in
1438 // the hostname or Client FQDN.
1439 "hostname-char-set": "[^A-Za-z0-9.-]",
1440
1441 // List of loggers used by the servers using this configuration file.
1442 "loggers": [
1443 {
1444 // Debug level, a value between 0..99. The greater the value
1445 // the more detailed the debug log.
1446 "debuglevel": 99,
1447
1448 // Name of the logger.
1449 "name": "kea-dhcp4",
1450
1451 // Configures how the log should be output.
1452 "output-options": [
1453 {
1454 // Determines whether the log should be flushed to a file.
1455 "flush": true,
1456
1457 // Specifies maximum filesize before the file is rotated.
1458 "maxsize": 10240000,
1459
1460 // Specifies the maximum number of rotated files to be kept.
1461 "maxver": 1,
1462
1463 // Specifies the logging destination.
1464 "output": "stdout",
1465
1466 // Specifies log entry content
1467 "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
1468 }
1469 ],
1470
1471 // Specifies logging severity, i.e. "ERROR", "WARN", "INFO", "DEBUG".
1472 "severity": "INFO"
1473 }
1474 ],
1475
1476 // If greater than zero, it is the lifetime of leases temporarily allocated
1477 // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
1478 "offer-lifetime" : 60,
1479
1480 // Look at advanced examples for the use of user-contexts.
1481 "user-context": { }
1482 }
1483}
kea4/all-options.json
1// This example configuration file for DHCPv4 server in Kea contains:
2//
3// - data for all the standard options
4// - custom option definitions at global level along with some associated
5// option data
6// - custom option data with standardized option spaces other than "dhcp4"
7// - custom option spaces
8// - option embedding examples
9//
10// The reader is strongly encouraged to take a look at the option formats
11// documented in the Kea ARM:
12// https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html?highlight=list%20of%20standard%20dhcpv4#id2
13
14{
15 "Dhcp4": {
16 /*
17 Data for all standard option definitions
18 */
19 // Option data defined globally
20 "option-data": [
21 /*
22 Code Len Time Offset
23 +-----+-----+-----+-----+-----+-----+
24 | 2 | 4 | n1 | n2 | n3 | n4 |
25 +-----+-----+-----+-----+-----+-----+
26 */
27 // Type: int32
28 {
29 "code": 2,
30 "data": "-25200",
31 "name": "time-offset"
32 },
33
34 /*
35 Code Len Address 1 Address 2
36 +-----+-----+-----+-----+-----+-----+-----+-----+--
37 | 3 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
38 +-----+-----+-----+-----+-----+-----+-----+-----+--
39 */
40 // Type: array of {IPv4 address}
41 {
42 "code": 3,
43 "data": "192.0.2.2, 192.0.2.3",
44 "name": "routers"
45 },
46
47 /*
48 Code Len Address 1 Address 2
49 +-----+-----+-----+-----+-----+-----+-----+-----+--
50 | 4 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
51 +-----+-----+-----+-----+-----+-----+-----+-----+--
52 */
53 // Type: array of {IPv4 address}
54 {
55 "code": 4,
56 "data": "192.0.2.4, 192.0.2.5",
57 "name": "time-servers"
58 },
59
60 /*
61 Code Len Address 1 Address 2
62 +-----+-----+-----+-----+-----+-----+-----+-----+--
63 | 5 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
64 +-----+-----+-----+-----+-----+-----+-----+-----+--
65 */
66 // Type: array of {IPv4 address}
67 {
68 "code": 5,
69 "data": "192.0.2.6, 192.0.2.7",
70 "name": "name-servers"
71 },
72
73 /*
74 Code Len Address 1 Address 2
75 +-----+-----+-----+-----+-----+-----+-----+-----+--
76 | 6 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
77 +-----+-----+-----+-----+-----+-----+-----+-----+--
78 */
79 // Type: array of {IPv4 address}
80 {
81 "code": 6,
82 "data": "192.0.2.8, 192.0.2.9",
83 "name": "domain-name-servers"
84 },
85
86 /*
87 Code Len Address 1 Address 2
88 +-----+-----+-----+-----+-----+-----+-----+-----+--
89 | 7 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
90 +-----+-----+-----+-----+-----+-----+-----+-----+--
91 */
92 // Type: array of {IPv4 address}
93 {
94 "code": 7,
95 "data": "192.0.2.10, 192.0.2.11",
96 "name": "log-servers"
97 },
98
99 /*
100 Code Len Address 1 Address 2
101 +-----+-----+-----+-----+-----+-----+-----+-----+--
102 | 8 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
103 +-----+-----+-----+-----+-----+-----+-----+-----+--
104 */
105 // Type: array of {IPv4 address}
106 {
107 "code": 8,
108 "data": "192.0.2.12, 192.0.2.13",
109 "name": "cookie-servers"
110 },
111
112 /*
113 Code Len Address 1 Address 2
114 +-----+-----+-----+-----+-----+-----+-----+-----+--
115 | 9 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
116 +-----+-----+-----+-----+-----+-----+-----+-----+--
117 */
118 // Type: array of {IPv4 address}
119 {
120 "code": 9,
121 "data": "192.0.2.14, 192.0.2.15",
122 "name": "lpr-servers"
123 },
124
125 /*
126 Code Len Address 1 Address 2
127 +-----+-----+-----+-----+-----+-----+-----+-----+--
128 | 10 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
129 +-----+-----+-----+-----+-----+-----+-----+-----+--
130 */
131 // Type: array of {IPv4 address}
132 {
133 "code": 10,
134 "data": "192.0.2.16, 192.0.2.17",
135 "name": "impress-servers"
136 },
137
138 /*
139 Code Len Address 1 Address 2
140 +-----+-----+-----+-----+-----+-----+-----+-----+--
141 | 11 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
142 +-----+-----+-----+-----+-----+-----+-----+-----+--
143 */
144 // Type: array of {IPv4 address}
145 {
146 "code": 11,
147 "data": "192.0.2.18, 192.0.2.19",
148 "name": "resource-location-servers"
149 },
150
151 /*
152 Code Len File Size
153 +-----+-----+-----+-----+
154 | 13 | 2 | l1 | l2 |
155 +-----+-----+-----+-----+
156 */
157 // Type: uint16
158 {
159 "code": 13,
160 "data": "1024",
161 "name": "boot-size"
162 },
163
164 /*
165 Code Len Dump File Pathname
166 +-----+-----+-----+-----+-----+-----+---
167 | 14 | n | n1 | n2 | n3 | n4 | ...
168 +-----+-----+-----+-----+-----+-----+---
169 */
170 // Type: string
171 {
172 "code": 14,
173 "data": "/etc/crash-dump.img",
174 "name": "merit-dump"
175 },
176
177 /*
178 Code Len Domain Name
179 +-----+-----+-----+-----+-----+-----+--
180 | 15 | n | d1 | d2 | d3 | d4 | ...
181 +-----+-----+-----+-----+-----+-----+--
182 */
183 // Type: FQDN
184 {
185 "code": 15,
186 "data": "my.example.org",
187 "name": "domain-name"
188 },
189
190 /*
191 Code Len Swap Server Address
192 +-----+-----+-----+-----+-----+-----+
193 | 16 | n | a1 | a2 | a3 | a4 |
194 +-----+-----+-----+-----+-----+-----+
195 */
196 // Type: IPv4 address
197 {
198 "code": 16,
199 "data": "192.0.2.20",
200 "name": "swap-server"
201 },
202
203 /*
204 Code Len Root Disk Pathname
205 +-----+-----+-----+-----+-----+-----+---
206 | 17 | n | n1 | n2 | n3 | n4 | ...
207 +-----+-----+-----+-----+-----+-----+---
208 */
209 // Type: string
210 {
211 "code": 17,
212 "data": "/path/to/root",
213 "name": "root-path"
214 },
215
216 /*
217 Code Len Extensions Pathname
218 +-----+-----+-----+-----+-----+-----+---
219 | 18 | n | n1 | n2 | n3 | n4 | ...
220 +-----+-----+-----+-----+-----+-----+---
221 */
222 // Type: string
223 {
224 "code": 18,
225 "data": "/path/to/extensions",
226 "name": "extensions-path"
227 },
228
229 /*
230 Code Len Value
231 +-----+-----+-----+
232 | 19 | 1 | 0/1 |
233 +-----+-----+-----+
234 */
235 // Type: boolean
236 {
237 "code": 19,
238 "data": "true",
239 "name": "ip-forwarding"
240 },
241
242 /*
243 Code Len Value
244 +-----+-----+-----+
245 | 20 | 1 | 0/1 |
246 +-----+-----+-----+
247 */
248 // Type: boolean
249 {
250 "code": 20,
251 "data": "true",
252 "name": "non-local-source-routing"
253 },
254
255 /*
256 Code Len Address 1 Mask 1
257 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
258 | 21 | n | a1 | a2 | a3 | a4 | m1 | m2 | m3 | m4 |
259 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
260 Address 2 Mask 2
261 +-----+-----+-----+-----+-----+-----+-----+-----+---
262 | a1 | a2 | a3 | a4 | m1 | m2 | m3 | m4 | ...
263 +-----+-----+-----+-----+-----+-----+-----+-----+---
264 */
265 // Type: array of {IPv4 address}
266 {
267 "code": 21,
268 "data": "10.229.0.128, 255.255.255.128, 10.27.129.0, 255.255.255.0",
269 "name": "policy-filter"
270 },
271
272 /*
273 Code Len Size
274 +-----+-----+-----+-----+
275 | 22 | 2 | s1 | s2 |
276 +-----+-----+-----+-----+
277 */
278 // Type: uint16
279 {
280 "code": 22,
281 "data": "2048",
282 "name": "max-dgram-reassembly"
283 },
284
285 /*
286 Code Len TTL
287 +-----+-----+-----+
288 | 23 | 1 | ttl |
289 +-----+-----+-----+
290 */
291 // Type: uint8
292 {
293 "code": 23,
294 "data": "248",
295 "name": "default-ip-ttl"
296 },
297
298 /*
299 Code Len Timeout
300 +-----+-----+-----+-----+-----+-----+
301 | 24 | 4 | t1 | t2 | t3 | t4 |
302 +-----+-----+-----+-----+-----+-----+
303 */
304 // Type: uint32
305 {
306 "code": 24,
307 "data": "131072",
308 "name": "path-mtu-aging-timeout"
309 },
310
311 /*
312 Code Len Size 1 Size 2
313 +-----+-----+-----+-----+-----+-----+---
314 | 25 | n | s1 | s2 | s1 | s2 | ...
315 +-----+-----+-----+-----+-----+-----+---
316 */
317 // Type: array of {uint16}
318 {
319 "code": 25,
320 "data": "3072, 4096",
321 "name": "path-mtu-plateau-table"
322 },
323
324 /*
325 Code Len MTU
326 +-----+-----+-----+-----+
327 | 26 | 2 | m1 | m2 |
328 +-----+-----+-----+-----+
329 */
330 // Type: uint16
331 {
332 "code": 26,
333 "data": "5120",
334 "name": "interface-mtu"
335 },
336
337 /*
338 Code Len Value
339 +-----+-----+-----+
340 | 27 | 1 | 0/1 |
341 +-----+-----+-----+
342 */
343 // Type: boolean
344 {
345 "code": 27,
346 "data": "true",
347 "name": "all-subnets-local"
348 },
349
350 /*
351 Code Len Broadcast Address
352 +-----+-----+-----+-----+-----+-----+
353 | 28 | 4 | b1 | b2 | b3 | b4 |
354 +-----+-----+-----+-----+-----+-----+
355 */
356 // Type: IPv4 address
357 {
358 "code": 28,
359 "data": "192.0.2.255",
360 "name": "broadcast-address"
361 },
362
363 /*
364 Code Len Value
365 +-----+-----+-----+
366 | 29 | 1 | 0/1 |
367 +-----+-----+-----+
368 */
369 // Type: boolean
370 {
371 "code": 29,
372 "data": "true",
373 "name": "perform-mask-discovery"
374 },
375
376 /*
377 Code Len Value
378 +-----+-----+-----+
379 | 30 | 1 | 0/1 |
380 +-----+-----+-----+
381 */
382 // Type: boolean
383 {
384 "code": 30,
385 "data": "true",
386 "name": "mask-supplier"
387 },
388
389 /*
390 Code Len Value
391 +-----+-----+-----+
392 | 31 | 1 | 0/1 |
393 +-----+-----+-----+
394 */
395 // Type: boolean
396 {
397 "code": 31,
398 "data": "true",
399 "name": "router-discovery"
400 },
401
402 /*
403 Code Len Address
404 +-----+-----+-----+-----+-----+-----+
405 | 32 | 4 | a1 | a2 | a3 | a4 |
406 +-----+-----+-----+-----+-----+-----+
407 */
408 // Type: IPv4 address
409 {
410 "code": 32,
411 "data": "192.0.2.23",
412 "name": "router-solicitation-address"
413 },
414
415 /*
416 Code Len Destination 1 Router 1
417 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
418 | 33 | n | d1 | d2 | d3 | d4 | r1 | r2 | r3 | r4 |
419 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
420 Destination 2 Router 2
421 +-----+-----+-----+-----+-----+-----+-----+-----+---
422 | d1 | d2 | d3 | d4 | r1 | r2 | r3 | r4 | ...
423 +-----+-----+-----+-----+-----+-----+-----+-----+---
424 */
425 // Type: array of {IPv4 address}
426 {
427 "code": 33,
428 "data": "192.0.2.24, 192.0.2.25",
429 "name": "static-routes"
430 },
431
432 /*
433 Code Len Value
434 +-----+-----+-----+
435 | 34 | 1 | 0/1 |
436 +-----+-----+-----+
437 */
438 // Type: boolean
439 {
440 "code": 34,
441 "data": "true",
442 "name": "trailer-encapsulation"
443 },
444
445 /*
446 Code Len Time
447 +-----+-----+-----+-----+-----+-----+
448 | 35 | 4 | t1 | t2 | t3 | t4 |
449 +-----+-----+-----+-----+-----+-----+
450 */
451 // Type: uint32
452 {
453 "code": 35,
454 "data": "196608",
455 "name": "arp-cache-timeout"
456 },
457
458 /*
459 Code Len Value
460 +-----+-----+-----+
461 | 36 | 1 | 0/1 |
462 +-----+-----+-----+
463 */
464 // Type: boolean
465 {
466 "code": 36,
467 "data": "true",
468 "name": "ieee802-3-encapsulation"
469 },
470
471 /*
472 Code Len TTL
473 +-----+-----+-----+
474 | 37 | 1 | n |
475 +-----+-----+-----+
476 */
477 // Type: uint8
478 {
479 "code": 37,
480 "data": "124",
481 "name": "default-tcp-ttl"
482 },
483
484 /*
485 Code Len Time
486 +-----+-----+-----+-----+-----+-----+
487 | 38 | 4 | t1 | t2 | t3 | t4 |
488 +-----+-----+-----+-----+-----+-----+
489 */
490 // Type: uint32
491 {
492 "code": 38,
493 "data": "262144",
494 "name": "tcp-keepalive-interval"
495 },
496
497 /*
498 Code Len Value
499 +-----+-----+-----+
500 | 39 | 1 | 0/1 |
501 +-----+-----+-----+
502 */
503 // Type: boolean
504 {
505 "code": 39,
506 "data": "true",
507 "name": "tcp-keepalive-garbage"
508 },
509
510 /*
511 Code Len NIS Domain Name
512 +-----+-----+-----+-----+-----+-----+---
513 | 40 | n | n1 | n2 | n3 | n4 | ...
514 +-----+-----+-----+-----+-----+-----+---
515 */
516 // Type: string
517 {
518 "code": 40,
519 "data": "nis.example.org",
520 "name": "nis-domain"
521 },
522
523 /*
524 Code Len Address 1 Address 2
525 +-----+-----+-----+-----+-----+-----+-----+-----+--
526 | 41 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
527 +-----+-----+-----+-----+-----+-----+-----+-----+--
528 */
529 // Type: array of {IPv4 address}
530 {
531 "code": 41,
532 "data": "192.0.2.26, 192.0.2.27",
533 "name": "nis-servers"
534 },
535
536 /*
537 Code Len Address 1 Address 2
538 +-----+-----+-----+-----+-----+-----+-----+-----+--
539 | 42 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
540 +-----+-----+-----+-----+-----+-----+-----+-----+--
541 */
542 // Type: array of {IPv4 address}
543 {
544 "code": 42,
545 "data": "192.0.2.28, 192.0.2.29",
546 "name": "ntp-servers"
547 },
548
549 /*
550 Code Len Vendor-specific information
551 +-----+-----+-----+-----+---
552 | 43 | n | i1 | i2 | ...
553 +-----+-----+-----+-----+---
554
555 Code Len Data item Code Len Data item Code
556 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
557 | T1 | n | d1 | d2 | ... | T2 | n | D1 | D2 | ... | ... |
558 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+
559 */
560 // Type: empty
561 {
562 "code": 43,
563 "name": "vendor-encapsulated-options"
564 },
565
566 /*
567 Code Len Address 1 Address 2
568 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+----
569 | 44 | n | a1 | a2 | a3 | a4 | b1 | b2 | b3 | b4 | ...
570 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+----
571 */
572 // Type: array of {IPv4 address}
573 {
574 "code": 44,
575 "data": "192.0.2.30, 192.0.2.31",
576 "name": "netbios-name-servers"
577 },
578
579 /*
580 Code Len Address 1 Address 2
581 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+----
582 | 45 | n | a1 | a2 | a3 | a4 | b1 | b2 | b3 | b4 | ...
583 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+----
584 */
585 // Type: array of {IPv4 address}
586 {
587 "code": 45,
588 "data": "192.0.2.32, 192.0.2.33",
589 "name": "netbios-dd-server"
590 },
591
592 /*
593 Value Node Type
594 ----- ---------
595 0x1 B-node
596 0x2 P-node
597 0x4 M-node
598 0x8 H-node
599
600 Code Len Node Type
601 +-----+-----+-----------+
602 | 46 | 1 | see above |
603 +-----+-----+-----------+
604 */
605 // Type: uint8
606 {
607 "code": 46,
608 "data": "0x1",
609 "name": "netbios-node-type"
610 },
611
612 /*
613 Code Len NetBIOS Scope
614 +-----+-----+-----+-----+-----+-----+----
615 | 47 | n | s1 | s2 | s3 | s4 | ...
616 +-----+-----+-----+-----+-----+-----+----
617 */
618 // Type: string
619 {
620 "code": 47,
621 "data": "scope42",
622 "name": "netbios-scope"
623 },
624
625 /*
626 Code Len Address 1 Address 2
627 +-----+-----+-----+-----+-----+-----+-----+-----+---
628 | 48 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
629 +-----+-----+-----+-----+-----+-----+-----+-----+---
630 */
631 // Type: array of {IPv4 address}
632 {
633 "code": 48,
634 "data": "192.0.2.34, 192.0.2.35",
635 "name": "font-servers"
636 },
637
638 /*
639 Code Len Address 1 Address 2
640 +-----+-----+-----+-----+-----+-----+-----+-----+---
641 | 49 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
642 +-----+-----+-----+-----+-----+-----+-----+-----+---
643 */
644 // Type: array of {IPv4 address}
645 {
646 "code": 49,
647 "data": "192.0.2.36, 192.0.2.37",
648 "name": "x-display-manager"
649 },
650
651 /*
652 Value Meaning
653 ----- --------
654 1 the 'file' field is used to hold options
655 2 the 'sname' field is used to hold options
656 3 both fields are used to hold options
657
658 Code Len Value
659 +-----+-----+-----+
660 | 52 | 1 |1/2/3|
661 +-----+-----+-----+
662 */
663 // Type: uint8
664 {
665 "code": 52,
666 "data": "3",
667 "name": "dhcp-option-overload"
668 },
669
670 /*
671 Code Len Address
672 +-----+-----+-----+-----+-----+-----+
673 | 54 | 4 | a1 | a2 | a3 | a4 |
674 +-----+-----+-----+-----+-----+-----+
675 */
676 // Type: IPv4 address
677 {
678 "code": 54,
679 "data": "192.0.2.39",
680 "name": "dhcp-server-identifier"
681 },
682
683 /*
684 Code Len Text
685 +-----+-----+-----+-----+---
686 | 56 | n | c1 | c2 | ...
687 +-----+-----+-----+-----+---
688 */
689 // Type: string
690 {
691 "code": 56,
692 "data": "Error: here is a DHCPNAK!",
693 "name": "dhcp-message"
694 },
695
696 /*
697 Code Len Length
698 +-----+-----+-----+-----+
699 | 57 | 2 | l1 | l2 |
700 +-----+-----+-----+-----+
701 */
702 // Type: uint16
703 {
704 "code": 57,
705 "data": "1536",
706 "name": "dhcp-max-message-size"
707 },
708
709 /*
710 Code Len Vendor class Identifier
711 +-----+-----+-----+-----+---
712 | 60 | n | i1 | i2 | ...
713 +-----+-----+-----+-----+---
714 */
715 // Type: string
716 {
717 "code": 60,
718 "data": "ISC",
719 "name": "vendor-class-identifier"
720 },
721
722 /*
723 Code Len NetWare/IP Domain Name
724 +-----+-----+------+------+------+-----
725 | 62 | n | c1 | c2 | c3 | ...
726 +-----+-----+------+------+------+-----
727 */
728 // Type: string
729 {
730 "code": 62,
731 "data": "nwip.example.org",
732 "name": "nwip-domain-name"
733 },
734
735 /*
736 Code Len NetWare/IP General Info
737 +-----+-----+----+----+
738 | 63 | 11 | 2 | 0 |
739 +-----+-----+----+----+
740 NWIP_EXIST_IN_OPTIONS_AREA (length 0)
741
742 +----+----+----+
743 | 5 | 1 | 1 |
744 +----+----+----+
745 NSQ_BROADCAST_SERVER (length 1)
746 value is YES
747
748 +----+----+------------+
749 | 7 | 4 | IP address |
750 +----+----+------------+
751 NEAREST_NWIP_SERVER (length 4)
752 value is IP address of server
753 */
754 // Type: binary
755 {
756 "code": 63,
757 "data": "1A BB AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
758 "name": "nwip-suboptions"
759 },
760
761 /*
762 Code Len NIS Client Domain Name
763 +-----+-----+-----+-----+-----+-----+---
764 | 64 | n | n1 | n2 | n3 | n4 | ...
765 +-----+-----+-----+-----+-----+-----+---
766 */
767 // Type: string
768 {
769 "code": 64,
770 "data": "nisplus.example.org",
771 "name": "nisplus-domain-name"
772 },
773
774 /*
775 Code Len Address 1 Address 2
776 +-----+-----+-----+-----+-----+-----+-----+-----+--
777 | 65 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
778 +-----+-----+-----+-----+-----+-----+-----+-----+--
779 */
780 // Type: IPv4 address
781 {
782 "code": 65,
783 "data": "192.0.2.40",
784 "name": "nisplus-servers"
785 },
786
787 /*
788 Code Len TFTP server
789 +-----+-----+-----+-----+-----+---
790 | 66 | n | c1 | c2 | c3 | ...
791 +-----+-----+-----+-----+-----+---
792 */
793 // Type: string
794 {
795 "code": 66,
796 "data": "tftp.example.org",
797 "name": "tftp-server-name"
798 },
799
800 /*
801 Code Len Bootfile name
802 +-----+-----+-----+-----+-----+---
803 | 67 | n | c1 | c2 | c3 | ...
804 +-----+-----+-----+-----+-----+---
805 */
806 // Type: string
807 {
808 "code": 67,
809 "data": "boot-file.img",
810 "name": "boot-file-name"
811 },
812
813 /*
814 Code Len Home Agent Addresses (zero or more)
815 +-----+-----+-----+-----+-----+-----+--
816 | 68 | n | a1 | a2 | a3 | a4 | ...
817 +-----+-----+-----+-----+-----+-----+--
818 */
819 // Type: array of {IPv4 address}
820 {
821 "code": 68,
822 "data": "192.0.2.41, 192.0.2.42",
823 "name": "mobile-ip-home-agent"
824 },
825
826 /*
827 Code Len Address 1 Address 2
828 +-----+-----+-----+-----+-----+-----+-----+-----+--
829 | 69 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
830 +-----+-----+-----+-----+-----+-----+-----+-----+--
831 */
832 // Type: array of {IPv4 address}
833 {
834 "code": 69,
835 "data": "192.0.2.43, 192.0.2.44",
836 "name": "smtp-server"
837 },
838
839 /*
840 Code Len Address 1 Address 2
841 +-----+-----+-----+-----+-----+-----+-----+-----+--
842 | 70 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
843 +-----+-----+-----+-----+-----+-----+-----+-----+--
844 */
845 // Type: array of {IPv4 address}
846 {
847 "code": 70,
848 "data": "192.0.2.45, 192.0.2.46",
849 "name": "pop-server"
850 },
851
852 /*
853 Code Len Address 1 Address 2
854 +-----+-----+-----+-----+-----+-----+-----+-----+--
855 | 71 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
856 +-----+-----+-----+-----+-----+-----+-----+-----+--
857 */
858 // Type: array of {IPv4 address}
859 {
860 "code": 71,
861 "data": "192.0.2.47, 192.0.2.48",
862 "name": "nntp-server"
863 },
864
865 /*
866 Code Len Address 1 Address 2
867 +-----+-----+-----+-----+-----+-----+-----+-----+--
868 | 72 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
869 +-----+-----+-----+-----+-----+-----+-----+-----+--
870 */
871 // Type: array of {IPv4 address}
872 {
873 "code": 72,
874 "data": "192.0.2.49, 192.0.2.50",
875 "name": "www-server"
876 },
877
878 /*
879 Code Len Address 1 Address 2
880 +-----+-----+-----+-----+-----+-----+-----+-----+--
881 | 73 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
882 +-----+-----+-----+-----+-----+-----+-----+-----+--
883 */
884 // Type: array of {IPv4 address}
885 {
886 "code": 73,
887 "data": "192.0.2.51, 192.0.2.52",
888 "name": "finger-server"
889 },
890
891 /*
892 Code Len Address 1 Address 2
893 +-----+-----+-----+-----+-----+-----+-----+-----+--
894 | 74 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
895 +-----+-----+-----+-----+-----+-----+-----+-----+--
896 */
897 // Type: array of {IPv4 address}
898 {
899 "code": 74,
900 "data": "192.0.2.53, 192.0.2.54",
901 "name": "irc-server"
902 },
903
904 /*
905 Code Len Address 1 Address 2
906 +-----+-----+-----+-----+-----+-----+-----+-----+--
907 | 75 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
908 +-----+-----+-----+-----+-----+-----+-----+-----+--
909 */
910 // Type: array of {IPv4 address}
911 {
912 "code": 75,
913 "data": "192.0.2.55, 192.0.2.56",
914 "name": "streettalk-server"
915 },
916
917 /*
918 Code Len Address 1 Address 2
919 +-----+-----+-----+-----+-----+-----+-----+-----+--
920 | 76 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
921 +-----+-----+-----+-----+-----+-----+-----+-----+--
922 */
923 // Type: array of {IPv4 address}
924 {
925 "code": 76,
926 "data": "192.0.2.57, 192.0.2.58",
927 "name": "streettalk-directory-assistance-server"
928 },
929
930 /*
931 Code Len Value
932 +-----+-----+--------------------- . . . --+
933 | 77 | N | User Class Data ('Len' octets) |
934 +-----+-----+--------------------- . . . --+
935 */
936 // Type: binary
937 {
938 "code": 77,
939 "data": "1A BB AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
940 "name": "user-class"
941 },
942
943 /*
944 0 1 2 3
945 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
946 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
947 | Code = 78 | Length | Mandatory | a1 |
948 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
949 | a2 | a3 | a4 | ...
950 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
951 */
952 // Type: boolean, array of {IPv4 address}
953 {
954 "code": 78,
955 "data": "true, 192.0.2.59, 192.0.2.60",
956 "name": "slp-directory-agent"
957 },
958
959 /*
960 0 1 2 3
961 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
962 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
963 | Code = 79 | Length | Mandatory | <Scope List>...
964 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
965 */
966 // Type: boolean, string
967 {
968 "code": 79,
969 "data": "true, slp-scope",
970 "name": "slp-service-scope"
971 },
972
973 // Option code 80 is not defined in Kea.
974 // Option code 83 is not defined in Kea.
975 // Option code 84 is unassigned.
976
977 /*
978 Code Len Address 1 Address 2
979 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--
980 | 85 | n | a1 | a2 | a3 | a4 | a1 | a2 | a3 | a4 | ...
981 +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--
982 */
983 // Type: array of IPv4 address
984 {
985 "code": 85,
986 "data": "192.0.2.61, 192.0.2.62",
987 "name": "nds-servers"
988 },
989
990 /*
991 Code Len NDS Tree Name
992 +----+----+----+----+----+----+--
993 | 86 | n | c1 | c2 | c3 | c4 | ...
994 +----+----+----+----+----+----+--
995 */
996 // Type: string
997 {
998 "code": 86,
999 "data": "my-tree",
1000 "name": "nds-tree-name"
1001 },
1002
1003 /*
1004 Code Len Initial NDS Context
1005 +----+----+----+----+----+----+--
1006 | 87 | n | c1 | c2 | c3 | c4 | ...
1007 +----+----+----+----+----+----+--
1008 */
1009 // Type: string
1010 {
1011 "code": 87,
1012 "data": "context",
1013 "name": "nds-context"
1014 },
1015
1016 /*
1017 Code Len FQDN(s) of BCMCS Controller
1018 +-----+-----+-----+-----+-----+-----+-----+--
1019 | 88 | n | s1 | s2 | s3 | s4 | s5 | ...
1020 +-----+-----+-----+-----+-----+-----+-----+--
1021 */
1022 // Type: FQDN
1023 {
1024 "code": 88,
1025 "data": "bcms-controller.example.org",
1026 "name": "bcms-controller-names"
1027 },
1028
1029 /*
1030 Code Len Address 1 Address 2
1031 +-----+-----+-----+-----+-----+-----+-----+--
1032 | 89 | n | a1 | a2 | a3 | a4 | a1 | ...
1033 +-----+-----+-----+-----+-----+-----+-----+--
1034 */
1035 // Type: array of {IPv4 address}
1036 {
1037 "code": 89,
1038 "data": "192.0.2.63",
1039 "name": "bcms-controller-address"
1040 },
1041
1042 /*
1043 Code Len 16-bit Type
1044 +----+-----+-----+-----+
1045 | 93 | n | n1 | n2 |
1046 +----+-----+-----+-----+
1047 */
1048 // Type: array of uint16
1049 {
1050 "code": 93,
1051 "data": "6144, 7168",
1052 "name": "client-system"
1053 },
1054
1055 /*
1056 Code Len Type Major Minor
1057 +----+-----+----+-----+-----+
1058 | 94 | 3 | t | M | m |
1059 +----+-----+----+-----+-----+
1060 */
1061 // Type: uint8, uint8, uint8
1062 {
1063 "code": 94,
1064 "data": "0, 1, 0",
1065 "name": "client-ndi"
1066 },
1067
1068 // Option code 95 is unsupported.
1069 // Option code 96 is unassigned.
1070
1071 /*
1072 Code Len Type Machine Identifier
1073 +----+-----+----+-----+ . . . +-----+
1074 | 97 | n | t | | . . . | |
1075 +----+-----+----+-----+ . . . +-----+
1076 */
1077 // Type: uint8, binary
1078 {
1079 "code": 97,
1080 "data": "0, 1A BB AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
1081 "name": "uuid-guid"
1082 },
1083
1084 /*
1085 0 1 2 3
1086 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1087 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1088 | Code | Length | URL list
1089 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1090
1091 Code 98
1092
1093 Length The length of the data field (i.e., URL list) in
1094 bytes.
1095
1096 URL list A list of one or more URLs separated by the ASCII
1097 space character (0x20).
1098 */
1099 // Type: string
1100 {
1101 "code": 98,
1102 "data": "uap1.example.org uap2.example.org",
1103 "name": "uap-servers"
1104 },
1105
1106 /*
1107 0 1 2 3
1108 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1109 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1110 | GEOCONF_CIVIC | N | what | country |
1111 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1112 | code | civic address elements ...
1113 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1114
1115 Code GEOCONF_CIVIC: The code for this DHCP option is 99.
1116
1117 N: The length of this option is variable. The minimum length is 3
1118 octets.
1119
1120 what: The 'what' element describes to which location the DHCP entry
1121 refers. Currently, three options are defined: the location of the
1122 DHCP server (a value of 0), the location of the network element
1123 believed to be closest to the client (a value of 1), or the
1124 location of the client (a value of 2). Option (2) SHOULD be used,
1125 but may not be known. Options (0) and (1) SHOULD NOT be used
1126 unless it is known that the DHCP client is in close physical
1127 proximity to the server or network element.
1128
1129 country code: The two-letter ISO 3166 country code in capital ASCII
1130 letters, e.g., DE or US. (Civic addresses always contain country
1131 designations, suggesting the use of a fixed-format field to save
1132 space.)
1133
1134 civic address elements: Zero or more elements comprising the civic
1135 and/or postal address, with the format described below
1136 (Section 3.3).
1137 */
1138 // Type: binary
1139 {
1140 "code": 99,
1141 "data": "1A BB AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
1142 "name": "geoconf-civic"
1143 },
1144
1145 /*
1146 PCode Len TZ-POSIX String
1147 +-----+-----+------------------------------+
1148 | 100 | N | IEEE 1003.1 String |
1149 +-----+-----+------------------------------+
1150 */
1151 // Type: string
1152 {
1153 "code": 100,
1154 // String options that have a comma in their values need to have
1155 // it escaped (i.e. each comma is preceded by two backslashes).
1156 // That's because commas are reserved for separating fields in
1157 // compound options. At the same time, we need to be conformant
1158 // with JSON spec, that does not allow "\,". Therefore the
1159 // slightly uncommon double backslashes notation is needed.
1160 // The value sent over the wire is:
1161 // EST5EDT4,M3.2.0/02:00,M11.1.0/02:00
1162 "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00",
1163 "name": "pcode"
1164 },
1165
1166 /*
1167 TCode Len TZ-Database String
1168 +-----+-----+------------------------------+
1169 | 101 | N | Reference to the TZ Database |
1170 +-----+-----+------------------------------+
1171 */
1172 // Type: string
1173 {
1174 "code": 101,
1175 "data": "Europe/Zurich",
1176 "name": "tcode"
1177 },
1178
1179 // Option codes 102-107 are unassigned.
1180
1181 /*
1182 0 1 2 3
1183 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1185 | Code | Length | Value |
1186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1187 | Value (cont.) |
1188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1189
1190 Code: 8-bit identifier of the IPv6-Only Preferred option code as
1191 assigned by IANA: 108. The client includes the Code in the
1192 Parameter Request List in DHCPDISCOVER and DHCPREQUEST messages as
1193 described in Section 3.2.
1194
1195 Length: 8-bit unsigned integer. The length of the option, excluding
1196 the Code and Length Fields. The server MUST set the length field
1197 to 4. The client MUST ignore the IPv6-Only Preferred option if
1198 the length field value is not 4.
1199
1200 Value: 32-bit unsigned integer. The number of seconds for which the
1201 client should disable DHCPv4 (V6ONLY_WAIT configuration variable).
1202 If the server pool is explicitly configured with a V6ONLY_WAIT
1203 timer, the server MUST set the field to that configured value.
1204 Otherwise, the server MUST set it to zero. The client MUST
1205 process that field as described in Section 3.2.
1206 */
1207 // Type: uint32
1208 {
1209 "code": 108,
1210 "data": "3600",
1211 "name": "v6-only-preferred"
1212 },
1213
1214 // Option codes 109-111 are unassigned.
1215
1216 // Type: array of {IPv4 address}
1217 {
1218 "code": 112,
1219 "data": "192.0.2.63, 192.0.2.64",
1220 "name": "netinfo-server-address"
1221 },
1222
1223 // Type: string
1224 {
1225 "code": 113,
1226 "data": "server1",
1227 "name": "netinfo-server-tag"
1228 },
1229
1230 // Type: string
1231 {
1232 "code": 114,
1233 "data": "https://default.example.org",
1234 "name": "v4-captive-portal"
1235 },
1236
1237 // Option code 115 is unassigned.
1238
1239 /*
1240 Code Len Value
1241 +-----+-----+-----+
1242 | 116 | 1 | a |
1243 +-----+-----+-----+
1244 */
1245 // Type: uint8
1246 {
1247 "code": 116,
1248 "data": "1",
1249 "name": "auto-config"
1250 },
1251
1252 /*
1253 Code Length Name Service Search Order in Sequence
1254 0 1 2 3
1255 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1256 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1257 | 117 | Len | ns1 |
1258 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1259 | ns2 | ... |
1260 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1261 */
1262 // Type: array of {uint16}
1263 {
1264 "code": 117,
1265 "data": "6, 41, 44, 65",
1266 "name": "name-service-search"
1267 },
1268
1269 /*
1270 Code Len IPv4 Address
1271 +-----+-----+-----+-----+-----+-----+
1272 | 118 | 4 | A1 | A2 | A3 | A4 |
1273 +-----+-----+-----+-----+-----+-----+
1274 */
1275 // Type: IPv4 address
1276 {
1277 "code": 118,
1278 "data": "192.0.2.65",
1279 "name": "subnet-selection"
1280 },
1281
1282 /*
1283 0 1 2 3
1284 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1285 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1286 | 119 | Len | Searchstring...
1287 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1288 | Searchstring...
1289 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1290 */
1291 // Type: array of {FQDN}
1292 {
1293 "code": 119,
1294 "data": "example.com, example.org",
1295 "name": "domain-search"
1296 },
1297
1298 // Option code 120 is not defined in Kea.
1299
1300 /*
1301 Code Len Destination 1 Router 1
1302 +-----+---+----+-----+----+----+----+----+----+
1303 | 121 | n | d1 | ... | dN | r1 | r2 | r3 | r4 |
1304 +-----+---+----+-----+----+----+----+----+----+
1305
1306 Destination 2 Router 2
1307 +----+-----+----+----+----+----+----+
1308 | d1 | ... | dN | r1 | r2 | r3 | r4 |
1309 +----+-----+----+----+----+----+----+
1310
1311 Destination 1...N Destination descriptors - describe the IP
1312 subnet number and subnet mask of a particular
1313 destination using a compact encoding. This
1314 encoding consists of one octet describing
1315 the width of the subnet mask, followed by all
1316 the significant octets of the subnet number.
1317
1318 Router 1...N The IP address of the router that should
1319 be used to reach that destination.
1320 */
1321 // Type: internal
1322 {
1323 "code": 121,
1324 // please mind the convenience notation used:
1325 // subnet1 - router1 IP addr, subnet2 - router2 IP addr, ..., subnetN - routerN IP addr
1326 "data": "10.229.0.128/25 - 10.229.0.1, 10.198.122.47/32 - 10.198.122.1",
1327 "name": "classless-static-route"
1328 },
1329
1330 // Option codes 122-123 are not defined in Kea.
1331
1332 /*
1333 1 1 1 1 1 1
1334 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1335 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1336 | option-code | option-len |
1337 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1338 | enterprise-number1 |
1339 | |
1340 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1341 | data-len1 | |
1342 +-+-+-+-+-+-+-+-+ |
1343 / vendor-class-data1 /
1344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ----
1345 | enterprise-number2 | ^
1346 | | |
1347 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1348 | data-len2 | | optional
1349 +-+-+-+-+-+-+-+-+ | |
1350 / vendor-class-data2 / |
1351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1352 ~ ... ~ V
1353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ----
1354
1355 option-code OPTION_V-I_VENDOR_CLASS (124)
1356
1357 option-len total length of all following option data in
1358 octets
1359
1360 enterprise-numberN The vendor's 32-bit Enterprise Number as
1361 registered with IANA [3]
1362
1363 data-lenN Length of vendor-class-data field
1364
1365 vendor-class-dataN Details of the hardware configuration of the
1366 host on which the client is running, or of
1367 industry consortium compliance
1368 */
1369 // Type: uint32, binary
1370 {
1371 "code": 124,
1372 "data": "4491, 0f BA AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
1373 "name": "vivco-suboptions"
1374 },
1375
1376 /*
1377 1 1 1 1 1 1
1378 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1379 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1380 | option-code | option-len |
1381 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1382 | enterprise-number1 |
1383 | |
1384 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1385 | data-len1 | |
1386 +-+-+-+-+-+-+-+-+ option-data1 |
1387 / /
1388 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ----
1389 | enterprise-number2 | ^
1390 | | |
1391 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1392 | data-len2 | | optional
1393 +-+-+-+-+-+-+-+-+ option-data2 | |
1394 / / |
1395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1396 ~ ... ~ V
1397 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ----
1398
1399 option-code OPTION_V-I_VENDOR_OPTS (125)
1400
1401 option-len total length of all following option data in
1402 octets
1403
1404 enterprise-numberN The vendor's registered 32-bit Enterprise Number
1405 as registered with IANA [3]
1406
1407 data-lenN Length of option-data field
1408
1409 option-dataN Vendor-specific options, described below
1410 */
1411 // Type: uint32
1412 {
1413 "code": 125,
1414 "data": "4491",
1415 "name": "vivso-suboptions"
1416 },
1417
1418 // Option codes 126-127 are unassigned.
1419 // Option codes 128-135 are not defined in Kea.
1420
1421 /*
1422 0 1
1423 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6
1424 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1425 | option-code | option-length |
1426 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1427 | |
1428 + PAA IPv4 Address +
1429 | |
1430 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1431 | ... |
1432 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1433 Figure 1: PAA DHCPv4 option
1434
1435 option-code: OPTION_PANA_AGENT (136).
1436
1437 option-length: Length of the 'options' field in octets;
1438 MUST be a multiple of four (4).
1439
1440 PAA IPv4 Address: IPv4 address of a PAA for the client to use.
1441 The PAAs are listed in the order of preference
1442 for use by the client.
1443 */
1444 // Type: array of {IPv4 address}
1445 {
1446 "code": 136,
1447 "data": "192.0.2.66, 192.0.2.67",
1448 "name": "pana-agent"
1449 },
1450
1451 /*
1452 Code Len LoST Server Domain Name
1453 +-----+-----+-----+-----+-----+-----+-----+----
1454 | 137 | n | s1 | s2 | s3 | s4 | s5 | ...
1455 +-----+-----+-----+-----+-----+-----+-----+----
1456 */
1457 // Type: FQDN
1458 {
1459 "code": 137,
1460 "data": "lost.example.org",
1461 "name": "v4-lost"
1462 },
1463
1464 /*
1465 0 1
1466 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6
1467 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1468 | option-code | option-length |
1469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1470 | |
1471 + AC IPv4 Address +
1472 | |
1473 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1474 | ... |
1475 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1476
1477 option-code: OPTION_CAPWAP_AC_V4 (138)
1478
1479 option-length: Length of the 'options' field in octets; MUST be a
1480 multiple of four (4).
1481
1482 AC IPv4 Address: IPv4 address of a CAPWAP AC that the WTP may use.
1483 The ACs are listed in the order of preference for use by the WTP
1484 */
1485 // Type: array of {IPv4 address}
1486 {
1487 "code": 138,
1488 "data": "192.0.2.68, 192.0.2.69",
1489 "name": "capwap-ac-v4"
1490 },
1491
1492 // Option codes 139-140 are not defined in Kea.
1493
1494 /*
1495 0 1 2 3
1496 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1497 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1498 | 141 | Len | Searchstring... |
1499 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1500 | Searchstring... |
1501 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1502 */
1503 // Type: array of {FQDN}
1504 {
1505 "code": 141,
1506 "data": "example.com, example.org",
1507 "name": "sip-ua-cs-domains"
1508 },
1509
1510 // Option code 142 is not defined in Kea.
1511
1512 /*
1513 0 1
1514 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1515 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1516 | option-code (143) | option-length |
1517 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1518 . .
1519 . bootstrap-server-list (variable length) .
1520 . .
1521 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1522
1523 option-code: OPTION_V4_SZTP_REDIRECT (143)
1524
1525 option-length: The option length in octets.
1526
1527 bootstrap-server-list: A list of servers for the
1528 client to attempt contacting, in order to obtain
1529 further bootstrapping data. Each URI entry in the
1530 bootstrap-server-list is structured as follows:
1531
1532 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
1533 | uri-length | URI |
1534 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
1535
1536 uri-length: 2 octets long; specifies the length of the URI data.
1537 URI: URI of the SZTP bootstrap server.
1538 */
1539 // Type: array of {tuple}
1540 {
1541 "code": 143,
1542 "data": "https://sztp1.example.com:8443, https://sztp2.example.com:8444",
1543 "name": "v4-sztp-redirect"
1544 },
1545
1546 // Option codes 144-145 are not defined in Kea.
1547
1548 // Type: uint8, IPv4 address, IPv4 address, array of {FQDN}
1549 {
1550 "code": 146,
1551 "data": "1, 192.0.2.70, 192.0.2.71, example.com, example.org",
1552 "name": "rdnss-selection"
1553 },
1554
1555 // Option codes 147-158 are not defined in Kea.
1556
1557 // Type: uint8, PSID
1558 {
1559 "code": 159,
1560 "data": "2, 3/4",
1561 "name": "v4-portparams"
1562 },
1563
1564 // Option codes 160-161 are unassigned.
1565
1566 /*
1567 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1568 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1569 | OPTION_V4_DNR | Length |
1570 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1571 ~ DNR Instance Data #1 ~
1572 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---
1573 . ... . |
1574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ optional
1575 ~ DNR Instance Data #n ~ |
1576 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---
1577
1578 DNR Instance Data Format:
1579 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1580 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1581 | DNR Instance Data Length |
1582 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1583 | Service Priority |
1584 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1585 | ADN Length | |
1586 +-+-+-+-+-+-+-+-+ |
1587 ~ authentication-domain-name ~
1588 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1589 | Addr Length | |
1590 +-+-+-+-+-+-+-+-+ |
1591 ~ IPv4 Address(es) ~
1592 | +-+-+-+-+-+-+-+-+
1593 | | |
1594 +-+-+-+-+-+-+-+-+ |
1595 ~Service Parameters (SvcParams) ~
1596 | |
1597 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1598
1599 Code: OPTION_V4_DNR (162).
1600
1601 Length: Indicates the length of the enclosed data in octets.
1602
1603 DNR Instance Data: Includes the configuration data of an encrypted
1604 DNS resolver. When several encrypted DNS resolvers are to be included, the "DNR
1605 Instance Data" field is repeated.
1606
1607 DNR Instance Data Length: Length of all following data in octets.
1608 This field is set to ('ADN Length' + 3) when only an ADN is
1609 provided for a DNR instance.
1610
1611 Service Priority: The priority of this instance compared to other
1612 DNR instances. This 16-bit unsigned integer is interpreted
1613 following the rules specified in Section 2.4.1 of
1614 [RFC9460].
1615
1616 ADN Length: Length of the authentication-domain-name in octets.
1617
1618 authentication-domain-name (variable length): The authentication
1619 domain name of the encrypted DNS resolver. This field is
1620 formatted as specified in Section 10 of [RFC9915].
1621
1622 Addr Length: Length of included IPv4 addresses in octets. When
1623 present, it MUST be a multiple of 4.
1624
1625 IPv4 Address(es) (variable length): Indicates one or more IPv4
1626 addresses to reach the encrypted DNS resolver. Both private and
1627 public IPv4 addresses can be included in this field.
1628
1629 Service Parameters (SvcParams) (variable length): Specifies a set of
1630 service parameters that are encoded following the rules in
1631 Section 2.2 of [RFC9460].
1632 The length of this field is ('DNR Instance Data Length' - 4 - 'ADN
1633 Length' - 'Addr Length').
1634
1635 Note that "Addr Length", "IPv4 Address(es)", and "Service Parameters
1636 (SvcParams)" fields are not present if the ADN-only mode is used.
1637 */
1638 // Type: internal
1639 {
1640 // DNR option may be configured using convenient notation. DNR Instances must be delimited with pipe "|" char.
1641 // For each DNR Instance comma delimited fields must be provided:
1642 // - service priority (mandatory),
1643 // - ADN (mandatory),
1644 // - IP address(es) (optional - if more than one - they must be space-separated)
1645 // - SvcParams (optional - if more than one - they must be space-separated;
1646 // to provide more than one alpn-id separate them with double-backslash escaped comma like in the
1647 // example below).
1648 // Note: whenever pipe "|" char needs to be used not as the delimiter, it must be escaped with
1649 // double backslash, like in case of escaped commas in alpn-ids list.
1650 // Basing on the config, Kea will encode the option according to RFC9463.
1651 "code": 162,
1652 "name": "v4-dnr",
1653 "data": "1, resolver.example., 10.2.3.4 10.0.4.5, alpn=dot\\,doq\\,h2\\,h3 dohpath=/q{?dns} | 2, resolver.example., 10.0.5.6, alpn=dot port=8530 | 3, fooexp.resolver.example."
1654 },
1655
1656 // Option codes 163-209 are unassigned.
1657
1658 /*
1659 0 1 2 3
1660 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1661 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1662 | OPTION_6RD | option-length | IPv4MaskLen | 6rdPrefixLen |
1663 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1664 | |
1665 | 6rdPrefix |
1666 | (16 octets) |
1667 | |
1668 | |
1669 | |
1670 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1671 | 6rdBRIPv4Address(es) |
1672 . .
1673 . .
1674 . .
1675 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1676
1677 option-code OPTION_6RD (212)
1678
1679 option-length The length of the DHCP option in octets (22
1680 octets with one BR IPv4 address).
1681
1682 IPv4MaskLen The number of high-order bits that are identical
1683 across all CE IPv4 addresses within a given 6rd
1684 domain. This may be any value between 0 and 32.
1685 Any value greater than 32 is invalid.
1686
1687 6rdPrefixLen The IPv6 prefix length of the SP's 6rd IPv6
1688 prefix in number of bits. For the purpose of
1689 bounds checking by DHCP option processing, the
1690 sum of (32 - IPv4MaskLen) + 6rdPrefixLen MUST be
1691 less than or equal to 128.
1692
1693 6rdBRIPv4Address One or more IPv4 addresses of the 6rd Border
1694 Relay(s) for a given 6rd domain.
1695
1696 6rdPrefix The service provider's 6rd IPv6 prefix
1697 represented as a 16-octet IPv6 address. The bits
1698 in the prefix after the 6rdPrefixlen number of
1699 bits are reserved and MUST be initialized to zero
1700 by the sender and ignored by the receiver.
1701 */
1702 // Type: uint8, uint8, IPv6 address, array of {IPv4 address}
1703 {
1704 "code": 212,
1705 "data": "24, 96, 2001:db8::f001, 192.0.2.72, 192.0.2.73",
1706 "name": "option-6rd"
1707 },
1708
1709 /*
1710 0 1 2 3
1711 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1712 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1713 | Code | Length | Access Network Domain Name .
1714 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1715 . Access Network Domain Name (cont.) .
1716 . ... .
1717 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1718
1719 option-code: OPTION_V4_ACCESS_DOMAIN (213).
1720
1721 option-length: The length of the entire access network domain name
1722 option in octets.
1723
1724 option-value: The domain name associated with the access network,
1725 encoded as described in Section 3.1.
1726 */
1727 // Type: FQDN
1728 {
1729 "code": 213,
1730 "data": "example.org",
1731 "name": "v4-access-domain"
1732 },
1733
1734 // Option codes 214-219 are unassigned.
1735 // Option codes 220-221 are not defined in Kea.
1736 // Option codes 222-254 are unassigned
1737
1738 /*
1739 Custom option data
1740 */
1741 // See "option-def" below for the definitions.
1742 {
1743 "code": 1,
1744 "name": "my-empty-option",
1745 "space": "my-fancy-space"
1746 },
1747 {
1748 "code": 224,
1749 "data": "192.0.2.74, 3/4, 1, example.org, string",
1750 "name": "my-lengthy-option",
1751 "space": "my-fancy-space"
1752 },
1753 {
1754 "code": 254,
1755 "data": "127, 32767, 2147483647, 255, 65535, 4294967295, 192.0.2.75, 3/4, 1, example.org, string",
1756 "name": "my-fancy-option",
1757 "space": "my-fancy-space"
1758 },
1759 {
1760 "code": 232,
1761 "name": "my-encapsulating-option",
1762 "space": "my-encapsulating-space"
1763 }
1764 ],
1765
1766 /*
1767 Custom option definitions
1768 */
1769 // For kea-dhcp4, custom option definitions can be global or in a client
1770 // class.
1771 "option-def": [
1772 // New option space allows for a new set of option codes.
1773 // An empty option requires no "data" in "option-data". It's
1774 // presence should be sufficient to trigger custom behavior.
1775 {
1776 "array": false,
1777 "code": 1,
1778 "encapsulate": "",
1779 "name": "my-empty-option",
1780 "record-types": "",
1781 "space": "my-fancy-space",
1782 "type": "empty"
1783 },
1784
1785 // A custom type has "type" set to "record" and all data types (which need
1786 // to be more than 1, otherwise you're better off using the type directly)
1787 // are specified in "record-types". If "string" is part of them, it needs
1788 // to be last.
1789 {
1790 "array": false,
1791 "code": 224,
1792 "encapsulate": "",
1793 "name": "my-lengthy-option",
1794 "record-types": "ipv4-address, psid, tuple, fqdn, string",
1795 "space": "my-fancy-space",
1796 "type": "record"
1797 },
1798
1799 // Contains arrays of all types except strings since an array of strings
1800 // is not a valid option definition.
1801 {
1802 "array": true,
1803 "code": 254,
1804 "encapsulate": "",
1805 "name": "my-fancy-option",
1806 "record-types": "int8, int16, int32, uint8, uint16, uint32, ipv4-address, psid, tuple, fqdn",
1807 "space": "my-fancy-space",
1808 "type": "record"
1809 },
1810
1811 // A single encapsulating space can be used. An option containing any
1812 // option from said space will now be unpacked successfully by Kea.
1813 {
1814 "array": false,
1815 "code": 232,
1816 "encapsulate": "my-fancy-space",
1817 "name": "my-encapsulating-option",
1818 "record-types": "",
1819 "space": "my-encapsulating-space",
1820 "type": "empty"
1821 }
1822 ],
1823
1824 "subnet4": [
1825 /*
1826 DOCSIS3 option data
1827 */
1828 // Headers are as defined in CL-SP-CANN-DHCP-Reg-I16-200715.
1829 // "space" is required to be explicitly defined as "docsis3-v4"
1830 {
1831 "option-data": [
1832 /*
1833 0 1 2 3
1834 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1835 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1836 | CL_V4OPTION_ORO| option-len | req-opt-code-1| req-opt-code-2|
1837 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1838 | ... |
1839 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1840
1841 option-code CL_V4OPTION_ORO (1).
1842
1843 option-len number of requested options.
1844
1845 req-opt-code-n The option code for an option requested by the client.
1846
1847 */
1848 // Type: array of {uint8}
1849 {
1850 "code": 1,
1851 "data": "32, 42",
1852 "name": "oro",
1853 "space": "docsis3-v4"
1854 },
1855
1856 /*
1857 0 1 2 3
1858 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1859 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1860 | option code | option-len | IPv4 address of TFTP server 1 |
1861 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1862 | address of server 1 (cont.) | IPv4 address of TFTP server 2 |
1863 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1864 | address of server 2 (cont.) | ...
1865 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1866 . ... | IPv4 address of TFTP server n |
1867 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1868 | address of server n (cont.) |
1869 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1870
1871 option code CL_VV4OPTION_TFTP_SERVERS (2)
1872
1873 option len number of bytes for TFTP server IPv4 addresses (4*n for
1874 n servers)
1875 */
1876 // Type: array of {IPv4 address}
1877 {
1878 "code": 2,
1879 "data": "192.0.2.76, 192.0.2.77",
1880 "name": "tftp-servers",
1881 "space": "docsis3-v4"
1882 }
1883 ],
1884 "id": 1,
1885 "subnet": "192.0.2.0/24"
1886 }
1887 ]
1888 }
1889}
kea4/backends.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It is a basic scenario with one IPv4 subnet configured. It demonstrates
3// how to configure Kea to use various backends to store leases:
4// - memfile
5// - MySQL
6// - PostgreSQL
7
8{ "Dhcp4":
9
10{
11// Kea is told to listen on eth0 interface only.
12 "interfaces-config": {
13 "interfaces": [ "eth0" ]
14 },
15
16// We need to specify lease type. Exactly one lease-database section
17// should be present. Make sure you uncomment only one.
18
19// 1. memfile backend. Leases information will be stored in flat CSV file.
20// This is the easiest backend to use as it does not require any extra
21// dependencies or services running.
22// "lease-database": {
23// "type": "memfile",
24// "persist": true,
25// "lfc-interval": 3600
26// },
27
28// 2. MySQL backend. Leases will be stored in MySQL database. Make sure it
29// is up, running and properly initialized. See kea-admin documentation
30// for details on how to initialize the database. The only strictly required
31// parameters are type and name. If other parameters are not specified,
32// Kea will assume the database is available on localhost, that user and
33// password is not necessary to connect and that timeout is 5 seconds.
34// Kea must be compiled with the "-D mysql" option to use this backend.
35// "lease-database": {
36// "type": "mysql",
37// "name": "keatest",
38// "host": "localhost",
39// "port": 3306,
40// "user": "keatest",
41// "password": "1234",
42// "reconnect-wait-time": 3000, // expressed in ms
43// "max-reconnect-tries": 3,
44// "on-fail": "stop-retry-exit",
45// "retry-on-startup": false,
46// "connect-timeout": 3
47// },
48// Since Kea.2.7.4, the libdhcp_mysql.so hook library must be loaded in order to
49// store leases in the MySQL Lease Database Backend.
50// Specify the lease backend hook library location.
51// {
52// // the MySQL lease backend hook library required for lease storage.
53// "library": "libdhcp_mysql.so"
54// },
55
56// 3. PostgreSQL backend. Leases will be stored in PostgreSQL database. Make
57// sure it is up, running and properly initialized. See kea-admin documentation
58// for details on how to initialize the database. The only strictly required
59// parameters are type and name. If other parameters are not specified,
60// Kea will assume the database is available on localhost, that user and
61// password is not necessary to connect and that timeout is 5 seconds.
62// Kea must be compiled with the "-D postgresql" option to use this backend.
63// "lease-database": {
64// "type": "postgresql",
65// "name": "keatest",
66// "host": "localhost",
67// "port": 5432,
68// "user": "keatest",
69// "password": "1234",
70// "reconnect-wait-time": 3000, // expressed in ms
71// "max-reconnect-tries": 3,
72// "on-fail": "stop-retry-exit",
73// "retry-on-startup": false,
74// "connect-timeout": 3
75// },
76// Since Kea.2.7.4, the libdhcp_pgsql.so hook library must be loaded in order to
77// store leases in the PostgreSQL Lease Database Backend.
78// Specify the lease backend hook library location.
79// {
80// // the PostgreSQL lease backend hook library required for lease storage.
81// "library": "libdhcp_pgsql.so"
82// },
83
84// Addresses will be assigned with a lifetime of 4000 seconds.
85 "valid-lifetime": 4000,
86
87// Renew and rebind timers are commented out. This implies that options
88// 58 and 59 will not be sent to the client. In this case it is up to
89// the client to pick the timer values according to RFC2131. Uncomment the
90// timers to send these options to the client.
91// "renew-timer": 1000,
92// "rebind-timer": 2000,
93
94// The following list defines subnets. We have only one subnet
95// here. We tell Kea that it is directly available over local interface.
96 "subnet4": [
97 {
98 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
99 "id":1 ,
100 "subnet": "192.0.2.0/24",
101 "interface": "eth0"
102 }
103 ],
104
105// The following configures logging. It assumes that messages with at
106// least informational level (info, warn, error and fatal) should be
107// logged to stdout.
108 "loggers": [
109 {
110 "name": "kea-dhcp4",
111 "output-options": [
112 {
113 "output": "stdout"
114 }
115 ],
116 "severity": "INFO"
117 }
118 ]
119}
120
121}
kea4/classify.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// The purpose of this example is to showcase how clients can be classified.
3
4{ "Dhcp4":
5
6{
7
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// Let's use the simplest backend: memfile and use some reasonable values
14// for timers. They are of no concern for the classification demonstration.
15 "lease-database": { "type": "memfile" },
16 "renew-timer": 1000,
17 "rebind-timer": 2000,
18 "valid-lifetime": 4000,
19
20// This list defines several classes that incoming packets can be assigned to.
21// One packet can belong to zero or more classes.
22 "client-classes": [
23
24// The first class attempts to match the whole hardware address to a specific
25// value. All incoming packets with that MAC address will get a special
26// value of the option. If there are many hosts that require special
27// treatment, it is much better to use host reservations. However, doing
28// tricks with MAC addresses may prove useful in some cases, e.g.
29// by matching OUI to known values we can detect certain vendors.
30 {
31 "name": "special_snowflake",
32 "test": "pkt4.mac == 0x010203040506",
33 "option-data": [{
34 "name": "domain-name-servers",
35 "data": "127.0.0.1"
36 }]
37 },
38
39// Let's classify all incoming DISCOVER (message type 1) to a separate
40// class.
41 {
42 "name": "discovers",
43 "test": "pkt4.msgtype == 1"
44 },
45
46// Clients are supposed to set the transaction-id field to a random value.
47// Clients that send it with 0 are most likely broken. Let's mark them
48// as such.
49 {
50 "name": "broken",
51 "test": "pkt4.transid == 0"
52 },
53
54// Let's pick VoIP phones. Those that send their class identifiers
55// as Aastra, should belong to VoIP class. For a list of all options,
56// see www.iana.org/assignments/bootp-dhcp-parameters/.
57// In this particular class, we want to set specific values
58// of certain DHCPv4 fields. If the incoming packet matches the
59// test, those fields will be set in outgoing responses.
60// The option 43 is defined to encapsulate suboption in the aastra space.
61 {
62 "name": "VoIP",
63 "test": "substring(option[60].hex,0,6) == 'Aastra'",
64 "next-server": "192.0.2.254",
65 "server-hostname": "hal9000",
66 "boot-file-name": "/dev/null",
67 "option-def": [ {
68 "name": "vendor-encapsulated-options",
69 "code": 43,
70 "type": "empty",
71 "encapsulate": "aastra" } ]
72 }
73
74 ],
75
76// The following list defines subnets. For some subnets we defined
77// a class that is allowed in that subnet. If not specified,
78// everyone is allowed. When a class is specified, only packets belonging
79// to that class are allowed for that subnet.
80 "subnet4": [
81 // This one is for VoIP devices only.
82 {
83 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
84 "id": 1,
85 "subnet": "192.0.2.0/24",
86 "client-classes": [ "VoIP" ],
87 "interface": "eth0"
88 },
89
90 // This one doesn't have any client-class specified, so everyone
91 // is allowed in. The normal subnet selection rules still apply,
92 // though. There is also a static class reservation for a client
93 // using MAC address 1a:1b:1c:1d:1e:1f. This client will always
94 // be assigned to this class.
95 {
96 "pools": [ { "pool": "192.0.3.1 - 192.0.3.200" } ],
97 "id": 2,
98 "subnet": "192.0.3.0/24",
99 "reservations": [
100 {
101 "hw-address": "1a:1b:1c:1d:1e:1f",
102 "client-classes": [ "VoIP" ]
103 } ],
104 "interface": "eth0"
105 },
106
107 // The following list defines a subnet with pools. For some pools
108 // we defined a class that is allowed in that pool. If not specified
109 // everyone is allowed. When a class is specified, only packets belonging
110 // to that class are allowed for that pool.
111 {
112 "pools": [
113 // This one is for VoIP devices only.
114 {
115 "pool": "192.0.4.1 - 192.0.4.200",
116 "client-classes": [ "VoIP" ]
117 },
118
119 // This one doesn't have any client-class specified,
120 // so everyone is allowed in.
121 {
122 "pool": "192.0.5.1 - 192.0.5.200"
123 } ],
124
125 "subnet": "192.0.4.0/23",
126 "id": 3,
127 "interface": "eth1"
128 }
129 ],
130
131// The following configures logging. It assumes that messages with at
132// least informational level (info, warn, error and fatal) should be
133// logged to stdout.
134 "loggers": [
135 {
136 "name": "kea-dhcp4",
137 "output-options": [
138 {
139 "output": "stdout"
140 }
141 ],
142 "severity": "INFO"
143 }
144 ]
145}
146
147}
kea4/classify2.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// The purpose of this example is to showcase how clients can be classified
3// with advanced features.
4
5{ "Dhcp4":
6
7{
8
9// Kea is told to listen on eth0 interface only.
10 "interfaces-config": {
11 "interfaces": [ "eth0" ]
12 },
13
14// Let's use the simplest backend: memfile and use some reasonable values
15// for timers. They are of no concern for the classification demonstration.
16 "lease-database": { "type": "memfile" },
17 "renew-timer": 1000,
18 "rebind-timer": 2000,
19 "valid-lifetime": 4000,
20
21// This list defines several classes that incoming packets can be assigned to.
22// One packet can belong to zero or more classes.
23 "client-classes": [
24
25// This class is included by the second subnet in its 'evaluate-additional-classes'
26// list so 'only-in-additional-list' is enabled. This ensures the class will only
27// be evaluated if the second subnet is selected. The test expression returns true.
28// Note it is not possible to depend on VoIP class because it is not yet
29// defined.
30 {
31 "name": "second_subnet",
32 "only-in-additional-list": true,
33 "test": "member('ALL')",
34 "option-data": [{
35 "name": "domain-name-servers",
36 "data": "127.0.0.1"
37 }]
38 },
39
40// Let's classify all incoming DISCOVER (message type 1) to a separate
41// class.
42 {
43 "name": "discovers",
44 "test": "pkt4.msgtype == 1"
45 },
46
47// Clients are supposed to set the transaction-id field to a random value.
48// Clients that send it with 0 are most likely broken. Let's mark them
49// as such.
50 {
51 "name": "broken",
52 "test": "pkt4.transid == 0"
53 },
54
55// Let's pick VoIP phones. Those that send their class identifiers
56// as Aastra, should belong to VoIP class. For a list of all options,
57// see www.iana.org/assignments/bootp-dhcp-parameters/.
58// In this particular class, we want to set specific values
59// of certain DHCPv4 fields. If the incoming packet matches the
60// test, those fields will be set in outgoing responses.
61// The option 43 is defined to encapsulate suboption in the aastra space.
62 {
63 "name": "VoIP",
64 "test": "substring(option[60].hex,0,6) == 'Aastra'",
65 "next-server": "192.0.2.254",
66 "server-hostname": "hal9000",
67 "boot-file-name": "/dev/null",
68 "option-def": [ {
69 "name": "vendor-encapsulated-options",
70 "code": 43,
71 "type": "empty",
72 "encapsulate": "aastra" } ]
73 },
74
75// Both a VoIP phone (by evaluation or host reservation) and has a host
76// reservation.
77 {
78 "name": "VoIP_host",
79 "test": "member('VoIP') and member('KNOWN')",
80 "server-hostname": "hal9001"
81 }
82
83 ],
84
85// The following list defines subnets. For some subnets we defined
86// a class that is allowed in that subnet. If not specified,
87// everyone is allowed. When a class is specified, only packets belonging
88// to that class are allowed for that subnet.
89 "subnet4": [
90 {
91// This one is for VoIP devices only.
92 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
93 "id": 1,
94 "subnet": "192.0.2.0/24",
95 "client-classes": [ "VoIP" ],
96 "interface": "eth0"
97 },
98// This one doesn't have any client-class specified, so everyone
99// is allowed in. The normal subnet selection rules still apply,
100// though. There is also a static class reservation for a client
101// using MAC address 1a:1b:1c:1d:1e:1f. This client will always
102// be assigned to this class.
103 {
104 "pools": [ { "pool": "192.0.3.1 - 192.0.3.200" } ],
105 "id": 2,
106 "subnet": "192.0.3.0/24",
107 "reservations": [
108 {
109 "hw-address": "1a:1b:1c:1d:1e:1f",
110 "client-classes": [ "VoIP" ]
111 } ],
112 "interface": "eth0",
113 "evaluate-additional-classes": [ "second_subnet" ]
114 },
115
116// The following list defines a subnet with pools. For some pools
117// we defined a class that is allowed in that pool. If not specified
118// everyone is allowed. When a class is specified, only packets belonging
119// to that class are allowed for that pool.
120 {
121 "pools": [
122 {
123// This one is for VoIP devices only.
124 "pool": "192.0.4.1 - 192.0.4.200",
125 "client-classes": [ "VoIP" ]
126 },
127// This one doesn't have any client-class specified, so everyone
128// is allowed in.
129 {
130 "pool": "192.0.5.1 - 192.0.5.200"
131 } ],
132 "id": 3,
133 "subnet": "192.0.4.0/23",
134 "interface": "eth1"
135 },
136// This subnet is divided in two pools for unknown and known
137// (i.e. which have a reservation) clients. The built-in KNOWN and
138// UNKNOWN classes are set or not at host reservation lookup (KNOWN if
139// this returns something, UNKNOWN if this finds nothing) and client
140// classes depending on it are evaluated.
141// This happens after subnet selection and before address allocation
142// from pools.
143 {
144 "pools": [
145 {
146 "pool": "192.0.8.100 - 192.0.8.200",
147 "client-classes": [ "UNKNOWN" ]
148 },
149 {
150 "pool": "192.0.9.100 - 192.0.9.200",
151 "client-classes": [ "KNOWN" ]
152 }
153 ],
154 "id": 4,
155 "subnet": "192.0.8.0/23",
156 "reservations": [
157 { "hw-address": "00:00:00:11:22:33", "hostname": "h1" },
158 { "hw-address": "00:00:00:44:55:66", "hostname": "h4" },
159 { "hw-address": "00:00:00:77:88:99", "hostname": "h7" },
160 { "hw-address": "00:00:00:aa:bb:cc", "hostname": "ha" }
161 ]
162 }
163 ],
164
165// The following configures logging. It assumes that messages with at
166// least informational level (info, warn, error and fatal) should be
167// logged to stdout.
168 "loggers": [
169 {
170 "name": "kea-dhcp4",
171 "output-options": [
172 {
173 "output": "stdout"
174 }
175 ],
176 "severity": "INFO"
177 }
178 ]
179}
180
181}
kea4/comments.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It uses embedded (i.e., which will be included in configuration objects
3// and not stripped by at lexical analysis) comments.
4
5{ "Dhcp4":
6
7{
8 // Global scope
9 "comment": "A DHCPv4 server",
10
11 // In interface config
12 "interfaces-config": {
13 "comment": "Use wildcard",
14 "interfaces": [ "*" ] },
15
16 // In option definitions
17 "option-def": [ {
18 "comment": "An option definition",
19 "name": "foo",
20 "code": 100,
21 "type": "ipv4-address",
22 "space": "isc"
23 } ],
24
25 // In option data
26 "option-data": [ {
27 "comment": "Set option value",
28 "name": "dhcp-message",
29 "data": "ABCDEF0105",
30 "csv-format": false
31 } ],
32
33 // In client classes
34 "client-classes": [
35 {
36 "comment": "match all",
37 "name": "all",
38 "test": "'' == ''"
39 },
40 // Of course comments are optional
41 {
42 "name": "none"
43 },
44 // A comment and a user-context can be specified
45 {
46 "comment": "a comment",
47 "name": "both",
48 "user-context": {
49 "version": 1
50 }
51 }
52 ],
53
54 // In control sockets.
55 "control-sockets": [
56 {
57 "socket-type": "unix",
58 "socket-name": "kea4-ctrl-socket",
59 "user-context": { "comment": "Indirect comment" }
60 },
61 {
62 "comment": "HTTP control socket",
63 "socket-type": "http",
64 "socket-address": "::1",
65 "socket-port": 8004,
66
67 // In authentication
68 "authentication": {
69 "comment": "basic HTTP authentication",
70 "type": "basic",
71 // In basic HTTP authentication clients
72 "clients": [ {
73 "user": "admin",
74 "password": "1234"
75 } ]
76 }
77 }
78 ],
79
80 // In shared networks
81 "shared-networks": [ {
82 "comment": "A shared network",
83 "name": "foo",
84
85 // In subnets
86 "subnet4": [
87 {
88 "comment": "A subnet",
89 "subnet": "192.0.1.0/24",
90 "id": 100,
91
92 // In pools
93 "pools": [
94 {
95 "comment": "A pool",
96 "pool": "192.0.1.1-192.0.1.10"
97 }
98 ],
99
100 // In host reservations
101 "reservations": [
102 {
103 "comment": "A host reservation",
104 "hw-address": "AA:BB:CC:DD:EE:FF",
105 "hostname": "foo.example.com",
106
107 // Again in an option data
108 "option-data": [ {
109 "comment": "An option in a reservation",
110 "name": "domain-name",
111 "data": "example.com"
112 } ]
113 }
114 ]
115 }
116 ]
117 } ],
118
119 // In dhcp ddns
120 "dhcp-ddns": {
121 "comment": "No dynamic DNS",
122 "enable-updates": false
123 },
124
125 // In loggers
126 "loggers": [ {
127 "comment": "A logger",
128 "name": "kea-dhcp4"
129 } ]
130}
131
132}
kea4/config-backend.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It demonstrates how to enable Kea Configuration Backend using MySQL.
3// It requires that libdhcp_mysql.so library is available and
4// optionally libdhcp_cb_cmds.so hook library.
5
6{ "Dhcp4":
7
8{
9 // Set the server tag for the configuration backend. This instance will
10 // be named server1. Every configuration element that is applicable to
11 // either "all" or "server1" will be used by this instance.
12 "server-tag": "server1",
13
14 // Kea is told to listen on eth0 interface only.
15 "interfaces-config": {
16 "interfaces": [ "eth0" ]
17 },
18
19 // Use memfile lease database backend.
20 "lease-database": {
21 "type": "memfile",
22 "lfc-interval": 3600
23 },
24
25 // This parameter controls how the server accesses the configuration
26 // database. Currently only two database types are available - "mysql" and
27 // "postgresql".
28 // Using "mysql" requires that the libdhcp_mysql.so hook library is loaded.
29 // If using "postgresql", then loading libdhcp_pgsql.so hook library is
30 // required.
31 "config-control": {
32 // A list of database backends to connect to. Currently, it is limited
33 // to a single backend.
34 "config-databases": [
35 {
36 "type": "mysql",
37 "reconnect-wait-time": 3000, // expressed in ms
38 "max-reconnect-tries": 3,
39 "name": "kea",
40 "user": "kea",
41 "password": "1234",
42 "host": "localhost",
43 "port": 3306
44 }
45 ],
46 // Controls how often the server polls the database for the
47 // configuration updates. The setting below implies that it
48 // will take up to approx. 20 seconds for the server to
49 // discover and fetch configuration changes.
50 "config-fetch-wait-time": 20
51 },
52
53 // This defines a control socket. If defined, Kea will open a UNIX socket
54 // and will listen for incoming commands. See section 17 of the Kea ARM for
55 // details.
56 "control-socket": {
57 "socket-type": "unix",
58 "socket-name": "kea4-ctrl-socket"
59 },
60
61 // Hooks libraries that enable configuration backend are loaded.
62 "hooks-libraries": [
63 // The libdhcp_mysql.so is required to use MySQL Configuration
64 // Backend.
65 {
66 "library": "libdhcp_mysql.so"
67 }
68 // If using PostgreSQL Configuration Backend, the "libdhcp_pgsql.so" is
69 // required.
70 // {
71 // "library": "libdhcp_pgsql.so"
72 // }
73 // The libdhcp_cb_cmds.so is optional. It allows for managing the
74 // configuration in the database. If this library is not loaded,
75 // the configuration can be managed directly using available
76 // tools that work directly with the MySQL database.
77 // ,{
78 // "library": "libdhcp_cb_cmds.so"
79 // }
80 ],
81
82 // The following configures logging. It assumes that messages with at
83 // least informational level (info, warn, error and fatal) should be
84 // logged to stdout. Alternatively, you can specify stderr here, a filename
85 // or 'syslog', which will store output messages via syslog.
86 "loggers": [
87 {
88 "name": "kea-dhcp4",
89 "output-options": [
90 {
91 "output": "stdout"
92 }
93 ],
94 "severity": "INFO"
95 }
96 ]
97}
98
99}
kea4/dhcpv4-over-dhcpv6.json
1// This is an example configuration file for the DHCPv4 server of
2// DHCPv4-over-DHCPv6 tests in Kea.
3
4{
5
6// DHCPv4 conf
7"Dhcp4":
8{
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13 "lease-database": {
14 "type": "memfile",
15 "name": "kea-leases4.csv",
16 "lfc-interval": 3600
17 },
18
19 "valid-lifetime": 4000,
20
21 "subnet4": [
22 {
23 "id": 100,
24 "subnet": "10.10.10.0/24",
25// Don't forget the "4o6-" before "interface" here!
26 "4o6-interface": "eth0",
27 "4o6-subnet": "2001:db8:1:1::/64",
28 "pools": [ { "pool": "10.10.10.100 - 10.10.10.199" } ] }
29 ],
30
31// This enables DHCPv4-over-DHCPv6 support
32 "dhcp4o6-port": 786,
33
34 "loggers": [
35 {
36 "name": "kea-dhcp4",
37 "output-options": [
38 {
39 "output": "kea-dhcp4.log"
40 }
41 ],
42 "severity": "DEBUG",
43 "debuglevel": 0
44 }
45 ]
46}
47
48}
kea4/global-reservations.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It demonstrates how global host reservations can be configured.
3// The global reservations are not associated with any subnet. They
4// are assigned regardless of the subnet to which the DHCP client belongs.
5// Global reservations are assigned to the DHCP clients using the
6// same host identifier types as subnet specific reservations. This file
7// contains multiple examples of host reservations using different
8// identifier types, e.g. MAC address, client identifier etc.
9{ "Dhcp4":
10
11{
12// Kea is told to listen on eth0 interface only.
13 "interfaces-config": {
14 "interfaces": [ "eth0" ]
15 },
16
17// We need to specify the database used to store leases. As of June
18// 2022, three database backends are supported: MySQL, PostgreSQL and
19// the in-memory database, Memfile. We'll use memfile because it doesn't
20// require any prior set up.
21 "lease-database": {
22 "type": "memfile",
23 "lfc-interval": 3600
24 },
25
26// Addresses will be assigned with a lifetime of 4000 seconds.
27 "valid-lifetime": 4000,
28
29// Renew and rebind timers are commented out. This implies that options
30// 58 and 59 will not be sent to the client. In this case it is up to
31// the client to pick the timer values according to RFC2131. Uncomment the
32// timers to send these options to the client.
33// "renew-timer": 1000,
34// "rebind-timer": 2000,
35
36// Kea supports reservations by several different types of identifiers:
37// hw-address (hardware/MAC address of the client), duid (DUID inserted by the
38// client), client-id (client identifier inserted by the client), circuit-id
39// (circuit identifier inserted by the relay agent) and flex-id (flexible
40// identifier available when flex_id hook library is loaded). When told to do
41// so, Kea can check for all of those identifier types, but it takes a costly
42// database lookup to do so. It is therefore useful from a performance
43// perspective to use only the reservation types that are actually used in a
44// given network.
45
46// The example below is not optimal from a performance perspective, but it
47// nicely showcases the host reservation capabilities. Please use the minimum
48// set of identifier types used in your network.
49 "host-reservation-identifiers": [ "circuit-id", "hw-address", "duid",
50 "client-id", "flex-id" ],
51
52// This directive tells Kea that reservations are global. Note that this
53// can also be specified at shared network and/or subnet level.
54
55// Specify whether the server should look up global reservations.
56 "reservations-global": true,
57
58// Specify whether the server should look up in-subnet reservations.
59 "reservations-in-subnet": false,
60
61// Specify whether the server can assume that all reserved addresses
62// are out-of-pool.
63// Ignored when reservations-in-subnet is false.
64// If specified, it is inherited by "shared-networks" and "subnet4" levels.
65 "reservations-out-of-pool": false,
66
67// Define several global host reservations.
68 "reservations": [
69
70// This is a reservation for a specific hardware/MAC address. It's a very
71// simple reservation: just an address and nothing else.
72// Note it is not recommended but still allowed to reverse addresses at
73// the global scope: as it breaks the link between the reservation and
74// the subnet it can lead to a client localized in another subnet than
75// its address belongs to.
76 {
77 "hw-address": "1a:1b:1c:1d:1e:1f",
78 "ip-address": "192.0.2.201"
79 },
80
81// This is a reservation for a specific client-id. It also shows
82// the this client will get a reserved hostname. A hostname can be defined
83// for any identifier type, not just client-id. Either a hostname or
84// an address is required.
85 {
86 "client-id": "01:11:22:33:44:55:66",
87 "hostname": "special-snowflake"
88 },
89
90// The third reservation is based on DUID. This reservation also
91// defines special option values for this particular client. If
92// the domain-name-servers option would have been defined on a global,
93// subnet or class level, the host specific values take precedence for
94// this particular DHCP client.
95 {
96 "duid": "01:02:03:04:05",
97 "ip-address": "192.0.2.203",
98 "option-data": [ {
99 "name": "domain-name-servers",
100 "data": "10.1.1.202,10.1.1.203"
101 } ]
102 },
103
104// The fourth reservation is based on circuit-id. This is an option inserted
105// by the relay agent that forwards the packet from client to the server.
106// In this example the host is also assigned vendor specific options.
107 {
108 "circuit-id": "01:11:22:33:44:55:66",
109 "ip-address": "192.0.2.204",
110 "option-data": [
111 {
112 "name": "vivso-suboptions",
113 "data": "4491"
114 },
115 {
116 "name": "tftp-servers",
117 "space": "vendor-4491",
118 "data": "10.1.1.202,10.1.1.203"
119 }
120 ]
121 },
122
123// This reservation is for a client that needs specific DHCPv4 fields to be
124// set. Three supported fields are next-server, server-hostname and
125// boot-file-name
126 {
127 "client-id": "01:0a:0b:0c:0d:0e:0f",
128 "ip-address": "192.0.2.205",
129 "next-server": "192.0.2.1",
130 "server-hostname": "hal9000",
131 "boot-file-name": "/dev/null"
132 },
133
134// This reservation is using flexible identifier. Instead of relying
135// on specific field, sysadmin can define an expression similar to what
136// is used for client classification,
137// e.g. substring(relay[0].option[17],0,6). Then, based on the value of
138// that expression for incoming packet, the reservation is matched.
139// Expression can be specified either as hex or plain text using single
140// quotes.
141// Note: flexible identifier requires flex_id hook library to be
142// loaded to work.
143 {
144 "flex-id": "'s0mEVaLue'",
145 "ip-address": "192.0.2.206"
146 }
147 ],
148
149 // Define a subnet.
150 "subnet4": [
151 {
152 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
153 "id": 1,
154 "subnet": "192.0.2.0/24",
155 "interface": "eth0"
156 }
157 ],
158
159// The following configures logging. It assumes that messages with at
160// least informational level (info, warn, error and fatal) should be
161// logged to stdout.
162 "loggers": [
163 {
164 "name": "kea-dhcp4",
165 "output-options": [
166 {
167 "output": "stdout"
168 }
169 ],
170 "severity": "INFO"
171 }
172 ]
173}
174
175}
kea4/ha-load-balancing-server1-mt-with-tls.json
1// This is an example configuration of the Kea DHCPv4 server. It uses High
2// Availability hook library and Lease Commands hook library to enable
3// High Availability function for the DHCP server. Note that almost exactly
4// the same configuration must be used on the second server (partner).
5// The only difference is that "this-server-name" must be set to "server2"
6// on this other server. Also, the interface configuration and location of TLS
7// specific files depend on the network settings and configuration of the
8// particular machine.
9//
10// The servers using this configuration work in load balancing mode.
11{
12
13// DHCPv4 configuration starts here.
14"Dhcp4": {
15 // Add names of your network interfaces to listen on.
16 "interfaces-config": {
17 // The DHCPv4 server listens on this interface.
18 "interfaces": [ "eth0" ]
19 },
20
21 // Multi-threading parameters.
22 "multi-threading": {
23 // By default, Kea processes packets on multiple threads if the hardware permits.
24 "enable-multi-threading": true,
25
26 // When multi-threading is enabled, Kea will process packets on a
27 // number of multiple threads configurable through this option.
28 "thread-pool-size": 4,
29
30 // When multi-threading is enabled, Kea will read packets from the
31 // interface and append a working item to the thread pool. This
32 // option configures the maximum number of items that can be queued.
33 "packet-queue-size": 64
34 },
35
36 // Use Memfile lease database backend to store leases in a CSV file.
37 // Depending on how Kea was compiled, it may also support SQL databases
38 // (MySQL and/or PostgreSQL). Those database backends require more
39 // parameters, like name, host and possibly user and password.
40 // There are dedicated examples for each backend. See Section 7.2.2 "Lease
41 // Storage" for details.
42 "lease-database": {
43 // Memfile is the simplest and easiest backend to use. It's an in-memory
44 "type": "memfile"
45 },
46
47 // Client classes will associate address pools with certain servers taking
48 // part in providing High Availability.
49 "client-classes": [
50 // phones class
51 {
52 "name": "phones",
53 "test": "substring(option[60].hex,0,6) == 'Aastra'"
54 },
55 // laptops are everything but phones.
56 {
57 "name": "laptops",
58 "test": "not member('phones')"
59 },
60 // Some phones will be handled by server1. Whether the HA_server1
61 // or HA_server2 is assigned for the client is a matter of load
62 // balancing performed by the HA hook library.
63 {
64 "name": "phones_server1",
65 "test": "member('phones') and member('HA_server1')"
66 },
67 // Some phones will be handled by server2.
68 {
69 "name": "phones_server2",
70 "test": "member('phones') and member('HA_server2')"
71 },
72 // Some laptops will be handled by server1.
73 {
74 "name": "laptops_server1",
75 "test": "member('laptops') and member('HA_server1')"
76 },
77 // Some laptops will be handled by server2.
78 {
79 "name": "laptops_server2",
80 "test": "member('laptops') and member('HA_server2')"
81 }
82 ],
83
84 // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and
85 // libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
86 // The latter implements high availability feature for Kea.
87 "hooks-libraries": [
88 // The lease_cmds library must be loaded because HA makes use of it to
89 // deliver lease updates to the server as well as synchronize the
90 // lease database after failure.
91 {
92 "library": "libdhcp_lease_cmds.so",
93 "parameters": { }
94 },
95 {
96 // The HA hook library should be loaded.
97 "library": "libdhcp_ha.so",
98 "parameters": {
99 // High Availability configuration is specified for the HA hook library.
100 // Each server should have the same HA configuration, except for the
101 // "this-server-name" parameter.
102 "high-availability": [ {
103 // This parameter points to this server instance. The respective
104 // HA peers must have this parameter set to their own names.
105 "this-server-name": "server1",
106 // The HA mode is set to load-balancing. In this mode, the active
107 // servers share the traffic (50/50).
108 "mode": "load-balancing",
109 // Heartbeat is to be sent every 10 seconds if no other control
110 // commands are transmitted.
111 "heartbeat-delay": 10000,
112 // Maximum time for partner's response to a heartbeat, after which
113 // failure detection is started. This is specified in milliseconds.
114 "max-response-delay": 60000,
115 // The following parameters control how the server detects the
116 // partner's failure. The ACK delay sets the threshold for the
117 // 'secs' field of the received discovers. This is specified in
118 // milliseconds.
119 "max-ack-delay": 5000,
120 // This specifies the number of clients which send messages to
121 // the partner but appear to not receive any response.
122 "max-unacked-clients": 5,
123 // This specifies the maximum timeout (in milliseconds) for the server
124 // to complete sync. If you have a large deployment (high tens or
125 // hundreds of thausands of clients), you may need to increase it
126 // further. The default value is 60000ms (60 seconds).
127 "sync-timeout": 60000,
128 // To not experience performance degradation when the Kea server is
129 // processing packets on multiple threads, the High Availability module
130 // must have multi-threading enabled.
131 "multi-threading": {
132 // Enable High Availability to benefit from multi-threading. Default: true.
133 "enable-multi-threading": true,
134 // When running in MT mode, the dedicated listener is used to handle
135 // lease updates.
136 "http-dedicated-listener": true,
137 // The number of threads used to handle incoming requests.
138 // A value of 0 instructs the server to use the same number of
139 // threads that the Kea core is using for DHCP multi-threading.
140 "http-listener-threads": 0,
141 // The number of threads used to handle outgoing requests.
142 // A value of 0 instructs the server to use the same number of
143 // threads that the Kea core is using for DHCP multi-threading.
144 "http-client-threads": 0
145 },
146 "peers": [
147 // This is the configuration of this server instance.
148 {
149 "name": "server1",
150 // This specifies the URL of this server instance.
151 "url": "http://192.168.56.33:8005/",
152 // Trust anchor aka certificate authority file or directory.
153 "trust-anchor": "/usr/lib/kea/CA.pem",
154 // Client certificate file name.
155 "cert-file": "/usr/lib/kea/server1_cert.pem",
156 // Private key file name.
157 "key-file": "/usr/lib/kea/server1_key.pem",
158 // Client certificates are required and verified.
159 "require-client-certs": true,
160 // This server is primary. The other one must be
161 // secondary.
162 "role": "primary"
163 },
164 // This is the configuration of the HA peer.
165 {
166 "name": "server2",
167 // Specifies the URL on which the partner's control
168 // channel can be reached.
169 "url": "http://192.168.56.66:8005/",
170 // Trust anchor aka certificate authority file or directory.
171 "trust-anchor": "/usr/lib/kea/CA.pem",
172 // Client certificate file name.
173 "cert-file": "/usr/lib/kea/server2_cert.pem",
174 // Private key file name.
175 "key-file": "/usr/lib/kea/server2_key.pem",
176 // Client certificates are required and verified.
177 "require-client-certs": true,
178 // The partner is secondary. This server is primary.
179 "role": "secondary"
180 }
181 ]
182 } ]
183 }
184 }
185 ],
186
187 // This example contains a single subnet declaration.
188 "subnet4": [
189 {
190 // Subnet id.
191 "id": 1,
192
193 // Subnet prefix.
194 "subnet": "192.0.3.0/24",
195
196 // Specify four address pools.
197 "pools": [
198 {
199 "pool": "192.0.3.100 - 192.0.3.125",
200 "client-classes": [ "phones_server1" ]
201 },
202 {
203 "pool": "192.0.3.126 - 192.0.3.150",
204 "client-classes": [ "laptops_server1" ]
205 },
206 {
207 "pool": "192.0.3.200 - 192.0.3.225",
208 "client-classes": [ "phones_server2" ]
209 },
210 {
211 "pool": "192.0.3.226 - 192.0.3.250",
212 "client-classes": [ "laptops_server2" ]
213 }
214 ],
215
216 // These are options that are subnet specific. In most cases,
217 // you need to define at least routers option, as without this
218 // option your clients will not be able to reach their default
219 // gateway and will not have Internet connectivity.
220 "option-data": [
221 {
222 // For each IPv4 subnet you most likely need to specify at
223 // least one router.
224 "name": "routers",
225 "data": "192.0.3.1"
226 }
227 ],
228
229 // This subnet will be selected for queries coming from the following
230 // IP address.
231 "relay": { "ip-addresses": [ "192.168.56.1" ] }
232 }
233 ],
234
235// The following configures logging. It assumes that messages with at
236// least informational level (info, warn, error and fatal) should be
237// logged to stdout. Alternatively, you can specify stderr here, a filename
238// or 'syslog', which will store output messages via syslog.
239 "loggers": [
240 {
241 // This section affects kea-dhcp4, which is the base logger for DHCPv4
242 // component. It tells DHCPv4 server to write all log messages (on
243 // severity INFO or more) to a file.
244 "name": "kea-dhcp4",
245 "output-options": [
246 {
247 "output": "stdout"
248 }
249 ],
250 "severity": "INFO",
251 "debuglevel": 0
252 },
253 {
254 // This section specifies configuration of the HA hook library-specific
255 // logger.
256 "name": "kea-dhcp4.ha-hooks",
257 "output-options": [
258 {
259 "output": "stdout"
260 }
261 ],
262 "severity": "INFO",
263 "debuglevel": 99
264 }
265 ]
266}
267}
kea4/ha-load-balancing-server2-mt.json
1// This is an example configuration of the Kea DHCPv4 server. It uses High
2// Availability hook library and Lease Commands hook library to enable
3// High Availability function for the DHCP server. Note that almost exactly
4// the same configuration must be used on the second server (partner).
5// The only difference is that "this-server-name" must be set to "server1"
6// on this other server. Also, the interface configuration depends on the
7// network settings of the particular machine.
8//
9// The servers using this configuration work in load balancing mode.
10{
11
12// DHCPv4 configuration starts here.
13"Dhcp4": {
14 // Add names of your network interfaces to listen on.
15 "interfaces-config": {
16 // The DHCPv4 server listens on this interface.
17 "interfaces": [ "eth0" ]
18 },
19
20 // Multi-threading parameters.
21 "multi-threading": {
22 // By default, Kea processes packets on multiple threads if the hardware permits.
23 "enable-multi-threading": true,
24
25 // When multi-threading is enabled, Kea will process packets on a
26 // number of multiple threads configurable through this option.
27 "thread-pool-size": 4,
28
29 // When multi-threading is enabled, Kea will read packets from the
30 // interface and append a working item to the thread pool. This
31 // option configures the maximum number of items that can be queued.
32 "packet-queue-size": 64
33 },
34
35 // Use Memfile lease database backend to store leases in a CSV file.
36 // Depending on how Kea was compiled, it may also support SQL databases
37 // (MySQL and/or PostgreSQL). Those database backends require more
38 // parameters, like name, host and possibly user and password.
39 // There are dedicated examples for each backend. See Section 7.2.2 "Lease
40 // Storage" for details.
41 "lease-database": {
42 // Memfile is the simplest and easiest backend to use. It's an in-memory
43 "type": "memfile"
44 },
45
46 // Client classes will associate address pools with certain servers taking
47 // part in providing High Availability.
48 "client-classes": [
49 // phones class
50 {
51 "name": "phones",
52 "test": "substring(option[60].hex,0,6) == 'Aastra'"
53 },
54 // laptops are everything but phones.
55 {
56 "name": "laptops",
57 "test": "not member('phones')"
58 },
59 // Some phones will be handled by server1. Whether the HA_server1
60 // or HA_server2 is assigned for the client is a matter of load
61 // balancing performed by the HA hook library.
62 {
63 "name": "phones_server1",
64 "test": "member('phones') and member('HA_server1')"
65 },
66 // Some phones will be handled by server2.
67 {
68 "name": "phones_server2",
69 "test": "member('phones') and member('HA_server2')"
70 },
71 // Some laptops will be handled by server1.
72 {
73 "name": "laptops_server1",
74 "test": "member('laptops') and member('HA_server1')"
75 },
76 // Some laptops will be handled by server2.
77 {
78 "name": "laptops_server2",
79 "test": "member('laptops') and member('HA_server2')"
80 }
81 ],
82
83 // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and
84 // libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
85 // The latter implements high availability feature for Kea.
86 "hooks-libraries": [
87 // The lease_cmds library must be loaded because HA makes use of it to
88 // deliver lease updates to the server as well as synchronize the
89 // lease database after failure.
90 {
91 "library": "libdhcp_lease_cmds.so",
92 "parameters": { }
93 },
94 {
95 // The HA hook library should be loaded.
96 "library": "libdhcp_ha.so",
97 "parameters": {
98 // High Availability configuration is specified for the HA hook library.
99 // Each server should have the same HA configuration, except for the
100 // "this-server-name" parameter.
101 "high-availability": [ {
102 // This parameter points to this server instance. The respective
103 // HA peers must have this parameter set to their own names.
104 "this-server-name": "server2",
105 // The HA mode is set to load-balancing. In this mode, the active
106 // servers share the traffic (50/50).
107 "mode": "load-balancing",
108 // Heartbeat is to be sent every 10 seconds if no other control
109 // commands are transmitted.
110 "heartbeat-delay": 10000,
111 // Maximum time for partner's response to a heartbeat, after which
112 // failure detection is started. This is specified in milliseconds.
113 "max-response-delay": 60000,
114 // The following parameters control how the server detects the
115 // partner's failure. The ACK delay sets the threshold for the
116 // 'secs' field of the received discovers. This is specified in
117 // milliseconds.
118 "max-ack-delay": 5000,
119 // This specifies the number of clients which send messages to
120 // the partner but appear to not receive any response.
121 "max-unacked-clients": 5,
122 // This specifies the maximum timeout (in milliseconds) for the server
123 // to complete sync. If you have a large deployment (high tens or
124 // hundreds of thausands of clients), you may need to increase it
125 // further. The default value is 60000ms (60 seconds).
126 "sync-timeout": 60000,
127 // To not experience performance degradation when the Kea server is
128 // processing packets on multiple threads, the High Availability module
129 // must have multi-threading enabled.
130 "multi-threading": {
131 // Enable High Availability to benefit from multi-threading. Default: true.
132 "enable-multi-threading": true,
133 // When running in MT mode, the dedicated listener is used to handle
134 // lease updates.
135 "http-dedicated-listener": true,
136 // The number of threads used to handle incoming requests.
137 // A value of 0 instructs the server to use the same number of
138 // threads that the Kea core is using for DHCP multi-threading.
139 "http-listener-threads": 0,
140 // The number of threads used to handle outgoing requests.
141 // A value of 0 instructs the server to use the same number of
142 // threads that the Kea core is using for DHCP multi-threading.
143 "http-client-threads": 0
144 },
145 "peers": [
146 // This is the configuration of the HA peer.
147 {
148 "name": "server1",
149 // Specifies the URL on which the partner's control
150 // channel can be reached.
151 "url": "http://192.168.56.33:8005/",
152 // The partner is primary. This server is secondary.
153 "role": "primary"
154 },
155 // This is the configuration of this server instance.
156 {
157 "name": "server2",
158 // This specifies the URL of this server instance.
159 "url": "http://192.168.56.66:8005/",
160 // This server is secondary. The other one must be
161 // primary.
162 "role": "secondary"
163 }
164 ]
165 } ]
166 }
167 }
168 ],
169
170 // This example contains a single subnet declaration.
171 "subnet4": [
172 {
173 // Subnet id.
174 "id": 1,
175
176 // Subnet prefix.
177 "subnet": "192.0.3.0/24",
178
179 // Specify four address pools.
180 "pools": [
181 {
182 "pool": "192.0.3.100 - 192.0.3.125",
183 "client-classes": [ "phones_server1" ]
184 },
185 {
186 "pool": "192.0.3.126 - 192.0.3.150",
187 "client-classes": [ "laptops_server1" ]
188 },
189 {
190 "pool": "192.0.3.200 - 192.0.3.225",
191 "client-classes": [ "phones_server2" ]
192 },
193 {
194 "pool": "192.0.3.226 - 192.0.3.250",
195 "client-classes": [ "laptops_server2" ]
196 }
197 ],
198
199 // These are options that are subnet specific. In most cases,
200 // you need to define at least routers option, as without this
201 // option your clients will not be able to reach their default
202 // gateway and will not have Internet connectivity.
203 "option-data": [
204 {
205 // For each IPv4 subnet you most likely need to specify at
206 // least one router.
207 "name": "routers",
208 "data": "192.0.3.1"
209 }
210 ],
211
212 // This subnet will be selected for queries coming from the following
213 // IP address.
214 "relay": { "ip-addresses": [ "192.168.56.1" ] }
215 }
216 ],
217
218// The following configures logging. It assumes that messages with at
219// least informational level (info, warn, error and fatal) should be
220// logged to stdout. Alternatively, you can specify stderr here, a filename
221// or 'syslog', which will store output messages via syslog.
222 "loggers": [
223 {
224 // This section affects kea-dhcp4, which is the base logger for DHCPv4
225 // component. It tells DHCPv4 server to write all log messages (on
226 // severity INFO or more) to a file.
227 "name": "kea-dhcp4",
228 "output-options": [
229 {
230 "output": "stdout"
231 }
232 ],
233 "severity": "INFO",
234 "debuglevel": 0
235 },
236 {
237 // This section specifies configuration of the HA hook library-specific
238 // logger.
239 "name": "kea-dhcp4.ha-hooks",
240 "output-options": [
241 {
242 "output": "stdout"
243 }
244 ],
245 "severity": "INFO",
246 "debuglevel": 99
247 }
248 ]
249}
250}
kea4/hooks-radius.json
1// This is an example configuration file for the DHCPv4 server in Kea
2// illustrating the configuration of the RADIUS and Host Cache hook libraries.
3//
4// It is not intended to be used as is. It tries to showcase some of the
5// parameters available.
6//
7// To use this configuration file, you need to have both RADIUS and
8// Host Cache hooks.
9//
10// clients get a wine name (option AOP code 250) divided into red and white.
11// Expensive brands have a host entry, i.e. a reserved address.
12//
13// Names
14//
15// brouilly (red)
16// chablis (white)
17// chambertin (red, expensive)
18// chinon (red)
19// chiroubles (red)
20// condrieu (white)
21// cornas (red)
22// corton (red)
23// fleurie (red)
24// givry (red)
25// margaux (red, expensive)
26// meursault (white)
27// montrachet (white, expensive)
28// morgon (red)
29// muscadet (white)
30// petrus (red, expensive)
31// riesling (white)
32// romanee (red, expensive)
33// sylvaner (white)
34// yquem (white, expensive)
35//
36// Address space is 192.0.2.0/24 with 10-99 for reds and 110-199 for whites.
37//
38// Reservations are given here in Kea/JSON style but they must be
39// in the RADIUS server configuration:
40//
41// {
42// "flex-id": "'chambertin'",
43// "ip-address": "192.0.2.10"
44// },
45// {
46// "flex-id": "'margaux'",
47// "ip-address": "192.0.2.11"
48// },
49// {
50// "flex-id": "'petrus'",
51// "ip-address": "192.0.2.12"
52// },
53// {
54// "flex-id": "'romanee'",
55// "ip-address": "192.0.2.13"
56// },
57// {
58// "flex-id": "'montrachet'",
59// "ip-address": "192.0.2.110"
60// },
61// {
62// "flex-id": "'yquem'",
63// "ip-address": "192.0.2.111"
64// }
65//
66
67{"Dhcp4":
68
69{
70 // Kea is told to listen on specific interfaces only.
71 "interfaces-config": {
72 // You should probably list your network interfaces here (e.g. "eth1961")
73 "interfaces": [ "eth1961" ]
74 },
75
76 // Set up the storage for leases.
77 "lease-database": {
78 "type": "memfile"
79 },
80
81 // Note there is hosts-database defined. RADIUS and Host Cache libraries
82 // will create them dynamically.
83
84 // RADIUS uses flex-id reservations, so restrict Kea to use flex-id only.
85 "host-reservation-identifiers": [ "flex-id" ],
86
87 // Define the AOP option.
88 "option-def": [ {
89 "name": "AOP",
90 "code": 250,
91 "type": "string" } ],
92
93 // Define red and white client classes.
94 // If they are not defined we can get spurious warnings.
95 "client-classes": [
96 { "name": "red" },
97 { "name": "white" } ],
98
99 // Define a subnet.
100 "subnet4": [ {
101 // Set the subnet ID (aka RADIUS NAS port).
102 "id": 14,
103 "subnet": "192.0.2.0/24",
104 "interface": "eth1961",
105 "pools": [
106 {
107 // Red pool (10-19 are for reservations)
108 "pool": "192.0.2.20-192.0.2.99",
109 "client-classes": [ "red" ]
110 },
111 {
112 // White pool (110-119 are for reservations)
113 "pool": "192.0.2.120-192.0.2.199",
114 "client-classes": [ "white" ]
115 }
116
117 // Note there are not pools available to anyone. This is
118 // important to note. This means that to get an address, the
119 // client needs to belong to red class, to white class or
120 // have an address reserved.
121 ]
122 } ],
123
124 // Set up the hook libraries.
125 "hooks-libraries": [
126 {
127 // Load the flex-id hook library.
128 "library": "libdhcp_flex_id.so",
129
130 "parameters": {
131 // Take the ID from the AOP option.
132 "identifier-expression": "option[250].text",
133
134 // Replace the client ID in queries by the flex-id.
135 // Currently required by access code.
136 // Required for accounting as it will become the lease ID too.
137 "replace-client-id": true
138 }
139 },
140 {
141 // Load the host cache hook library. It is needed by the RADIUS
142 // library to keep the attributes from authorization to later user
143 // for accounting.
144 "library": "libdhcp_host_cache.so"
145 },
146 {
147 // Load the RADIUS hook library.
148 "library": "libdhcp_radius.so",
149
150 "parameters": {
151 // If do not use RFC 4361
152 // "extract-duid": false,
153
154 // If have conflicting subnets
155 // "reselect-subnet-pool": true,
156
157 // Strip the 0 type added by flex-id
158 "client-id-pop0": true,
159
160 // flex Id is printable (far easier for the RADIUS server config)
161 // Without this it will be in hexadecimal...
162 "client-id-printable": true,
163
164 // Use the flex-id.
165 "identifier-type4": "flex-id",
166
167 // Configure an access (aka authentication/authorization) server.
168 "access": {
169
170 // This starts the list of access servers
171 "servers": [
172 {
173 // These are parameters for the first (and only) access server
174 "name": "127.0.0.1",
175 "port": 1812,
176 "secret": "1234"
177 }
178 // Additional access servers could be specified here
179 ],
180
181 // This define a list of additional attributes Kea will send to each
182 // access server in Access-Request.
183 "attributes": [
184 {
185 // This attribute is identified by name (must be present in the
186 // dictionary) and has static value (i.e. the same value will be
187 // sent to every server for every packet)
188 "name": "Password",
189 "data": "mysecretpassword"
190 },
191 {
192 // It's also possible to specify an attribute using its type,
193 // rather than a name. 77 is Connect-Info. The value is specified
194 // using hex. Again, this is a static value. It will be sent the
195 // same for every packet and to every server.
196 "type": 77,
197 "raw": "65666a6a71"
198 },
199 {
200 // This example shows how an expression can be used to send dynamic
201 // value. The expression (see Section 13) may take any value from
202 // the incoming packet or even its metadata (e.g. the interface
203 // it was received over from)
204 "name": "Configuration-Token",
205 "expr": "pkt.iface"
206 }
207 ] // End of attributes
208 },
209
210 // Configure an accounting server.
211 "accounting": {
212 "servers": [ {
213 "name": "127.0.0.1",
214 "port": 1813,
215 "secret": "1234"
216 }
217 ]
218 }
219 }
220 }
221 ]
222}
223
224}
kea4/hooks-rbac.json
1// This is an example configuration file for the DHCPv4 server in Kea using
2// the Role Based Access Control (RBAC) hook library. It uses a basic scenario
3// of one IPv4 subnet configured with the default values for all parameters.
4
5{"Dhcp4":
6
7{
8// Kea is told to listen on the eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// Set up the storage for leases.
14 "lease-database": {
15 "type": "memfile"
16 },
17
18 "valid-lifetime": 1800,
19
20// Define a single subnet.
21 "subnet4": [
22 {
23 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
24 "id": 1,
25 "subnet": "192.0.2.0/24",
26 "interface": "eth0"
27 }
28 ],
29
30// Control sockets.
31 "control-sockets": [
32 {
33 "socket-type": "https",
34 "socket-address": "127.0.0.1",
35 "socket-port": 8000,
36 "trust-anchor": "my-ca",
37 "cert-file": "my-cert",
38 "key-file": "my-key",
39 "cert-required": true
40 }
41 ],
42
43// Add hooks here.
44 "hooks-libraries": [
45 {
46 "library": "libdhcp_rbac.so",
47 "parameters": {
48 // This section configures the RBAC hook library.
49 // Mandatory parameters.
50 "assign-role-method": "cert-subject",
51 "api-files": "/opt/share/kea/api",
52 // Optional parameters.
53 "require-tls": true,
54 "commands": [
55 {
56 "name": "my-command",
57 "access": "read",
58 "hook": "my-hook"
59 } ],
60 "access-control-lists": [
61 {
62 "my-none": { "not": "ALL" }
63 },{
64 "another-none": { "and": [ "ALL", "NONE" ] }
65 },{
66 "my-read": { "access": "read" }
67 } ],
68 "roles": [
69 {
70 "name": "kea-client",
71 "accept-commands":
72 {
73 "commands": [ "list-commands", "status-get" ]
74 },
75 "reject-commands": "NONE",
76 "other-commands": "reject",
77 "list-match-first": "accept",
78 "response-filters": [ "list-commands" ]
79 },{
80 "name": "admin",
81 "accept-commands": "ALL",
82 "reject-commands":
83 {
84 "hook": "cb_cmds"
85 },
86 "list-match-first": "reject"
87 } ],
88 "default-role":
89 {
90 "accept-commands": "NONE",
91 "reject-commands": "ALL"
92 },
93 "unknown-role":
94 {
95 "accept-commands": "READ",
96 "reject-commands": "WRITE"
97 }
98 }
99 }
100 ]
101}
102
103}
kea4/hooks.json
1// This is an example configuration file for the DHCPv4 server in Kea
2// illustrating the configuration of hook libraries. It uses a basic scenario
3// of one IPv4 subnet configured with the default values for all parameters.
4
5{"Dhcp4":
6
7{
8// Kea is told to listen on the eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// Set up the storage for leases.
14 "lease-database": {
15 "type": "memfile"
16 },
17
18 "valid-lifetime": 1800,
19
20// Define a single subnet.
21 "subnet4": [
22 {
23 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
24 "id": 1,
25 "subnet": "192.0.2.0/24",
26 "interface": "eth0"
27 }
28 ],
29
30// Set up the hook libraries. For this example, we assume that two libraries
31// are loaded, called "security" and "charging". Note that order is important:
32// "security" is specified first so if both libraries supply a hook function
33// for a given hook, the function in "security" will be called before that in
34// "charging".
35
36 "hooks-libraries": [
37 {
38 "library": "security.so"
39 },
40 {
41 "library": "charging.so",
42 "parameters": {
43 "path": "/var/log/kea",
44 "base-name": "kea-forensic6"
45 }
46 }
47 ]
48}
49
50}
kea4/leases-expiration.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It provides parameters controlling processing of expired leases,
3// a.k.a. leases reclamation.
4
5{ "Dhcp4":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// We need to specify the database used to store leases. As of
14// June 2022, three database backends are supported: MySQL,
15// PostgreSQL and the in-memory database, Memfile.
16// We'll use memfile because it doesn't require any prior set up.
17// Note, we're setting the maximum number of row read errors to 100,
18// (defaults to 0, meaning unlimited).
19 "lease-database": {
20 "type": "memfile",
21 "lfc-interval": 3600,
22 "max-row-errors": 100
23 },
24
25// The following parameters control processing expired leases. Expired
26// leases will be reclaimed periodically according to the
27// "reclaim-timer-wait-time" parameter. Reclaimed leases will be held in
28// the database for 1800s to facilitate lease affinity. After this
29// period the leases will be removed. The frequency of removal is
30// controlled by the "flush-reclaimed-timer-wait-time" parameter. The
31// lease reclamation routine will process at most 500 leases or will
32// last for at most 100ms, during a single run. If there are still some
33// unreclaimed leases after 10 attempts, a warning message is issued.
34// If both "flush-reclaimed-timer-wait-time" and "hold-reclaimed-time" are not
35// 0, when the client sends a release message the lease is expired instead of
36// being deleted from lease storage.
37 "expired-leases-processing": {
38 "reclaim-timer-wait-time": 5,
39 "hold-reclaimed-time": 1800,
40 "flush-reclaimed-timer-wait-time": 10,
41 "max-reclaim-leases": 500,
42 "max-reclaim-time": 100,
43 "unwarned-reclaim-cycles": 10
44 },
45
46// Addresses will be assigned with a lifetime of 4000 seconds.
47 "valid-lifetime": 4000,
48
49// The following list defines subnets. We have only one subnet
50// here. We tell Kea that it is directly available over local interface.
51 "subnet4": [
52 {
53 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
54 "id": 1,
55 "subnet": "192.0.2.0/24",
56 "interface": "eth0"
57 }
58 ],
59
60// The following configures logging. It assumes that messages with at
61// least informational level (info, warn, error and fatal) should be
62// logged to stdout.
63 "loggers": [
64 {
65 "name": "kea-dhcp4",
66 "output-options": [
67 {
68 "output": "stdout"
69 }
70 ],
71 "severity": "INFO"
72 }
73 ]
74}
75
76}
kea4/multiple-options.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It demonstrates simple configuration of the options for a subnet.
3
4{ "Dhcp4":
5
6{
7// Kea is told to listen on eth0 interface only.
8 "interfaces-config": {
9 "interfaces": [ "eth0" ]
10 },
11
12// We need to specify the database used to store leases. As of
13// June 2022, three database backends are supported: MySQL,
14// PostgreSQL and the in-memory database, Memfile.
15// We'll use memfile because it doesn't require any prior set up.
16 "lease-database": {
17 "type": "memfile"
18 },
19
20// Addresses will be assigned with a lifetime of 4000 seconds.
21 "valid-lifetime": 4000,
22
23// Renew and rebind timers are commented out. This implies that options
24// 58 and 59 will not be sent to the client. In this case it is up to
25// the client to pick the timer values according to RFC2131. Uncomment the
26// timers to send these options to the client.
27// "renew-timer": 1000,
28// "rebind-timer": 2000,
29
30// Defining a subnet. There are some DHCP options returned to the
31// clients connected to this subnet. The first and third options are
32// clients connected to this subnet. The first two options are
33// identified by the name. The third option is identified by the
34// option code.
35// There is an address pool defined within this subnet. Pool
36// specific value for option domain-name-servers is defined
37// for the pool.
38 "subnet4": [
39 {
40 "id": 1,
41 "subnet": "192.0.2.0/24",
42 "option-data": [
43 // When specifying options, you typically need to specify
44 // one of (name or code) and data. The full option specification
45 // covers name, code, space, csv-format and data.
46 // space defaults to "dhcp4" which is usually correct, unless you
47 // use encapsulate options. csv-format defaults to "true", so
48 // this is also correct, unless you want to specify the whole
49 // option value as long hex string. For example, to specify
50 // domain-name-servers you could do this:
51 // {
52 // "name": "domain-name-servers",
53 // "code": 6,
54 // "csv-format": true,
55 // "space": "dhcp4",
56 // "data": "192.0.2.1, 192.0.2.2"
57 // }
58 // but it's a lot of writing, so it's easier to do this instead:
59 {
60 "name": "domain-name-servers",
61 "data": "192.0.2.1, 192.0.2.2"
62 },
63 // Note the Kea provides some of the options on its own. In
64 // particular:
65
66 // - IP address lease time (option 51) is governed by
67 // valid-lifetime parameter, so you don't need to specify
68 // it as option.
69 // - Subnet mask (option 1) is calculated automatically from the
70 // subnet parameter specified for each "subnet4" entry.
71 // - renewal-timer (option 58) is calculated from renew-timer
72 // parameter
73 // - rebind timer (option 59) is calculated from rebind-timer
74 // parameter
75
76 // For each IPv4 subnet you most likely need to specify at least
77 // one router.
78 {
79 "name": "routers",
80 "data": "192.0.2.1"
81 },
82
83 // Typically people prefer to refer to options by their
84 // names, so they don't need to remember the code names.
85 // However, some people like to use numerical values. For
86 // example, option "domain-name" uses option code 15, so you
87 // can reference to it either by
88 // "name": "domain-name" or "code": 15.
89 {
90 "code": 15,
91 "data": "example.org"
92 },
93 // Domain search is also a popular option. It tells the client to
94 // attempt to resolve names within those specified domains. For
95 // example, name "foo" would be attempted to be resolved as
96 // foo.mydomain.example.com and if it fails, then as
97 // foo.example.com
98
99 {
100 "name": "domain-search",
101 "data": "mydomain.example.com, example.com"
102 },
103
104 // Options can also be specified using hexadecimal format.
105 // This should be avoided if possible, because Kea ability to
106 // validate correctness is limited when using hex values.
107 {
108 "name": "broadcast-address",
109 "csv-format": false,
110 "data": "ffff8000"
111 },
112
113 // String options that have a comma in their values need to have
114 // it escaped (i.e. each comma is preceded by two backslashes).
115 // That's because commas are reserved for separating fields in
116 // compound options. At the same time, we need to be conformant
117 // with JSON spec, that does not allow "\,". Therefore the
118 // slightly uncommon double backslashes notation is needed.
119
120 // Legal JSON escapes are \ followed by "\/bfnrt character
121 // or \u followed by 4 hexa-decimal numbers (currently Kea
122 // supports only \u0000 to \u00ff code points).
123 // CSV processing translates '\\' into '\' and '\,' into ','
124 // only so for instance '\x' is translated into '\x'. But
125 // as it works on a JSON string value each of these '\'
126 // characters must be doubled on JSON input.
127 {
128 "name": "boot-file-name",
129 "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
130
131 },
132 // Options that take integer values can either be specified in
133 // dec or hex format. Hex format could be either plain (e.g. abcd)
134 // or prefixed with 0x (e.g. 0xabcd).
135 {
136 "name": "default-ip-ttl",
137 "data": "0xf0"
138 },
139 // At a few exceptions options are added to response only when
140 // the client requests them. The always-send flag should be used
141 // to enforce a particular option.
142 {
143 "name": "vendor-class-identifier",
144 "data": "isc",
145 "always-send": true
146 }
147 ],
148
149 // Now we define pools. There are two pools here.
150 "pools": [ {
151 // This is the first pool. Nothing spectacular here, just a range
152 // of addresses.
153 "pool": "192.0.2.10 - 192.0.2.100"
154
155 }, {
156 // This second pool is more interesting. Anyone who gets an
157 // address from this pool will also get this specific option
158 // value if asks for DNS servers configuration. This value,
159 // being more specific, overrides any values that were specified
160 // on either global or subnet scope.
161 "pool": "192.0.2.101 - 192.0.2.200",
162 "option-data": [
163 {
164 "name": "domain-name-servers",
165 "data": "192.0.2.3, 192.0.2.4"
166 }
167 ]
168 } ]
169 } ],
170
171// The following configures logging. It assumes that messages with at
172// least informational level (info, warn, error and fatal) should be
173// logged to stdout.
174 "loggers": [
175 {
176 "name": "kea-dhcp4",
177 "output-options": [
178 {
179 "output": "stdout"
180 }
181 ],
182 "severity": "INFO"
183 }
184 ]
185}
186
187}
kea4/mysql-reservations.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It contains configuration of the MySQL host database backend, used
3// to retrieve reserved addresses, host names, DHCPv4 message fields
4// and DHCP options from MySQL database.
5{ "Dhcp4":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11
12 },
13
14// We need to specify the database used to store leases. As of
15// June 2022, three database backends are supported: MySQL,
16// PostgreSQL and the in-memory database, Memfile.
17// We'll use memfile because it doesn't require any prior set up.
18 "lease-database": {
19 "type": "memfile",
20 "lfc-interval": 3600
21 },
22
23// Addresses will be assigned with a lifetime of 4000 seconds.
24 "valid-lifetime": 4000,
25
26// Renew and rebind timers are commented out. This implies that options
27// 58 and 59 will not be sent to the client. In this case it is up to
28// the client to pick the timer values according to RFC2131. Uncomment the
29// timers to send these options to the client.
30// "renew-timer": 1000,
31// "rebind-timer": 2000,
32
33
34// Kea supports reservations by several different types of
35// identifiers: hw-address (hardware/MAC address of the client), duid
36// (DUID inserted by the client), client-id (client identifier inserted
37// by the client) and circuit-id (circuit identifier inserted by the
38// relay agent). When told to do so, Kea can check for all of those
39// identifier types, but it takes a costly database lookup to do so. It
40// is therefore useful from a performance perspective to use only the
41// reservation types that are actually used in a given network.
42
43// The example below is not optimal from a performance perspective, but it
44// nicely showcases the host reservation capabilities. Please use the minimum
45// set of identifier types used in your network.
46 "host-reservation-identifiers":
47 [ "circuit-id", "hw-address", "duid", "client-id" ],
48
49// Specify connection to the database holding host reservations. The type
50// specifies that the MySQL database is used. user and password are the
51// credentials used to connect to the database. host and name specify
52// location of the host where the database instance is running, and the
53// name of the database to use. The server processing a packet will first
54// check if there are any reservations specified for this client in the
55// reservations list, within the subnet (configuration file). If there are
56// no reservations there, the server will try to retrieve reservations
57// from this database.
58 "hosts-database": {
59 "type": "mysql",
60 "reconnect-wait-time": 3000, // expressed in ms
61 "max-reconnect-tries": 3,
62 "name": "keatest",
63 "user": "keatest",
64 "password": "1234",
65 "host": "localhost",
66 "port": 3306,
67 "trust-anchor": "my-ca",
68 "cert-file": "my-cert",
69 "key-file": "my-key",
70 "cipher-list": "AES"
71 },
72// Since Kea.2.7.4, the libdhcp_mysql.so hook library must be loaded in order to
73// store host reservations in the MySQL Host Database Backend.
74// Specify the host backend hook library location.
75 "hooks-libraries": [
76 {
77 // the MySQL host backend hook library required for host storage.
78 "library": "libdhcp_mysql.so"
79 }
80 ],
81
82// Define a subnet with a single pool of dynamic addresses. Addresses from
83// this pool will be assigned to clients which don't have reservations in the
84// database. Subnet identifier is equal to 1. If this subnet is selected for
85// the client, this subnet id will be used to search for the reservations
86// within the database.
87 "subnet4": [
88 {
89 "pools": [ { "pool": "192.0.2.10 - 192.0.2.200" } ],
90 "subnet": "192.0.2.0/24",
91 "interface": "eth0",
92 "id": 1
93 }
94 ],
95
96// The following configures logging. It assumes that messages with at
97// least informational level (info, warn, error and fatal) should be
98// logged to stdout.
99 "loggers": [
100 {
101 "name": "kea-dhcp4",
102 "output-options": [
103 {
104 "output": "stdout"
105 }
106 ],
107 "severity": "INFO"
108 }
109 ]
110}
111
112}
kea4/pgsql-reservations.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It contains configuration of the PostgreSQL host database backend, used
3// to retrieve reserved addresses, host names, DHCPv4 message fields
4// and DHCP options from PostgreSQL database.
5{ "Dhcp4":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13
14// We need to specify the database used to store leases. As of
15// June 2022, three database backends are supported: MySQL,
16// PostgreSQL and the in-memory database, Memfile.
17// We'll use memfile because it doesn't require any prior set up.
18 "lease-database": {
19 "type": "memfile"
20 },
21
22// Addresses will be assigned with a lifetime of 4000 seconds.
23 "valid-lifetime": 4000,
24
25// Renew and rebind timers are commented out. This implies that options
26// 58 and 59 will not be sent to the client. In this case it is up to
27// the client to pick the timer values according to RFC2131. Uncomment the
28// timers to send these options to the client.
29// "renew-timer": 1000,
30// "rebind-timer": 2000,
31
32
33// Kea supports reservations by several different types of
34// identifiers: hw-address (hardware/MAC address of the client), duid
35// (DUID inserted by the client), client-id (client identifier inserted
36// by the client) and circuit-id (circuit identifier inserted by the
37// relay agent). When told to do so, Kea can check for all of those
38// identifier types, but it takes a costly database lookup to do so. It
39// is therefore useful from a performance perspective to use only the
40// reservation types that are actually used in a given network.
41
42// The example below is not optimal from a performance perspective, but it
43// nicely showcases the host reservation capabilities. Please use the minimum
44// set of identifier types used in your network.
45 "host-reservation-identifiers":
46 [ "circuit-id", "hw-address", "duid", "client-id" ],
47
48// Specify connection to the database holding host reservations. The type
49// specifies that the PostgreSQL database is used. user and password are the
50// credentials used to connect to the database. host and name specify
51// location of the host where the database instance is running, and the
52// name of the database to use. The server processing a packet will first
53// check if there are any reservations specified for this client in the
54// reservations list, within the subnet (configuration file). If there are
55// no reservations there, the server will try to retrieve reservations
56// from this database.
57// The database specification can go into one hosts-database entry for
58// backward compatibility or be listed in hosts-databases list.
59 "hosts-databases": [
60 {
61 "type": "postgresql",
62 "reconnect-wait-time": 3000, // expressed in ms
63 "max-reconnect-tries": 3,
64 "name": "keatest",
65 "user": "keatest",
66 "password": "1234",
67 "host": "localhost"
68 }
69 ],
70// Since Kea.2.7.4, the libdhcp_pgsql.so hook library must be loaded in order to
71// store host reservations in the PostgreSQL Host Database Backend.
72// Specify the host backend hook library location.
73 "hooks-libraries": [
74 {
75 // the PostgreSQL host backend hook library required for host storage.
76 "library": "libdhcp_pgsql.so"
77 }
78 ],
79
80// Define a subnet with a single pool of dynamic addresses. Addresses from
81// this pool will be assigned to clients which don't have reservations in the
82// database. Subnet identifier is equal to 1. If this subnet is selected for
83// the client, this subnet id will be used to search for the reservations
84// within the database.
85 "subnet4": [
86 {
87 "pools": [ { "pool": "192.0.2.10 - 192.0.2.200" } ],
88 "subnet": "192.0.2.0/24",
89 "interface": "eth0",
90 "id": 1
91 }
92 ],
93
94// The following configures logging. It assumes that messages with at
95// least informational level (info, warn, error and fatal) should be
96// logged to stdout.
97 "loggers": [
98 {
99 "name": "kea-dhcp4",
100 "output-options": [
101 {
102 "output": "stdout"
103 }
104 ],
105 "severity": "INFO"
106 }
107 ]
108}
109
110}
kea4/reservations.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It contains one subnet in which there are two static address reservations
3// for the clients identified by the MAC addresses.
4{ "Dhcp4":
5
6{
7// Kea is told to listen on eth0 interface only.
8 "interfaces-config": {
9 "interfaces": [ "eth0" ]
10 },
11
12// We need to specify the database used to store leases. As of April
13// 2022, three database backends are supported: MySQL, PostgreSQL, and the
14// in-memory database, Memfile. We'll use memfile because it doesn't
15// require any prior set up.
16 "lease-database": {
17 "type": "memfile",
18 "lfc-interval": 3600
19 },
20
21// Addresses will be assigned with a lifetime of 4000 seconds.
22 "valid-lifetime": 4000,
23
24// Renew and rebind timers are commented out. This implies that options
25// 58 and 59 will not be sent to the client. In this case it is up to
26// the client to pick the timer values according to RFC2131. Uncomment the
27// timers to send these options to the client.
28// "renew-timer": 1000,
29// "rebind-timer": 2000,
30
31// Kea supports reservations by several different types of identifiers:
32// hw-address (hardware/MAC address of the client), duid (DUID inserted by the
33// client), client-id (client identifier inserted by the client), circuit-id
34// (circuit identifier inserted by the relay agent) and flex-id (flexible
35// identifier available when flex_id hook library is loaded). When told to do
36// so, Kea can check for all of those identifier types, but it takes a costly
37// database lookup to do so. It is therefore useful from a performance
38// perspective to use only the reservation types that are actually used in a
39// given network.
40
41// The example below is not optimal from a performance perspective, but it
42// nicely showcases the host reservation capabilities. Please use the minimum
43// set of identifier types used in your network.
44"host-reservation-identifiers": [ "circuit-id", "hw-address", "duid",
45 "client-id", "flex-id" ],
46
47// Define a subnet with four reservations. Some of the reservations belong
48// to the dynamic pool. Kea is able to handle this case, but it is not
49// recommended from a performance perspective, as Kea would not only need to
50// check if a given address is free, but also whether it is reserved.
51// To avoid this check, one can set "reservations-out-of-pool" to true, beside
52// the "reservations-in-subnet" which should be also set to true. If a subnet
53// does not have reservations at all, the reservation lookup can be skipped
54// altogether by setting "reservations-in-subnet" to false.
55
56// Note that the second reservation is for an address which is within the
57// range of the pool of the dynamically allocated address. The server will
58// exclude this address from this pool and only assign it to the client which
59// has a reservation for it.
60 "subnet4": [
61 {
62 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
63 "id": 1,
64 "subnet": "192.0.2.0/24",
65 "interface": "eth0",
66 // This directive tells Kea that reservations may be made both in-pool
67 // and out-of-pool. For improved performance, you may move all reservations
68 // out of the dynamic pool and set "reservations-out-of-pool" to true.
69 // Kea will then be able to skip querying for host reservations when
70 // assigning leases from dynamic pool.
71
72 // Specify whether the server should look up global reservations.
73 // Defaults to false.
74 "reservations-global": false,
75
76 // Specify whether the server should look up in-subnet reservations.
77 // Defaults to true.
78 "reservations-in-subnet": true,
79
80 // Specify whether the server can assume that all reserved addresses
81 // are out-of-pool. Defaults to false.
82 // Ignored when reservations-in-subnet is false.
83 // If specified, it is inherited by "shared-networks" and
84 // "subnet4" levels.
85 "reservations-out-of-pool": false,
86
87 "reservations": [
88
89// This is a reservation for a specific hardware/MAC address. It's a very
90// simple reservation: just an address and nothing else.
91 {
92 "hw-address": "1a:1b:1c:1d:1e:1f",
93 "ip-address": "192.0.2.201"
94 },
95
96// This is a reservation for a specific client-id. It also shows
97// the this client will get a reserved hostname. A hostname can be defined
98// for any identifier type, not just client-id.
99 {
100 "client-id": "01:11:22:33:44:55:66",
101 "ip-address": "192.0.2.202",
102 "hostname": "special-snowflake"
103 },
104
105// The third reservation is based on DUID. This reservation also
106// defines special option values for this particular client. If
107// the domain-name-servers option would have been defined on a global,
108// subnet or class level, the host specific values take preference.
109 {
110 "duid": "01:02:03:04:05",
111 "ip-address": "192.0.2.203",
112 "option-data": [ {
113 "name": "domain-name-servers",
114 "data": "10.1.1.202,10.1.1.203"
115 } ]
116 },
117
118// The fourth reservation is based on circuit-id. This is an option inserted
119// by the relay agent that forwards the packet from client to the server.
120// In this example the host is also assigned vendor specific options.
121 {
122 "circuit-id": "01:11:22:33:44:55:66",
123 "ip-address": "192.0.2.204",
124 "option-data": [
125 {
126 "name": "vivso-suboptions",
127 "data": "4491"
128 },
129 {
130 "name": "tftp-servers",
131 "space": "vendor-4491",
132 "data": "10.1.1.202,10.1.1.203"
133 }
134 ]
135 },
136// This reservation is for a client that needs specific DHCPv4 fields to be
137// set. Three supported fields are next-server, server-hostname and
138// boot-file-name
139 {
140 "client-id": "01:0a:0b:0c:0d:0e:0f",
141 "ip-address": "192.0.2.205",
142 "next-server": "192.0.2.1",
143 "server-hostname": "hal9000",
144 "boot-file-name": "/dev/null"
145 },
146
147// This reservation is using flexible identifier. Instead of relying
148// on specific field, sysadmin can define an expression similar to what
149// is used for client classification,
150// e.g. substring(relay[0].option[17],0,6). Then, based on the value of
151// that expression for incoming packet, the reservation is matched.
152// Expression can be specified either as hex or plain text using single
153// quotes.
154// Note: flexible identifier requires flex_id hook library to be
155// loaded to work.
156 {
157 "flex-id": "'s0mEVaLue'",
158 "ip-address": "192.0.2.206"
159 }
160
161 ]
162 }
163 ],
164
165// The following configures logging. It assumes that messages with at
166// least informational level (info, warn, error and fatal) should be
167// logged to stdout.
168 "loggers": [
169 {
170 "name": "kea-dhcp4",
171 "output-options": [
172 {
173 "output": "stdout"
174 }
175 ],
176 "severity": "INFO"
177 }
178 ]
179}
180
181}
kea4/several-subnets.json
1// This is an example configuration file for DHCPv4 server in Kea.
2// It's a basic scenario with three IPv4 subnets configured. In each
3// subnet, there's a smaller pool of dynamic addresses.
4
5{ "Dhcp4":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// We need to specify the database used to store leases. As of
14// June 2022, three database backends are supported: MySQL,
15// PostgreSQL and the in-memory database, Memfile.
16// We'll use memfile because it doesn't require any prior set up.
17 "lease-database": {
18 "type": "memfile"
19 },
20
21// Addresses will be assigned with a lifetime of 4000 seconds.
22// The client is told to start renewing after 1000 seconds. If the server
23// does not respond within 2000 seconds of the lease being granted, client
24// is supposed to start REBIND procedure (emergency renewal that allows
25// switching to a different server).
26 "valid-lifetime": 4000,
27 "renew-timer": 1000,
28 "rebind-timer": 2000,
29
30// RFC6842 says that the server is supposed to echo back client-id option.
31// However, some older clients do not support this and are getting confused
32// when they get their own client-id. Kea can disable RFC6842 support.
33 "echo-client-id": false,
34
35// Some clients don't use stable client identifier, but rather generate them
36// during each boot. This may cause a client that reboots frequently to get
37// multiple leases, which may not be desirable. As such, sometimes admins
38// prefer to tell their DHCPv4 server to ignore client-id value altogether
39// and rely exclusively on MAC address. This is a parameter that is defined
40// globally, but can be overridden on a subnet level.
41 "match-client-id": true,
42
43 // By default, Kea ignores requests by clients for unknown IP addresses,
44 // because other non-cooperating DHCP servers could reside on the same
45 // network (RFC 2131). This parameter is defined globally, but can be
46 // overridden on a subnet level
47 "authoritative": false,
48
49// The following list defines subnets. Each subnet consists of at
50// least subnet and pool entries.
51 "subnet4": [
52 {
53 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
54 "id": 1,
55 "subnet": "192.0.2.0/24"
56 },
57 {
58// This particular subnet has match-client-id value changed.
59 "pools": [ { "pool": "192.0.3.100 - 192.0.3.200" } ],
60 "id": 2,
61 "subnet": "192.0.3.0/24",
62 "match-client-id": false
63 },
64 {
65 "pools": [ { "pool": "192.0.4.1 - 192.0.4.254" } ],
66 "id": 3,
67 "subnet": "192.0.4.0/24"
68 } ],
69
70// The following configures logging. It assumes that messages with at
71// least informational level (info, warn, error and fatal) should be
72// logged to stdout.
73 "loggers": [
74 {
75 "name": "kea-dhcp4",
76 "output-options": [
77 {
78 "output": "stdout"
79 }
80 ],
81 "severity": "INFO"
82 }
83 ]
84}
85
86}
kea4/single-subnet.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It is a basic scenario with one IPv4 subnet configured. The subnet
3// contains a single pool of dynamically allocated addresses.
4
5{ "Dhcp4":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// We need to specify the database used to store leases. As of
14// June 2022, three database backends are supported: MySQL,
15// PostgreSQL and the in-memory database, Memfile.
16// We'll use memfile because it doesn't require any prior set up.
17 "lease-database": {
18 "type": "memfile",
19 "lfc-interval": 3600
20 },
21
22// Addresses will be assigned with a lifetime of 4000 seconds.
23 "valid-lifetime": 4000,
24
25// Renew and rebind timers are commented out. This implies that options
26// 58 and 59 will not be sent to the client. In this case it is up to
27// the client to pick the timer values according to RFC2131. Uncomment the
28// timers to send these options to the client.
29// "renew-timer": 1000,
30// "rebind-timer": 2000,
31
32// The following list defines subnets. We have only one subnet
33// here. We tell Kea that it is directly available over local interface.
34 "subnet4": [
35 {
36 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
37 "id": 1,
38 "subnet": "192.0.2.0/24",
39 "interface": "eth0"
40 }
41 ],
42
43// The following configures logging. It assumes that messages with at
44// least informational level (info, warn, error and fatal) should be
45// logged to stdout. Alternatively, you can specify stderr here, a filename
46// or 'syslog', which will store output messages via syslog.
47 "loggers": [
48 {
49 "name": "kea-dhcp4",
50 "output-options": [
51 {
52 "output": "stdout"
53 }
54 ],
55 "severity": "INFO"
56 }
57 ]
58}
59
60}
kea4/vendor-specific.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// The purpose of this example is to showcase how configure
3// Vendor Specific Information (code 43) RFC 2132 section 8.4
4{
5 "Dhcp4": {
6 "option-def": [
7 {
8// Two options that we are planning to include in option 43 as suboptions
9// should be defined on global level
10 "array": false,
11 "code": 2,
12 "name": "vlanid",
13// suboptions should have space configured and it can't start with 'vendor-'
14// otherwise those will be included in 125 option not 43
15 "space": "339",
16 "type": "uint32"
17 },
18 {
19 "array": false,
20 "code": 3,
21 "name": "dls",
22 "space": "339",
23 "type": "string"
24 }
25 ],
26 "client-classes": [
27 {
28
29// Kea needs classification based on option 60, you can either use name:
30// VENDOR_CLASS_ + option 60 content (test parameter is not required than)
31// or use any name and add "test" parameter accordingly e.g.
32// "test": "substring(option[60].hex,0,9) == 'partial-content-of-option-60'"
33 "name": "VENDOR_CLASS_339",
34 "option-def": [
35 {
36// Vendor-specific option has to be defined on the class level, if we're planning
37// to send a single value, then define its type accordingly. If this option
38// should encapsulate other suboptions, the "space" parameter should be the same
39// as included suboptions and "type" set to empty
40 "code": 43,
41// Using the "encapsulate" direction, Kea is told to include options from
42// the "339" namespace. We have defined several such options earlier.
43// This way, the sub-options are "glued" to this option 43.
44 "encapsulate": "339",
45 "name": "vendor-encapsulated-options",
46 "type": "empty"
47 }
48 ],
49 "option-data": [
50 {
51// vendor-encapsulated-options and defined option on global level should
52// be also configured with proper "data" parameters in "option-data" list.
53// Because Kea will send only option that client ask for, and there is no way
54// to ask for suboptions, parameter "always-send" with value set
55// to true has also be included in all custom suboptions
56 "name": "vendor-encapsulated-options"
57 },
58 {
59 "always-send": true,
60 "data": "123",
61 "name": "vlanid",
62 "space": "339"
63 },
64 {
65 "always-send": true,
66 "data": "sdlp://192.0.2.11:18443",
67 "name": "dls",
68 "space": "339"
69 }
70 ]
71 }
72 ],
73// Kea is told to listen on eth0 interface only.
74 "interfaces-config": {
75 "interfaces": ["eth0"]
76 },
77// We need to specify the database used to store leases.
78 "lease-database": {
79 "type": "memfile"
80 },
81// The following list defines subnets. We have only one subnet
82// here. We tell Kea that it is directly available over local interface.
83 "subnet4": [
84 {
85 "interface": "eth0",
86 "pools": [
87 {
88 "pool": "192.0.2.50-192.0.2.50"
89 }
90 ],
91 "subnet": "192.0.2.0/24",
92 "id": 1
93 }
94 ]
95 }
96}
kea4/vivso.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// The purpose of this example is to showcase how configure
3// Vendor-Identifying Vendor-specific Information option
4// (code 125) RFC 3925
5
6
7{
8 "Dhcp4": {
9// If we want to send suboptions in option 125 first those have to be defined
10// on global level
11 "option-def": [
12 {
13 "array": false,
14 "code": 2,
15 "name": "vlanid",
16// In case of suboption of option 125 space has to start with prefix "vendor-"
17// in this case it's "vendor-" + vendor id from option 60 sent by client
18// 339 is Siemens Industry Inc.
19 "space": "vendor-339",
20 "type": "uint32"
21 },
22 {
23 "array": false,
24 "code": 3,
25 "name": "dls",
26 "space": "vendor-339",
27 "type": "string"
28 }
29 ],
30 "client-classes": [
31 {
32// Kea needs classification based on option 60, you can either use name:
33// VENDOR_CLASS_ + option 60 content (test parameter is not required than)
34// or use any name and add "test" parameter accordingly e.g.
35// "test": "substring(option[60].hex,0,9) == 'partial-content-of-option-60'"
36 "name": "VENDOR_CLASS_339",
37 "option-data": [
38 {
39// In "option-data" list we have to configure option 125 with data parameter equal
40// to vendor-id we are expecting, also it will tell Kea which vendor space
41// encapsulate in suboptions.
42 "data": "339",
43 "name": "vivso-suboptions"
44 },
45 {
46// And additionally we have to configure all previously defined suboptions
47// with "space" parameter same as in option-def.
48// Because Kea will send only option that client ask for, and there is no way
49// to ask for suboptions parameter "always-send" with value set
50// to true has also be included in all custom suboptions.
51 "always-send": true,
52 "data": "123",
53 "name": "vlanid",
54 "space": "vendor-339"
55 },
56 {
57 "always-send": true,
58 "data": "sdlp://192.0.2.11:18443",
59 "name": "dls",
60 "space": "vendor-339"
61 }
62 ]
63 }
64 ],
65// Kea is told to listen on eth0 interface only.
66 "interfaces-config": {
67 "interfaces": [
68 "eth0"
69 ]
70 },
71// We need to specify the database used to store leases.
72 "lease-database": {
73 "type": "memfile"
74 },
75// The following list defines subnets. We have only one subnet
76// here. We tell Kea that it is directly available over local interface.
77 "subnet4": [
78 {
79 "id": 1,
80 "interface": "eth0",
81 "pools": [
82 {
83 "pool": "192.0.2.50-192.0.2.50"
84 }
85 ],
86 "subnet": "192.0.2.0/24"
87 }
88 ]
89 }
90}
kea4/with-ddns.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It is a basic scenario with one IPv4 subnet configured and with DDNS
3// enabled.
4
5{ "Dhcp4":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// We need to specify the database used to store leases. As of
14// June 2022, three database backends are supported: MySQL,
15// PostgreSQL and the in-memory database, Memfile.
16// We'll use memfile because it doesn't require any prior set up.
17 "lease-database": {
18 "type": "memfile",
19 "lfc-interval": 3600
20 },
21
22// Addresses will be assigned with a lifetime of 4000 seconds.
23 "valid-lifetime": 4000,
24
25// Renew and rebind timers are commented out. This implies that options
26// 58 and 59 will not be sent to the client. In this case it is up to
27// the client to pick the timer values according to RFC2131. Uncomment the
28// timers to send these options to the client.
29// "renew-timer": 1000,
30// "rebind-timer": 2000,
31
32// The following list defines subnets. We have only one subnet
33// here. We tell Kea that it is directly available over local interface.
34 "subnet4": [
35 {
36 "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
37 "subnet": "192.0.2.0/24",
38 "interface": "eth0",
39 "id": 1
40 }
41 ],
42
43// Enable connectivity with kea-dhcp-ddns
44// (Required for dynamic DNS updates)
45 "dhcp-ddns" : {
46 "enable-updates" : true,
47 "server-ip" : "192.0.2.0",
48 "server-port" : 3432,
49 "sender-ip" : "192.0.2.1",
50 "sender-port" : 3433,
51 "max-queue-size" : 2048,
52 "ncr-protocol" : "UDP",
53 "ncr-format" : "JSON"
54 },
55
56// Enable DDNS updates and configure DDNS update behavior
57 "ddns-send-updates" : true,
58 "ddns-override-no-update" : true,
59 "ddns-override-client-update" : true,
60 "ddns-replace-client-name" : "when-present",
61 "ddns-generated-prefix" : "test.prefix",
62 "ddns-qualifying-suffix" : "test.suffix.",
63 "ddns-update-on-renew" : false,
64 "ddns-conflict-resolution-mode": "check-with-dhcid",
65 "ddns-ttl-percent" : 0.75,
66 "hostname-char-set": "[^A-Za-z0-9.-]",
67 "hostname-char-replacement": "x",
68
69// The following configures logging. It assumes that messages with at
70// least informational level (info, warn, error and fatal) should be
71// logged to stdout.
72 "loggers": [
73 {
74 "name": "kea-dhcp4",
75 "output-options": [
76 {
77 "output": "stdout"
78 }
79 ],
80 "severity": "INFO"
81 }
82 ]
83}
84
85}
kea6
kea6/advanced.json
1// This is an example configuration file for DHCPv6 server in Kea.
2// It attempts to showcase some of the more advanced features.
3// Topology wise, it's a basic scenario with one IPv6 subnet configured.
4// It is assumed that one subnet (2001:db8:1::/64) is available directly
5// over eth0 interface.
6//
7// The following features are currently showcased here:
8// 1. Configuration of MAC/hardware address sources in DHCPv6
9// 2. RSOO (Relay supplied options) - Some relays may insert options with the
10// intention for the server to insert them into client directed messages.
11// 3. Control socket. Kea can open a socket and listen for incoming
12// commands.
13
14{ "Dhcp6":
15
16{
17 // Kea is told to listen on eth0 network interface only.
18 "interfaces-config": {
19 "interfaces": [ "eth0" ],
20
21 // This makes interfaces to be re-detected at each (re-)configuration.
22 // By default it is true.
23 "re-detect": true
24 },
25
26 // We need to specify the database used to store leases. As of
27 // June 2022, three database backends are supported: MySQL,
28 // PostgreSQL and the in-memory database, Memfile.
29 // We will use memfile because it doesn't require any prior set up.
30 "lease-database": {
31 "type": "memfile",
32 "lfc-interval": 3600
33 },
34
35 "sanity-checks": {
36 // This parameter determines what to do when a new lease appears in the
37 // system (i.e. either is read from disk during memfile startup or is
38 // added via lease commands). There are five modes supported:
39 // none - do nothing, accept them as is
40 // warn - if subnet-id problems are detected, print a warning, but
41 // otherwise load the lease as is. This is the default value.
42 // fix - attempt to fix the lease by finding appropriate subnet-id value.
43 // if there is no suitable subnet, the lease is loaded as is.
44 // fix-del - attempt to fix the lease by finding appropriate subnet-id
45 // value. If there is no suitable subnet, the lease is deleted.
46 // del - delete leases that have incorrect subnet-id values.
47 "lease-checks": "fix-del"
48 },
49
50 // Kea 0.9.1 introduced MAC/hardware addresses support in DHCPv6. There is
51 // no single reliable method of getting MAC address information in DHCPv6.
52 // Kea supports several methods. Depending on your network set up, some
53 // methods may be more preferable than others, hence the configuration
54 // parameter. 'mac-sources' is a list of methods. Allowed parameters are:
55 // any, raw, duid, ipv6-link-local, client-link-addr-option, rfc6939 (which
56 // is an alias for client-link-addr-option), remote-id, rfc4649 (which is an
57 // alias for remote-id, subscriber-id, rfc4580 (which is an alias for
58 // subscriber-id) and docsis.
59
60 // Note that the order matters. Methods are attempted one by one in the
61 // order specified until hardware address is obtained. If you don't care
62 // which method is used, using 'any' is marginally faster than enumerating
63 // them all.
64
65 // If mac-sources are not specified, a default value of 'any' is used.
66 "mac-sources": [ "client-link-addr-option", "duid", "ipv6-link-local" ],
67
68 // RFC6422 defines a mechanism called relay-supplied options option. The
69 // relay agent may insert certain options that the server will echo back to
70 // the client, if certain criteria are met. One condition is that the option
71 // must be RSOO-enabled (i.e. allowed to be echoed back). IANA maintains a
72 // list of those options here:
73 // http://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml#options-relay-supplied
74 // However, it is possible to allow the server to echo back additional
75 // options. This entry marks options 110, 120 and 130 as RSOO-enabled.
76 "relay-supplied-options": [ "110", "120", "130" ],
77
78 // This defines a control socket. If defined, Kea will open a UNIX socket
79 // and will listen for incoming commands. See section 15 of the Kea User's
80 // Guide for list of supported commands.
81 "control-socket": {
82 "socket-type": "unix",
83 "socket-name": "kea6-ctrl-socket"
84 },
85
86 // Addresses will be assigned with preferred and valid lifetimes
87 // being 3000 and 4000, respectively. Client is told to start
88 // renewing after 1000 seconds. If the server does not respond
89 // after 2000 seconds since the lease was granted, client is supposed
90 // to start REBIND procedure (emergency renewal that allows switching
91 // to a different server).
92 "preferred-lifetime": 3000,
93 "valid-lifetime": 4000,
94 "renew-timer": 1000,
95 "rebind-timer": 2000,
96
97 // The following list defines subnets. Each subnet consists of at
98 // least subnet and pool entries. Note the user-context being
99 // used throughout the definitions. This is something that is not
100 // being used by Kea, it's simply parsed and stored in appropriate
101 // structures. You can put anything you want in the user-context
102 // as long as it is a valid JSON and it starts with a map (i.e.
103 // is enclosed by curly brackets).
104 // A comment entry is translated into a user-context with a
105 // "comment" property so you can include comments inside the
106 // configuration itself.
107 "subnet6": [
108 {
109 "pools": [
110 {
111 "pool": "2001:db8:1::/80",
112
113 // This is user context specified for this particular
114 // pool. You can use it to describe the pool in some way.
115 // Just keep in mind that the structure will not be used
116 // by Kea itself. It will be made available to hooks if
117 // they want to use it.
118 "user-context": { "department": "engineering" }
119 }],
120
121 // Here's the user-context for the whole subnet.
122 "user-context": { "comment": "Floor one, west wing" },
123 // Equivalent using smart parser
124 // "comment": "Floor one, west wing",
125
126 // This defines PD (prefix delegation) pools. In this case
127 // we have only one pool. That consists of /64 prefixes
128 // being delegated out of large /48 pool. Each delegated
129 // prefix will contain an excluded-prefix option.
130 "pd-pools": [
131 {
132 "prefix": "2001:db8:abcd::",
133 "prefix-len": 48,
134 "delegated-len": 64,
135 "excluded-prefix": "2001:db8:abcd:0:1234::",
136 "excluded-prefix-len": 80,
137
138 // Another user-context for this PD pool. Again, you can put
139 // anything you want in there as long as it's valid JSON and
140 // starts with a map.
141 "user-context": {
142 "purpose": "For CPE devices"
143 }
144 }
145 ], // end of pools
146
147 "id": 1,
148 "subnet": "2001:db8:1::/64",
149 "interface": "eth0",
150
151 // Sometimes the relay may use an odd IPv6 address that's not matching
152 // the subnet. This is discouraged, but there are valid cases when it
153 // makes sense. One case is when the relay has only link-local address
154 // and another is when there is a shared subnet scenario.
155 "relay": {
156 "ip-addresses": [ "3000::1" ]
157 }
158 }
159 ],
160
161// The following configures logging. It assumes that messages with at
162// least informational level (info, warn, error and fatal) should be
163// logged to stdout.
164 "loggers": [
165 {
166 "name": "kea-dhcp6",
167 "output-options": [
168 {
169 "output": "stdout",
170 // Several additional parameters are possible in addition
171 // to the typical output. Flush determines whether logger
172 // flushes output to a file. Maxsize determines maximum
173 // filesize before the file is rotated. maxver
174 // specifies the maximum number of rotated files being
175 // kept.
176 "flush": true,
177 "maxsize": 204800,
178 "maxver": 4,
179 // We use pattern to specify custom log message layout
180 "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
181 }
182 ],
183 "debuglevel": 0,
184 "severity": "INFO"
185 }
186 ]
187}
188
189}
kea6/all-keys-netconf.json
1// WARNING: This example configuration is not meant for production use.
2// The Kea DHCPv6 server will refuse this configuration because it contains
3// mutually exclusive configuration parameters.
4//
5// The primary purpose of the example file is to provide a comprehensive
6// list of parameters supported by the Kea DHCPv6 server along with the brief
7// description of each parameter.
8//
9// This stable version is used for YANG, as we do not want to update code
10// and models each time a keyword is added to the syntax.
11{
12 // Kea DHCPv6 server configuration begins here.
13 "Dhcp6": {
14 // Global flag selecting an IP address allocation strategy for all
15 // subnets.
16 "allocator": "iterative",
17
18 // Global flag that enables or disables client address registration
19 // via ADDR-REG-INFORM packets (see RFC 9686). It defaults to true.
20 "allow-address-registration": true,
21
22 // Global flag selecting a delegated prefix allocation strategy
23 // for all subnets.
24 "pd-allocator": "random",
25
26 // Ordered list of client classes used by the DHCPv6 server.
27 "client-classes": [
28 {
29 // Class name.
30 "name": "phones_server1",
31
32 // Class-specific DHCPv6 options list.
33 "option-data": [],
34
35 // Class selection expression. The DHCP packet is assigned to this
36 // class when the given expression evaluates to true.
37 "test": "member('HA_server1')",
38
39 // Class valid lifetime.
40 "valid-lifetime": 6000,
41
42 // Class min valid lifetime.
43 "min-valid-lifetime": 4000,
44
45 // Class max valid lifetime.
46 "max-valid-lifetime": 8000,
47
48 // Class preferred lifetime.
49 "preferred-lifetime": 7000,
50
51 // Class min preferred lifetime.
52 "min-preferred-lifetime": 5000,
53
54 // Class max preferred lifetime.
55 "max-preferred-lifetime": 9000
56 },
57 {
58 // Second class name.
59 "name": "phones_server2",
60
61 // Class-specific DHCPv6 options list.
62 "option-data": [],
63
64 // Class selection expression. The DHCP packet is assigned to this
65 // class when the given expression evaluates to true.
66 "test": "member('HA_server2')"
67 },
68 {
69 // Third class name.
70 "name": "late",
71
72 // Boolean flag indicating whether the class expression is only evaluated
73 // when the class is required, e.g. the selected address pool configuration
74 // includes this class name in its "evaluate-additional-classes" list. The
75 // default value false means that the class test expression must
76 // always be evaluated.
77 "only-in-additional-list": true,
78
79 // Class selection expression.
80 "test": "member('ALL')"
81 },
82 {
83 // Fourth class name.
84 "name": "my-template-class",
85
86 // Template class flag that holds the expression used to generate the names for all
87 // the spawned subclasses. In this case, the classes are named after the client ID.
88 "template-test": "substring(option[1].hex, 0, all)"
89 }
90 ],
91
92 // Parameters for triggering behaviors compatible with broken or
93 // non-compliant clients, relays, or other agents
94 "compatibility": {
95 // Parse options more leniently where fields can be deduced
96 // deterministically, even if against RFC or common practice.
97 "lenient-option-parsing": true
98 },
99
100 // Command control socket configuration parameters for the Kea DHCPv6 server.
101 "control-sockets": [
102 {
103 // Control socket type used by the Kea DHCPv6 server.
104 // Must be unix, http or https.
105 "socket-type": "unix",
106
107 // Location of the UNIX domain socket file the DHCPv6
108 // server uses to receive control commands from the
109 // local server administrator.
110 "socket-name": "kea6-ctrl-socket"
111 },
112 {
113 // Control socket type used by the Kea DHCPv6 server.
114 // Must be unix, http or https.
115 "socket-type": "https",
116
117 // Address of the HTTPS socket the Kea DHCPv6 server should
118 // listen for incoming queries.
119 "socket-address": "::1",
120
121 // Port of the HTTPS socket the Kea DHCPv6 server
122 // should listen for incoming queries. If enabling HA
123 // and multi-threading, the 8000 port is used by the
124 // HA hook library http listener. When using HA hook
125 // library with multi-threading to function, make sure
126 // the port used by dedicated listener is different
127 // (e.g. 8001) than the one specified here. Note the
128 // commands should still be sent to a control socket.
129 // The dedicated listener is specifically for HA
130 // updates only.
131 "socket-port": 8006,
132
133 // TLS trust anchor (Certificate Authority). This is a
134 // file name or a directory path. Make sense with other
135 // TLS parameters only for the https control socket type.
136 "trust-anchor": "my-ca",
137
138 // TLS server certificate file name.
139 "cert-file": "my-cert",
140
141 // TLS server private key file name.
142 "key-file": "my-key",
143
144 // TLS require client certificates flag. Default is
145 // true and means require client certificates. False
146 // means they are optional.
147 "cert-required": true,
148
149 // Extra HTTP headers to add in responses.
150 "http-headers":
151 [
152 {
153 // Optional user context.
154 "user-context": { "comment": "HSTS header" },
155
156 // Required HTTP header name.
157 "name": "Strict-Transport-Security",
158
159 // Required HTTP header value.
160 "value": "max-age=31536000"
161 }
162 ],
163
164 // Optional authentication.
165 "authentication": {
166
167 // Required authentication type. The only
168 // supported value is basic for the basic HTTP
169 // authentication.
170 "type": "basic",
171
172 // An optional parameter is the basic HTTP
173 // authentication realm. Its default is
174 // "kea-dhcpv6-server"
175 "realm": "kea-dhcpv6-server",
176
177 // This optional parameter can be used to specify a common
178 // prefix for files handling client credentials.
179 "directory": "/usr/local/share/kea/kea-creds",
180
181 // This list specifies the user ids and passwords
182 // to use for basic HTTP authentication. If empty
183 // or not present any client is authorized.
184 "clients": [
185 // This specifies an authorized client.
186 {
187 // The user id must not be empty or
188 // contain the ':' character. It is a
189 // mandatory parameter.
190 "user": "admin",
191
192 // If password is not specified an empty
193 // password is used.
194 "password": "1234"
195 },
196
197 // This specifies a hidden client.
198 {
199 // The user id is the content of the
200 // file /usr/local/share/kea/kea-creds/hiddenu.
201 "user-file": "hiddenu",
202
203 // The password is the content of the
204 // file /usr/local/share/kea/kea-creds/hiddenp.
205 "password-file": "hiddenp"
206 },
207
208 // This specifies a hidden client using a
209 // secret in a file.
210 {
211 // The secret is the content of the file
212 // /usr/local/share/kea/kea-creds/hiddens which must be in
213 // the <user-id>:<password> format.
214 "password-file": "hiddens"
215 }
216 ]
217 }
218 }
219 ],
220
221 // Specifies a prefix to be prepended to the generated Client FQDN.
222 // It may be specified at the global, shared-network, and subnet levels.
223 "ddns-generated-prefix": "myhost",
224
225 // Boolean flag indicating whether the server should ignore DHCP client
226 // wishes to update DNS on its own. With that flag set to true,
227 // the server will send DNS updates for both forward and
228 // reverse DNS data. The default value is false, which indicates
229 // that the server will delegate a DNS update to the client when
230 // requested. It may be specified at the global, shared-network,
231 // and subnet levels.
232 "ddns-override-client-update": false,
233
234 // Boolean flag indicating whether the server should override the DHCP
235 // client's wish to not update the DNS. With this parameter
236 // set to true, the server will send a DNS update even when
237 // the client requested no update. It may be specified at the
238 // global, shared-network, and subnet levels.
239 "ddns-override-no-update": false,
240
241 // Suffix appended to the partial name sent to the DNS. The
242 // default value is an empty string, which indicates that no
243 // suffix is appended. It may be specified at the global,
244 // shared-network, and subnet levels.
245 "ddns-qualifying-suffix": "",
246
247 // Enumeration specifying whether the server should honor
248 // the hostname or Client FQDN sent by the client or replace
249 // this name. The acceptable values are: "never" (use the
250 // name the client sent), "always" (replace the name the
251 // client sent), "when-present" (replace the name the client
252 // sent, but do not generate one when the client didn't send
253 // the name), "when-not-present" (generate the name when
254 // client didn't send one, otherwise leave the name the
255 // client sent). The default value is "never". It may be
256 // specified at the global, shared-network, and subnet levels.
257 "ddns-replace-client-name": "never",
258
259 // Boolean flag which enables or disables DDNS updating. It
260 // defaults to true. It may be specified at the global, shared-
261 // network, and subnet levels. It works in conjunction with
262 // dhcp-ddns:enable-updates, which must be true to enable connectivity
263 // to kea-dhcp-ddns.
264 "ddns-send-updates": true,
265
266 // Boolean flag, which when true instructs the server to always
267 // update DNS when leases are renewed, even if the DNS information
268 // has not changed. The server's default behavior (i.e. flag is false)
269 // is to only update DNS if the DNS information has changed. It
270 // may be specified at the global, shared-network, and subnet levels.
271 "ddns-update-on-renew": true,
272
273 // Boolean flag which is passed to kea-dhcp-ddns with each DDNS
274 // update request, to indicate whether DNS update conflict
275 // resolution as described in RFC 4703 should be employed for the
276 // given update request. The default value for this flag is true.
277 // It may be specified at the global, shared-network, and subnet levels.
278 // This field has been replaced by ddns-conflict-resolution-mode.
279 // Parsing is maintained only for backwards compatibility.
280 // "ddns-use-conflict-resolution": true,
281
282 // Enumeration, which is passed to kea-dhcp-ddns with each DDNS
283 // update request to indicate the mode used for resolving conflicts
284 // while performing DDNS updates. The acceptable values are:
285 // check-with-dhcid (this includes adding a DHCID record and checking
286 // that record via conflict detection as per RFC 4703,
287 // no-check-with-dhcid (this will ignore conflict detection but add
288 // a DHCID record when creating/updating an entry),
289 // check-exists-with-dhcid (this will check if there is an existing
290 // DHCID record but does not verify the value of the record matches
291 // the update. This will also update the DHCID record for the entry),
292 // no-check-without-dhcid (this ignores conflict detection and will
293 // not add a DHCID record when creating/updating a DDNS entry).
294 // The default value is "check-with-dhcid". It may be
295 // specified at the global, shared-network and subnet levels.
296 "ddns-conflict-resolution-mode": "check-with-dhcid",
297
298 // When greater than 0.0, it is the percent of the lease's lifetime
299 // to use for the DNS TTL.
300 "ddns-ttl-percent": 0.75,
301
302 // When greater than 0 it will be used as the DNS TTL. Specified in seconds.
303 // Cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min or
304 // ddns-ttl-max. They are mutually exclusive.
305 // "ddns-ttl": 500,
306
307 // When greater than 0 it used as the lower boundary for calculated DNS TTL values.
308 // Specified in seconds.
309 "ddns-ttl-min": 24000,
310
311 // When greater than 0 it used as the upper boundary for calculated DNS TTL values.
312 // Specified in seconds.
313 "ddns-ttl-max": 64000,
314
315 // Time in seconds specifying how long a declined lease should be
316 // excluded from DHCP assignments. The default value is 24 hours.
317 "decline-probation-period": 86400,
318
319 // Name Change Request forwarding configuration for the Kea DHCPv6 server.
320 // NCRs are sent to the Kea D2 module to update DNS upon allocation of
321 // DHCP leases.
322 "dhcp-ddns": {
323 // Boolean flag indicating whether Kea DHCPv6 server should connect to
324 // kea-dhcp-ddns. This must be true for NCRs to be created and
325 // sent to kea-dhcp-ddns. By default, NCRs are not generated.
326 "enable-updates": false,
327
328 // Specifies maximum number of NCRs to queue waiting to be sent
329 // to the Kea D2 server.
330 "max-queue-size": 1024,
331
332 // Packet format to use when sending NCRs to the Kea D2 server.
333 // Currently, only JSON format is supported.
334 "ncr-format": "JSON",
335
336 // Socket protocol to use when sending NCRs to D2. Currently,
337 // only UDP is supported.
338 "ncr-protocol": "UDP",
339
340 // IP address that the Kea DHCPv6 server should use to send
341 // NCRs to D2. The default value of zero indicates that Kea
342 // should pick a suitable address.
343 "sender-ip": "::1",
344
345 // Port number that the Kea DHCPv6 server should use to send
346 // NCRs to D2. The default value of zero indicates that Kea
347 // should pick a suitable port.
348 "sender-port": 0,
349
350 // IP address on which D2 listens for NCRs.
351 "server-ip": "::1",
352
353 // Port number on which D2 listens for NCRs.
354 "server-port": 53001
355 },
356
357 // Specifies the first of the two consecutive ports of the UDP
358 // sockets used for communication between DHCPv6 and DHCPv4
359 // servers. See RFC 7341. (defaults to 0 - disabled).
360 // If enabled, use e.g. 786.
361 "dhcp4o6-port": 0,
362
363 // Collection of Kea DHCPv6 server parameters configuring how
364 // the server should process expired DHCP leases.
365 "expired-leases-processing": {
366 // Specifies the number of seconds since the last removal of
367 // the expired leases, when the next removal should occur.
368 // If both "flush-reclaimed-timer-wait-time" and
369 // "hold-reclaimed-time" are not 0, when the client sends a release
370 // message the lease is expired instead of being deleted from
371 // lease storage.
372 "flush-reclaimed-timer-wait-time": 25,
373
374 // Specifies the length of time in seconds to keep expired
375 // leases in the lease database (lease affinity).
376 // If both "flush-reclaimed-timer-wait-time" and
377 // "hold-reclaimed-time" are not 0, when the client sends a release
378 // message the lease is expired instead of being deleted from
379 // lease storage.
380 "hold-reclaimed-time": 3600,
381
382 // Specifies the maximum number of expired leases that can be
383 // processed in a single attempt to clean up expired leases
384 // from the lease database. If there are more
385 // expired leases, they will be processed during the next
386 // cleanup attempt.
387 "max-reclaim-leases": 100,
388
389 // Specifies the maximum time in milliseconds that a single attempt
390 // to clean up expired leases from the lease database may take.
391 "max-reclaim-time": 250,
392
393 // Specifies the length of time in seconds since the last attempt
394 // to process expired leases before initiating the next attempt.
395 "reclaim-timer-wait-time": 10,
396
397 // Specifies the maximum number of expired lease-processing cycles
398 // which didn't result in full cleanup of expired leases from the
399 // lease database, after which a warning message is issued.
400 "unwarned-reclaim-cycles": 5
401 },
402
403 // List of hook libraries and their specific configuration parameters
404 // to be loaded by Kea DHCPv4 server.
405 "hooks-libraries": [
406 {
407 // Location of the hook library to be loaded.
408 "library": "libdhcp_lease_cmds.so",
409
410 // Hook library-specific configuration parameters.
411 "parameters": { }
412 },
413 {
414 // The MySQL host backend hook library required for host storage.
415 "library": "libdhcp_mysql.so"
416 },
417 {
418 // The PostgreSQL host backend hook library required for host storage.
419 "library": "libdhcp_pgsql.so"
420 }
421 ],
422
423 // List of access credentials to external sources of IPv6 reservations,
424 "hosts-databases": [
425 {
426 // Name of the database to connect to.
427 "name": "keatest",
428
429 // Host on which the database resides.
430 "host": "localhost",
431
432 // Database password.
433 "password": "1234",
434
435 // Port on which the database is available.
436 "port": 3306,
437
438 // Type of database, e.g. "mysql", "postgresql".
439 "type": "mysql",
440
441 // Username to be used to access the database.
442 "user": "keatest",
443
444 // Read-only mode.
445 "readonly": false,
446
447 // The next entries are for OpenSSL support in MySQL.
448
449 // Trust anchor aka certificate authority file or directory.
450 "trust-anchor": "my-ca",
451
452 // Client certificate file name.
453 "cert-file": "my-cert",
454
455 // Private key file name.
456 "key-file": "my-key",
457
458 // Cipher list (see the OpenSSL ciphers command manual).
459 "cipher-list": "AES",
460
461 // Connection reconnect wait time.
462 // This parameter governs how long Kea waits before attempting
463 // to reconnect. Expressed in milliseconds. The default is 0
464 // (disabled) for MySQL and PostgreSQL.
465 "reconnect-wait-time": 3000,
466
467 // Connection maximum reconnect tries.
468 "max-reconnect-tries": 3,
469
470 // Action to take when connection recovery fails.
471 // Supported values: stop-retry-exit, serve-retry-exit,
472 // serve-retry-continue
473 "on-fail": "stop-retry-exit",
474
475 // Flag which indicates if the DB recovery should be attempted
476 // at server startup and on reconfiguration events.
477 "retry-on-startup": false,
478
479 // Connection connect timeout in seconds.
480 "connect-timeout": 100,
481
482 // Timeout of database read operations in seconds.
483 "read-timeout": 120,
484
485 // Timeout of database write operations in seconds.
486 "write-timeout": 180
487 },
488 {
489 // Name of the database to connect to.
490 "name": "keatest",
491
492 // Host on which the database resides.
493 "host": "localhost",
494
495 // Database password.
496 "password": "1234",
497
498 // Port on which the database is available.
499 "port": 5432,
500
501 // Type of database, e.g. "mysql", "postgresql".
502 "type": "postgresql",
503
504 // Username to be used to access the database.
505 "user": "keatest",
506
507 // TCP user timeout while communicating with the database.
508 // It is specified in seconds.
509 "tcp-user-timeout": 100,
510
511 // Trust anchor aka certificate authority file or directory.
512 "trust-anchor": "my-ca",
513
514 // Client certificate file name.
515 "cert-file": "my-cert",
516
517 // Private key file name.
518 "key-file": "my-key",
519
520 // SSL mode.
521 "ssl-mode": "verify-ca"
522 }
523 ],
524
525 // List of host reservation identifier types to be used by the
526 // Kea DHCPv6 server to fetch static reservations for
527 // DHCP clients. All identifiers are used by default, which
528 // means that the server will issue multiple queries to the
529 // database to find if there is a reservation for a particular
530 // client. If a particular deployment uses only a subset, e.g.
531 // one identifier type, this identifier should be only listed
532 // here to prevent unnecessary queries to the database.
533 "host-reservation-identifiers": [
534 "hw-address",
535 "duid",
536 "flex-id"
537 ],
538
539 // Specifies configuration of interfaces on which the Kea DHCPv6
540 // server is listening to the DHCP queries.
541 "interfaces-config": {
542 // Specifies a list of interfaces on which the Kea DHCPv6
543 // server should listen to DHCP requests.
544 "interfaces": [
545 "eth0"
546 ],
547
548 // Boolean flag indicating whether the available interfaces should
549 // be re-detected upon server reconfiguration. The default value
550 // is true, which means that the interfaces are always
551 // re-detected.
552 "re-detect": true,
553
554 // Kea tries to bind the service sockets during initialization, but it may
555 // fail due to a port being already opened or a misconfiguration. Kea can
556 // suppress these errors and only log them. This flag prevents starting
557 // the DHCP server without binding all sockets. If unspecified, it
558 // defaults to false.
559 "service-sockets-require-all": true,
560
561 // Kea tries to bind the service sockets during initialization. This
562 // option specifies how many times binding to interface will be retried.
563 // The default value is 0, which means that the operation will not be
564 // repeated.
565 "service-sockets-max-retries": 5,
566
567 // The time interval in milliseconds to wait before the next attempt to
568 // retry opening a service socket.
569 "service-sockets-retry-wait-time": 5000
570 },
571
572 // Boolean parameter which controls whether an early global host
573 // reservations lookup should be performed. This lookup takes place
574 // before subnet selection and when a global reservation is found
575 // with some client classes, it triggers a second phase classification.
576 // It can also be used to drop queries using host reservations as a
577 // decision table indexed by reservation identifiers.
578 "early-global-reservations-lookup": true,
579
580 // Boolean parameter which controls the DHCP server's behavior with respect
581 // to creating host reservations for the same IP address or delegated
582 // prefix. By default this flag is set to true in which case the server
583 // prevents creation of multiple host reservations for the same IP address
584 // or delegated prefix. When this parameter is set to false, the server
585 // allows for creating multiple reservations for the same IP address or
586 // delegated prefix within a subnet. This setting is useful in deployments
587 // in which a given host may be communicating with a DHCP server over
588 // multiple interfaces and depending on the chosen interface different
589 // MAC address (or other identifier) will be used to identify the host.
590 // Note that some host backends do not support the mode in which multiple
591 // reservations for the same IP address or delegated prefix are used.
592 // If these backends are in use and this setting is attempted a
593 // configuration error will occur. The MySQL and PostgreSQL backends do
594 // support this mode.
595 "ip-reservations-unique": true,
596
597 // Boolean parameter which controls whether host reservations lookup
598 // should be performed before lease lookup. This parameter has effect
599 // only when multi-threading is disabled. When multi-threading is
600 // enabled, host reservations lookup is always performed first to avoid
601 // lease-lookup resource locking.
602 "reservations-lookup-first": true,
603
604 // Specifies credentials to access lease database.
605 "lease-database": {
606 // memfile backend-specific parameter specifying the interval
607 // in seconds at which the lease file should be cleaned up (outdated
608 // lease entries are removed to prevent the lease file from growing
609 // infinitely).
610 "lfc-interval": 3600,
611
612 // Maximum number of lease-file read errors allowed before
613 // loading the file is abandoned. Defaults to 0 (no limit).
614 "max-row-errors": 100,
615
616 // Name of the lease file. In the case of a database it specifies the
617 // database name.
618 "name": "kea-leases6.csv",
619
620 // memfile-specific parameter indicating whether leases should
621 // be saved on persistent storage (disk) or not. The true value
622 // is the default and it indicates that leases are stored in
623 // persistent storage. This setting must be used in production.
624 // The false value should only be used for testing purposes
625 // because non-stored leases will be lost upon Kea server restart.
626 "persist": true,
627
628 // Lease database backend type, i.e. "memfile", "mysql" or
629 // "postgresql".
630 "type": "memfile"
631 },
632
633 // List of parameters indicating how the client's MAC address can be
634 // inferred from the DHCP query. Supported values are listed in the
635 // Kea Administrator Reference Manual.
636 "mac-sources": [ "duid" ],
637
638 // List of global DHCP options that the Kea DHCPv6 server assigns to
639 // clients.
640 "option-data": [
641 {
642 // Boolean flag indicating whether the given option is always
643 // sent in response or only when requested. The default
644 // value of false indicates that it is only sent when
645 // requested.
646 "always-send": false,
647
648 // An optional list of classes for which this option applies.
649 // If the the client matches any of the classes in this list the
650 // option will be applied. If the list is empty or is
651 // omitted this option will be applied regardless of class
652 // membership.
653 "client-classes": [ "class1", "class2" ],
654
655 // Option code. It is not required if the option name is
656 // provided.
657 "code": 23,
658
659 // Boolean value indicating whether the option data specified
660 // in the "data" field is specified as a string of hexadecimal
661 // digits or in human-readable CSV format.
662 "csv-format": true,
663
664 // Option data to be stored in the option payload.
665 "data": "2001:db8:2::45, 2001:db8:2::100",
666
667 // Option name. It is not required if the option code is
668 // provided.
669 "name": "dns-servers",
670
671 // Boolean flag indicating whether the given option is never
672 // sent in response. The default value of false indicates
673 // that it is sent when it should be. When true, the option
674 // is not sent despite any other setting, i.e. it is
675 // a final flag.
676 "never-send": false,
677
678 // Option space. The default is the "dhcp6" option space which
679 // groups top-level DHCPv6 options.
680 "space": "dhcp6"
681 }
682 ],
683
684 // List of global option definitions, i.e. option formats, that the
685 // Kea DHCPv6 server is using.
686 "option-def": [
687 {
688 // Boolean flag indicating whether the option definition comprises
689 // an array of values of some type, e.g. an array of IPv6 addresses.
690 // The default value of false means that the option does not
691 // comprise an array of values.
692 "array": false,
693
694 // Option code.
695 "code": 6,
696
697 // Holds a name of the option space encapsulated by this option.
698 // All options that belong to this option space will be sent
699 // as sub-options of this option. An empty string means that this
700 // option doesn't encapsulate any option.
701 "encapsulate": "",
702
703 // Option name.
704 "name": "my-option",
705
706 // Specifies the types of fields within the option if the option
707 // is said to be a "record" (see "type"). In this particular example
708 // this option comprises two fields, 1 byte and 2 bytes long.
709 "record-types": "uint8, uint16",
710
711 // Name of the option space to which this option belongs.
712 "space": "my-space",
713
714 // Option type. All possible types are listed in the Kea
715 // Administrator Reference Manual.
716 "type": "record"
717 }
718 ],
719
720 // Global value which limits the number of client packets (e.g.
721 // REQUESTs,RENEWs...) that may be parked while waiting for
722 // hook library work to complete, prior to a response (e.g. REPLY)
723 // being sent back to the client. A typical example is when kea-dhcp6
724 // parks a REQUEST while it sends the lease update(s) to its
725 // HA peer(s). The packet is unparked once the update(s) have been
726 // acknowledged. This value limits the number of packets that can
727 // be held pending the updates. In times of heavy client traffic,
728 // this value can keep kea-dhcp6 from building an insurmountable
729 // backlog of updates.
730 "parked-packet-limit": 256,
731
732 // Global (default) value of the preferred lifetime.
733 "preferred-lifetime": 50,
734
735 // Global min value of the preferred lifetime.
736 "min-preferred-lifetime": 40,
737
738 // Global max value of the preferred lifetime.
739 "max-preferred-lifetime": 60,
740
741 // Global value for the rebind timer, i.e. the time after which the
742 // DHCP client enters the rebind state if it fails to renew the lease.
743 "rebind-timer": 40,
744
745 // List of relay supplied option codes. See RFC 6422.
746 "relay-supplied-options": [ "110", "120", "130" ],
747
748 // Global value for the renew timer, i.e. the time after which the
749 // DHCP client renews the lease.
750 "renew-timer": 30,
751
752 // Global value to store extended information (e.g. relay agent
753 // information) with each lease.
754 "store-extended-info": true,
755
756 // Statistics keep some samples per observation point.
757 // There are two default values: maximum count and maximum age.
758 // Setting the maximum count to zero disables it.
759 "statistic-default-sample-count": 0,
760
761 // When the maximum count is 0 the maximum age (in seconds) applies.
762 "statistic-default-sample-age": 60,
763
764 // Multi-threading parameters.
765 "multi-threading": {
766 // By default, Kea processes packets on multiple threads if the hardware permits.
767 "enable-multi-threading": true,
768
769 // When multi-threading is enabled, Kea will process packets on a
770 // number of multiple threads configurable through this option. The
771 // value must be a positive integer (0 means auto-detect).
772 "thread-pool-size": 0,
773
774 // When multi-threading is enabled, Kea will read packets from the
775 // interface and append a working item to the thread pool. This
776 // option configures the maximum number of items that can be queued.
777 // The value must be a positive integer (0 means unlimited).
778 "packet-queue-size": 0
779 },
780
781 // Governs how the Kea DHCPv6 server should deal with invalid
782 // data received from the client.
783 "sanity-checks": {
784 // Specifies how the Kea DHCPv6 server should behave when invalid
785 // data is read for a lease from the lease file. The following
786 // values are supported: "none" (don't attempt to correct the
787 // lease information), "warn" (print a warning for subnet-id
788 // related inconsistencies), "fix" (correct the subnet id by
789 // trying to find the suitable subnet), "fix-del" (similar
790 // to "fix" but delete the lease if no suitable subnet found),
791 // "del" (delete the lease if the lease has invalid subnet
792 // identifier value).
793 "lease-checks": "warn",
794
795 // Specifies how Kea DHCPv4 server should behave when invalid
796 // extended info is read for a lease from the lease file, or
797 // whether to upgrade from the old format. The following values
798 // are supported: "none" (don't attempt to correct or upgrade
799 // the extended info), "fix" (fix common inconsistencies and
800 // upgrade from the old format; this is the default), "strict"
801 // (fix inconsistencies with an impact on Leasequery),
802 // "pedantic" (enforce full Kea code format).
803 "extended-info-checks": "fix"
804 },
805
806 // Custom DUID used by the DHCPv6 server.
807 "server-id": {
808 // Type of the DUID. Possible values are "LLT", "EN", and "LL".
809 "type": "EN",
810
811 // Enterprise id used for "EN" duid.
812 "enterprise-id": 2495,
813
814 // Identifier part of the DUID.
815 "identifier": "0123456789",
816
817 // Boolean flag indicating whether the DUID should be persisted on
818 // disk.
819 "persist": false
820 },
821
822 // List of shared networks used by the Kea DHCPv6 server. The shared
823 // networks group subnets together.
824 "shared-networks": [
825 {
826 // A flag selecting an IP address allocation strategy for all
827 // subnets in this shared network.
828 "allocator": "random",
829
830 // A flag selecting a delegated prefix allocation strategy for
831 // all subnets in this shared network.
832 "pd-allocator": "iterative",
833
834 // Restricts this shared network to allow only clients
835 // that belong to at least one class in this list. If omitted
836 // or an empty list is provided, no restriction is applied.
837 "client-classes": [],
838
839 // Shared-network level value. See description at the global level.
840 "ddns-generated-prefix": "myhost",
841
842 // Shared-network level value. See description at the global level.
843 "ddns-override-client-update": false,
844
845 // Shared-network level value. See description at the global level.
846 "ddns-override-no-update": false,
847
848 // Shared-network level value. See description at the global level.
849 "ddns-qualifying-suffix": "",
850
851 // Shared-network level value. See description at the global level.
852 "ddns-replace-client-name": "never",
853
854 // Shared-network level value. See description at the global level.
855 "ddns-send-updates": true,
856
857 // Shared-network level value. See description at the global level.
858 "ddns-update-on-renew": true,
859
860 // Shared-network level value. See description at the global level.
861 // This field has been replaced by ddns-conflict-resolution-mode.
862 // Parsing is maintained only for backwards compatibility.
863 // "ddns-use-conflict-resolution": true,
864
865 // Shared-network level value. See description at the global level.
866 "ddns-conflict-resolution-mode": "check-with-dhcid",
867
868 // Shared-network level value. See description at the global level.
869 "ddns-ttl-percent": 0.65,
870
871 // Shared-network level value. See description at the global level.
872 // Cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min or
873 // ddns-ttl-max. They are mutually exclusive.
874 // "ddns-ttl": 500,
875
876 // Shared-network level value. See description at the global level.
877 "ddns-ttl-min": 10000,
878
879 // Shared-network level value. See description at the global level.
880 "ddns-ttl-max": 20000,
881
882 // Shared-network level value. See description at the global level.
883 "hostname-char-replacement": "x",
884
885 // Shared-network level value. See description at the global level.
886 "hostname-char-set": "[^A-Za-z0-9.-]",
887
888 // Specifies that this shared network is selected for
889 // requests received on a particular interface.
890 "interface": "eth0",
891
892 // Specifies the content of the interface-id option used
893 // by relays to identify the interface on the relay to
894 // which the response is sent.
895 "interface-id": "",
896
897 // Shared network name.
898 "name": "my-secret-network",
899
900 // List of shared network-specific DHCP options.
901 "option-data": [],
902
903 // Shared network-specific (default) preferred lifetime.
904 "preferred-lifetime": 2000,
905
906 // Shared network-specific min preferred lifetime.
907 "min-preferred-lifetime": 1500,
908
909 // Shared network-specific ma xpreferred lifetime.
910 "max-preferred-lifetime": 2500,
911
912 // Boolean flag indicating whether the server can respond to
913 // a Solicit message including a Rapid Commit option with
914 // the Reply message (See DHCPv6 rapid commit).
915 "rapid-commit": false,
916
917 // List of IPv6 relay addresses for which this shared
918 // network is selected.
919 "relay": {
920 "ip-addresses": []
921 },
922
923 // Shared-network level rebind timer.
924 "rebind-timer": 41,
925
926 // Shared-network level renew timer.
927 "renew-timer": 31,
928
929 // Shared-network level compute T1 and T2 timers.
930 "calculate-tee-times": true,
931
932 // T1 = valid lifetime * .5.
933 "t1-percent": .5,
934
935 // T2 = valid lifetime * .75.
936 "t2-percent": .75,
937
938 // Cache threshold = valid lifetime * .25.
939 "cache-threshold": .25,
940
941 // Cache maximum: when the client last-transmission time
942 // is close enough, the lease is not renewed and the current
943 // lease is returned as it was "cached".
944 "cache-max-age": 1000,
945
946 // Adaptive lease time threshold (1.0 is disabled).
947 "adaptive-lease-time-threshold": 0.8,
948
949 // Specify whether the server should look up global reservations.
950 "reservations-global": false,
951
952 // Specify whether the server should look up in-subnet reservations.
953 "reservations-in-subnet": true,
954
955 // Specify whether the server can assume that all reserved addresses
956 // are out-of-pool.
957 // Ignored when reservations-in-subnet is false.
958 // If specified, it is inherited by "subnet6" levels.
959 "reservations-out-of-pool": false,
960
961 // List of client classes which must be evaluated when this shared
962 // network is selected for client assignments.
963 "evaluate-additional-classes": [ "late" ],
964
965 // Turn off storage of extended information (e.g. relay agent
966 // information) with each lease for this shared network.
967 "store-extended-info": false,
968
969 // List of IPv6 subnets belonging to this shared network.
970 "subnet6": [
971 {
972 // A flag selecting an IP address allocation strategy for
973 // the subnet.
974 "allocator": "iterative",
975
976 // A flag selecting a delegated prefix allocation strategy
977 // for the subnet.
978 "pd-allocator": "iterative",
979
980 // Restricts this subnet to allow only clients
981 // that belong to at least one class in this list. If omitted
982 // or an empty list is provided, no restriction is applied.
983 "client-classes": [],
984
985 // Subnet-level value. See description at the global level.
986 "ddns-generated-prefix": "myhost",
987
988 // Subnet-level value. See description at the global level.
989 "ddns-override-client-update": false,
990
991 // Subnet-level value. See description at the global level.
992 "ddns-override-no-update": false,
993
994 // Subnet-level value. See description at the global level.
995 "ddns-qualifying-suffix": "",
996
997 // Subnet-level value. See description at the global level.
998 "ddns-replace-client-name": "never",
999
1000 // Subnet-level value. See description at the global level.
1001 "ddns-send-updates": true,
1002
1003 // Subnet-level value. See description at the global level.
1004 "ddns-update-on-renew": true,
1005
1006 // Subnet-level value. See description at the global level.
1007 // This field has been replaced by ddns-conflict-resolution-mode.
1008 // Parsing is maintained only for backwards compatibility.
1009 // "ddns-use-conflict-resolution": true,
1010
1011 // Subnet-level value. See description at the global level.
1012 "ddns-conflict-resolution-mode": "check-with-dhcid",
1013
1014 // Subnet-level value. See description at the global level.
1015 // "ddns-ttl-percent": 0.55,
1016
1017 // "ddns-ttl": 0,
1018 // Cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min or
1019 // ddns-ttl-max. They are mutually exclusive.
1020 "ddns-ttl": 500,
1021
1022 // Subnet-level value. See description at the global level.
1023 // "ddns-ttl-min": 10000,
1024
1025 // Subnet-level value. See description at the global level.
1026 // "ddns-ttl-max": 20000,
1027
1028 // Subnet-level value. See description at the global level.
1029 "hostname-char-replacement": "x",
1030
1031 // Subnet-level value. See description at the global level.
1032 "hostname-char-set": "[^A-Za-z0-9.-]",
1033
1034 // Subnet unique identifier.
1035 "id": 1,
1036
1037 // Specifies that this subnet is selected for requests
1038 // received on a particular interface.
1039 "interface": "eth0",
1040
1041 // Specifies the content of the interface-id option used
1042 // by relays to identify the interface on the relay to
1043 // which the response is sent.
1044 "interface-id": "",
1045
1046 // Turn on storage of extended information (e.g. relay agent
1047 // information) with each lease for this subnet.
1048 "store-extended-info": true,
1049
1050 // Subnet-level list of DHCP options.
1051 "option-data": [
1052 {
1053 // Boolean flag indicating whether the particular option
1054 // should be always sent or sent only when requested.
1055 "always-send": false,
1056
1057 // An optional list of classes for which this option applies.
1058 // If the the client matches any of the classes in this list the
1059 // option will be applied. If the list is empty or is
1060 // omitted this option will be applied regardless of class
1061 // membership.
1062 "client-classes": [],
1063
1064 // Option code.
1065 "code": 7,
1066
1067 // Boolean flag indicating whether the option value specified
1068 // in "data" is a string of hexadecimal values or human-readable
1069 // CSV value.
1070 "csv-format": false,
1071
1072 // Option data to be included in the option payload.
1073 "data": "0xf0",
1074
1075 // Option name.
1076 "name": "preference",
1077
1078 // Boolean flag indicating whether the given option is never
1079 // sent in response.
1080 "never-send": false,
1081
1082 // Option space. The default value "dhcp6" designates the
1083 // top level option space.
1084 "space": "dhcp6"
1085 }
1086 ],
1087
1088 // List of pools from which delegated prefixes are assigned to the
1089 // clients.
1090 "pd-pools": [
1091 {
1092 // Restricts this prefix pool subnet to allow only clients
1093 // that belong to at least one class in this list. If omitted
1094 // or an empty list is provided, no restriction is applied.
1095 "client-classes": [ "phones_server1" ],
1096
1097 // Length of prefixes delegated to clients.
1098 "delegated-len": 64,
1099
1100 // Excluded prefix (address) from client assignments.
1101 "excluded-prefix": "2001:db8:1::",
1102
1103 // Excluded prefix (length) from client assignments.
1104 "excluded-prefix-len": 72,
1105
1106 // Prefix pool level list of DHCP options.
1107 "option-data": [],
1108
1109 // Prefix range (address) used for client assignments.
1110 "prefix": "2001:db8:1::",
1111
1112 // Prefix range (length) used for client assignments.
1113 "prefix-len": 48,
1114
1115 // List of client classes which must be evaluated
1116 // when this prefix pool is selected for client assignments.
1117 "evaluate-additional-classes": [],
1118
1119 // PD-pool identifier used to enable statistics for this pd-pool.
1120 // The pd-pool ID does not need to be unique within the subnet
1121 // or across subnets.
1122 // If not unconfigured, it defaults to 0. The statistics
1123 // regarding this pd-pool will be combined with the other statistics
1124 // of all other pd-pools with the same pd-pool ID in this subnet.
1125 "pool-id": 1
1126 },
1127 {
1128 // Length of prefixes delegated to clients.
1129 "delegated-len": 64,
1130
1131 // Prefix range (address) used for client assignments.
1132 "prefix": "2001:db8:2::",
1133
1134 // Prefix range (length) used for client assignments.
1135 "prefix-len": 48
1136 }
1137 ],
1138
1139 // List of IP address pools belonging to the subnet.
1140 "pools": [
1141 {
1142 // Restricts this pool subnet to allow only clients
1143 // that belong to at least one class in this list. If omitted
1144 // or an empty list is provided, no restriction is applied.
1145 "client-classes": [ "phones_server1" ],
1146
1147 // Pool-level list of DHCP options.
1148 "option-data": [],
1149
1150 // Address range used for client assignments.
1151 "pool": "2001:db8:0:1::/64",
1152
1153 // List of client classes which must be evaluated when this pool
1154 // is selected for client assignments.
1155 "evaluate-additional-classes": [ "late" ],
1156
1157 // Pool-level value. See description at the global level.
1158 "ddns-generated-prefix": "mypool",
1159
1160 // Pool-level value. See description at the global level.
1161 "ddns-override-client-update": false,
1162
1163 // Pool-level value. See description at the global level.
1164 "ddns-override-no-update": false,
1165
1166 // Pool-level value. See description at the global level.
1167 "ddns-qualifying-suffix": "pool.example.com.",
1168
1169 // Pool-level value. See description at the global level.
1170 "ddns-replace-client-name": "always",
1171
1172 // Pool-level value. See description at the global level.
1173 "ddns-send-updates": true,
1174
1175 // Pool-level value. See description at the global level.
1176 "ddns-update-on-renew": false,
1177
1178 // Pool-level value. See description at the global level.
1179 "ddns-conflict-resolution-mode": "check-with-dhcid",
1180
1181 // Pool-level value. See description at the global level.
1182 "ddns-ttl-percent": 0.55,
1183
1184 // Pool-level value. See description at the global level.
1185 // You cannot specify both ddns-ttl and any of ddns-ttl-percent,
1186 // ddns-ttl-min, or ddns-ttl-max. They are mutually exclusive.
1187 // "ddns-ttl": 500,
1188
1189 // Pool-level value. See description at the global level.
1190 "ddns-ttl-min": 10000,
1191
1192 // Pool-level value. See description at the global level.
1193 "ddns-ttl-max": 20000,
1194
1195 // Pool-level value. See description at the global level.
1196 "hostname-char-replacement": "x",
1197
1198 // Pool-level value. See description at the global level.
1199 "hostname-char-set": "[^A-Za-z0-9.-]"
1200 },
1201 {
1202 // Restricts this pool subnet to allow only clients
1203 // that belong to at least one class in this list. If omitted
1204 // or an empty list is provided, no restriction is applied.
1205 "client-classes": [ "phones_server2" ],
1206
1207 // Pool-level list of DHCP options.
1208 "option-data": [],
1209
1210 // Address range used for client assignments.
1211 "pool": "2001:db8:0:3::/64",
1212
1213 // List of client classes which must be evaluated when this pool
1214 // is selected for client assignments.
1215 "evaluate-additional-classes": [],
1216
1217 // Pool identifier used to enable statistics for this pool.
1218 // The pool ID does not need to be unique within the subnet
1219 // or across subnets.
1220 // If not unconfigured, it defaults to 0. The statistics
1221 // regarding this pool will be combined with the other statistics
1222 // of all other pools with the same pool ID in this subnet.
1223 "pool-id": 1
1224 }
1225 ],
1226
1227 // Subnet specific (default) preferred lifetime.
1228 "preferred-lifetime": 2000,
1229
1230 // Subnet specific min preferred lifetime.
1231 "min-preferred-lifetime": 1500,
1232
1233 // Subnet specific max referred lifetime.
1234 "max-preferred-lifetime": 2500,
1235
1236 // Boolean flag indicating whether the server can respond to
1237 // a Solicit message including a Rapid Commit option with
1238 // the Reply message (See DHCPv6 rapid commit).
1239 "rapid-commit": false,
1240
1241 // Subnet-level value of the rebind timer.
1242 "rebind-timer": 40,
1243
1244 // List of IPv6 relay addresses for which this subnet is selected.
1245 "relay": {
1246 "ip-addresses": [
1247 "2001:db8:0:f::1"
1248 ]
1249 },
1250
1251 // Subnet-level renew timer.
1252 "renew-timer": 30,
1253
1254 // Specify whether the server should look up global reservations.
1255 "reservations-global": false,
1256
1257 // Specify whether the server should look up in-subnet reservations.
1258 "reservations-in-subnet": true,
1259
1260 // Specify whether the server can assume that all reserved
1261 // addresses are out-of-pool.
1262 // Ignored when reservations-in-subnet is false.
1263 "reservations-out-of-pool": false,
1264
1265 // Subnet-level compute T1 and T2 timers.
1266 "calculate-tee-times": true,
1267
1268 // T1 = valid lifetime * .5.
1269 "t1-percent": .5,
1270
1271 // T2 = valid lifetime * .75.
1272 "t2-percent": .75,
1273
1274 // Cache threshold = valid lifetime * .25.
1275 "cache-threshold": .25,
1276
1277 // Subnet-level cache maximum.
1278 "cache-max-age": 1000,
1279
1280 // Adaptive lease time threshold (1.0 is disabled).
1281 "adaptive-lease-time-threshold": 0.8,
1282
1283 // List of static IPv6 reservations assigned to clients belonging
1284 // to this subnet. For a detailed example, see reservations.json.
1285 "reservations": [
1286 {
1287 // Identifier used for client matching. Supported values are
1288 // "duid", "hw-address" and "flex-id".
1289 "duid": "01:02:03:04:05:06:07:08:09:0A",
1290
1291 // List of reserved IPv6 addresses.
1292 "ip-addresses": [ "2001:db8:1:cafe::1" ],
1293
1294 // List of reserved IPv6 prefixes.
1295 "prefixes": [ "2001:db8:2:abcd::/64" ],
1296
1297 // List of excluded IPv6 prefixes.
1298 "excluded-prefixes": [ "2001:db8:2:abcd:1::/80" ],
1299
1300 // Reserved hostname.
1301 "hostname": "foo.example.com",
1302
1303 // Reservation-specific option data.
1304 "option-data": [
1305 {
1306 // Option name.
1307 "name": "vendor-opts",
1308
1309 // Option value.
1310 "data": "4491"
1311 }
1312 ]
1313 }
1314 ],
1315
1316 // List of client classes which must be evaluated when this subnet
1317 // is selected for client assignments.
1318 "evaluate-additional-classes": [ "late" ],
1319
1320 // Subnet prefix.
1321 "subnet": "2001:db8::/32",
1322
1323 // Subnet-level (default) valid lifetime.
1324 "valid-lifetime": 6000,
1325
1326 // Subnet-level min valid lifetime.
1327 "min-valid-lifetime": 4000,
1328
1329 // Subnet-level max valid lifetime.
1330 "max-valid-lifetime": 8000
1331 }
1332 ],
1333
1334 // Shared-network level (default) valid lifetime.
1335 "valid-lifetime": 6001,
1336
1337 // Shared-network level min valid lifetime.
1338 "min-valid-lifetime": 4001,
1339
1340 // Shared-network level max valid lifetime.
1341 "max-valid-lifetime": 8001
1342 }
1343 ],
1344
1345 // List of IPv6 subnets which don't belong to any shared network.
1346 "subnet6": [],
1347
1348 // Global valid lifetime value.
1349 "valid-lifetime": 6000,
1350
1351 // Global min valid lifetime value.
1352 "min-valid-lifetime": 4000,
1353
1354 // Global max valid lifetime value.
1355 "max-valid-lifetime": 8000,
1356
1357 // Reservations (examples are in other files).
1358 "reservations": [],
1359
1360 // Configuration control (currently not used, i.e. this syntax
1361 // is already defined but the corresponding feature is not implemented).
1362 "config-control": {
1363 // Only the configuration databases entry is defined.
1364 "config-databases": [
1365 {
1366 // Name of the database to connect to.
1367 "name": "config",
1368
1369 // Type of database, e.g. "mysql", "postgresql".
1370 "type": "mysql"
1371 }
1372 ],
1373 // Interval between attempts to fetch configuration updates
1374 // via the configuration backends used.
1375 "config-fetch-wait-time": 30
1376 },
1377
1378 // Server tag.
1379 "server-tag": "my DHCPv6 server",
1380
1381 // DHCP queue-control parameters.
1382 "dhcp-queue-control": {
1383 // Enable queue is mandatory.
1384 "enable-queue": true,
1385
1386 // Queue type is mandatory.
1387 "queue-type": "kea-ring6",
1388
1389 // Capacity is optional.
1390 "capacity": 64
1391 },
1392
1393 // Specify whether the server should look up global reservations.
1394 "reservations-global": false,
1395
1396 // Specify whether the server should look up in-subnet reservations.
1397 "reservations-in-subnet": true,
1398
1399 // Specify whether the server can assume that all reserved addresses
1400 // are out-of-pool.
1401 // Ignored when reservations-in-subnet is false.
1402 // If specified, it is inherited by "shared-networks" and
1403 // "subnet6" levels.
1404 "reservations-out-of-pool": false,
1405
1406 // Global compute T1 and T2 timers.
1407 "calculate-tee-times": true,
1408
1409 // T1 = valid lifetime * .5.
1410 "t1-percent": .5,
1411
1412 // T2 = valid lifetime * .75.
1413 "t2-percent": .75,
1414
1415 // Cache threshold = valid lifetime * .25.
1416 "cache-threshold": .25,
1417
1418 // Global cache maximum.
1419 "cache-max-age": 1000,
1420
1421 // Adaptive lease time threshold (1.0 is disabled)
1422 "adaptive-lease-time-threshold": 0.8,
1423
1424 // String of zero or more characters with which to replace each
1425 // invalid character in the Client FQDN. The default
1426 // value is an empty string, which will cause invalid characters
1427 // to be omitted rather than replaced.
1428 "hostname-char-replacement": "x",
1429
1430 // Regular expression describing the invalid character set in
1431 // the Client FQDN.
1432 "hostname-char-set": "[^A-Za-z0-9.-]",
1433
1434 // List of loggers used by the servers using this configuration file.
1435 "loggers": [
1436 {
1437 // Debug level, a value between 0..99. The greater the value
1438 // the more detailed the debug log.
1439 "debuglevel": 99,
1440
1441 // Name of the logger.
1442 "name": "kea-dhcp6",
1443
1444 // Configures how the log should be output.
1445 "output-options": [
1446 {
1447 // Determines whether the log should be flushed to a file.
1448 "flush": true,
1449
1450 // Specifies maximum filesize before the file is rotated.
1451 "maxsize": 10240000,
1452
1453 // Specifies the maximum number of rotated files to be kept.
1454 "maxver": 1,
1455
1456 // Specifies the logging destination.
1457 "output": "stdout",
1458
1459 // Specifies log entry content
1460 "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
1461 }
1462 ],
1463
1464 // Specifies logging severity, i.e. "ERROR", "WARN", "INFO", "DEBUG".
1465 "severity": "INFO"
1466 }
1467 ],
1468
1469 // Look at advanced examples for the use of user-contexts.
1470 "user-context": { }
1471 }
1472}
kea6/all-keys.json
1// WARNING: This example configuration is not meant for production use.
2// The Kea DHCPv6 server will refuse this configuration because it contains
3// mutually exclusive configuration parameters.
4//
5// The primary purpose of the example file is to provide a comprehensive
6// list of parameters supported by the Kea DHCPv6 server along with the brief
7// description of each parameter.
8//
9// This current version should be up to date, i.e. new keywords should be
10// added in this file at the same time as in the parser specification.
11{
12 // Kea DHCPv6 server configuration begins here.
13 "Dhcp6": {
14 // Global flag selecting an IP address allocation strategy for all
15 // subnets.
16 "allocator": "iterative",
17
18 // Global flag that enables or disables client address registration
19 // via ADDR-REG-INFORM packets (see RFC 9686). It defaults to true.
20 "allow-address-registration": true,
21
22 // Global flag selecting a delegated prefix allocation strategy
23 // for all subnets.
24 "pd-allocator": "random",
25
26 // Ordered list of client classes used by the DHCPv6 server.
27 "client-classes": [
28 {
29 // Class name.
30 "name": "phones_server1",
31
32 // Class-specific DHCPv6 options list.
33 "option-data": [],
34
35 // Class selection expression. The DHCP packet is assigned to this
36 // class when the given expression evaluates to true.
37 "test": "member('HA_server1')",
38
39 // Class valid lifetime.
40 "valid-lifetime": 6000,
41
42 // Class min valid lifetime.
43 "min-valid-lifetime": 4000,
44
45 // Class max valid lifetime.
46 "max-valid-lifetime": 8000,
47
48 // Class preferred lifetime.
49 "preferred-lifetime": 7000,
50
51 // Class min preferred lifetime.
52 "min-preferred-lifetime": 5000,
53
54 // Class max preferred lifetime.
55 "max-preferred-lifetime": 9000
56 },
57 {
58 // Second class name.
59 "name": "phones_server2",
60
61 // Class-specific DHCPv6 options list.
62 "option-data": [],
63
64 // Class selection expression. The DHCP packet is assigned to this
65 // class when the given expression evaluates to true.
66 "test": "member('HA_server2')"
67 },
68 {
69 // Third class name.
70 "name": "late",
71
72 // Boolean flag indicating whether the class expression is only evaluated
73 // when the class is required, e.g. the selected address pool configuration
74 // includes this class name in its "evaluate-additional-classes" list. The
75 // default value false means that the class test expression must
76 // always be evaluated.
77 "only-in-additional-list": true,
78
79 // Class selection expression.
80 "test": "member('ALL')"
81 },
82 {
83 // Fourth class name.
84 "name": "my-template-class",
85
86 // Template class flag that holds the expression used to generate the names for all
87 // the spawned subclasses. In this case, the classes are named after the client ID.
88 "template-test": "substring(option[1].hex, 0, all)"
89 }
90 ],
91
92 // Parameters for triggering behaviors compatible with broken or
93 // non-compliant clients, relays, or other agents
94 "compatibility": {
95 // Parse options more leniently where fields can be deduced
96 // deterministically, even if against RFC or common practice.
97 "lenient-option-parsing": true
98 },
99
100 // Command control socket configuration parameters for the Kea DHCPv6 server.
101 "control-sockets": [
102 {
103 // Control socket type used by the Kea DHCPv6 server.
104 // Must be unix, http or https.
105 "socket-type": "unix",
106
107 // Location of the UNIX domain socket file the DHCPv6
108 // server uses to receive control commands from the
109 // local server administrator.
110 "socket-name": "kea6-ctrl-socket"
111 },
112 {
113 // Control socket type used by the Kea DHCPv6 server.
114 // Must be unix, http or https.
115 "socket-type": "https",
116
117 // Address of the HTTPS socket the Kea DHCPv6 server should
118 // listen for incoming queries.
119 "socket-address": "::1",
120
121 // Port of the HTTPS socket the Kea DHCPv6 server
122 // should listen for incoming queries. If enabling HA
123 // and multi-threading, the 8000 port is used by the
124 // HA hook library http listener. When using HA hook
125 // library with multi-threading to function, make sure
126 // the port used by dedicated listener is different
127 // (e.g. 8001) than the one specified here. Note the
128 // commands should still be sent to a control socket.
129 // The dedicated listener is specifically for HA
130 // updates only.
131 "socket-port": 8006,
132
133 // TLS trust anchor (Certificate Authority). This is a
134 // file name or a directory path. Make sense with other
135 // TLS parameters only for the https control socket type.
136 "trust-anchor": "my-ca",
137
138 // TLS server certificate file name.
139 "cert-file": "my-cert",
140
141 // TLS server private key file name.
142 "key-file": "my-key",
143
144 // TLS require client certificates flag. Default is
145 // true and means require client certificates. False
146 // means they are optional.
147 "cert-required": true,
148
149 // Extra HTTP headers to add in responses.
150 "http-headers":
151 [
152 {
153 // Optional user context.
154 "user-context": { "comment": "HSTS header" },
155
156 // Required HTTP header name.
157 "name": "Strict-Transport-Security",
158
159 // Required HTTP header value.
160 "value": "max-age=31536000"
161 }
162 ],
163
164 // Optional authentication.
165 "authentication": {
166
167 // Required authentication type. The only
168 // supported value is basic for the basic HTTP
169 // authentication.
170 "type": "basic",
171
172 // An optional parameter is the basic HTTP
173 // authentication realm. Its default is
174 // "kea-dhcpv6-server"
175 "realm": "kea-dhcpv6-server",
176
177 // This optional parameter can be used to specify a common
178 // prefix for files handling client credentials.
179 "directory": "/usr/local/share/kea/kea-creds",
180
181 // This list specifies the user ids and passwords
182 // to use for basic HTTP authentication. If empty
183 // or not present any client is authorized.
184 "clients": [
185 // This specifies an authorized client.
186 {
187 // The user id must not be empty or
188 // contain the ':' character. It is a
189 // mandatory parameter.
190 "user": "admin",
191
192 // If password is not specified an empty
193 // password is used.
194 "password": "1234"
195 },
196
197 // This specifies a hidden client.
198 {
199 // The user id is the content of the
200 // file /usr/local/share/kea/kea-creds/hiddenu.
201 "user-file": "hiddenu",
202
203 // The password is the content of the
204 // file /usr/local/share/kea/kea-creds/hiddenp.
205 "password-file": "hiddenp"
206 },
207
208 // This specifies a hidden client using a
209 // secret in a file.
210 {
211 // The secret is the content of the file
212 // /usr/local/share/kea/kea-creds/hiddens which must be in
213 // the <user-id>:<password> format.
214 "password-file": "hiddens"
215 }
216 ]
217 }
218 }
219 ],
220
221 // Specifies a prefix to be prepended to the generated Client FQDN.
222 // It may be specified at the global, shared-network, and subnet levels.
223 "ddns-generated-prefix": "myhost",
224
225 // Boolean flag indicating whether the server should ignore DHCP client
226 // wishes to update DNS on its own. With that flag set to true,
227 // the server will send DNS updates for both forward and
228 // reverse DNS data. The default value is false, which indicates
229 // that the server will delegate a DNS update to the client when
230 // requested. It may be specified at the global, shared-network,
231 // and subnet levels.
232 "ddns-override-client-update": false,
233
234 // Boolean flag indicating whether the server should override the DHCP
235 // client's wish to not update the DNS. With this parameter
236 // set to true, the server will send a DNS update even when
237 // the client requested no update. It may be specified at the
238 // global, shared-network, and subnet levels.
239 "ddns-override-no-update": false,
240
241 // Suffix appended to the partial name sent to the DNS. The
242 // default value is an empty string, which indicates that no
243 // suffix is appended. It may be specified at the global,
244 // shared-network, and subnet levels.
245 "ddns-qualifying-suffix": "",
246
247 // Enumeration specifying whether the server should honor
248 // the hostname or Client FQDN sent by the client or replace
249 // this name. The acceptable values are: "never" (use the
250 // name the client sent), "always" (replace the name the
251 // client sent), "when-present" (replace the name the client
252 // sent, but do not generate one when the client didn't send
253 // the name), "when-not-present" (generate the name when
254 // client didn't send one, otherwise leave the name the
255 // client sent). The default value is "never". It may be
256 // specified at the global, shared-network, and subnet levels.
257 "ddns-replace-client-name": "never",
258
259 // Boolean flag which enables or disables DDNS updating. It
260 // defaults to true. It may be specified at the global, shared-
261 // network, and subnet levels. It works in conjunction with
262 // dhcp-ddns:enable-updates, which must be true to enable connectivity
263 // to kea-dhcp-ddns.
264 "ddns-send-updates": true,
265
266 // Boolean flag, which when true instructs the server to always
267 // update DNS when leases are renewed, even if the DNS information
268 // has not changed. The server's default behavior (i.e. flag is false)
269 // is to only update DNS if the DNS information has changed. It
270 // may be specified at the global, shared-network, and subnet levels.
271 "ddns-update-on-renew": true,
272
273 // Boolean flag which is passed to kea-dhcp-ddns with each DDNS
274 // update request, to indicate whether DNS update conflict
275 // resolution as described in RFC 4703 should be employed for the
276 // given update request. The default value for this flag is true.
277 // It may be specified at the global, shared-network, and subnet levels.
278 // This field has been replaced by ddns-conflict-resolution-mode.
279 // Parsing is maintained only for backwards compatibility.
280 // "ddns-use-conflict-resolution": true,
281
282 // Enumeration, which is passed to kea-dhcp-ddns with each DDNS
283 // update request to indicate the mode used for resolving conflicts
284 // while performing DDNS updates. The acceptable values are:
285 // check-with-dhcid (this includes adding a DHCID record and checking
286 // that record via conflict detection as per RFC 4703,
287 // no-check-with-dhcid (this will ignore conflict detection but add
288 // a DHCID record when creating/updating an entry),
289 // check-exists-with-dhcid (this will check if there is an existing
290 // DHCID record but does not verify the value of the record matches
291 // the update. This will also update the DHCID record for the entry),
292 // no-check-without-dhcid (this ignores conflict detection and will
293 // not add a DHCID record when creating/updating a DDNS entry).
294 // The default value is "check-with-dhcid". It may be
295 // specified at the global, shared-network and subnet levels.
296 "ddns-conflict-resolution-mode": "check-with-dhcid",
297
298 // When greater than 0.0, it is the percent of the lease's lifetime
299 // to use for the DNS TTL.
300 "ddns-ttl-percent": 0.75,
301
302 // When greater than 0 it will be used as the DNS TTL. Specified in seconds.
303 // Cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min or
304 // ddns-ttl-max. They are mutually exclusive.
305 // "ddns-ttl": 500,
306
307 // When greater than 0 it used as the lower boundary for calculated DNS TTL values.
308 // Specified in seconds.
309 "ddns-ttl-min": 24000,
310
311 // When greater than 0 it used as the upper boundary for calculated DNS TTL values.
312 // Specified in seconds.
313 "ddns-ttl-max": 64000,
314
315 // Time in seconds specifying how long a declined lease should be
316 // excluded from DHCP assignments. The default value is 24 hours.
317 "decline-probation-period": 86400,
318
319 // Name Change Request forwarding configuration for the Kea DHCPv6 server.
320 // NCRs are sent to the Kea D2 module to update DNS upon allocation of
321 // DHCP leases.
322 "dhcp-ddns": {
323 // Boolean flag indicating whether Kea DHCPv6 server should connect to
324 // kea-dhcp-ddns. This must be true for NCRs to be created and
325 // sent to kea-dhcp-ddns. By default, NCRs are not generated.
326 "enable-updates": false,
327
328 // Specifies maximum number of NCRs to queue waiting to be sent
329 // to the Kea D2 server.
330 "max-queue-size": 1024,
331
332 // Packet format to use when sending NCRs to the Kea D2 server.
333 // Currently, only JSON format is supported.
334 "ncr-format": "JSON",
335
336 // Socket protocol to use when sending NCRs to D2. Currently,
337 // only UDP is supported.
338 "ncr-protocol": "UDP",
339
340 // IP address that the Kea DHCPv6 server should use to send
341 // NCRs to D2. The default value of zero indicates that Kea
342 // should pick a suitable address.
343 "sender-ip": "::1",
344
345 // Port number that the Kea DHCPv6 server should use to send
346 // NCRs to D2. The default value of zero indicates that Kea
347 // should pick a suitable port.
348 "sender-port": 0,
349
350 // IP address on which D2 listens for NCRs.
351 "server-ip": "::1",
352
353 // Port number on which D2 listens for NCRs.
354 "server-port": 53001
355 },
356
357 // Specifies the first of the two consecutive ports of the UDP
358 // sockets used for communication between DHCPv6 and DHCPv4
359 // servers. See RFC 7341. (defaults to 0 - disabled).
360 // If enabled, use e.g. 786.
361 "dhcp4o6-port": 0,
362
363 // Collection of Kea DHCPv6 server parameters configuring how
364 // the server should process expired DHCP leases.
365 "expired-leases-processing": {
366 // Specifies the number of seconds since the last removal of
367 // the expired leases, when the next removal should occur.
368 // If both "flush-reclaimed-timer-wait-time" and
369 // "hold-reclaimed-time" are not 0, when the client sends a release
370 // message the lease is expired instead of being deleted from
371 // lease storage.
372 "flush-reclaimed-timer-wait-time": 25,
373
374 // Specifies the length of time in seconds to keep expired
375 // leases in the lease database (lease affinity).
376 // If both "flush-reclaimed-timer-wait-time" and
377 // "hold-reclaimed-time" are not 0, when the client sends a release
378 // message the lease is expired instead of being deleted from
379 // lease storage.
380 "hold-reclaimed-time": 3600,
381
382 // Specifies the maximum number of expired leases that can be
383 // processed in a single attempt to clean up expired leases
384 // from the lease database. If there are more
385 // expired leases, they will be processed during the next
386 // cleanup attempt.
387 "max-reclaim-leases": 100,
388
389 // Specifies the maximum time in milliseconds that a single attempt
390 // to clean up expired leases from the lease database may take.
391 "max-reclaim-time": 250,
392
393 // Specifies the length of time in seconds since the last attempt
394 // to process expired leases before initiating the next attempt.
395 "reclaim-timer-wait-time": 10,
396
397 // Specifies the maximum number of expired lease-processing cycles
398 // which didn't result in full cleanup of expired leases from the
399 // lease database, after which a warning message is issued.
400 "unwarned-reclaim-cycles": 5
401 },
402
403 // List of hook libraries and their specific configuration parameters
404 // to be loaded by Kea DHCPv4 server.
405 "hooks-libraries": [
406 {
407 // Location of the hook library to be loaded.
408 "library": "libdhcp_lease_cmds.so",
409
410 // Hook library-specific configuration parameters.
411 "parameters": { }
412 },
413 {
414 // The MySQL host backend hook library required for host storage.
415 "library": "libdhcp_mysql.so"
416 },
417 {
418 // The PostgreSQL host backend hook library required for host storage.
419 "library": "libdhcp_pgsql.so"
420 }
421 ],
422
423 // List of access credentials to external sources of IPv6 reservations,
424 "hosts-databases": [
425 {
426 // Name of the database to connect to.
427 "name": "keatest",
428
429 // Host on which the database resides.
430 "host": "localhost",
431
432 // Database password.
433 "password": "1234",
434
435 // Port on which the database is available.
436 "port": 3306,
437
438 // Type of database, e.g. "mysql", "postgresql".
439 "type": "mysql",
440
441 // Username to be used to access the database.
442 "user": "keatest",
443
444 // Read-only mode.
445 "readonly": false,
446
447 // The next entries are for OpenSSL support in MySQL.
448
449 // Trust anchor aka certificate authority file or directory.
450 "trust-anchor": "my-ca",
451
452 // Client certificate file name.
453 "cert-file": "my-cert",
454
455 // Private key file name.
456 "key-file": "my-key",
457
458 // Cipher list (see the OpenSSL ciphers command manual).
459 "cipher-list": "AES",
460
461 // Connection reconnect wait time.
462 // This parameter governs how long Kea waits before attempting
463 // to reconnect. Expressed in milliseconds. The default is 0
464 // (disabled) for MySQL and PostgreSQL.
465 "reconnect-wait-time": 3000,
466
467 // Connection maximum reconnect tries.
468 "max-reconnect-tries": 3,
469
470 // Action to take when connection recovery fails.
471 // Supported values: stop-retry-exit, serve-retry-exit,
472 // serve-retry-continue
473 "on-fail": "stop-retry-exit",
474
475 // Flag which indicates if the DB recovery should be attempted
476 // at server startup and on reconfiguration events.
477 "retry-on-startup": false,
478
479 // Connection connect timeout in seconds.
480 "connect-timeout": 100,
481
482 // Timeout of database read operations in seconds.
483 "read-timeout": 120,
484
485 // Timeout of database write operations in seconds.
486 "write-timeout": 180
487 },
488 {
489 // Name of the database to connect to.
490 "name": "keatest",
491
492 // Host on which the database resides.
493 "host": "localhost",
494
495 // Database password.
496 "password": "1234",
497
498 // Port on which the database is available.
499 "port": 5432,
500
501 // Type of database, e.g. "mysql", "postgresql".
502 "type": "postgresql",
503
504 // Username to be used to access the database.
505 "user": "keatest",
506
507 // TCP user timeout while communicating with the database.
508 // It is specified in seconds.
509 "tcp-user-timeout": 100,
510
511 // Trust anchor aka certificate authority file or directory.
512 "trust-anchor": "my-ca",
513
514 // Client certificate file name.
515 "cert-file": "my-cert",
516
517 // Private key file name.
518 "key-file": "my-key",
519
520 // SSL mode.
521 "ssl-mode": "verify-ca"
522 }
523 ],
524
525 // List of host reservation identifier types to be used by the
526 // Kea DHCPv6 server to fetch static reservations for
527 // DHCP clients. All identifiers are used by default, which
528 // means that the server will issue multiple queries to the
529 // database to find if there is a reservation for a particular
530 // client. If a particular deployment uses only a subset, e.g.
531 // one identifier type, this identifier should be only listed
532 // here to prevent unnecessary queries to the database.
533 "host-reservation-identifiers": [
534 "hw-address",
535 "duid",
536 "flex-id"
537 ],
538
539 // Specifies configuration of interfaces on which the Kea DHCPv6
540 // server is listening to the DHCP queries.
541 "interfaces-config": {
542 // Specifies a list of interfaces on which the Kea DHCPv6
543 // server should listen to DHCP requests.
544 "interfaces": [
545 "eth0"
546 ],
547
548 // Boolean flag indicating whether the available interfaces should
549 // be re-detected upon server reconfiguration. The default value
550 // is true, which means that the interfaces are always
551 // re-detected.
552 "re-detect": true,
553
554 // Kea tries to bind the service sockets during initialization, but it may
555 // fail due to a port being already opened or a misconfiguration. Kea can
556 // suppress these errors and only log them. This flag prevents starting
557 // the DHCP server without binding all sockets. If unspecified, it
558 // defaults to false.
559 "service-sockets-require-all": true,
560
561 // Kea tries to bind the service sockets during initialization. This
562 // option specifies how many times binding to interface will be retried.
563 // The default value is 0, which means that the operation will not be
564 // repeated.
565 "service-sockets-max-retries": 5,
566
567 // The time interval in milliseconds to wait before the next attempt to
568 // retry opening a service socket.
569 "service-sockets-retry-wait-time": 5000
570 },
571
572 // Boolean parameter which controls whether an early global host
573 // reservations lookup should be performed. This lookup takes place
574 // before subnet selection and when a global reservation is found
575 // with some client classes, it triggers a second phase classification.
576 // It can also be used to drop queries using host reservations as a
577 // decision table indexed by reservation identifiers.
578 "early-global-reservations-lookup": true,
579
580 // Boolean parameter which controls the DHCP server's behavior with respect
581 // to creating host reservations for the same IP address or delegated
582 // prefix. By default this flag is set to true in which case the server
583 // prevents creation of multiple host reservations for the same IP address
584 // or delegated prefix. When this parameter is set to false, the server
585 // allows for creating multiple reservations for the same IP address or
586 // delegated prefix within a subnet. This setting is useful in deployments
587 // in which a given host may be communicating with a DHCP server over
588 // multiple interfaces and depending on the chosen interface different
589 // MAC address (or other identifier) will be used to identify the host.
590 // Note that some host backends do not support the mode in which multiple
591 // reservations for the same IP address or delegated prefix are used.
592 // If these backends are in use and this setting is attempted a
593 // configuration error will occur. The MySQL and PostgreSQL backends do
594 // support this mode.
595 "ip-reservations-unique": true,
596
597 // Boolean parameter which controls whether host reservations lookup
598 // should be performed before lease lookup. This parameter has effect
599 // only when multi-threading is disabled. When multi-threading is
600 // enabled, host reservations lookup is always performed first to avoid
601 // lease-lookup resource locking.
602 "reservations-lookup-first": true,
603
604 // Specifies credentials to access lease database.
605 "lease-database": {
606 // memfile backend-specific parameter specifying the interval
607 // in seconds at which the lease file should be cleaned up (outdated
608 // lease entries are removed to prevent the lease file from growing
609 // infinitely).
610 "lfc-interval": 3600,
611
612 // Maximum number of lease-file read errors allowed before
613 // loading the file is abandoned. Defaults to 0 (no limit).
614 "max-row-errors": 100,
615
616 // Name of the lease file. In the case of a database it specifies the
617 // database name.
618 "name": "kea-leases6.csv",
619
620 // memfile-specific parameter indicating whether leases should
621 // be saved on persistent storage (disk) or not. The true value
622 // is the default and it indicates that leases are stored in
623 // persistent storage. This setting must be used in production.
624 // The false value should only be used for testing purposes
625 // because non-stored leases will be lost upon Kea server restart.
626 "persist": true,
627
628 // Lease database backend type, i.e. "memfile", "mysql" or
629 // "postgresql".
630 "type": "memfile"
631 },
632
633 // List of parameters indicating how the client's MAC address can be
634 // inferred from the DHCP query. Supported values are listed in the
635 // Kea Administrator Reference Manual.
636 "mac-sources": [ "duid" ],
637
638 // List of global DHCP options that the Kea DHCPv6 server assigns to
639 // clients.
640 "option-data": [
641 {
642 // Boolean flag indicating whether the given option is always
643 // sent in response or only when requested. The default
644 // value of false indicates that it is only sent when
645 // requested.
646 "always-send": false,
647
648 // An optional list of classes for which this option applies.
649 // If the the client matches any of the classes in this list the
650 // option will be applied. If the list is empty or is
651 // omitted this option will be applied regardless of class
652 // membership.
653 "client-classes": [ "class1", "class2" ],
654
655 // Option code. It is not required if the option name is
656 // provided.
657 "code": 23,
658
659 // Boolean value indicating whether the option data specified
660 // in the "data" field is specified as a string of hexadecimal
661 // digits or in human-readable CSV format.
662 "csv-format": true,
663
664 // Option data to be stored in the option payload.
665 "data": "2001:db8:2::45, 2001:db8:2::100",
666
667 // Option name. It is not required if the option code is
668 // provided.
669 "name": "dns-servers",
670
671 // Boolean flag indicating whether the given option is never
672 // sent in response. The default value of false indicates
673 // that it is sent when it should be. When true, the option
674 // is not sent despite any other setting, i.e. it is
675 // a final flag.
676 "never-send": false,
677
678 // Option space. The default is the "dhcp6" option space which
679 // groups top-level DHCPv6 options.
680 "space": "dhcp6"
681 }
682 ],
683
684 // List of global option definitions, i.e. option formats, that the
685 // Kea DHCPv6 server is using.
686 "option-def": [
687 {
688 // Boolean flag indicating whether the option definition comprises
689 // an array of values of some type, e.g. an array of IPv6 addresses.
690 // The default value of false means that the option does not
691 // comprise an array of values.
692 "array": false,
693
694 // Option code.
695 "code": 6,
696
697 // Holds a name of the option space encapsulated by this option.
698 // All options that belong to this option space will be sent
699 // as sub-options of this option. An empty string means that this
700 // option doesn't encapsulate any option.
701 "encapsulate": "",
702
703 // Option name.
704 "name": "my-option",
705
706 // Specifies the types of fields within the option if the option
707 // is said to be a "record" (see "type"). In this particular example
708 // this option comprises two fields, 1 byte and 2 bytes long.
709 "record-types": "uint8, uint16",
710
711 // Name of the option space to which this option belongs.
712 "space": "my-space",
713
714 // Option type. All possible types are listed in the Kea
715 // Administrator Reference Manual.
716 "type": "record"
717 }
718 ],
719
720 // Global value which limits the number of client packets (e.g.
721 // REQUESTs,RENEWs...) that may be parked while waiting for
722 // hook library work to complete, prior to a response (e.g. REPLY)
723 // being sent back to the client. A typical example is when kea-dhcp6
724 // parks a REQUEST while it sends the lease update(s) to its
725 // HA peer(s). The packet is unparked once the update(s) have been
726 // acknowledged. This value limits the number of packets that can
727 // be held pending the updates. In times of heavy client traffic,
728 // this value can keep kea-dhcp6 from building an insurmountable
729 // backlog of updates.
730 "parked-packet-limit": 256,
731
732 // Global (default) value of the preferred lifetime.
733 "preferred-lifetime": 50,
734
735 // Global min value of the preferred lifetime.
736 "min-preferred-lifetime": 40,
737
738 // Global max value of the preferred lifetime.
739 "max-preferred-lifetime": 60,
740
741 // Global value for the rebind timer, i.e. the time after which the
742 // DHCP client enters the rebind state if it fails to renew the lease.
743 "rebind-timer": 40,
744
745 // List of relay supplied option codes. See RFC 6422.
746 "relay-supplied-options": [ "110", "120", "130" ],
747
748 // Global value for the renew timer, i.e. the time after which the
749 // DHCP client renews the lease.
750 "renew-timer": 30,
751
752 // Global value to store extended information (e.g. relay agent
753 // information) with each lease.
754 "store-extended-info": true,
755
756 // Statistics keep some samples per observation point.
757 // There are two default values: maximum count and maximum age.
758 // Setting the maximum count to zero disables it.
759 "statistic-default-sample-count": 0,
760
761 // When the maximum count is 0 the maximum age (in seconds) applies.
762 "statistic-default-sample-age": 60,
763
764 // Multi-threading parameters.
765 "multi-threading": {
766 // By default, Kea processes packets on multiple threads if the hardware permits.
767 "enable-multi-threading": true,
768
769 // When multi-threading is enabled, Kea will process packets on a
770 // number of multiple threads configurable through this option. The
771 // value must be a positive integer (0 means auto-detect).
772 "thread-pool-size": 0,
773
774 // When multi-threading is enabled, Kea will read packets from the
775 // interface and append a working item to the thread pool. This
776 // option configures the maximum number of items that can be queued.
777 // The value must be a positive integer (0 means unlimited).
778 "packet-queue-size": 0
779 },
780
781 // Governs how the Kea DHCPv6 server should deal with invalid
782 // data received from the client.
783 "sanity-checks": {
784 // Specifies how the Kea DHCPv6 server should behave when invalid
785 // data is read for a lease from the lease file. The following
786 // values are supported: "none" (don't attempt to correct the
787 // lease information), "warn" (print a warning for subnet-id
788 // related inconsistencies), "fix" (correct the subnet id by
789 // trying to find the suitable subnet), "fix-del" (similar
790 // to "fix" but delete the lease if no suitable subnet found),
791 // "del" (delete the lease if the lease has invalid subnet
792 // identifier value).
793 "lease-checks": "warn",
794
795 // Specifies how Kea DHCPv4 server should behave when invalid
796 // extended info is read for a lease from the lease file, or
797 // whether to upgrade from the old format. The following values
798 // are supported: "none" (don't attempt to correct or upgrade
799 // the extended info), "fix" (fix common inconsistencies and
800 // upgrade from the old format; this is the default), "strict"
801 // (fix inconsistencies with an impact on Leasequery),
802 // "pedantic" (enforce full Kea code format).
803 "extended-info-checks": "fix"
804 },
805
806 // Custom DUID used by the DHCPv6 server.
807 "server-id": {
808 // Type of the DUID. Possible values are "LLT", "EN", and "LL".
809 "type": "EN",
810
811 // Enterprise id used for "EN" duid.
812 "enterprise-id": 2495,
813
814 // Identifier part of the DUID.
815 "identifier": "0123456789",
816
817 // Boolean flag indicating whether the DUID should be persisted on
818 // disk.
819 "persist": false
820 },
821
822 // List of shared networks used by the Kea DHCPv6 server. The shared
823 // networks group subnets together.
824 "shared-networks": [
825 {
826 // A flag selecting an IP address allocation strategy for all
827 // subnets in this shared network.
828 "allocator": "random",
829
830 // A flag selecting a delegated prefix allocation strategy for
831 // all subnets in this shared network.
832 "pd-allocator": "iterative",
833
834 // Restricts this shared network to allow only clients
835 // that belong to at least one class in this list. If omitted
836 // or an empty list is provided, no restriction is applied.
837 "client-classes": [],
838
839 // Shared-network level value. See description at the global level.
840 "ddns-generated-prefix": "myhost",
841
842 // Shared-network level value. See description at the global level.
843 "ddns-override-client-update": false,
844
845 // Shared-network level value. See description at the global level.
846 "ddns-override-no-update": false,
847
848 // Shared-network level value. See description at the global level.
849 "ddns-qualifying-suffix": "",
850
851 // Shared-network level value. See description at the global level.
852 "ddns-replace-client-name": "never",
853
854 // Shared-network level value. See description at the global level.
855 "ddns-send-updates": true,
856
857 // Shared-network level value. See description at the global level.
858 "ddns-update-on-renew": true,
859
860 // Shared-network level value. See description at the global level.
861 // This field has been replaced by ddns-conflict-resolution-mode.
862 // Parsing is maintained only for backwards compatibility.
863 // "ddns-use-conflict-resolution": true,
864
865 // Shared-network level value. See description at the global level.
866 "ddns-conflict-resolution-mode": "check-with-dhcid",
867
868 // Shared-network level value. See description at the global level.
869 "ddns-ttl-percent": 0.65,
870
871 // Shared-network level value. See description at the global level.
872 // Cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min or
873 // ddns-ttl-max. They are mutually exclusive.
874 // "ddns-ttl": 500,
875
876 // Shared-network level value. See description at the global level.
877 "ddns-ttl-min": 10000,
878
879 // Shared-network level value. See description at the global level.
880 "ddns-ttl-max": 20000,
881
882 // Shared-network level value. See description at the global level.
883 "hostname-char-replacement": "x",
884
885 // Shared-network level value. See description at the global level.
886 "hostname-char-set": "[^A-Za-z0-9.-]",
887
888 // Specifies that this shared network is selected for
889 // requests received on a particular interface.
890 "interface": "eth0",
891
892 // Specifies the content of the interface-id option used
893 // by relays to identify the interface on the relay to
894 // which the response is sent.
895 "interface-id": "",
896
897 // Shared network name.
898 "name": "my-secret-network",
899
900 // List of shared network-specific DHCP options.
901 "option-data": [],
902
903 // Shared network-specific (default) preferred lifetime.
904 "preferred-lifetime": 2000,
905
906 // Shared network-specific min preferred lifetime.
907 "min-preferred-lifetime": 1500,
908
909 // Shared network-specific ma xpreferred lifetime.
910 "max-preferred-lifetime": 2500,
911
912 // Boolean flag indicating whether the server can respond to
913 // a Solicit message including a Rapid Commit option with
914 // the Reply message (See DHCPv6 rapid commit).
915 "rapid-commit": false,
916
917 // List of IPv6 relay addresses for which this shared
918 // network is selected.
919 "relay": {
920 "ip-addresses": []
921 },
922
923 // Shared-network level rebind timer.
924 "rebind-timer": 41,
925
926 // Shared-network level renew timer.
927 "renew-timer": 31,
928
929 // Shared-network level compute T1 and T2 timers.
930 "calculate-tee-times": true,
931
932 // T1 = valid lifetime * .5.
933 "t1-percent": .5,
934
935 // T2 = valid lifetime * .75.
936 "t2-percent": .75,
937
938 // Cache threshold = valid lifetime * .25.
939 "cache-threshold": .25,
940
941 // Cache maximum: when the client last-transmission time
942 // is close enough, the lease is not renewed and the current
943 // lease is returned as it was "cached".
944 "cache-max-age": 1000,
945
946 // Adaptive lease time threshold (1.0 is disabled).
947 "adaptive-lease-time-threshold": 0.8,
948
949 // Specify whether the server should look up global reservations.
950 "reservations-global": false,
951
952 // Specify whether the server should look up in-subnet reservations.
953 "reservations-in-subnet": true,
954
955 // Specify whether the server can assume that all reserved addresses
956 // are out-of-pool.
957 // Ignored when reservations-in-subnet is false.
958 // If specified, it is inherited by "subnet6" levels.
959 "reservations-out-of-pool": false,
960
961 // List of client classes which must be evaluated when this shared
962 // network is selected for client assignments.
963 "evaluate-additional-classes": [ "late" ],
964
965 // Turn off storage of extended information (e.g. relay agent
966 // information) with each lease for this shared network.
967 "store-extended-info": false,
968
969 // List of IPv6 subnets belonging to this shared network.
970 "subnet6": [
971 {
972 // A flag selecting an IP address allocation strategy for
973 // the subnet.
974 "allocator": "iterative",
975
976 // A flag selecting a delegated prefix allocation strategy
977 // for the subnet.
978 "pd-allocator": "iterative",
979
980 // Restricts this subnet to allow only clients
981 // that belong to at least one class in this list. If omitted
982 // or an empty list is provided, no restriction is applied.
983 "client-classes": [],
984
985 // Subnet-level value. See description at the global level.
986 "ddns-generated-prefix": "myhost",
987
988 // Subnet-level value. See description at the global level.
989 "ddns-override-client-update": false,
990
991 // Subnet-level value. See description at the global level.
992 "ddns-override-no-update": false,
993
994 // Subnet-level value. See description at the global level.
995 "ddns-qualifying-suffix": "",
996
997 // Subnet-level value. See description at the global level.
998 "ddns-replace-client-name": "never",
999
1000 // Subnet-level value. See description at the global level.
1001 "ddns-send-updates": true,
1002
1003 // Subnet-level value. See description at the global level.
1004 "ddns-update-on-renew": true,
1005
1006 // Subnet-level value. See description at the global level.
1007 // This field has been replaced by ddns-conflict-resolution-mode.
1008 // Parsing is maintained only for backwards compatibility.
1009 // "ddns-use-conflict-resolution": true,
1010
1011 // Subnet-level value. See description at the global level.
1012 "ddns-conflict-resolution-mode": "check-with-dhcid",
1013
1014 // Subnet-level value. See description at the global level.
1015 // "ddns-ttl-percent": 0.55,
1016
1017 // "ddns-ttl": 0,
1018 // Cannot specify both ddns-ttl and any of ddns-ttl-percent, ddns-ttl-min or
1019 // ddns-ttl-max. They are mutually exclusive.
1020 "ddns-ttl": 500,
1021
1022 // Subnet-level value. See description at the global level.
1023 // "ddns-ttl-min": 10000,
1024
1025 // Subnet-level value. See description at the global level.
1026 // "ddns-ttl-max": 20000,
1027
1028 // Subnet-level value. See description at the global level.
1029 "hostname-char-replacement": "x",
1030
1031 // Subnet-level value. See description at the global level.
1032 "hostname-char-set": "[^A-Za-z0-9.-]",
1033
1034 // Subnet unique identifier.
1035 "id": 1,
1036
1037 // Specifies that this subnet is selected for requests
1038 // received on a particular interface.
1039 "interface": "eth0",
1040
1041 // Specifies the content of the interface-id option used
1042 // by relays to identify the interface on the relay to
1043 // which the response is sent.
1044 "interface-id": "",
1045
1046 // Turn on storage of extended information (e.g. relay agent
1047 // information) with each lease for this subnet.
1048 "store-extended-info": true,
1049
1050 // Subnet-level list of DHCP options.
1051 "option-data": [
1052 {
1053 // Boolean flag indicating whether the particular option
1054 // should be always sent or sent only when requested.
1055 "always-send": false,
1056
1057 // An optional list of classes for which this option applies.
1058 // If the the client matches any of the classes in this list the
1059 // option will be applied. If the list is empty or is
1060 // omitted this option will be applied regardless of class
1061 // membership.
1062 "client-classes": [],
1063
1064 // Option code.
1065 "code": 7,
1066
1067 // Boolean flag indicating whether the option value specified
1068 // in "data" is a string of hexadecimal values or human-readable
1069 // CSV value.
1070 "csv-format": false,
1071
1072 // Option data to be included in the option payload.
1073 "data": "0xf0",
1074
1075 // Option name.
1076 "name": "preference",
1077
1078 // Boolean flag indicating whether the given option is never
1079 // sent in response.
1080 "never-send": false,
1081
1082 // Option space. The default value "dhcp6" designates the
1083 // top level option space.
1084 "space": "dhcp6"
1085 }
1086 ],
1087
1088 // List of pools from which delegated prefixes are assigned to the
1089 // clients.
1090 "pd-pools": [
1091 {
1092 // Restricts this prefix pool subnet to allow only clients
1093 // that belong to at least one class in this list. If omitted
1094 // or an empty list is provided, no restriction is applied.
1095 "client-classes": [ "phones_server1" ],
1096
1097 // Length of prefixes delegated to clients.
1098 "delegated-len": 64,
1099
1100 // Excluded prefix (address) from client assignments.
1101 "excluded-prefix": "2001:db8:1::",
1102
1103 // Excluded prefix (length) from client assignments.
1104 "excluded-prefix-len": 72,
1105
1106 // Prefix pool level list of DHCP options.
1107 "option-data": [],
1108
1109 // Prefix range (address) used for client assignments.
1110 "prefix": "2001:db8:1::",
1111
1112 // Prefix range (length) used for client assignments.
1113 "prefix-len": 48,
1114
1115 // List of client classes which must be evaluated
1116 // when this prefix pool is selected for client assignments.
1117 "evaluate-additional-classes": [],
1118
1119 // PD-pool identifier used to enable statistics for this pd-pool.
1120 // The pd-pool ID does not need to be unique within the subnet
1121 // or across subnets.
1122 // If not unconfigured, it defaults to 0. The statistics
1123 // regarding this pd-pool will be combined with the other statistics
1124 // of all other pd-pools with the same pd-pool ID in this subnet.
1125 "pool-id": 1
1126 },
1127 {
1128 // Length of prefixes delegated to clients.
1129 "delegated-len": 64,
1130
1131 // Prefix range (address) used for client assignments.
1132 "prefix": "2001:db8:2::",
1133
1134 // Prefix range (length) used for client assignments.
1135 "prefix-len": 48
1136 }
1137 ],
1138
1139 // List of IP address pools belonging to the subnet.
1140 "pools": [
1141 {
1142 // Restricts this pool subnet to allow only clients
1143 // that belong to at least one class in this list. If omitted
1144 // or an empty list is provided, no restriction is applied.
1145 "client-classes": [ "phones_server1" ],
1146
1147 // Pool-level list of DHCP options.
1148 "option-data": [],
1149
1150 // Address range used for client assignments.
1151 "pool": "2001:db8:0:1::/64",
1152
1153 // List of client classes which must be evaluated when this pool
1154 // is selected for client assignments.
1155 "evaluate-additional-classes": [ "late" ],
1156
1157 // Pool-level value. See description at the global level.
1158 "ddns-generated-prefix": "mypool",
1159
1160 // Pool-level value. See description at the global level.
1161 "ddns-override-client-update": false,
1162
1163 // Pool-level value. See description at the global level.
1164 "ddns-override-no-update": false,
1165
1166 // Pool-level value. See description at the global level.
1167 "ddns-qualifying-suffix": "pool.example.com.",
1168
1169 // Pool-level value. See description at the global level.
1170 "ddns-replace-client-name": "always",
1171
1172 // Pool-level value. See description at the global level.
1173 "ddns-send-updates": true,
1174
1175 // Pool-level value. See description at the global level.
1176 "ddns-update-on-renew": false,
1177
1178 // Pool-level value. See description at the global level.
1179 "ddns-conflict-resolution-mode": "check-with-dhcid",
1180
1181 // Pool-level value. See description at the global level.
1182 "ddns-ttl-percent": 0.55,
1183
1184 // Pool-level value. See description at the global level.
1185 // You cannot specify both ddns-ttl and any of ddns-ttl-percent,
1186 // ddns-ttl-min, or ddns-ttl-max. They are mutually exclusive.
1187 // "ddns-ttl": 500,
1188
1189 // Pool-level value. See description at the global level.
1190 "ddns-ttl-min": 10000,
1191
1192 // Pool-level value. See description at the global level.
1193 "ddns-ttl-max": 20000,
1194
1195 // Pool-level value. See description at the global level.
1196 "hostname-char-replacement": "x",
1197
1198 // Pool-level value. See description at the global level.
1199 "hostname-char-set": "[^A-Za-z0-9.-]"
1200 },
1201 {
1202 // Restricts this pool subnet to allow only clients
1203 // that belong to at least one class in this list. If omitted
1204 // or an empty list is provided, no restriction is applied.
1205 "client-classes": [ "phones_server2" ],
1206
1207 // Pool-level list of DHCP options.
1208 "option-data": [],
1209
1210 // Address range used for client assignments.
1211 "pool": "2001:db8:0:3::/64",
1212
1213 // List of client classes which must be evaluated when this pool
1214 // is selected for client assignments.
1215 "evaluate-additional-classes": [],
1216
1217 // Pool identifier used to enable statistics for this pool.
1218 // The pool ID does not need to be unique within the subnet
1219 // or across subnets.
1220 // If not unconfigured, it defaults to 0. The statistics
1221 // regarding this pool will be combined with the other statistics
1222 // of all other pools with the same pool ID in this subnet.
1223 "pool-id": 1
1224 }
1225 ],
1226
1227 // Subnet specific (default) preferred lifetime.
1228 "preferred-lifetime": 2000,
1229
1230 // Subnet specific min preferred lifetime.
1231 "min-preferred-lifetime": 1500,
1232
1233 // Subnet specific max referred lifetime.
1234 "max-preferred-lifetime": 2500,
1235
1236 // Boolean flag indicating whether the server can respond to
1237 // a Solicit message including a Rapid Commit option with
1238 // the Reply message (See DHCPv6 rapid commit).
1239 "rapid-commit": false,
1240
1241 // Subnet-level value of the rebind timer.
1242 "rebind-timer": 40,
1243
1244 // List of IPv6 relay addresses for which this subnet is selected.
1245 "relay": {
1246 "ip-addresses": [
1247 "2001:db8:0:f::1"
1248 ]
1249 },
1250
1251 // Subnet-level renew timer.
1252 "renew-timer": 30,
1253
1254 // Specify whether the server should look up global reservations.
1255 "reservations-global": false,
1256
1257 // Specify whether the server should look up in-subnet reservations.
1258 "reservations-in-subnet": true,
1259
1260 // Specify whether the server can assume that all reserved
1261 // addresses are out-of-pool.
1262 // Ignored when reservations-in-subnet is false.
1263 "reservations-out-of-pool": false,
1264
1265 // Subnet-level compute T1 and T2 timers.
1266 "calculate-tee-times": true,
1267
1268 // T1 = valid lifetime * .5.
1269 "t1-percent": .5,
1270
1271 // T2 = valid lifetime * .75.
1272 "t2-percent": .75,
1273
1274 // Cache threshold = valid lifetime * .25.
1275 "cache-threshold": .25,
1276
1277 // Subnet-level cache maximum.
1278 "cache-max-age": 1000,
1279
1280 // Adaptive lease time threshold (1.0 is disabled).
1281 "adaptive-lease-time-threshold": 0.8,
1282
1283 // List of static IPv6 reservations assigned to clients belonging
1284 // to this subnet. For a detailed example, see reservations.json.
1285 "reservations": [
1286 {
1287 // Identifier used for client matching. Supported values are
1288 // "duid", "hw-address" and "flex-id".
1289 "duid": "01:02:03:04:05:06:07:08:09:0A",
1290
1291 // List of reserved IPv6 addresses.
1292 "ip-addresses": [ "2001:db8:1:cafe::1" ],
1293
1294 // List of reserved IPv6 prefixes.
1295 "prefixes": [ "2001:db8:2:abcd::/64" ],
1296
1297 // List of excluded IPv6 prefixes.
1298 "excluded-prefixes": [ "2001:db8:2:abcd:1::/80" ],
1299
1300 // Reserved hostname.
1301 "hostname": "foo.example.com",
1302
1303 // Reservation-specific option data.
1304 "option-data": [
1305 {
1306 // Option name.
1307 "name": "vendor-opts",
1308
1309 // Option value.
1310 "data": "4491"
1311 }
1312 ]
1313 }
1314 ],
1315
1316 // List of client classes which must be evaluated when this subnet
1317 // is selected for client assignments.
1318 "evaluate-additional-classes": [ "late" ],
1319
1320 // Subnet prefix.
1321 "subnet": "2001:db8::/32",
1322
1323 // Subnet-level (default) valid lifetime.
1324 "valid-lifetime": 6000,
1325
1326 // Subnet-level min valid lifetime.
1327 "min-valid-lifetime": 4000,
1328
1329 // Subnet-level max valid lifetime.
1330 "max-valid-lifetime": 8000
1331 }
1332 ],
1333
1334 // Shared-network level (default) valid lifetime.
1335 "valid-lifetime": 6001,
1336
1337 // Shared-network level min valid lifetime.
1338 "min-valid-lifetime": 4001,
1339
1340 // Shared-network level max valid lifetime.
1341 "max-valid-lifetime": 8001
1342 }
1343 ],
1344
1345 // List of IPv6 subnets which don't belong to any shared network.
1346 "subnet6": [],
1347
1348 // Global valid lifetime value.
1349 "valid-lifetime": 6000,
1350
1351 // Global min valid lifetime value.
1352 "min-valid-lifetime": 4000,
1353
1354 // Global max valid lifetime value.
1355 "max-valid-lifetime": 8000,
1356
1357 // Reservations (examples are in other files).
1358 "reservations": [],
1359
1360 // Configuration control (currently not used, i.e. this syntax
1361 // is already defined but the corresponding feature is not implemented).
1362 "config-control": {
1363 // Only the configuration databases entry is defined.
1364 "config-databases": [
1365 {
1366 // Name of the database to connect to.
1367 "name": "config",
1368
1369 // Type of database, e.g. "mysql", "postgresql".
1370 "type": "mysql"
1371 }
1372 ],
1373 // Interval between attempts to fetch configuration updates
1374 // via the configuration backends used.
1375 "config-fetch-wait-time": 30
1376 },
1377
1378 // Server tag.
1379 "server-tag": "my DHCPv6 server",
1380
1381 // DHCP queue-control parameters.
1382 "dhcp-queue-control": {
1383 // Enable queue is mandatory.
1384 "enable-queue": true,
1385
1386 // Queue type is mandatory.
1387 "queue-type": "kea-ring6",
1388
1389 // Capacity is optional.
1390 "capacity": 64
1391 },
1392
1393 // Specify whether the server should look up global reservations.
1394 "reservations-global": false,
1395
1396 // Specify whether the server should look up in-subnet reservations.
1397 "reservations-in-subnet": true,
1398
1399 // Specify whether the server can assume that all reserved addresses
1400 // are out-of-pool.
1401 // Ignored when reservations-in-subnet is false.
1402 // If specified, it is inherited by "shared-networks" and
1403 // "subnet6" levels.
1404 "reservations-out-of-pool": false,
1405
1406 // Global compute T1 and T2 timers.
1407 "calculate-tee-times": true,
1408
1409 // T1 = valid lifetime * .5.
1410 "t1-percent": .5,
1411
1412 // T2 = valid lifetime * .75.
1413 "t2-percent": .75,
1414
1415 // Cache threshold = valid lifetime * .25.
1416 "cache-threshold": .25,
1417
1418 // Global cache maximum.
1419 "cache-max-age": 1000,
1420
1421 // Adaptive lease time threshold (1.0 is disabled)
1422 "adaptive-lease-time-threshold": 0.8,
1423
1424 // String of zero or more characters with which to replace each
1425 // invalid character in the Client FQDN. The default
1426 // value is an empty string, which will cause invalid characters
1427 // to be omitted rather than replaced.
1428 "hostname-char-replacement": "x",
1429
1430 // Regular expression describing the invalid character set in
1431 // the Client FQDN.
1432 "hostname-char-set": "[^A-Za-z0-9.-]",
1433
1434 // List of loggers used by the servers using this configuration file.
1435 "loggers": [
1436 {
1437 // Debug level, a value between 0..99. The greater the value
1438 // the more detailed the debug log.
1439 "debuglevel": 99,
1440
1441 // Name of the logger.
1442 "name": "kea-dhcp6",
1443
1444 // Configures how the log should be output.
1445 "output-options": [
1446 {
1447 // Determines whether the log should be flushed to a file.
1448 "flush": true,
1449
1450 // Specifies maximum filesize before the file is rotated.
1451 "maxsize": 10240000,
1452
1453 // Specifies the maximum number of rotated files to be kept.
1454 "maxver": 1,
1455
1456 // Specifies the logging destination.
1457 "output": "stdout",
1458
1459 // Specifies log entry content
1460 "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
1461 }
1462 ],
1463
1464 // Specifies logging severity, i.e. "ERROR", "WARN", "INFO", "DEBUG".
1465 "severity": "INFO"
1466 }
1467 ],
1468
1469 // Look at advanced examples for the use of user-contexts.
1470 "user-context": { }
1471 }
1472}
kea6/all-options.json
1// This example configuration file for DHCPv6 server in Kea contains:
2//
3// - data for all the standard options
4// - custom option definitions at global level along with some associated
5// option data
6// - custom option data with standardized option spaces other than "dhcp6"
7// - custom option spaces
8// - option embedding examples
9// - DOCSIS3 option data
10//
11// The reader is strongly encouraged to take a look at the option formats
12// documented in the Kea ARM:
13// https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html?highlight=option%20definitions#dhcp6-std-options-list
14//
15// Other options require special logic which is not yet implemented. They are
16// marked with:
17// "Note: special logic not implemented"
18
19{
20 "Dhcp6": {
21 /*
22 Data for all standard option definitions
23 */
24 // Option data defined globally
25 "option-data": [
26 /*
27 0 1 2 3
28 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
29 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
30 | OPTION_PREFERENCE | option-len |
31 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
32 | pref-value |
33 +-+-+-+-+-+-+-+-+
34
35 option-code OPTION_PREFERENCE (7).
36
37 option-len 1.
38
39 pref-value The preference value for the server in this message.
40 */
41 // Type: uint8
42 {
43 "code": 7,
44 "data": "0xf0",
45 "name": "preference"
46 },
47
48 /*
49 0 1 2 3
50 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
51 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
52 | OPTION_UNICAST | option-len |
53 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
54 | |
55 | server-address |
56 | |
57 | |
58 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
59
60 option-code OPTION_UNICAST (12).
61
62 option-len 16.
63
64 server-address The IP address to which the client should send
65 messages delivered using unicast.
66
67 ***NOTE***: this option was deprecated by RFC9915.
68 */
69 // Type: IPv6 address
70 {
71 "code": 12,
72 "data": "2001:db8::2",
73 "name": "unicast"
74 },
75
76 /*
77 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
78 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
79 | OPTION_VENDOR_OPTS | option-len |
80 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
81 | enterprise-number |
82 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
83 . .
84 . option-data .
85 . .
86 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
87
88 option-code OPTION_VENDOR_OPTS (17)
89
90 option-len 4 + length of option-data field
91
92 enterprise-number The vendor's registered Enterprise Number as
93 registered with IANA [6].
94
95 option-data An opaque object of option-len octets,
96 interpreted by vendor-specific code on the
97 clients and servers
98 */
99 // Type: uint32
100 // The vendor options are not standardized and are specific to each
101 // vendor. The vendors are identified with the enterprise number,
102 // sometimes also called vendor-id or enterprise-id. For example,
103 // CableLabs that specified DOCSIS options, use 4491. Some vendors
104 // have their own mechanisms. For example, DOCSIS vendor sub-option 1
105 // is an equivalent of ORO for normal DHCPv6 options. Usually there
106 // are several vendor sub-options defined within. See the ARM section:
107 // https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#dhcpv6-vendor-specific-options
108
109 {
110 "code": 17,
111 "data": "4294967295",
112 "name": "vendor-opts"
113 },
114
115 /*
116 0 1 2 3
117 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
118 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
119 | OPTION_RECONF_ACCEPT | 0 |
120 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
121
122 option-code OPTION_RECONF_ACCEPT (20).
123
124 option-len 0.
125 */
126 // Type: empty
127 {
128 "code": 20,
129 "name": "reconf-accept"
130 },
131
132 /*
133 0 1 2 3
134 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
135 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
136 | OPTION_SIP_SERVER_D | option-length |
137 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
138 | SIP Server Domain Name List |
139 | ... |
140 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
141
142 SIP Server Domain Name List: The domain names of the SIP outbound
143 proxy servers for the client to use. The domain names are encoded
144 as specified in Section 8 ("Representation and use of domain
145 names") of the DHCPv6 specification [1].
146 */
147 // Type: array of {FQDN}
148 {
149 "code": 21,
150 "data": "sip1.server.net, sip2.server.net",
151 "name": "sip-server-dns"
152 },
153
154 /*
155 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
156 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
157 | OPTION_SIP_SERVER_A | option-len |
158 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
159 | |
160 | SIP server (IP address) |
161 | |
162 | |
163 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
164 | |
165 | SIP server (IP address) |
166 | |
167 | |
168 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
169 | ... |
170 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
171
172 option-code: OPTION_SIP_SERVER_A (22)
173
174 option-length: Length of the 'options' field in octets; must be a
175 multiple of 16.
176
177 SIP server: IPv6 address of a SIP server for the client to use.
178 The servers are listed in the order of preference for
179 use by the client.
180 */
181 // Type: array of {IPv6 address}
182 {
183 "code": 22,
184 "data": "2001:db8::3, 2001:db8::4",
185 "name": "sip-server-addr"
186 },
187
188 /*
189 0 1 2 3
190 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
192 | OPTION_DNS_SERVERS | option-len |
193 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
194 | |
195 | DNS-recursive-name-server (IPv6 address) |
196 | |
197 | |
198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
199 | |
200 | DNS-recursive-name-server (IPv6 address) |
201 | |
202 | |
203 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
204 | ... |
205 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
206
207 option-code: OPTION_DNS_SERVERS (23)
208
209 option-len: Length of the list of DNS recursive name
210 servers in octets; must be a multiple of
211 16
212
213 DNS-recursive-name-server: IPv6 address of DNS recursive name server
214 */
215 // Type: array of {IPv6 address}
216 {
217 "code": 23,
218 "data": "2001:db8::5, 2001:db8::6",
219 "name": "dns-servers"
220 },
221
222
223 /*
224 0 1 2 3
225 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
226 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
227 | OPTION_DOMAIN_LIST | option-len |
228 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
229 | searchlist |
230 | ... |
231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
232
233 option-code: OPTION_DOMAIN_LIST (24)
234
235 option-len: Length of the 'searchlist' field in octets
236
237 searchlist: The specification of the list of domain names in the
238 Domain Search List
239 */
240 // Type: array of {FQDN}
241 {
242 "code": 24,
243 "data": "example.com, example.org",
244 "name": "domain-search"
245 },
246
247 /*
248 0 1 2 3
249 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
251 | OPTION_NIS_SERVERS | option-len |
252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
253 | |
254 | NIS server (IPv6 address) |
255 | |
256 | |
257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
258 | |
259 | NIS server (IPv6 address) |
260 | |
261 | |
262 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
263 | ... |
264 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
265
266 option-code: OPTION_NIS_SERVERS (27)
267
268 option-len: Length of the 'NIS server' fields in octets; It must be
269 a multiple of 16
270
271 NIS server: IPv6 address of NIS server
272 */
273 // Type: array of {IPv6 address}
274 {
275 "code": 27,
276 "data": "2001:db8::7, 2001:db8::8",
277 "name": "nis-servers"
278 },
279
280 /*
281 0 1 2 3
282 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
283 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
284 | OPTION_NISP_SERVERS | option-len |
285 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
286 | |
287 | NIS+ server (IPv6 address) |
288 | |
289 | |
290 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
291 | |
292 | NIS+ server (IPv6 address) |
293 | |
294 | |
295 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
296 | ... |
297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
298
299 option-code: OPTION_NISP_SERVERS (28)
300
301 option-len: Length of the 'NIS+ server' fields in octets; It must be
302 a multiple of 16
303
304 NIS+ server: IPv6 address of NIS+ server
305 */
306 // Type: array of {IPv6 address}
307 {
308 "code": 28,
309 "data": "2001:db8::9, 2001:db8::10",
310 "name": "nisp-servers"
311 },
312
313 /*
314 0 1 2 3
315 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
316 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
317 | OPTION_NIS_DOMAIN_NAME | option-len |
318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
319 | nis-domain-name |
320 | ... |
321 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
322
323 option-code: OPTION_NIS_DOMAIN_NAME (29)
324
325 option-len: Length of the 'nis-domain-name' field in octets
326
327 nis-domain-name: NIS Domain name for client
328 */
329 // Type: array of {FQDN}
330 {
331 "code": 29,
332 "data": "nis1.example.org, nis2.example.org",
333 "name": "nis-domain-name"
334 },
335
336 /*
337 0 1 2 3
338 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
339 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
340 | OPTION_NISP_DOMAIN_NAME | option-len |
341 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
342 | nisp-domain-name |
343 | ... |
344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
345
346 option-code: OPTION_NISP_DOMAIN_NAME (30)
347
348 option-len: Length of the 'nisp-domain-name' field in octets
349
350 nisp-domain-name: NIS+ Domain name for client
351 */
352 // Type: array of {FQDN}
353 {
354 "code": 30,
355 "data": "nisp1.example.org, nisp2.example.org",
356 "name": "nisp-domain-name"
357 },
358
359 /*
360 0 1 2 3
361 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
362 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
363 | OPTION_SNTP_SERVERS | option-len |
364 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
365 | |
366 | SNTP server (IPv6 address) |
367 | |
368 | |
369 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
370 | |
371 | SNTP server (IPv6 address) |
372 | |
373 | |
374 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
375 | ... |
376 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
377
378 option-code: OPTION_SNTP_SERVERS (31)
379
380 option-len: Length of the 'SNTP server' fields, in octets;
381 it must be a multiple of 16
382
383 SNTP server: IPv6 address of SNTP server
384 */
385 // Type: array of {IPv6 address}
386 {
387 "code": 31,
388 "data": "2001:db8::11, 2001:db8::12",
389 "name": "sntp-servers"
390 },
391
392 /*
393 0 1 2 3
394 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
396 |OPTION_INFORMATION_REFRESH_TIME| option-len |
397 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
398 | information-refresh-time |
399 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
400
401 option-code OPTION_INFORMATION_REFRESH_TIME (32).
402
403 option-len 4.
404
405 information-refresh-time Time duration relative to the current
406 time, expressed in units of seconds. A
407 4-octet field containing an unsigned
408 integer.
409 */
410 // Type: uint32
411 {
412 "code": 32,
413 "data": "3600",
414 "name": "information-refresh-time"
415 },
416
417 /*
418 0 1 2 3
419 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
420 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
421 | OPTION_BCMCS_SERVER_D | option-length |
422 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
423 | BCMCS Control Server Domain Name List |
424 | ... |
425 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
426
427 option-code: OPTION_BCMCS_SERVER_D (33).
428
429 option-length: Length of the 'BCMCS Control Server Domain Name List'
430 field in octets; variable.
431
432 BCMCS Control Server Domain Name List: Identical format as in Section
433 4.1 (except the Code and Len fields).
434 */
435 // Type: array of {FQDN}
436 {
437 "code": 33,
438 "data": "bcmcs1.example.org, bcmcs2.example.org",
439 "name": "bcmcs-server-dns"
440 },
441
442 /*
443 0 1 2 3
444 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
445 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
446 | OPTION_BCMCS_SERVER_A | option-length |
447 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
448 | |
449 | BCMCS Control server-1 address (IPv6 address) |
450 | |
451 | |
452 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
453 | |
454 | BCMCS Control server-2 address (IPv6 address) |
455 | |
456 | |
457 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
458 | ... |
459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
460
461 option-code: OPTION_BCMCS_SERVER_A (34).
462
463 option-length: Length of the 'BCMCS Control Server IPv6 address'
464 field in octets; variable.
465 */
466 // Type: array of {IPv6 address}
467 {
468 "code": 34,
469 "data": "2001:db8::13, 2001:db8::14",
470 "name": "bcmcs-server-addr"
471 },
472
473 // Option code 35 is unassigned.
474
475 /*
476 0 1 2 3
477 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
478 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
479 | OPTION_GEOCONF_CIVIC | option-len |
480 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
481 | what | country code | .
482 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ .
483 . civic address elements .
484 . ... .
485 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
486
487 option-code: OPTION_GEOCONF_CIVIC (36)
488
489 option-len: Length of the Countrycode, 'what' and civic address
490 elements in octets.
491
492 what: The 'what' element describes to which location the DHCP entry
493 refers. Currently, three options are defined: the location of the
494 DHCP server (a value of 0), the location of the network element
495 believed to be closest to the client (a value of 1), or the
496 location of the client (a value of 2). Option (2) SHOULD be used,
497 but may not be known. Options (0) and (1) SHOULD NOT be used
498 unless it is known that the DHCP client is in close physical
499 proximity to the server or network element.
500
501 country code: The two-letter ISO 3166 country code in capital ASCII
502 letters, e.g., DE or US. (Civic addresses always contain country
503 designations, suggesting the use of a fixed-format field to save
504 space.)
505
506 civic address elements: Zero or more elements comprising the civic
507 and/or postal address, with the format described below
508 (Section 3.3).
509 */
510 // Type: uint8, uint16, array of {binary}
511 {
512 "code": 36,
513 // 0x5553 is "US" in UTF-8
514 "data": "0, 0x5553, 15 9D, A3 FF",
515 "name": "geoconf-civic"
516 },
517
518 /*
519 0 1 2 3
520 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
521 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
522 | OPTION_REMOTE_ID | option-len |
523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
524 | enterprise-number |
525 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
526 . .
527 . remote-id .
528 . .
529 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
530
531 option-code OPTION_REMOTE_ID (37)
532
533 option-len 4 + the length, in octets, of the remote-id
534 field. The minimum option-len is 5 octets.
535
536 enterprise-number The vendor's registered Enterprise Number as
537 registered with IANA [5].
538
539 remote-id The opaque value for the remote-id.
540 */
541 // Type: uint32, binary
542 {
543 "code": 37,
544 "data": "4294967295, 1A BB AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
545 "name": "remote-id"
546 },
547
548 /*
549 0 1 2 3
550 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
551 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
552 | OPTION_FQDN | option-len |
553 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
554 | flags | |
555 +-+-+-+-+-+-+-+-+ |
556 . .
557 . domain-name .
558 . .
559 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
560
561 option-code OPTION_CLIENT_FQDN (39)
562
563 option-len 1 + length of domain name
564
565 flags flag bits used between client and server to
566 negotiate who performs which updates
567
568 domain-name the partial or fully qualified domain name
569 (with length option-len - 1)
570 */
571 // Type: uint8, FQDN
572 {
573 "code": 39,
574 "data": "224, client.example.org",
575 "name": "client-fqdn"
576 },
577
578 /*
579 0 1 2 3
580 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
581 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
582 | option-code | option-length |
583 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
584 | |
585 + +
586 | |
587 + PAA IPv6 Address +
588 | |
589 + +
590 | |
591 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
592 | .... |
593 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
594
595 option-code: OPTION_PANA_AGENT (40).
596
597 option-length: Length of the 'options' field in octets;
598 MUST be a multiple of sixteen (16).
599
600 PAA IPv6 Address: IPv6 address of a PAA for the client to use.
601 The PAAs are listed in the order of preference
602 for use by the client.
603 */
604 // Type: array of {IPv6 address}
605 {
606 "code": 40,
607 "data": "2001:db8::15, 2001:db8::16",
608 "name": "pana-agent"
609 },
610
611 /*
612 0 1 2 3
613 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
614 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
615 | OPTION_NEW_POSIX_TIMEZONE | option-length |
616 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
617 | TZ POSIX String |
618 | ... |
619 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
620
621 option-code: OPTION_NEW_POSIX_TIMEZONE(41)
622
623 option-length: the number of octets of the TZ POSIX String Index
624 described below.
625 */
626 // Type: string
627 {
628 "code": 41,
629 // String options that have a comma in their values need to have
630 // it escaped (i.e. each comma is preceded by two backslashes).
631 // That's because commas are reserved for separating fields in
632 // compound options. At the same time, we need to be conformant
633 // with JSON spec, that does not allow "\,". Therefore the
634 // slightly uncommon double backslashes notation is needed.
635 // The value sent over the wire is:
636 // EST5EDT4,M3.2.0/02:00,M11.1.0/02:00
637 "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00",
638 "name": "new-posix-timezone"
639 },
640
641 /*
642 0 1 2 3
643 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
644 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
645 | OPTION_NEW_TZDB_TIMEZONE | option-length |
646 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
647 | TZ Name |
648 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
649
650 option-code: OPTION_NEW_TZDB_TIMEZONE(42)
651
652 option-length: the number of octets of the TZ Database String Index
653 described below.
654 */
655 // Type: string
656 {
657 "code": 42,
658 "data": "Europe/Zurich",
659 "name": "new-tzdb-timezone"
660 },
661
662 /*
663 0 1 2 3
664 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
665 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
666 | OPTION_ERO | option-len |
667 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
668 | requested-option-code-1 | requested-option-code-2 |
669 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
670 | ... |
671 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
672
673 option-code OPTION_ERO (43).
674 option-len 2 * number of requested options.
675 requested-option-code-n The option code for an option requested by
676 the relay agent.
677 */
678 // Type: array of {uint16}
679 {
680 "code": 43,
681 "data": "16, 32, 42",
682 "name": "ero"
683 },
684
685 /*
686 0 1 2 3
687 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
688 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
689 | OPTION_LQ_QUERY | option-len |
690 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
691 | query-type | |
692 +-+-+-+-+-+-+-+-+ |
693 | |
694 | link-address |
695 | |
696 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
697 | | .
698 +-+-+-+-+-+-+-+-+ .
699 . query-options .
700 . .
701 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
702
703 option-code OPTION_LQ_QUERY (44)
704
705 option-len 17 + length of query-options field.
706
707 link-address A global address that will be used by the
708 server to identify the link to which the
709 query applies, or 0::0 if unspecified.
710
711 query-type The query requested (see below).
712
713 query-options The options related to the query.
714 */
715 // Note: special logic not implemented
716 // Type: uint8, IPv6 address
717 {
718 "code": 44,
719 "data": "1, 2001:db8::17",
720 "name": "lq-query"
721 },
722
723 /*
724 0 1 2 3
725 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
726 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
727 | OPTION_CLIENT_DATA | option-len |
728 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
729 . .
730 . client-options .
731 . .
732 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
733
734 option-code OPTION_CLIENT_DATA (45)
735
736 option-len Length, in octets, of the encapsulated client-
737 options field.
738
739 client-options The options associated with this client.
740 */
741 // Note: special logic not implemented
742 // Type: empty
743 {
744 "code": 45,
745 "name": "client-data"
746 },
747
748 /*
749 0 1 2 3
750 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
751 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
752 | OPTION_CLT_TIME | option-len |
753 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
754 | client-last-transaction-time |
755 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
756
757 option-code OPTION_CLT_TIME (46)
758
759 option-len 4
760
761 client-last-transaction-time
762 The number of seconds since the server last
763 communicated with the client (on that link).
764 */
765 // Note: special logic not implemented
766 // Type: uint32
767 {
768 "code": 46,
769 "data": "600",
770 "name": "clt-time"
771 },
772
773 /*
774 0 1 2 3
775 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
776 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
777 | OPTION_LQ_RELAY_DATA | option-len |
778 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
779 | |
780 | peer-address (IPv6 address) |
781 | |
782 | |
783 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
784 | |
785 | DHCP-relay-message |
786 . .
787 . .
788 . .
789 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
790
791 option-code OPTION_LQ_RELAY_DATA (47)
792
793 option-len 16 + length of DHCP-relay-message.
794
795 peer-address The address of the relay agent from which
796 the relayed message was received by the
797 server.
798
799 DHCP-relay-message
800 The last complete relayed message, excluding
801 the client's message OPTION_RELAY_MSG,
802 received by the server.
803 */
804 // Note: special logic not implemented
805 // Type: IPv6 address, binary
806 {
807 "code": 47,
808 "data": "2001:db8::18, 1A BB AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
809 "name": "lq-relay-data"
810 },
811
812 /*
813 0 1 2 3
814 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
815 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
816 | OPTION_LQ_CLIENT_LINK | option-len |
817 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
818 | |
819 | link-address (IPv6 address) |
820 | |
821 | |
822 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
823 | |
824 | link-address (IPv6 address) |
825 | |
826 | |
827 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
828 | ... |
829 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
830
831 option-code OPTION_LQ_CLIENT_LINK (48)
832
833 option-len Length of the list of links in octets;
834 must be a multiple of 16.
835
836 link-address A global address used by the server to
837 identify the link on which the client is
838 located.
839 */
840 // Note: special logic not implemented
841 // Type: array of {IPv6 address}
842 {
843 "code": 48,
844 "data": "2001:db8::19, 2001:db8::20",
845 "name": "lq-client-link"
846 },
847
848 // Option codes 49-50 are not defined in Kea.
849
850 /*
851 0 1 2 3
852 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
853 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
854 | OPTION_V6_LOST | option-length |
855 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
856 | LoST Server Domain Name |
857 | ... |
858 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
859
860 option-code: OPTION_V6_LOST (51)
861
862 option-length: Length of the 'LoST Server Domain Name' field
863 in octets; variable.
864
865 LoST Server Domain Name: The domain name of the LoST
866 server for the client to use.
867 */
868 // Type: FQDN
869 {
870 "code": 51,
871 "data": "lost.example.org",
872 "name": "v6-lost"
873 },
874
875 /*
876 0 1 2 3
877 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
878 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
879 | option-code | option-length |
880 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
881 | |
882 + +
883 | |
884 + AC IPv6 Address +
885 | |
886 + +
887 | |
888 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
889 | .... |
890 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
891
892 option-code: OPTION_CAPWAP_AC_V6 (52)
893
894 option-length: Length of the 'options' field in octets; MUST be a
895 multiple of sixteen (16).
896
897 AC IPv6 Address: IPv6 address of a CAPWAP AC that the WTP may use.
898 The ACs are listed in the order of preference for use by the WTP.
899 */
900 // Type: array of {IPv6 address}
901 {
902 "code": 52,
903 "data": "2001:db8::21, 2001:db8::22",
904 "name": "capwap-ac-v6"
905 },
906
907 /*
908 0 1 2 3
909 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
910 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
911 | OPTION_RELAY_ID | option-len |
912 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
913 . .
914 . DUID .
915 . (variable length) .
916 . .
917 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
918
919 option-code OPTION_RELAY_ID.
920
921 option-len Length of DUID in octets.
922
923 DUID The DUID for the relay agent.
924 */
925 // Type: binary
926 {
927 "code": 53,
928 "data": "1A BB AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
929 "name": "relay-id"
930 },
931
932 // Option codes 54-56 are not defined in Kea.
933
934 /*
935 0 1 2 3
936 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
937 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
938 | OPTION_V6_ACCESS_DOMAIN | Length |
939 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
940 . Access Network Domain Name .
941 . ... .
942 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
943
944 option-code: OPTION_V6_ACCESS_DOMAIN (57).
945
946 option-length: The length of the entire access network domain name
947 option in octets.
948
949 option-value: The domain name associated with the access network,
950 encoded as described in Section 3.1.
951 */
952 // Type: FQDN
953 {
954 "code": 57,
955 "data": "v6-access.example.org",
956 "name": "v6-access-domain"
957 },
958
959 /*
960 0 1 2 3
961 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
962 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
963 | OPTION_SIP_UA_CS_LIST | option-len |
964 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
965 | searchlist |
966 | ... |
967 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
968
969 option-code OPTION_SIP_UA_CS_LIST (58)
970
971 option-len Length of the 'searchlist' field in octets
972
973 searchlist The specification of the list of domain names in the SIP
974 User Agent Configuration Service Domains
975 */
976 // Type: array of {FQDN}
977 {
978 "code": 58,
979 "data": "sip-ua1.example.org, sip-ua1.example.org",
980 "name": "sip-ua-cs-list"
981 },
982
983 /*
984 0 1 2 3
985 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
986 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
987 | OPT_BOOTFILE_URL | option-len |
988 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
989 | |
990 . boot-file-url (variable length) .
991 | |
992 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
993
994 option-code OPT_BOOTFILE_URL (59).
995
996 option-len Length of the boot-file-url in octets.
997
998 boot-file-url This string is the URL for the boot file. It MUST
999 comply with STD 66 [RFC3986]. The string is not
1000 NUL-terminated.
1001 */
1002 // Type: string
1003 {
1004 "code": 59,
1005 "data": "https://boot.example.org/pxe/os.img",
1006 "name": "bootfile-url"
1007 },
1008
1009 /*
1010 0 1 2 3
1011 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1012 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1013 | OPT_BOOTFILE_PARAM | option-len |
1014 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1015 | param-len 1 | |
1016 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter 1 .
1017 . (variable length) |
1018 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1019 . .
1020 . <multiple Parameters> .
1021 . .
1022 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1023 | param-len n | |
1024 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ parameter n .
1025 . (variable length) |
1026 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1027
1028 option-code OPT_BOOTFILE_PARAM (60).
1029
1030 option-len Length of the Boot File Parameters option in octets
1031 (not including the size of the option-code and
1032 option-len fields).
1033
1034 param-len 1...n This is a 16-bit integer that specifies the length
1035 of the following parameter in octets (not including
1036 the parameter-length field).
1037
1038 parameter 1...n These UTF-8 strings are parameters needed for
1039 booting, e.g., kernel parameters. The strings are
1040 not NUL-terminated.
1041 */
1042 // Type: array of {tuple}
1043 {
1044 "code": 60,
1045 "data": "root=/dev/sda2, quiet, splash",
1046 "name": "bootfile-param"
1047 },
1048
1049 /*
1050 0 1 2 3
1051 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1052 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1053 | OPTION_CLIENT_ARCH_TYPE | option-len |
1054 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1055 . .
1056 . architecture-types (variable length) .
1057 . .
1058 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1059
1060 option-code OPTION_CLIENT_ARCH_TYPE (61).
1061
1062 option-len Length of the "architecture-types" field in
1063 octets. It MUST be an even number greater than
1064 zero. See Section 2.1 of [RFC4578] for details.
1065
1066 architecture-types A list of one or more architecture types, as
1067 specified in Section 2.1 of [RFC4578]. Each
1068 architecture type identifier in this list is a
1069 16-bit value that describes the pre-boot runtime
1070 environment of the client machine. A list of
1071 valid values is maintained by the IANA (see
1072 Section 6).
1073 */
1074 // Type: array of {uint16}
1075 {
1076 "code": 61,
1077 "data": "1, 3, 5, 7",
1078 "name": "client-arch-type"
1079 },
1080
1081 /*
1082 0 1 2 3
1083 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1084 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1085 | OPTION_NII | option-len |
1086 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1087 | Type | Major | Minor |
1088 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1089
1090 option-code OPTION_NII (62).
1091
1092 option-len 3
1093
1094 Type As specified in Section 2.2 of [RFC4578].
1095
1096 Major As specified in Section 2.2 of [RFC4578].
1097
1098 Minor As specified in Section 2.2 of [RFC4578].
1099 */
1100 // Type: uint8, uint8, array of {uint8}
1101 {
1102 "code": 62,
1103 "data": "1, 2, 11, 13",
1104 "name": "nii"
1105 },
1106
1107 // Option code 63 is not defined in Kea.
1108
1109 /*
1110 0 1 2 3
1111 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1112 +-------------------------------+-------------------------------+
1113 | OPTION_AFTR_NAME: 64 | option-len |
1114 +-------------------------------+-------------------------------+
1115 | |
1116 | tunnel-endpoint-name (FQDN) |
1117 | |
1118 +---------------------------------------------------------------+
1119
1120 option-len: Length of the tunnel-endpoint-name field in
1121 octets.
1122
1123 tunnel-endpoint-name: A fully qualified domain name of the AFTR
1124 tunnel endpoint
1125 */
1126 // Type: FQDN
1127 {
1128 "code": 64,
1129 "data": "aftr.example.org",
1130 "name": "aftr-name"
1131 },
1132
1133 /*
1134 0 1 2 3
1135 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1136 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1137 | OPTION_ERP_LOCAL_DOMAIN_NAME| option-length |
1138 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1139 | erp-local-domain-name...
1140 +-+-+-+-+-+-+-+-+-+-+-+-+-
1141
1142 option code
1143 OPTION_ERP_LOCAL_DOMAIN_NAME (65)
1144
1145 option-length
1146 Length of the erp-local-domain-name field, in octets
1147
1148 erp-local-domain-name
1149 This field contains the name of the local ERP domain and MUST be
1150 encoded as specified in Section 8 of RFC 3315 [RFC3315]. Note
1151 that this encoding does enable the use of internationalized domain
1152 names, but only as a set of A-labels [RFC5890].
1153 */
1154 // Type: FQDN
1155 {
1156 "code": 65,
1157 "data": "erp-local.example.org",
1158 "name": "erp-local-domain-name"
1159 },
1160
1161 /*
1162 0 1 2 3
1163 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1164 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1165 | OPTION_RSOO | option-length |
1166 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1167 | options...
1168 +-+-+-+-+-+-+-+-+-+-+-+
1169
1170 OPTION_RSOO
1171
1172 Relay-Supplied Options code (66).
1173
1174 option-length
1175
1176 Length of the RSOO.
1177
1178 options
1179
1180 One or more DHCPv6 options.
1181 */
1182 // Type: empty
1183 {
1184 "code": 66,
1185 "name": "rsoo"
1186 },
1187
1188 /*
1189 0 1 2 3
1190 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1192 | OPTION_PD_EXCLUDE | option-len |
1193 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1194 | prefix-len | IPv6 subnet ID (1 to 16 octets) ~
1195 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1196
1197 Prefix Exclude Option
1198
1199 o option-code: OPTION_PD_EXCLUDE (67).
1200
1201 o option-len: 1 + length of IPv6 subnet ID in octets. A valid
1202 option-len is between 2 and 17.
1203
1204 o prefix-len: The length of the excluded prefix in bits. The
1205 prefix-len MUST be between 'OPTION_IAPREFIX prefix-length'+1 and
1206 128.
1207
1208 o IPv6 subnet ID: A variable-length IPv6 subnet ID up to 128 bits.
1209 */
1210 // Type: binary
1211 {
1212 "code": 67,
1213 "data": "2001:db8:1:1::/64",
1214 "name": "pd-exclude"
1215 },
1216
1217 // Option codes 68-73 are not defined in Kea.
1218
1219 /*
1220 0 1 2 3
1221 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1222 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1223 | OPTION_RDNSS_SELECTION | option-len |
1224 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1225 | |
1226 | DNS-recursive-name-server (IPv6 address) |
1227 | |
1228 | |
1229 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1230 | Reserved |prf| |
1231 +-+-+-+-+-+-+-+-+ Domains and networks |
1232 | (variable length) |
1233 | |
1234 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1235
1236 option-code: OPTION_RDNSS_SELECTION (74)
1237
1238 option-len: Length of the option in octets
1239
1240 DNS-recursive-name-server: An IPv6 address of RDNSS
1241
1242 Reserved: Field reserved for the future. MUST be set to zero and
1243 MUST be ignored on receipt.
1244
1245 prf: RDNSS preference:
1246
1247 01 High
1248 00 Medium
1249 11 Low
1250 10 Reserved
1251
1252 Reserved preference value (10) MUST NOT be sent. On receipt,
1253 the Reserved value MUST be treated as Medium preference (00).
1254 */
1255 // Type: IPv6 address, uint8, array of {FQDN}
1256 {
1257 "code": 74,
1258 "data": "2001:db8::23, 01, example.com, example.org",
1259 "name": "rdnss-selection"
1260 },
1261
1262 // Option codes 75-78 are not defined in Kea.
1263
1264 /*
1265 0 1 2 3
1266 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1267 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1268 | OPTION_CLIENT_LINKLAYER_ADDR | option-length |
1269 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1270 | link-layer type (16 bits) | |
1271 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1272 | link-layer address (variable length) |
1273 | |
1274 | |
1275 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1276
1277 option-code: OPTION_CLIENT_LINKLAYER_ADDR (79)
1278 option-length: 2 + length of link-layer address
1279 link-layer type: Client link-layer address type. The link-layer
1280 type MUST be a valid hardware type assigned
1281 by the IANA, as described in [RFC0826]
1282 link-layer address: Client link-layer address
1283 */
1284 // Type: binary
1285 {
1286 "code": 79,
1287 "data": "1A BB AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
1288 "name": "client-linklayer-addr"
1289 },
1290
1291 /*
1292 0 1 2 3
1293 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1294 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1295 | OPTION_LINK_ADDRESS | option-len |
1296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1297 | |
1298 | link-address (IPv6 address) |
1299 | |
1300 | |
1301 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1302
1303 option-code: OPTION_LINK_ADDRESS (80)
1304
1305 option-len: 16 (octets)
1306
1307 link-address: An IPv6 address used by the server to identify the
1308 link on which the client is located.
1309 */
1310 // Type: IPv6 address
1311 {
1312 "code": 80,
1313 "data": "2001:db8::24",
1314 "name": "link-address"
1315 },
1316
1317 // Option code 81 is not defined in Kea.
1318
1319 /*
1320 0 1 2 3
1321 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1322 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1323 | OPTION_SOL_MAX_RT | option-len |
1324 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1325 | SOL_MAX_RT value |
1326 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1327
1328 option-code OPTION_SOL_MAX_RT (82).
1329
1330 option-len 4.
1331
1332 SOL_MAX_RT value Overriding value for SOL_MAX_RT in seconds;
1333 MUST be in this range: 60 <= "value" <= 86400
1334 (1 day). A 4-octet field containing an
1335 unsigned integer.
1336 */
1337 // Type: uint32
1338 {
1339 "code": 82,
1340 "data": "420",
1341 "name": "solmax-rt"
1342 },
1343
1344 /*
1345 0 1 2 3
1346 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1347 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1348 | OPTION_INF_MAX_RT | option-len |
1349 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1350 | INF_MAX_RT value |
1351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1352
1353 Figure 39: INF_MAX_RT Option Format
1354
1355 option-code OPTION_INF_MAX_RT (83).
1356
1357 option-len 4.
1358
1359 INF_MAX_RT value Overriding value for INF_MAX_RT in seconds;
1360 MUST be in this range: 60 <= "value" <= 86400
1361 (1 day). A 4-octet field containing an
1362 unsigned integer.
1363 */
1364 // Type: uint32
1365 {
1366 "code": 83,
1367 "data": "2220",
1368 "name": "inf-max-rt"
1369 },
1370
1371 // Option codes 84-86 are not defined in Kea.
1372
1373 /*
1374 0 1 2 3
1375 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1376 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1377 | option-code | option-len |
1378 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1379 | |
1380 . IPv6 Address(es) .
1381 . .
1382 . .
1383 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1384
1385 option-code: OPTION_DHCP4_O_DHCP6_SERVER (88).
1386
1387 option-len: Length of the IPv6 address(es) carried by the option,
1388 i.e., multiple of 16 octets. Minimal length of this option is 0.
1389
1390 IPv6 Address: Zero or more IPv6 addresses of the DHCP 4o6 server(s).
1391 */
1392 // Type: array of {IPv6 address}
1393 {
1394 "code": 88,
1395 "data": "2001:db8::25, 2001:db8::26",
1396 "name": "dhcp4o6-server-addr"
1397 },
1398
1399 /*
1400 0 1 2 3
1401 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1403 | OPTION_S46_RULE | option-length |
1404 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1405 | flags | ea-len | prefix4-len | ipv4-prefix |
1406 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1407 | (continued) | prefix6-len |
1408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1409 | ipv6-prefix |
1410 | (variable length) |
1411 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1412 | |
1413 . S46_RULE-options .
1414 . .
1415 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1416
1417 o option-code: OPTION_S46_RULE (89)
1418
1419 o option-length: length of the option, excluding option-code and
1420 option-length fields, including length of all encapsulated
1421 options; expressed in octets.
1422
1423 o flags: 8 bits long; carries flags applicable to the rule. The
1424 meanings of the specific bits are explained in Figure 2.
1425
1426 o ea-len: 8 bits long; specifies the Embedded Address (EA) bit
1427 length. Allowed values range from 0 to 48.
1428
1429 o prefix4-len: 8 bits long; expresses the prefix length of the
1430 Rule IPv4 prefix specified in the ipv4-prefix field. Allowed
1431 values range from 0 to 32.
1432
1433 o ipv4-prefix: a fixed-length 32-bit field that specifies the IPv4
1434 prefix for the S46 rule. The bits in the prefix after prefix4-len
1435 number of bits are reserved and MUST be initialized to zero by the
1436 sender and ignored by the receiver.
1437
1438 o prefix6-len: 8 bits long; expresses the length of the
1439 Rule IPv6 prefix specified in the ipv6-prefix field. Allowed
1440 values range from 0 to 128.
1441
1442 o ipv6-prefix: a variable-length field that specifies the IPv6
1443 domain prefix for the S46 rule. The field is padded on the right
1444 with zero bits up to the nearest octet boundary when prefix6-len
1445 is not evenly divisible by 8.
1446
1447 o S46_RULE-options: a variable-length field that may contain zero or
1448 more options that specify additional parameters for this S46 rule.
1449 This document specifies one such option: OPTION_S46_PORTPARAMS.
1450 */
1451 // Type: uint8, uint8, IPv4 address, IPv6 prefix
1452 {
1453 "code": 89,
1454 "data": "1, 0, 24, 192.0.2.0, 2001:db8:1::/64",
1455 "name": "s46-rule",
1456 "space": "s46-cont-mape-options"
1457 },
1458
1459 /*
1460 0 1 2 3
1461 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1462 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1463 | OPTION_S46_BR | option-length |
1464 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1465 | br-ipv6-address |
1466 | |
1467 | |
1468 | |
1469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1470
1471 o option-code: OPTION_S46_BR (90)
1472
1473 o option-length: 16
1474
1475 o br-ipv6-address: a fixed-length field of 16 octets that specifies
1476 the IPv6 address for the S46 BR.
1477 */
1478 // Type: IPv6 address
1479 {
1480 "code": 90,
1481 "data": "2001:db8::27",
1482 "name": "s46-br",
1483 "space": "s46-cont-mape-options"
1484 },
1485
1486 /*
1487 0 1 2 3
1488 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1489 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1490 | OPTION_S46_DMR | option-length |
1491 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1492 |dmr-prefix6-len| dmr-ipv6-prefix |
1493 +-+-+-+-+-+-+-+-+ (variable length) |
1494 . .
1495 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1496
1497 o option-code: OPTION_S46_DMR (91)
1498
1499 o option-length: 1 + length of dmr-ipv6-prefix specified in octets.
1500
1501 o dmr-prefix6-len: 8 bits long; expresses the bitmask length of the
1502 IPv6 prefix specified in the dmr-ipv6-prefix field. Allowed
1503 values range from 0 to 128.
1504
1505 o dmr-ipv6-prefix: a variable-length field specifying the IPv6
1506 prefix or address for the BR. This field is right-padded with
1507 zeros to the nearest octet boundary when dmr-prefix6-len is not
1508 divisible by 8.
1509 */
1510 // Type: IPv6 prefix
1511 {
1512 "code": 91,
1513 "data": "2001:db8:cafe::/64",
1514 "name": "s46-dmr",
1515 "space": "s46-cont-mapt-options"
1516 },
1517
1518 /*
1519 0 1 2 3
1520 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1521 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1522 | OPTION_S46_V4V6BIND | option-length |
1523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1524 | ipv4-address |
1525 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1526 |bindprefix6-len| bind-ipv6-prefix |
1527 +-+-+-+-+-+-+-+-+ (variable length) |
1528 . .
1529 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1530 | |
1531 . S46_V4V6BIND-options .
1532 . .
1533 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1534
1535 o option-code: OPTION_S46_V4V6BIND (92)
1536
1537 o option-length: length of the option, excluding option-code and
1538 option-length fields, including length of all encapsulated
1539 options; expressed in octets.
1540
1541 o ipv4-address: a fixed-length field of 4 octets specifying an IPv4
1542 address.
1543
1544 o bindprefix6-len: 8 bits long; expresses the bitmask length of the
1545 IPv6 prefix specified in the bind-ipv6-prefix field. Allowed
1546 values range from 0 to 128.
1547
1548 o bind-ipv6-prefix: a variable-length field specifying the IPv6
1549 prefix or address for the S46 CE. This field is right-padded with
1550 zeros to the nearest octet boundary when bindprefix6-len is not
1551 divisible by 8.
1552
1553 o S46_V4V6BIND-options: a variable-length field that may contain
1554 zero or more options that specify additional parameters. This
1555 document specifies one such option: OPTION_S46_PORTPARAMS.
1556 */
1557 // Type: IPv4 address, IPv6 prefix
1558 {
1559 "code": 92,
1560 "data": "192.0.2.78, 2001:db8:1:cafe::/64",
1561 "name": "s46-v4v6bind",
1562 "space": "s46-cont-lw-options"
1563 },
1564
1565 /*
1566 0 1 2 3
1567 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1568 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1569 | OPTION_S46_PORTPARAMS | option-length |
1570 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1571 | offset | PSID-len | PSID |
1572 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1573
1574 o option-code: OPTION_S46_PORTPARAMS (93)
1575
1576 o option-length: 4
1577
1578 o offset: Port Set Identifier (PSID) offset. 8 bits long; specifies
1579 the numeric value for the S46 algorithm's excluded port range/
1580 offset bits (a-bits), as per Section 5.1 of [RFC7597]. Allowed
1581 values are between 0 and 15. Default values for this field are
1582 specific to the softwire mechanism being implemented and are
1583 defined in the relevant specification document.
1584
1585 o PSID-len: 8 bits long; specifies the number of significant bits in
1586 the PSID field (also known as 'k'). When set to 0, the PSID field
1587 is to be ignored. After the first 'a' bits, there are k bits in
1588 the port number representing the value of the PSID. Consequently,
1589 the address-sharing ratio would be 2^k.
1590
1591 o PSID: 16 bits long. The PSID value algorithmically identifies a
1592 set of ports assigned to a CE. The first k bits on the left of
1593 this field contain the PSID binary value. The remaining (16 - k)
1594 bits on the right are padding zeros.
1595 */
1596 // Type: uint8, PSID
1597 {
1598 "code": 93,
1599 "data": "2, 3/4",
1600 "name": "s46-portparams",
1601 "space": "s46-rule-options"
1602 },
1603
1604 /*
1605 0 1 2 3
1606 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1607 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1608 | OPTION_S46_CONT_MAPE | option-length |
1609 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1610 | |
1611 . encapsulated-options (variable length) .
1612 . .
1613 +---------------------------------------------------------------+
1614
1615 o option-code: OPTION_S46_CONT_MAPE (94)
1616
1617 o option-length: length of encapsulated options, expressed in
1618 octets.
1619
1620 o encapsulated-options: options associated with this Softwire46
1621 MAP-E domain.
1622 */
1623 // Type: empty
1624 {
1625 "code": 94,
1626 "name": "s46-cont-mape",
1627 "space": "dhcp6"
1628 },
1629
1630 /*
1631 0 1 2 3
1632 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1633 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1634 | OPTION_S46_CONT_MAPT | option-length |
1635 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1636 | |
1637 . encapsulated-options (variable length) .
1638 . .
1639 +---------------------------------------------------------------+
1640
1641 o option-code: OPTION_S46_CONT_MAPT (95)
1642
1643 o option-length: length of encapsulated options, expressed in
1644 octets.
1645
1646 o encapsulated-options: options associated with this Softwire46
1647 MAP-T domain.
1648 */
1649 // Type: empty
1650 {
1651 "code": 95,
1652 "name": "s46-cont-mapt",
1653 "space": "dhcp6"
1654 },
1655
1656 /*
1657 0 1 2 3
1658 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1659 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1660 | OPTION_S46_CONT_LW | option-length |
1661 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1662 | |
1663 + encapsulated-options (variable length) .
1664 . .
1665 +---------------------------------------------------------------+
1666
1667 o option-code: OPTION_S46_CONT_LW (96)
1668
1669 o option-length: length of encapsulated options, expressed in
1670 octets.
1671
1672 o encapsulated-options: options associated with this Softwire46
1673 Lightweight 4over6 domain.
1674 */
1675 // Type: empty
1676 {
1677 "code": 96,
1678 "name": "s46-cont-lw",
1679 "space": "dhcp6"
1680 },
1681
1682 // Option codes 97-102 are not defined in Kea.
1683
1684 /*
1685 0 1 2 3
1686 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1687 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1688 | option-code | option-len |
1689 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1690 . URI (variable length) .
1691 | ... |
1692 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1693
1694 o option-code: The Captive-Portal DHCPv6 option (103) (two octets).
1695
1696 o option-len: The length, in octets of the URI.
1697
1698 o URI: The contact URI for the captive portal that the user should
1699 connect to (encoded following the rules in [RFC3986]).
1700 */
1701 // Type: string
1702 {
1703 "code": 103,
1704 "data": "https://example.org/captive-portal",
1705 "name": "v6-captive-portal"
1706 },
1707
1708 // Option codes 104-111 are not defined in Kea.
1709 // Option code 112 is unassigned.
1710 // Option codes 113-134 are not defined in Kea.
1711
1712 /*
1713 0 1 2 3
1714 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1715 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1716 | option-code (136) | option-length |
1717 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1718 . bootstrap-server-list (variable length) .
1719 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1720
1721 option-code: OPTION_V6_SZTP_REDIRECT (136)
1722
1723 option-length: The option length in octets.
1724
1725 bootstrap-server-list: A list of servers for the
1726 client to attempt contacting, in order to obtain
1727 further bootstrapping data. Each URI entry in the
1728 bootstrap-server-list is structured as follows:
1729
1730 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
1731 | uri-length | URI |
1732 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
1733
1734 uri-length: 2 octets long; specifies the length of the URI data.
1735 URI: URI of the SZTP bootstrap server.
1736 */
1737 // Type: array of {tuple}
1738 {
1739 "code": 136,
1740 "data": "https://sztp1.example.com:8443, https://sztp2.example.com:8444",
1741 "name": "v6-sztp-redirect"
1742 },
1743
1744 // Option codes 137-142 are unassigned.
1745
1746 /*
1747 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1748 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1749 | Option Code | Length |
1750 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1751 | IP Address |
1752 . .
1753 +---------------------------------------------------------------+
1754
1755 Option Code
1756 OPTION-IPv6_Address-ANDSF (143)
1757
1758 Length
1759 Length (in bytes) of the option excluding the 'Option Code' and
1760 the 'Length' fields; 'Length' field is set to 16N, where N is the
1761 number of IPv6 addresses carried in the option
1762
1763 IP Address
1764 IPv6 address(es) of ANDSF server(s)
1765 */
1766 // Type: IPv6 address
1767 {
1768 "code": 143,
1769 "data": "2001:db8::28",
1770 "name": "ipv6-address-andsf"
1771 },
1772
1773 /*
1774 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1775 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1776 | Option-code | Option-length |
1777 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1778 | Service Priority | ADN Length |
1779 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1780 ~ authentication-domain-name ~
1781 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1782 | Addr Length | |
1783 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1784 ~ ipv6-address(es) ~
1785 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1786 | | |
1787 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1788 ~ Service Parameters (SvcParams) ~
1789 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1790
1791 Option-code: OPTION_V6_DNR (144)
1792
1793 Option-length: Length of the enclosed data in octets. The option
1794 length is ('ADN Length' + 4) when only an ADN is included in the
1795 option.
1796
1797 Service Priority: The priority of this OPTION_V6_DNR instance
1798 compared to other instances. This 16-bit unsigned integer is
1799 interpreted following the rules specified in Section 2.4.1 of
1800 [RFC9460].
1801
1802 ADN Length: Length of the authentication-domain-name field in
1803 octets.
1804
1805 authentication-domain-name (variable length): A fully qualified
1806 domain name of the encrypted DNS resolver. This field is
1807 formatted as specified in Section 10 of [RFC9915].
1808
1809 Addr Length: Length of enclosed IPv6 addresses in octets. When
1810 present, it MUST be a multiple of 16.
1811
1812 ipv6-address(es) (variable length): Indicates one or more IPv6
1813 addresses to reach the encrypted DNS resolver. An address can be
1814 link-local, ULA, or GUA.
1815
1816 Service Parameters (SvcParams) (variable length): Specifies a set of
1817 service parameters that are encoded following the rules in
1818 Section 2.2 of [RFC9460].
1819 */
1820 // Type: internal
1821 {
1822 // DNR option may be configured using convenient notation. Comma separated fields must be provided:
1823 // - service priority (mandatory),
1824 // - ADN (mandatory),
1825 // - IP address(es) (optional - if more than one - they must be space-separated)
1826 // - SvcParams (optional - if more than one - they must be space-separated;
1827 // to provide more than one alpn-id separate them with double-backslash escaped comma like in the
1828 // example below).
1829 // Basing on the config, Kea will encode the option according to RFC9463.
1830 "code": 144,
1831 "name": "v6-dnr",
1832 "data": "100, resolver.example., 2001:db8::1 2001:db8::2, alpn=dot\\,h2\\,h3 port=8530 dohpath=/dns-query{?dns}"
1833 },
1834
1835 // Option codes 145-65535 are unassigned.
1836
1837 /*
1838 Custom option data
1839 */
1840 // See "option-def" below for the definitions.
1841 {
1842 "code": 111,
1843 "data": "88, 96, 64",
1844 "name": "s46-priority"
1845 },
1846 {
1847 "code": 1,
1848 "name": "my-empty-option",
1849 "space": "my-fancy-space"
1850 },
1851 {
1852 "code": 222,
1853 "data": "2001:db8::29, 2001:db8::/64, 3/4, 1, example.org, string",
1854 "name": "my-lengthy-option",
1855 "space": "my-fancy-space"
1856 },
1857 {
1858 "code": 65432,
1859 "data": "127, 32767, 2147483647, 255, 65535, 4294967295, 192.0.2.79, 2001:db8::30, 2001:db8::/64, 3/4, 1, example.org, string",
1860 "name": "my-fancy-option",
1861 "space": "my-fancy-space"
1862 },
1863 {
1864 "code": 12321,
1865 "name": "my-encapsulating-option",
1866 "space": "my-encapsulating-space"
1867 }
1868 ],
1869
1870 /*
1871 Custom option definitions
1872 */
1873 // For kea-dhcp6, custom option definitions are always global. Even when
1874 // data for said options is then configured at subnet level.
1875 "option-def": [
1876 // Inside the default space. Codes need to not overlap with other
1877 // standard/custom option definitions.
1878 // An option from an actual RFC (8026) not implemented amongst the
1879 // standard definitions. The option is structured as an array of 16-bit
1880 // integers so "array" is set to true and "type" to "uint16".
1881 {
1882 "array": true,
1883 "code": 111,
1884 "encapsulate": "",
1885 "name": "s46-priority",
1886 "record-types": "",
1887 "space": "dhcp6",
1888 "type": "uint16"
1889 },
1890
1891 // New option space allows for a new set of option codes.
1892 // An empty option requires no "data" in "option-data". It's
1893 // presence should be sufficient to trigger custom behavior.
1894 {
1895 "array": false,
1896 "code": 1,
1897 "encapsulate": "",
1898 "name": "my-empty-option",
1899 "record-types": "",
1900 "space": "my-fancy-space",
1901 "type": "empty"
1902 },
1903
1904 // A custom type has "type" set to "record" and all data types (which need
1905 // to be more than 1, otherwise you're better off using the type directly)
1906 // are specified in "record-types". If "string" is part of them, it needs
1907 // to be last.
1908 {
1909 "array": false,
1910 "code": 222,
1911 "encapsulate": "",
1912 "name": "my-lengthy-option",
1913 "record-types": "ipv6-address, ipv6-prefix, psid, tuple, fqdn, string",
1914 "space": "my-fancy-space",
1915 "type": "record"
1916 },
1917
1918 // Contains arrays of all types except strings since an array of strings
1919 // is not a valid option definition.
1920 {
1921 "array": true,
1922 "code": 65432,
1923 "encapsulate": "",
1924 "name": "my-fancy-option",
1925 "record-types": "int8, int16, int32, uint8, uint16, uint32, ipv4-address, ipv6-address, ipv6-prefix, psid, tuple, fqdn",
1926 "space": "my-fancy-space",
1927 "type": "record"
1928 },
1929
1930 // A single encapsulating space can be used. An option containing any
1931 // option from said space will now be unpacked successfully by Kea.
1932 {
1933 "array": false,
1934 "code": 12321,
1935 "encapsulate": "my-fancy-space",
1936 "name": "my-encapsulating-option",
1937 "record-types": "",
1938 "space": "my-encapsulating-space",
1939 "type": "empty"
1940 }
1941 ],
1942
1943 "subnet6": [
1944 /*
1945 DOCSIS3 option data
1946 */
1947 // Headers are as defined in CL-SP-CANN-DHCP-Reg-I16-200715.
1948 // "space" is required to be explicitly defined as "docsis3-v6"
1949 {
1950 "option-data": [
1951 /*
1952 0 1 2 3
1953 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1954 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1955 | option-code | option-len |
1956 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1957 | device-type |
1958 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1959 | ... |
1960 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1961
1962 option-code CL_OPTION_DEVICE_TYPE (2)
1963
1964 option-len length of device-type field in bytes.
1965
1966 device-type The device type as NVT ASCII text MUST NOT be null terminated.
1967 "ECM" for embedded Cable Modem (as specified by DOCSIS 1.0, 1.1, 2.0, 3.0
1968 or 3.1 Base Specifications)
1969 "EPS" for CableHome embedded Portal Services Element
1970 "EMTA" for PacketCable embedded Multimedia Terminal Adapter
1971 "EDVA" for PacketCable embedded Digital Voice Adapter
1972 "ESTB" for an embedded Set-Top Box
1973 "EROUTER" for an embedded DOCSIS Router
1974 "SROUTER" for a Standalone Router
1975 */
1976 // Type: string
1977 {
1978 "code": 2,
1979 "data": "ECM",
1980 "name": "device-type",
1981 "space": "docsis3-v6"
1982 },
1983
1984 /*
1985 0 1 2 3
1986 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1987 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1988 | option-code | option-len |
1989 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1990 | .
1991 . vendor-name .
1992 . |
1993 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1994
1995 option code: CL_OPTION_VENDOR_NAME(10)
1996
1997 option length: n (for string of length n)
1998
1999 vendor-name: The vendor name string NVT ASCII text MUST NOT be
2000 null terminated.
2001 */
2002 // Type: string
2003 {
2004 "code": 10,
2005 "data": "CableLabs",
2006 "name": "vendor-type",
2007 "space": "docsis3-v6"
2008 },
2009
2010 /*
2011 0 1 2 3
2012 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2013 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2014 | option-code | option-len |
2015 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2016 | |
2017 | TFTP-server-1 |
2018 | |
2019 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2020 | |
2021 | TFTP-server-2 |
2022 | |
2023 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2024 . .
2025 . .
2026 . .
2027 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2028 | |
2029 | TFTP-server-n |
2030 | |
2031 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2032
2033 option code: CL_OPTION_TFTP_SERVERS(32)
2034
2035 option length: 16*n (for n servers in the option) in bytes
2036
2037 TFTP-server: The IPv6 address of a TFTP server
2038 */
2039 // Type: array of {IPv6 address}
2040 {
2041 "code": 32,
2042 "data": "2001:db8::31",
2043 "name": "tftp-servers",
2044 "space": "docsis3-v6"
2045 },
2046
2047 /*
2048 0 1 2 3
2049 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2050 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2051 | option-code | option-len |
2052 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2053 | .
2054 . configuration-file-name .
2055 . |
2056 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2057
2058 option code: CL_OPTION_CONFIG_FILE_NAME(33)
2059
2060 option length: n (for file name of length n)
2061
2062 configuration-file-name: The name of the configuration file for the client
2063 */
2064 // Type: string
2065 {
2066 "code": 33,
2067 "data": "cm/012345678.cfg",
2068 "name": "config-file",
2069 "space": "docsis3-v6"
2070 },
2071
2072 /*
2073 0 1 2 3
2074 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2075 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2076 | option-code | option-len |
2077 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2078 | .
2079 . vendor-name .
2080 . |
2081 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2082
2083 option code: CL_OPTION_VENDOR_NAME(10)
2084
2085 option length: n (for string of length n)
2086
2087 vendor-name: The vendor name string NVT ASCII text MUST NOT be
2088 null terminated.
2089 */
2090 // Type: array of {IPv6 address}
2091 {
2092 "code": 34,
2093 "data": "2001:db8::32",
2094 "name": "syslog-servers",
2095 "space": "docsis3-v6"
2096 },
2097
2098 /*
2099 0 1 2 3
2100 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2101 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2102 | option-code | option-len |
2103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2104 | .
2105 . vendor-name .
2106 . |
2107 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2108
2109 option code: CL_OPTION_VENDOR_NAME(10)
2110
2111 option length: n (for string of length n)
2112
2113 vendor-name: The vendor name string NVT ASCII text MUST NOT be
2114 null terminated.
2115 */
2116 // Type: binary
2117 {
2118 "code": 36,
2119 "data": "1A BB AD AB BA D0 00 00 00 00 00 00 00 00 CA FE",
2120 "name": "device-id",
2121 "space": "docsis3-v6"
2122 },
2123
2124 /*
2125 0 1 2 3
2126 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2127 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2128 | option-code | option-len |
2129 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2130 | .
2131 . vendor-name .
2132 . |
2133 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2134
2135 option code: CL_OPTION_VENDOR_NAME(10)
2136
2137 option length: n (for string of length n)
2138
2139 vendor-name: The vendor name string NVT ASCII text MUST NOT be
2140 null terminated.
2141 */
2142 // Type: int32
2143 {
2144 "code": 37,
2145 "data": "2001:db8::33",
2146 "name": "time-servers",
2147 "space": "docsis3-v6"
2148 },
2149
2150 /*
2151 0 1 2 3
2152 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2154 | option-code | option-len |
2155 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2156 | .
2157 . vendor-name .
2158 . |
2159 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2160
2161 option code: CL_OPTION_VENDOR_NAME(10)
2162
2163 option length: n (for string of length n)
2164
2165 vendor-name: The vendor name string NVT ASCII text MUST NOT be
2166 null terminated.
2167 */
2168 // Type: int32
2169 {
2170 "code": 38,
2171 "data": "-25200",
2172 "name": "time-offset",
2173 "space": "docsis3-v6"
2174 }
2175 ],
2176 "subnet": "2001:db8:d0c5:15::/64",
2177 "id": 1
2178 }
2179 ]
2180 }
2181}
kea6/backends.json
1// This is an example configuration file for the DHCPv6 server in Kea.
2// It is a basic scenario with one IPv6 subnet configured. It demonstrates
3// how to configure Kea to use various backends to store leases:
4// - memfile
5// - MySQL
6// - PostgreSQL
7
8{ "Dhcp6":
9
10{
11// Kea is told to listen on eth0 interface only.
12 "interfaces-config": {
13 "interfaces": [ "eth0" ]
14 },
15
16// We need to specify lease type. Exactly one lease-database section
17// should be present. Make sure you uncomment only one.
18
19// 1. memfile backend. Leases information will be stored in flat CSV file.
20// This is the easiest backend to use as it does not require any extra
21// dependencies or services running.
22 "lease-database": {
23 "type": "memfile",
24 "persist": true,
25 "lfc-interval": 3600
26 },
27
28// 2. MySQL backend. Leases will be stored in MySQL database. Make sure it
29// is up, running and properly initialized. See kea-admin documentation
30// for details on how to initialize the database. The only strictly required
31// parameters are type and name. If other parameters are not specified,
32// Kea will assume the database is available on localhost, that user and
33// password is not necessary to connect and that timeout is 5 seconds.
34// Kea must be compiled with the "-D mysql" option to use this backend.
35// "lease-database": {
36// "type": "mysql",
37// "name": "keatest",
38// "host": "localhost",
39// "port": 3306,
40// "user": "keatest",
41// "password": "1234",
42// "reconnect-wait-time": 3000, // expressed in ms
43// "max-reconnect-tries": 3,
44// "on-fail": "stop-retry-exit",
45// "retry-on-startup": false,
46// "connect-timeout": 3
47// },
48// Since Kea.2.7.4, the libdhcp_mysql.so hook library must be loaded in order to
49// store leases in the MySQL Lease Database Backend.
50// Specify the lease backend hook library location.
51// {
52// // the MySQL lease backend hook library required for lease storage.
53// "library": "libdhcp_mysql.so"
54// },
55
56// 3. PostgreSQL backend. Leases will be stored in PostgreSQL database. Make
57// sure it is up, running and properly initialized. See kea-admin documentation
58// for details on how to initialize the database. The only strictly required
59// parameters are type and name. If other parameters are not specified,
60// Kea will assume the database is available on localhost, that user and
61// password is not necessary to connect and that timeout is 5 seconds.
62// Kea must be compiled with the "-D postgresql" option to use this backend.
63// "lease-database": {
64// "type": "postgresql",
65// "name": "keatest",
66// "host": "localhost",
67// "port": 5432,
68// "user": "keatest",
69// "password": "1234",
70// "reconnect-wait-time": 3000, // expressed in ms
71// "max-reconnect-tries": 3,
72// "on-fail": "stop-retry-exit",
73// "retry-on-startup": false,
74// "connect-timeout": 3
75// },
76// Since Kea.2.7.4, the libdhcp_pgsql.so hook library must be loaded in order to
77// store leases in the PostgreSQL Lease Database Backend.
78// Specify the lease backend hook library location.
79// {
80// // the PostgreSQL lease backend hook library required for lease storage.
81// "library": "libdhcp_pgsql.so"
82// },
83
84// Addresses will be assigned with preferred and valid lifetimes
85// being 3000 and 4000, respectively. Client is told to start
86// renewing after 1000 seconds. If the server does not respond
87// after 2000 seconds since the lease was granted, client is supposed
88// to start REBIND procedure (emergency renewal that allows switching
89// to a different server).
90 "preferred-lifetime": 3000,
91 "valid-lifetime": 4000,
92 "renew-timer": 1000,
93 "rebind-timer": 2000,
94
95// The following list defines subnets. Each subnet consists of at
96// least subnet and pool entries.
97 "subnet6": [
98 {
99 "pools": [ { "pool": "2001:db8:1::/80" } ],
100 "id": 1,
101 "subnet": "2001:db8:1::/64",
102 "interface": "eth0"
103 }
104 ],
105
106// The following configures logging. It assumes that messages with at
107// least informational level (info, warn, error and fatal) should be
108// logged to stdout.
109 "loggers": [
110 {
111 "name": "kea-dhcp6",
112 "output-options": [
113 {
114 "output": "stdout"
115 }
116 ],
117 "debuglevel": 0,
118 "severity": "INFO"
119 }
120 ]
121}
122
123}
kea6/classify.json
1// This is an example configuration file for the DHCPv6 server in Kea.
2// The purpose of this example is to showcase how clients can be classified.
3
4{ "Dhcp6":
5
6{
7// Kea is told to listen on eth0 interface only.
8 "interfaces-config": {
9 "interfaces": [ "eth0" ]
10 },
11
12// Let's use the simplest backend: memfile and use some reasonable values
13// for timers. They are of no concern for the classification demonstration.
14 "lease-database": {
15 "type": "memfile",
16 "lfc-interval": 3600
17 },
18 "renew-timer": 1000,
19 "rebind-timer": 2000,
20 "preferred-lifetime": 3000,
21 "valid-lifetime": 4000,
22
23// This list defines several classes that incoming packets can be assigned to.
24// One packet can belong to zero or more classes.
25 "client-classes": [
26
27// The first class attempts to match all packets coming in on eth0 interface.
28 {
29 "name": "lab",
30 "test": "pkt.iface == 'eth0'",
31 "option-data": [{
32 "name": "dns-servers",
33 "data": "2001:db8::1"
34 }]
35 },
36
37// Let's classify all incoming RENEW (message type 5) to a separate
38// class.
39 {
40 "name": "renews",
41 "test": "pkt6.msgtype == 5"
42 },
43
44// Let's pick cable modems. In this simple example we'll assume the device
45// is a cable modem if it sends a vendor option with enterprise-id equal
46// to 4491.
47 {
48 "name": "cable-modems",
49 "test": "vendor.enterprise == 4491"
50 }
51
52 ],
53
54
55// The following list defines subnets. Each subnet consists of at
56// least subnet and pool entries.
57 "subnet6": [
58 {
59 "id": 1,
60 "pools": [ { "pool": "2001:db8:1::/80" } ],
61 "subnet": "2001:db8:1::/64",
62 "client-classes": [ "cable-modems" ],
63 "interface": "eth0"
64 },
65
66 // The following subnet contains a class reservation for a client using
67 // DUID 01:02:03:04:05:0A:0B:0C:0D:0E. This client will always be assigned
68 // to this class.
69 {
70 "id": 2,
71 "pools": [ { "pool": "2001:db8:2::/80" } ],
72 "subnet": "2001:db8:2::/64",
73 "reservations": [
74 {
75 "duid": "01:02:03:04:05:0A:0B:0C:0D:0E",
76 "client-classes": [ "cable-modems" ]
77 } ],
78 "interface": "eth0"
79 },
80
81 // The following subnet contains a pool with a class constraint: only
82 // clients which belong to the class are allowed to use this pool.
83 {
84 "id": 3,
85 "pools": [
86 {
87 "pool": "2001:db8:4::/80",
88 "client-classes": [ "cable-modems" ]
89 } ],
90 "subnet": "2001:db8:4::/64",
91 "interface": "eth1"
92 }
93
94 ],
95
96// The following configures logging. It assumes that messages with at
97// least informational level (info, warn, error and fatal) should be
98// logged to stdout.
99 "loggers": [
100 {
101 "name": "kea-dhcp6",
102 "output-options": [
103 {
104 "output": "stdout"
105 }
106 ],
107 "debuglevel": 0,
108 "severity": "INFO"
109 }
110 ]
111}
112
113}
kea6/classify2.json
1// This is an example configuration file for the DHCPv6 server in Kea.
2// The purpose of this example is to showcase how clients can be classified.
3
4{ "Dhcp6":
5
6{
7// Kea is told to listen on eth0 interface only.
8 "interfaces-config": {
9 "interfaces": [ "eth0" ]
10 },
11
12// Let's use the simplest backend: memfile and use some reasonable values
13// for timers. They are of no concern for the classification demonstration.
14 "lease-database": {
15 "type": "memfile",
16 "lfc-interval": 3600
17 },
18 "renew-timer": 1000,
19 "rebind-timer": 2000,
20 "preferred-lifetime": 3000,
21 "valid-lifetime": 4000,
22
23// This list defines several classes that incoming packets can be assigned to.
24// One packet can belong to zero or more classes.
25 "client-classes": [
26
27// This class is included by the second subnet in its 'evaluate-additional-classes'
28// list so 'only-in-additional-list' is enabled. This ensures the class will only
29// be evaluated if the second subnet is selected. The test expression returns true.
30// Note it is not possible to depend on cable-modems class because it
31// is not yet defined.
32 {
33 "name": "second_subnet",
34 "only-in-additional-list": true,
35 "test": "member('ALL')",
36 "option-data": [{
37 "name": "dns-servers",
38 "data": "2001:db8::1"
39 }]
40 },
41
42// Let's classify all incoming RENEW (message type 5) to a separate
43// class.
44 {
45 "name": "renews",
46 "test": "pkt6.msgtype == 5"
47 },
48
49// Let's pick cable modems. In this simple example we'll assume the device
50// is a cable modem if it sends a vendor option with enterprise-id equal
51// to 4491.
52 {
53 "name": "cable-modems",
54 "test": "vendor.enterprise == 4491"
55 },
56
57// Both a cable modem (by evaluation or host reservation) and has a host
58// reservation.
59 {
60 "name": "cable-modem-hosts",
61 "test": "member('cable-modems') and member('KNOWN')"
62 }
63
64 ],
65
66
67// The following list defines subnets. Each subnet consists of at
68// least subnet and pool entries.
69 "subnet6": [
70 {
71 "id": 1,
72 "pools": [ { "pool": "2001:db8:1::/80" } ],
73 "subnet": "2001:db8:1::/64",
74 "client-classes": [ "cable-modems" ],
75 "interface": "eth0"
76 },
77// The following subnet contains a class reservation for a client using
78// DUID 01:02:03:04:05:0A:0B:0C:0D:0E. This client will always be assigned
79// to this class.
80 {
81 "id": 2,
82 "pools": [ { "pool": "2001:db8:2::/80" } ],
83 "subnet": "2001:db8:2::/64",
84 "reservations": [
85 {
86 "duid": "01:02:03:04:05:0A:0B:0C:0D:0E",
87 "client-classes": [ "cable-modems" ]
88 } ],
89 "interface": "eth0",
90 "evaluate-additional-classes": [ "second_subnet" ]
91 },
92// The following subnet contains a pool with a class constraint: only
93// clients which belong to the class are allowed to use this pool.
94 {
95 "id": 3,
96 "pools": [
97 {
98 "pool": "2001:db8:4::/80",
99 "client-classes": [ "cable-modems" ]
100 } ],
101 "subnet": "2001:db8:4::/64",
102 "interface": "eth1"
103 },
104// This subnet is divided in two pools for unknown and known
105// (i.e. which have a reservation) clients. The built-in KNOWN and
106// UNKNOWN classes are set or not at host reservation lookup (KNOWN if
107// this returns something, UNKNOWN if this finds nothing) and client
108// classes depending on it are evaluated.
109// This happens after subnet selection and before address allocation
110// from pools.
111 {
112 "id": 4,
113 "pools": [
114 {
115 "pool": "2001:db8:8::/64",
116 "client-classes": [ "UNKNOWN" ]
117 },
118 {
119 "pool": "2001:db8:9::/64",
120 "client-classes": [ "KNOWN" ]
121 }
122 ],
123 "subnet": "2001:db8:8::/46",
124 "reservations": [
125 { "hw-address": "00:00:00:11:22:33", "hostname": "h1" },
126 { "hw-address": "00:00:00:44:55:66", "hostname": "h4" },
127 { "hw-address": "00:00:00:77:88:99", "hostname": "h7" },
128 { "hw-address": "00:00:00:aa:bb:cc", "hostname": "ha" }
129 ]
130 }
131
132 ],
133
134// The following configures logging. It assumes that messages with at
135// least informational level (info, warn, error and fatal) should be
136// logged to stdout.
137 "loggers": [
138 {
139 "name": "kea-dhcp6",
140 "output-options": [
141 {
142 "output": "stdout"
143 }
144 ],
145 "debuglevel": 0,
146 "severity": "INFO"
147 }
148 ]
149}
150
151}
kea6/comments.json
1// This is an example configuration file for the DHCPv6 server in Kea.
2// It uses embedded (i.e., which will be included in configuration objects
3// and not stripped by at lexical analysis) comments.
4
5{ "Dhcp6":
6
7{
8 // Global scope
9 "comment": "A DHCPv6 server",
10
11 // In interface config
12 "interfaces-config": {
13 "comment": "Use wildcard",
14 "interfaces": [ "*" ] },
15
16 // In option definitions
17 "option-def": [ {
18 "comment": "An option definition",
19 "name": "foo",
20 "code": 100,
21 "type": "ipv6-address",
22 "space": "isc"
23 } ],
24
25 // In option data
26 "option-data": [ {
27 "comment": "Set option value",
28 "name": "subscriber-id",
29 "data": "ABCDEF0105",
30 "csv-format": false
31 } ],
32
33 // In client classes
34 "client-classes": [
35 {
36 "comment": "match all",
37 "name": "all",
38 "test": "'' == ''"
39 },
40 // Of course comments are optional
41 {
42 "name": "none"
43 },
44 // A comment and a user-context can be specified
45 {
46 "comment": "a comment",
47 "name": "both",
48 "user-context": {
49 "version": 1
50 }
51 }
52 ],
53
54 // In control sockets
55 "control-sockets": [
56 {
57 "socket-type": "unix",
58 "socket-name": "kea6-ctrl-socket",
59 "user-context": { "comment": "Indirect comment" }
60 },
61 {
62 "comment": "HTTP control socket",
63 "socket-type": "http",
64 "socket-address": "127.0.0.1",
65 "socket-port": 8006,
66
67 // In authentication
68 "authentication": {
69 "comment": "basic HTTP authentication",
70 "type": "basic",
71 // In basic HTTP authentication clients
72 "clients": [ {
73 "user": "admin",
74 "password": "1234"
75 } ]
76 }
77 }
78 ],
79
80 // In shared networks
81 "shared-networks": [ {
82 "comment": "A shared network",
83 "name": "foo",
84
85 // In subnets
86 "subnet6": [
87 {
88 "comment": "A subnet",
89 "subnet": "2001:db1::/64",
90 "id": 100,
91
92 // In pools
93 "pools": [
94 {
95 "comment": "A pool",
96 "pool": "2001:db1::/64"
97 }
98 ],
99
100 // In prefix pools
101 "pd-pools": [
102 {
103 "comment": "A prefix pool",
104 "prefix": "2001:db2::",
105 "prefix-len": 48,
106 "delegated-len": 64
107 }
108 ],
109
110 // In host reservations
111 "reservations": [
112 {
113 "comment": "A host reservation",
114 "hw-address": "AA:BB:CC:DD:EE:FF",
115 "hostname": "foo.example.com",
116
117 // Again in an option data
118 "option-data": [ {
119 "comment": "An option in a reservation",
120 "name": "domain-search",
121 "data": "example.com"
122 } ]
123 }
124 ]
125 }
126 ]
127 } ],
128
129 // In dhcp ddns
130 "dhcp-ddns": {
131 "comment": "No dynamic DNS",
132 "enable-updates": false
133 },
134
135 // In loggers
136 "loggers": [ {
137 "comment": "A logger",
138 "name": "kea-dhcp6"
139 } ]
140}
141
142}
kea6/config-backend.json
1// This is an example configuration file for the DHCPv4 server in Kea.
2// It demonstrates how to enable Kea Configuration Backend using MySQL.
3// It requires that libdhcp_mysql.so library is available and
4// optionally libdhcp_cb_cmds.so hook library.
5
6{ "Dhcp6":
7
8{
9 // Set the server tag for the configuration backend. This instance will
10 // be named server2. Every configuration element that is applicable to
11 // either "all" or "server2" will be used by this instance.
12 "server-tag": "server2",
13
14 // Kea is told to listen on eth0 interface only.
15 "interfaces-config": {
16 "interfaces": [ "eth0" ]
17 },
18
19 // Use memfile lease database backend.
20 "lease-database": {
21 "type": "memfile",
22 "lfc-interval": 3600
23 },
24
25 // This parameter controls how the server accesses the configuration
26 // database. Currently only two database types are available - "mysql" and
27 // "postgresql".
28 // Using "mysql" requires that the libdhcp_mysql.so hook library is loaded.
29 // If using "postgresql", then loading libdhcp_pgsql.so hook library is
30 // required.
31 "config-control": {
32 // A list of database backends to connect to. Currently, it is limited
33 // to a single backend.
34 "config-databases": [
35 {
36 "type": "mysql",
37 "reconnect-wait-time": 3000, // expressed in ms
38 "max-reconnect-tries": 3,
39 "name": "kea",
40 "user": "kea",
41 "password": "1234",
42 "host": "localhost",
43 "port": 3306
44 }
45 ],
46 // Controls how often the server polls the database for the
47 // configuration updates. The setting below implies that it
48 // will take up to approx. 20 seconds for the server to
49 // discover and fetch configuration changes.
50 "config-fetch-wait-time": 20
51 },
52
53 // This defines a control socket. If defined, Kea will open a UNIX socket
54 // and will listen for incoming commands. See section 17 of the Kea ARM for
55 // details.
56 "control-socket": {
57 "socket-type": "unix",
58 "socket-name": "kea6-ctrl-socket"
59 },
60
61 // Hooks libraries that enable configuration backend are loaded.
62 "hooks-libraries": [
63 // The libdhcp_mysql.so is required to use MySQL Configuration
64 // Backend.
65 {
66 "library": "libdhcp_mysql.so"
67 }
68 // If using PostgreSQL Configuration Backend, the "libdhcp_pgsql.so" is
69 // required.
70 // {
71 // "library": "libdhcp_pgsql.so"
72 // }
73 // The libdhcp_cb_cmds.so is optional. It allows for managing the
74 // configuration in the database. If this library is not loaded,
75 // the configuration can be managed directly using available
76 // tools that work directly with the MySQL database.
77 // ,{
78 // "library": "libdhcp_cb_cmds.so"
79 // }
80 ],
81
82 // The following configures logging. It assumes that messages with at
83 // least informational level (info, warn, error and fatal) should be
84 // logged to stdout. Alternatively, you can specify stderr here, a filename
85 // or 'syslog', which will store output messages via syslog.
86 "loggers": [
87 {
88 "name": "kea-dhcp6",
89 "output-options": [
90 {
91 "output": "stdout"
92 }
93 ],
94 "debuglevel": 0,
95 "severity": "INFO"
96 }
97 ]
98}
99
100}
kea6/dhcpv4-over-dhcpv6.json
1// This is an example configuration file for the DHCPv6 server of
2// DHCPv4-over-DHCPv6 tests in Kea.
3
4{
5
6// DHCPv6 conf
7"Dhcp6":
8{
9 "interfaces-config": {
10// Enable unicast
11 "interfaces": [ "eth0/2001:db8:1::1" ]
12 },
13
14 "lease-database": {
15 "type": "memfile",
16 "name": "kea-leases6.csv"
17 },
18
19 "preferred-lifetime": 3000,
20 "valid-lifetime": 4000,
21 "renew-timer": 1000,
22 "rebind-timer": 2000,
23
24 "subnet6": [
25 { "id": 1,
26 "subnet": "2001:db8:1:1::/64",
27 "interface": "eth0",
28 "pools": [ { "pool": "2001:db8:1:1::1:0/112" } ] }
29 ],
30
31// This enables DHCPv4-over-DHCPv6 support
32 "dhcp4o6-port": 786,
33
34// Required by DHCPv4-over-DHCPv6 clients
35 "option-data": [
36 { "name": "dhcp4o6-server-addr",
37 "code": 88,
38 "space": "dhcp6",
39 "csv-format": true,
40// Put the server address here
41 "data": "2001:db8:1:1::1" }
42 ],
43
44 "loggers": [
45 {
46 "name": "kea-dhcp6",
47 "output-options": [
48 {
49 "output": "kea-dhcp6.log"
50 }
51 ],
52 "severity": "DEBUG",
53 "debuglevel": 0
54 }
55 ]
56}
57
58}
kea6/duid.json
1// This is an example configuration file for DHCPv6 server in Kea.
2// It demonstrates how to configure Kea to use DUID-LLT with some
3// values specified explicitly.
4
5{ "Dhcp6":
6
7{
8
9// Configure server identifier (DUID-LLT). The hexadecimal value of the
10// identifier will be used as link layer address component of the DUID.
11// The link layer type will be ethernet. The value of time is set to 0
12// which indicates that the server must generate this value, i.e. use
13// current time. Note that it is easy to move from this configuration
14// to DUID-EN or DUID-LL. It would require changing the "type" value
15// to "EN" or "LL" respectively. The "identifier" would hold a
16// DUID-EN variable length identifier or DUID-LL link layer address.
17// The values of "time" and "htype" would be ignored for DUID-EN.
18// If one wanted to use a non-default enterprise-id for DUID-EN, the
19// "enterprise-id" parameter would need to be added. Note that only
20// a "type" parameter is mandatory while specifying "server-id" map.
21 "server-id": {
22 "type": "LLT",
23 "identifier": "12C4D5AF870C",
24 "time": 0,
25 "htype": 1
26 },
27
28// Kea is told to listen on eth0 interface only.
29 "interfaces-config": {
30 "interfaces": [ "eth0" ]
31 },
32
33// We need to specify the database used to store leases. As of
34// June 2022, three database backends are supported: MySQL,
35// PostgreSQL and the in-memory database, Memfile.
36// We'll use memfile because it doesn't require any prior set up.
37 "lease-database": {
38 "type": "memfile",
39 "lfc-interval": 3600
40 },
41
42// Addresses will be assigned with preferred and valid lifetimes
43// being 3000 and 4000, respectively. Client is told to start
44// renewing after 1000 seconds. If the server does not respond
45// after 2000 seconds since the lease was granted, client is supposed
46// to start REBIND procedure (emergency renewal that allows switching
47// to a different server).
48 "preferred-lifetime": 3000,
49 "valid-lifetime": 4000,
50 "renew-timer": 1000,
51 "rebind-timer": 2000,
52
53// The following list defines subnets. Each subnet consists of at
54// least subnet and pool entries.
55 "subnet6": [
56 {
57 "id": 1,
58 "pools": [ { "pool": "2001:db8:1::/80" } ],
59 "subnet": "2001:db8:1::/64",
60 "interface": "eth0"
61 }
62 ],
63
64// The following configures logging. It assumes that messages with at least
65// informational level (info, warn, error) will will be logged to stdout.
66 "loggers": [
67 {
68 "name": "kea-dhcp6",
69 "output-options": [
70 {
71 "output": "stdout"
72 }
73 ],
74 "debuglevel": 0,
75 "severity": "INFO"
76 }
77 ]
78}
79
80}
kea6/global-reservations.json
1// This is an example configuration file for the DHCPv6 server in Kea.
2// It demonstrates how global host reservations can be configured.
3// The global reservations are not associated with any subnet. They
4// are assigned regardless of the subnet to which the DHCP client belongs.
5// Global reservations are assigned to the DHCP clients using the
6// same host identifier types as subnet specific reservations. This file
7// contains multiple examples of host reservations using different
8// identifier types, e.g. DUID, MAC address etc.
9{ "Dhcp6":
10
11{
12// Kea is told to listen on eth0 interface only.
13 "interfaces-config": {
14 "interfaces": [ "eth0" ]
15 },
16
17// We need to specify the database used to store leases. As of
18// June 2022, three database backends are supported: MySQL,
19// PostgreSQL and the in-memory database, Memfile.
20// We'll use memfile because it doesn't require any prior set up.
21 "lease-database": {
22 "type": "memfile",
23 "lfc-interval": 3600
24 },
25
26// This is pretty basic stuff, it has nothing to do with reservations.
27 "preferred-lifetime": 3000,
28 "valid-lifetime": 4000,
29 "renew-timer": 1000,
30 "rebind-timer": 2000,
31
32// Kea supports three types of identifiers in DHCPv6: hw-address (hardware/MAC
33// address of the client), duid (DUID inserted by the client) and flex-id
34// (flexible identifier available when flex_id hook library is loaded) When told
35// to do so, Kea can check for each of these identifier types, but it takes a
36// costly database lookup to do so. It is therefore useful from a performance
37// perspective to use only the reservation types that are actually used in a
38// given network.
39 "host-reservation-identifiers": [ "duid", "hw-address", "flex-id" ],
40
41// This directive tells Kea that reservations are global. Note that this
42// can also be specified at shared network and/or subnet level.
43
44// Specify whether the server should look up global reservations.
45 "reservations-global": true,
46
47// Specify whether the server should look up in-subnet reservations.
48 "reservations-in-subnet": false,
49
50// Specify whether the server can assume that all reserved addresses
51// are out-of-pool.
52// Ignored when reservations-in-subnet is false.
53// If specified, it is inherited by "shared-networks" and "subnet6" levels.
54 "reservations-out-of-pool": false,
55
56// Define several global host reservations.
57 "reservations": [
58
59// This is a simple host reservation. The host with DUID matching
60// the specified value will get an address of 2001:db8:1::100.
61// Note it is not recommended but still allowed to reverse addresses at
62// the global scope: as it breaks the link between the reservation and
63// the subnet it can lead to a client localized in another subnet than
64// its address belongs to.
65 {
66 "duid": "01:02:03:04:05:0A:0B:0C:0D:0E",
67 "ip-addresses": [ "2001:db8:1::100" ]
68 },
69
70// This is similar to the previous one, but this time the reservation
71// is done based on hardware/MAC address. The server will do its best to
72// extract the hardware/MAC address from received packets (see
73// 'mac-sources' directive for details). This particular reservation
74// also specifies two extra options to be available for this client. If
75// there are options with the same code specified in a global, subnet or
76// class scope, the values defined at host level take precedence for
77// this particular DHCP client.
78 {
79 "hw-address": "00:01:02:03:04:05",
80 "ip-addresses": [ "2001:db8:1::101" ],
81 "option-data": [
82 {
83 "name": "dns-servers",
84 "data": "3000:1::234"
85 },
86 {
87 "name": "nis-servers",
88 "data": "3000:1::234"
89 }
90 ],
91 "client-classes": [ "special_snowflake", "office" ]
92 },
93
94// This is a bit more advanced reservation. The client with the specified
95// DUID will get a reserved address, a reserved prefix and a hostname.
96// At least one of the three must be specified in a reservation.
97// Finally, this reservation features vendor specific options for CableLabs,
98// which happen to use enterprise-id 4491. Those particular values will
99// be returned only to the client that has a DUID matching this reservation.
100 {
101 "duid": "01:02:03:04:05:06:07:08:09:0A",
102 "ip-addresses": [ "2001:db8:1:cafe::1" ],
103 "prefixes": [ "2001:db8:2:abcd::/64" ],
104 "hostname": "foo.example.com",
105 "option-data": [
106 {
107 "name": "vendor-opts",
108 "data": "4491"
109 },
110 {
111 "name": "tftp-servers",
112 "space": "vendor-4491",
113 "data": "3000:1::234"
114 }
115 ]
116 },
117
118// This reservation is using flexible identifier. Instead of relying
119// on specific field, sysadmin can define an expression similar to what
120// is used for client classification,
121// e.g. substring(relay[0].option[17],0,6). Then, based on the value of
122// that expression for incoming packet, the reservation is matched.
123// Expression can be specified either as hex or plain text using single
124// quotes.
125// Note: flexible identifier requires flex_id hook library to be
126// loaded to work.
127 {
128 "flex-id": "'somevalue'",
129 "ip-addresses": [ "2001:db8:1:cafe::2" ]
130 }
131 ],
132
133// The following list defines subnets. Subnet, pools and interface definitions
134// are the same as in the regular scenario.
135 "subnet6": [
136 {
137 "id": 1,
138
139 "subnet": "2001:db8::/47",
140
141 "pools": [ { "pool": "2001:db8::/64" } ],
142
143 "pd-pools": [
144 {
145 "prefix": "2001:db8:1:8000::",
146 "prefix-len": 56,
147 "delegated-len": 64
148 }
149 ],
150 "interface": "eth0"
151 }
152 ],
153
154// The following configures logging. It assumes that messages with at
155// least informational level (info, warn, error and fatal) should be
156// logged to stdout.
157 "loggers": [
158 {
159 "name": "kea-dhcp6",
160 "output-options": [
161 {
162 "output": "stdout"
163 }
164 ],
165 "debuglevel": 0,
166 "severity": "INFO"
167 }
168 ]
169}
170
171}
kea6/ha-hot-standby-server1-with-tls.json
1// This is an example configuration of the Kea DHCPv6 server. It uses High
2// Availability hook library and Lease Commands hook library to enable
3// High Availability function for the DHCP server. Note that almost exactly
4// the same configuration must be used on the second server (partner).
5// The only difference is that "this-server-name" must be set to "server2"
6// on this other server. Also, the interface configuration and location of TLS
7// specific files depend on the network settings and configuration of the
8// particular machine.
9//
10// The servers using this configuration work in hot standby mode.
11{
12
13// DHCPv6 configuration starts here.
14"Dhcp6": {
15 // Add names of your network interfaces to listen on.
16 "interfaces-config": {
17 // The DHCPv6 server listens on this interface.
18 "interfaces": [ "eth0" ]
19 },
20
21 // Use Memfile lease database backend to store leases in a CSV file.
22 // Depending on how Kea was compiled, it may also support SQL databases
23 // (MySQL and/or PostgreSQL). Those database backends require more
24 // parameters, like name, host and possibly user and password.
25 // There are dedicated examples for each backend. See Section 7.2.2 "Lease
26 // Storage" for details.
27 "lease-database": {
28 // Memfile is the simplest and easiest backend to use. It's an in-memory
29 "type": "memfile"
30 },
31
32 // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and
33 // libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
34 // The latter implements high availability feature for Kea.
35 "hooks-libraries": [
36 // The lease_cmds library must be loaded because HA makes use of it to
37 // deliver lease updates to the server as well as synchronize the
38 // lease database after failure.
39 {
40 "library": "libdhcp_lease_cmds.so",
41 "parameters": { }
42 },
43 {
44 // The HA hook library should be loaded.
45 "library": "libdhcp_ha.so",
46 "parameters": {
47 // High Availability configuration is specified for the HA hook library.
48 // Each server should have the same HA configuration, except for the
49 // "this-server-name" parameter.
50 "high-availability": [ {
51 // This parameter points to this server instance. The respective
52 // HA peers must have this parameter set to their own names.
53 "this-server-name": "server1",
54 // The HA mode is set to hot-standby. This server will receive lease
55 // updates from the primary. The primary will be responding to all
56 // DHCP queries.
57 "mode": "hot-standby",
58 // Heartbeat is to be sent every 10 seconds if no other control
59 // commands are transmitted.
60 "heartbeat-delay": 10000,
61 // Maximum time for partner's response to a heartbeat, after which
62 // failure detection is started. This is specified in milliseconds.
63 "max-response-delay": 60000,
64 // The following parameters control how the server detects the
65 // partner's failure. The ACK delay sets the threshold for the
66 // 'secs' field of the received discovers. This is specified in
67 // milliseconds.
68 "max-ack-delay": 5000,
69 // This specifies the number of clients which send messages to
70 // the partner but appear to not receive any response.
71 "max-unacked-clients": 5,
72 // Trust anchor aka certificate authority file or directory.
73 "trust-anchor": "/usr/lib/kea/CA.pem",
74 // Client certificate file name.
75 "cert-file": "/usr/lib/kea/server_cert.pem",
76 // Private key file name.
77 "key-file": "/usr/lib/kea/server_key.pem",
78 // Client certificates are required and verified.
79 "require-client-certs": true,
80 "peers": [
81 // This is the configuration of this server instance.
82 {
83 "name": "server1",
84 // This specifies the URL of this server instance.
85 "url": "http://192.168.56.33:8007/",
86 // This server is primary. The other one must be
87 // standby.
88 "role": "primary"
89 },
90 // This is the configuration of the HA peer.
91 {
92 "name": "server2",
93 // Specifies the URL on which the partner's control
94 // channel can be reached.
95 "url": "http://192.168.56.66:8007/",
96 // The partner is standby. This server is primary.
97 "role": "standby"
98 }
99 ]
100 } ]
101 }
102 }
103 ],
104
105 // The following list defines subnets. Each subnet consists of at
106 // least subnet and pool entries.
107 "subnet6": [
108 {
109 "id": 1,
110
111 "subnet": "2001:db8:1::/64",
112
113 "pools": [
114 {
115 "pool": "2001:db8:1::100 - 2001:db8:1::250"
116 }
117 ],
118
119 "interface": "eth0"
120 }
121 ],
122
123// The following configures logging. It assumes that messages with at
124// least informational level (info, warn, error and fatal) should be
125// logged to stdout. Alternatively, you can specify stderr here, a filename
126// or 'syslog', which will store output messages via syslog.
127 "loggers": [
128 {
129 // This section affects kea-dhcp6, which is the base logger for DHCPv6
130 // component. It tells DHCPv6 server to write all log messages (on
131 // severity INFO or more) to a file.
132 "name": "kea-dhcp6",
133 "output-options": [
134 {
135 "output": "stdout"
136 }
137 ],
138 "severity": "INFO",
139 "debuglevel": 0
140 },
141 {
142 // This section specifies configuration of the HA hook library-specific
143 // logger.
144 "name": "kea-dhcp6.ha-hooks",
145 "output-options": [
146 {
147 "output": "stdout"
148 }
149 ],
150 "severity": "INFO",
151 "debuglevel": 99
152 }
153 ]
154}
155}
kea6/ha-hot-standby-server2.json
1// This is an example configuration of the Kea DHCPv6 server. It uses High
2// Availability hook library and Lease Commands hook library to enable
3// High Availability function for the DHCP server. Note that almost exactly
4// the same configuration must be used on the second server (partner).
5// The only difference is that "this-server-name" must be set to "server1"
6// on this other server. Also, the interface configuration depends on the
7// network settings of the particular machine.
8//
9// The servers using this configuration work in hot standby mode.
10{
11
12// DHCPv6 configuration starts here.
13"Dhcp6": {
14 // Add names of your network interfaces to listen on.
15 "interfaces-config": {
16 // The DHCPv6 server listens on this interface.
17 "interfaces": [ "eth0" ]
18 },
19
20 // Use Memfile lease database backend to store leases in a CSV file.
21 // Depending on how Kea was compiled, it may also support SQL databases
22 // (MySQL and/or PostgreSQL). Those database backends require more
23 // parameters, like name, host and possibly user and password.
24 // There are dedicated examples for each backend. See Section 7.2.2 "Lease
25 // Storage" for details.
26 "lease-database": {
27 // Memfile is the simplest and easiest backend to use. It's an in-memory
28 "type": "memfile"
29 },
30
31 // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and
32 // libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
33 // The latter implements high availability feature for Kea.
34 "hooks-libraries": [
35 // The lease_cmds library must be loaded because HA makes use of it to
36 // deliver lease updates to the server as well as synchronize the
37 // lease database after failure.
38 {
39 "library": "libdhcp_lease_cmds.so",
40 "parameters": { }
41 },
42 {
43 // The HA hook library should be loaded.
44 "library": "libdhcp_ha.so",
45 "parameters": {
46 // High Availability configuration is specified for the HA hook library.
47 // Each server should have the same HA configuration, except for the
48 // "this-server-name" parameter.
49 "high-availability": [ {
50 // This parameter points to this server instance. The respective
51 // HA peers must have this parameter set to their own names.
52 "this-server-name": "server2",
53 // The HA mode is set to hot-standby. This server will receive lease
54 // updates from the primary. The primary will be responding to all
55 // DHCP queries.
56 "mode": "hot-standby",
57 // Heartbeat is to be sent every 10 seconds if no other control
58 // commands are transmitted.
59 "heartbeat-delay": 10000,
60 // Maximum time for partner's response to a heartbeat, after which
61 // failure detection is started. This is specified in milliseconds.
62 "max-response-delay": 60000,
63 // The following parameters control how the server detects the
64 // partner's failure. The ACK delay sets the threshold for the
65 // 'secs' field of the received discovers. This is specified in
66 // milliseconds.
67 "max-ack-delay": 5000,
68 // This specifies the number of clients which send messages to
69 // the partner but appear to not receive any response.
70 "max-unacked-clients": 5,
71 "peers": [
72 // This is the configuration of the HA peer.
73 {
74 "name": "server1",
75 // Specifies the URL on which the partner's control
76 // channel can be reached.
77 "url": "http://192.168.56.33:8007/",
78 // The partner is primary. This server is standby.
79 "role": "primary"
80 },
81 // This is the configuration of this server instance.
82 {
83 "name": "server2",
84 // This specifies the URL of this server instance.
85 "url": "http://192.168.56.66:8007/",
86 // This server is standby. The other one must be
87 // primary.
88 "role": "standby"
89 }
90 ]
91 } ]
92 }
93 }
94 ],
95
96 // The following list defines subnets. Each subnet consists of at
97 // least subnet and pool entries.
98 "subnet6": [
99 {
100 "id": 1,
101
102 "subnet": "2001:db8:1::/64",
103
104 "pools": [
105 {
106 "pool": "2001:db8:1::100 - 2001:db8:1::250"
107 }
108 ],
109
110 "interface": "eth0"
111 }
112 ],
113
114// The following configures logging. It assumes that messages with at
115// least informational level (info, warn, error and fatal) should be
116// logged to stdout. Alternatively, you can specify stderr here, a filename
117// or 'syslog', which will store output messages via syslog.
118 "loggers": [
119 {
120 // This section affects kea-dhcp6, which is the base logger for DHCPv6
121 // component. It tells DHCPv6 server to write all log messages (on
122 // severity INFO or more) to a file.
123 "name": "kea-dhcp6",
124 "output-options": [
125 {
126 "output": "stdout"
127 }
128 ],
129 "severity": "INFO",
130 "debuglevel": 0
131 },
132 {
133 // This section specifies configuration of the HA hook library-specific
134 // logger.
135 "name": "kea-dhcp6.ha-hooks",
136 "output-options": [
137 {
138 "output": "stdout"
139 }
140 ],
141 "severity": "INFO",
142 "debuglevel": 99
143 }
144 ]
145}
146}
kea6/hooks-rbac.json
1// This is an example configuration file for the DHCPv6 server in Kea using
2// the Role Based Access Control (RBAC) hook library. It uses a basic scenario
3// of one IPv6 subnet configured with the default values for all parameters.
4
5{"Dhcp6":
6
7{
8// Kea is told to listen on the eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// Set up the storage for leases.
14 "lease-database": {
15 "type": "memfile"
16 },
17
18// Set values to mandatory timers
19 "renew-timer": 900,
20 "rebind-timer": 1200,
21 "preferred-lifetime": 1800,
22 "valid-lifetime": 2700,
23
24// Define a single subnet.
25 "subnet6": [
26 {
27 "id": 1,
28 "pools": [
29 {
30 "pool": "2001:db8:1::/80",
31 "user-context": { "charging": true }
32 } ],
33 "subnet": "2001:db8:1::/64",
34 "interface": "eth0"
35 }
36 ],
37
38// Control sockets.
39 "control-sockets": [
40 {
41 "socket-type": "https",
42 "socket-address": "::1",
43 "socket-port": 8000,
44 "trust-anchor": "my-ca",
45 "cert-file": "my-cert",
46 "key-file": "my-key",
47 "cert-required": true
48 }
49 ],
50
51// Add hooks here.
52 "hooks-libraries": [
53 {
54 "library": "libdhcp_rbac.so",
55 "parameters": {
56 // This section configures the RBAC hook library.
57 // Mandatory parameters.
58 "assign-role-method": "cert-subject",
59 "api-files": "/opt/share/kea/api",
60 // Optional parameters.
61 "require-tls": true,
62 "commands": [
63 {
64 "name": "my-command",
65 "access": "read",
66 "hook": "my-hook"
67 } ],
68 "access-control-lists": [
69 {
70 "my-none": { "not": "ALL" }
71 },{
72 "another-none": { "and": [ "ALL", "NONE" ] }
73 },{
74 "my-read": { "access": "read" }
75 } ],
76 "roles": [
77 {
78 "name": "kea-client",
79 "accept-commands":
80 {
81 "commands": [ "list-commands", "status-get" ]
82 },
83 "reject-commands": "NONE",
84 "other-commands": "reject",
85 "list-match-first": "accept",
86 "response-filters": [ "list-commands" ]
87 },{
88 "name": "admin",
89 "accept-commands": "ALL",
90 "reject-commands":
91 {
92 "hook": "cb_cmds"
93 },
94 "list-match-first": "reject"
95 } ],
96 "default-role":
97 {
98 "accept-commands": "NONE",
99 "reject-commands": "ALL"
100 },
101 "unknown-role":
102 {
103 "accept-commands": "READ",
104 "reject-commands": "WRITE"
105 }
106 }
107 }
108 ]
109}
110
111}
kea6/hooks.json
1// This is an example configuration file for the DHCPv6 server in Kea
2// illustrating the configuration of hook libraries. It uses a basic scenario
3// of one IPv6 subnet configured with the default values for all parameters.
4
5{"Dhcp6":
6
7{
8// Kea is told to listen on the eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// Set up the storage for leases.
14 "lease-database": {
15 "type": "memfile"
16 },
17
18// Set values to mandatory timers
19 "renew-timer": 900,
20 "rebind-timer": 1200,
21 "preferred-lifetime": 1800,
22 "valid-lifetime": 2700,
23
24// Define a single subnet.
25 "subnet6": [
26 {
27 "id": 1,
28 "pools": [
29 {
30 "pool": "2001:db8:1::/80",
31 "user-context": { "charging": true }
32 } ],
33 "subnet": "2001:db8:1::/64",
34 "interface": "eth0"
35 }
36 ],
37
38// Set up the hook libraries. For this example, we assume that two libraries
39// are loaded, called "security" and "charging". Note that order is important:
40// "security" is specified first so if both libraries supply a hook function
41// for a given hook, the function in "security" will be called before that in
42// "charging".
43
44 "hooks-libraries": [
45 {
46 "library": "security.so"
47 },
48 {
49 "library": "charging.so",
50 "parameters": {
51 "path": "/var/log/kea",
52 "base-name": "kea-forensic6"
53 }
54 }
55 ]
56}
57
58}
kea6/iPXE.json
1// This is an example configuration for iPXE boot in Kea6.
2
3{
4 "Dhcp6": {
5 // Mandatory part of the config that list interfaces on which
6 // Kea will listen for incoming traffic.
7 "interfaces-config": {
8 "interfaces": [ "eth0" ]
9 },
10
11// Two classes are migrated form ISC-DHCP example:
12// if exists dhcp6.client-arch-type and
13// option dhcp6.client-arch-type = 00:07 {
14// option dhcp6.bootfile-url "http://[2001:db8::1]/ipxe.efi";
15// } else if exists dhcp6.user-class and
16// substring(option dhcp6.user-class, 2, 4) = "iPXE" {
17// option dhcp6.bootfile-url "http://[2001:db8::1]/ubuntu.cfg";
18// }
19
20// In example shown below incoming packet will receive value
21// http://[2001:db8::1]/ubuntu.cfg if incoming packet will include user
22// class option with "iPXE" in it and value http://[2001:db8::1]/ipxe.efi
23// if option client architecture type will be 7.
24// If incoming packet will include both of those options with matching
25// values it will be assigned to class "a-ipxe" because it was first
26// matching class. If you want to change that order names of the classes
27// have to have different alphabetical order. In Kea 1.3.0 (and previous
28// versions) alphabetical order is used in classification. Note this
29// should change in next versions, for instance to keep the definition
30// order.
31 "client-classes": [
32 {
33 "name": "a-ipxe",
34 // user-class option (code 15) is a tuple array
35 // so we need to skip the length (tuple first element)
36 "test": "substring(option[15].hex, 2, 4) == 'iPXE'",
37 "option-data": [
38 {
39 "space": "dhcp6",
40 "name": "bootfile-url",
41 "code": 59,
42 "data": "http://[2001:db8::1]/ubuntu.cfg"
43 }
44 ]
45 },
46 {
47 "name": "b-efi",
48 // please consider to add a not a-ipxe here to enforce
49 // the "else"?
50 "test": "option[61].hex == 0x0007",
51 "option-data": [
52 {
53 "space": "dhcp6",
54 "name": "bootfile-url",
55 "code": 59,
56 "data": "http://[2001:db8::1]/ipxe.efi"
57 }
58 ]
59 }
60 ],
61 "subnet6": [
62 {
63 "id": 1,
64 "subnet": "2001:db8::/64"
65 }
66 ]
67 }
68}
kea6/leases-expiration.json
1// This is an example configuration file for DHCPv6 server in Kea.
2// It provides parameters controlling processing of expired leases,
3// a.k.a. leases reclamation.
4
5{ "Dhcp6":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// We need to specify the database used to store leases. As of
14// June 2022, three database backends are supported: MySQL,
15// PostgreSQL and the in-memory database, Memfile.
16// We'll use memfile because it doesn't require any prior set up.
17// Note, we're setting the maximum number of row read errors to 100,
18// (defaults to 0, meaning unlimited).
19 "lease-database": {
20 "type": "memfile",
21 "lfc-interval": 3600,
22 "max-row-errors": 100
23 },
24
25// The following parameters control processing expired leases. Expired leases
26// will be reclaimed periodically according to the "reclaim-timer-wait-time"
27// parameter. Reclaimed leases will be held in the database for 1800s to
28// facilitate lease affinity. After this period the leases will be removed.
29// The frequency of removal is controlled by the
30// "flush-reclaimed-timer-wait-time" parameter. The lease reclamation
31// routine will process at most 500 leases or will last for at most
32// 100ms, during a single run. If there are still some unreclaimed
33// leases after 10 attempts, a warning message is issued.
34// If both "flush-reclaimed-timer-wait-time" and "hold-reclaimed-time" are not
35// 0, when the client sends a release message the lease is expired instead of
36// being deleted from lease storage.
37 "expired-leases-processing": {
38 "reclaim-timer-wait-time": 5,
39 "hold-reclaimed-time": 1800,
40 "flush-reclaimed-timer-wait-time": 10,
41 "max-reclaim-leases": 500,
42 "max-reclaim-time": 100,
43 "unwarned-reclaim-cycles": 10
44 },
45
46// Addresses will be assigned with preferred and valid lifetimes
47// being 3000 and 4000, respectively. Client is told to start
48// renewing after 1000 seconds. If the server does not respond
49// after 2000 seconds since the lease was granted, client is supposed
50// to start REBIND procedure (emergency renewal that allows switching
51// to a different server).
52 "preferred-lifetime": 3000,
53 "valid-lifetime": 4000,
54 "renew-timer": 1000,
55 "rebind-timer": 2000,
56
57// The following list defines subnets. Each subnet consists of at
58// least subnet and pool entries.
59 "subnet6": [
60 {
61 "id": 1,
62 "pools": [ { "pool": "2001:db8:1::/80" } ],
63 "subnet": "2001:db8:1::/64",
64 "interface": "eth0"
65 }
66 ],
67
68// The following configures logging. It assumes that messages with at
69// least informational level (info, warn, error and fatal) should be
70// logged to stdout.
71 "loggers": [
72 {
73 "name": "kea-dhcp6",
74 "output-options": [
75 {
76 "output": "stdout"
77 }
78 ],
79 "debuglevel": 0,
80 "severity": "INFO"
81 }
82 ]
83}
84
85}
kea6/multiple-options.json
1// This is an example configuration file for DHCPv6 server in Kea.
2// It demonstrates simple configuration of the options for a subnet.
3
4{ "Dhcp6":
5
6{
7// Kea is told to listen on eth0 interface only.
8 "interfaces-config": {
9 "interfaces": [ "eth0" ]
10 },
11
12// We need to specify the database used to store leases. As of
13// June 2022, three database backends are supported: MySQL,
14// PostgreSQL and the in-memory database, Memfile.
15// We'll use memfile because it doesn't require any prior set up.
16 "lease-database": {
17 "type": "memfile"
18 },
19
20// Addresses will be assigned with preferred and valid lifetimes
21// being 3000 and 4000, respectively. Client is told to start
22// renewing after 1000 seconds. If the server does not respond
23// after 2000 seconds since the lease was granted, client is supposed
24// to start REBIND procedure (emergency renewal that allows switching
25// to a different server).
26 "preferred-lifetime": 3000,
27 "valid-lifetime": 4000,
28 "renew-timer": 1000,
29 "rebind-timer": 2000,
30
31// Defining a subnet. There are some DHCP options returned to the
32// clients connected to this subnet. The first option is identified
33// by the name. The second option is identified by the code.
34// There are two address pools defined within this subnet. Pool
35// specific value for option 12 is defined for the pool:
36// 2001:db8:1::1 - 2001:db8:1::100. Clients obtaining an address
37// from this pool will be assigned option 12 with a value of
38// 3001:cafe::21. Clients belonging to this subnet but obtaining
39// addresses from the other pool, or the clients obtaining
40// stateless configuration will be assigned subnet specific value
41// of option 12, i.e. 2001:db8:1:0:ff00::1.
42// For DHCPv6 subnets can have prefix delegation pools too so
43// a pd-pools with an option-data is defined too.
44 "subnet6": [
45 {
46 // This is how option values are defined for this particular subnet.
47 "option-data": [
48 // When specifying options, you typically need to specify
49 // one of (name or code) and data. The full option specification
50 // covers name, code, space, csv-format and data.
51 // space defaults to "dhcp6" which is usually correct, unless you
52 // use encapsulate options. csv-format defaults to "true", so
53 // this is also correct, unless you want to specify the whole
54 // option value as long hex string. For example, to specify
55 // domain-name-servers you could do this:
56 // {
57 // "name": "dns-servers",
58 // "code": 23,
59 // "csv-format": true,
60 // "space": "dhcp6",
61 // "data": "2001:db8:2::45, 2001:db8:2::100"
62 // }
63 // but it's a lot of writing, so it's easier to do this instead:
64 {
65 "name": "dns-servers",
66 "data": "2001:db8:2::45, 2001:db8:2::100"
67 },
68
69 // Typically people prefer to refer to options by their
70 // names, so they don't need to remember the code
71 // names. However, some people like to use numerical
72 // values. For example, DHCPv6 can optionally use server
73 // unicast communication, if extra option is present. Option
74 // "unicast" uses option code 12, so you can reference to it
75 // either by "name": "unicast" or "code": 12.
76 {
77 "code": 12,
78 "data": "2001:db8:1:0:ff00::1"
79 },
80
81 // Options can also be specified using hexadecimal format.
82 // This should be avoided if possible, because Kea ability to
83 // validate correctness is limited when using hex values.
84 {
85 "name": "sntp-servers",
86 "csv-format": false,
87 "data": "20010db8000000000000000000000001"
88 },
89
90 // String options that have a comma in their values need to have
91 // it escaped (i.e. each comma is preceded by two backslashes).
92 // That's because commas are reserved for separating fields in
93 // compound options. At the same time, we need to be conformant
94 // with JSON spec, that does not allow "\,". Therefore the
95 // slightly uncommon double backslashes notation is needed.
96
97 // Legal JSON escapes are \ followed by "\/bfnrt character
98 // or \u followed by 4 hexa-decimal numbers (currently Kea
99 // supports only \u0000 to \u00ff code points).
100 // CSV processing translates '\\' into '\' and '\,' into ','
101 // only so for instance '\x' is translated into '\x'. But
102 // as it works on a JSON string value each of these '\'
103 // characters must be doubled on JSON input.
104 {
105 "name": "new-posix-timezone",
106 "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
107 },
108
109 // Options that take integer values can either be specified in
110 // dec or hex format. Hex format could be either plain (e.g. abcd)
111 // or prefixed with 0x (e.g. 0xabcd).
112 {
113 "name": "preference",
114 "data": "0xf0"
115 },
116
117 // A few options are encoded in (length, string) tuples
118 // which can be defined using only strings as the CSV
119 // processing computes lengths.
120 {
121 "name": "bootfile-param",
122 "data": "root=/dev/sda2, quiet, splash"
123 },
124
125 // At a few exceptions options are added to response only when
126 // the client requests them. The always-send flag should be used
127 // to enforce a particular option.
128 {
129 "name": "pana-agent",
130 "data": "2001:db8:2::123",
131 "always-send": true
132 }
133 ],
134 "pools": [
135 {
136 "pool": "2001:db8:1::1 - 2001:db8:1::100",
137 "option-data": [
138 {
139 "code": 12,
140 "data": "3001:cafe::21"
141 }
142 ]
143 },
144 {
145 "pool": "2001:db8:1::500 - 2001:db8:1::1000"
146 }
147 ],
148 "pd-pools": [
149 {
150 "prefix": "2001:2b8:2::",
151 "prefix-len": 56,
152 "delegated-len": 64,
153 "option-data": [
154 {
155 "code": 12,
156 "data": "3001:cafe::12"
157 }
158 ]
159 }
160 ],
161 "id": 1,
162 "subnet": "2001:db8:1::/64",
163 "interface": "eth0"
164 }
165 ],
166
167// The following configures logging. It assumes that messages with at
168// least informational level (info, warn, error and fatal) should be
169// logged to stdout.
170 "loggers": [
171 {
172 "name": "kea-dhcp6",
173 "output-options": [
174 {
175 "output": "stdout"
176 }
177 ],
178 "debuglevel": 0,
179 "severity": "INFO"
180 }
181 ]
182}
183
184}
kea6/mysql-reservations.json
1// This is an example configuration file for the DHCPv6 server in Kea.
2// It contains configuration of the MySQL host database backend, used
3// to retrieve reserved addresses, host names, DHCPv4 message fields
4// and DHCP options from MySQL database.
5{ "Dhcp6":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// We need to specify the database used to store leases. As of
14// June 2022, three database backends are supported: MySQL,
15// PostgreSQL and the in-memory database, Memfile.
16// We'll use memfile because it doesn't require any prior set up.
17 "lease-database": {
18 "type": "memfile",
19 "lfc-interval": 3600
20 },
21
22// This is pretty basic stuff, it has nothing to do with reservations.
23 "preferred-lifetime": 3000,
24 "valid-lifetime": 4000,
25 "renew-timer": 1000,
26 "rebind-timer": 2000,
27
28// Kea supports two types of identifiers in DHCPv6: hw-address
29// (hardware/MAC address of the client) and duid (DUID inserted by the
30// client). When told to do so, Kea can check for each of these
31// identifier types, but it takes a costly database lookup to do so. It
32// is therefore useful from a performance perspective to use only the
33// reservation types that are actually used in a given network.
34 "host-reservation-identifiers": [ "duid", "hw-address" ],
35
36// Specify connection to the database holding host reservations. The type
37// specifies that the MySQL database is used. user and password are the
38// credentials used to connect to the database. host and name specify
39// location of the host where the database instance is running, and the
40// name of the database to use. The server processing a packet will first
41// check if there are any reservations specified for this client in the
42// reservations list, within the subnet (configuration file). If there are
43// no reservations there, the server will try to retrieve reservations
44// from this database.
45 "hosts-database": {
46 "type": "mysql",
47 "reconnect-wait-time": 3000, // expressed in ms
48 "max-reconnect-tries": 3,
49 "name": "keatest",
50 "user": "keatest",
51 "password": "1234",
52 "host": "localhost",
53 "port": 3306,
54 "readonly": true,
55 "trust-anchor": "my-ca",
56 "cert-file": "my-cert",
57 "key-file": "my-key",
58 "cipher-list": "AES"
59 },
60// Since Kea.2.7.4, the libdhcp_mysql.so hook library must be loaded in order to
61// store host reservations in the MySQL Host Database Backend.
62// Specify the host backend hook library location.
63 "hooks-libraries": [
64 {
65 // the MySQL host backend hook library required for host storage.
66 "library": "libdhcp_mysql.so"
67 }
68 ],
69
70// Define a subnet with a pool of dynamic addresses and a pool of dynamic
71// prefixes. Addresses and prefixes from those pools will be assigned to
72// clients which don't have reservations in the database. Subnet identifier
73// is equal to 1. If this subnet is selected for the client, this subnet
74// id will be used to search for the reservations within the database.
75 "subnet6": [
76 {
77 "subnet": "2001:db8:1::/48",
78
79 "pools": [ { "pool": "2001:db8:1::/80" } ],
80
81 "pd-pools": [
82 {
83 "prefix": "2001:db8:1:8000::",
84 "prefix-len": 56,
85 "delegated-len": 64
86 }
87 ],
88 "interface": "eth0",
89 "id": 1
90 }
91 ],
92
93// The following configures logging. It assumes that messages with at
94// least informational level (info, warn, error and fatal) should be
95// logged to stdout.
96 "loggers": [
97 {
98 "name": "kea-dhcp6",
99 "output-options": [
100 {
101 "output": "stdout"
102 }
103 ],
104 "debuglevel": 0,
105 "severity": "INFO"
106 }
107 ]
108}
109
110}
kea6/pgsql-reservations.json
1// This is an example configuration file for the DHCPv6 server in Kea.
2// It contains configuration of the PostgreSQL host database backend, used
3// to retrieve reserved addresses, host names, DHCPv4 message fields
4// and DHCP options from PostgreSQL database.
5{ "Dhcp6":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// We need to specify the database used to store leases. As of
14// June 2022, three database backends are supported: MySQL,
15// PostgreSQL and the in-memory database, Memfile.
16// We'll use memfile because it doesn't require any prior set up.
17 "lease-database": {
18 "type": "memfile"
19 },
20
21// This is pretty basic stuff, it has nothing to do with reservations.
22 "preferred-lifetime": 3000,
23 "valid-lifetime": 4000,
24 "renew-timer": 1000,
25 "rebind-timer": 2000,
26
27// Kea supports two types of identifiers in DHCPv6: hw-address
28// (hardware/MAC address of the client) and duid (DUID inserted by the
29// client). When told to do so, Kea can check for each of these
30// identifier types, but it takes a costly database lookup to do so. It
31// is therefore useful from a performance perspective to use only the
32// reservation types that are actually used in a given network.
33 "host-reservation-identifiers": [ "duid", "hw-address" ],
34
35// Specify connection to the database holding host reservations. The type
36// specifies that the PostgreSQL database is used. user and password are the
37// credentials used to connect to the database. host and name specify
38// location of the host where the database instance is running, and the
39// name of the database to use. The server processing a packet will first
40// check if there are any reservations specified for this client in the
41// reservations list, within the subnet (configuration file). If there are
42// no reservations there, the server will try to retrieve reservations
43// from this database.
44// The database specification can go into one hosts-database entry for
45// backward compatibility or be listed in hosts-databases list.
46 "hosts-databases": [
47 {
48 "type": "postgresql",
49 "reconnect-wait-time": 3000, // expressed in ms
50 "max-reconnect-tries": 3,
51 "name": "keatest",
52 "user": "keatest",
53 "password": "1234",
54 "host": "localhost"
55 }
56 ],
57// Since Kea.2.7.4, the libdhcp_pgsql.so hook library must be loaded in order to
58// store host reservations in the PostgreSQL Host Database Backend.
59// Specify the host backend hook library location.
60 "hooks-libraries": [
61 {
62 // the PostgreSQL host backend hook library required for host storage.
63 "library": "libdhcp_pgsql.so"
64 }
65 ],
66
67// Define a subnet with a pool of dynamic addresses and a pool of dynamic
68// prefixes. Addresses and prefixes from those pools will be assigned to
69// clients which don't have reservations in the database. Subnet identifier
70// is equal to 1. If this subnet is selected for the client, this subnet
71// id will be used to search for the reservations within the database.
72 "subnet6": [
73 {
74 "subnet": "2001:db8:1::/48",
75
76 "pools": [ { "pool": "2001:db8:1::/80" } ],
77
78 "pd-pools": [
79 {
80 "prefix": "2001:db8:1:8000::",
81 "prefix-len": 56,
82 "delegated-len": 64
83 }
84 ],
85 "interface": "eth0",
86 "id": 1
87 }
88 ],
89
90// The following configures logging. It assumes that messages with at
91// least informational level (info, warn, error and fatal) should be
92// logged to stdout.
93 "loggers": [
94 {
95 "name": "kea-dhcp6",
96 "output-options": [
97 {
98 "output": "stdout"
99 }
100 ],
101 "debuglevel": 0,
102 "severity": "INFO"
103 }
104 ]
105}
106
107}
kea6/reservations.json
1// This is an example configuration file for DHCPv6 server in Kea
2// that showcases how to do host reservations. It is
3// assumed that one subnet (2001:db8:1::/64) is available directly
4// over eth0 interface. A number of hosts have various combinations
5// of addresses and prefixes reserved for them.
6
7{ "Dhcp6":
8
9{
10// Kea is told to listen on eth0 interface only.
11 "interfaces-config": {
12 "interfaces": [ "eth0" ]
13 },
14
15// We need to specify the database used to store leases. As of
16// June 2022, three database backends are supported: MySQL,
17// PostgreSQL and the in-memory database, Memfile.
18// We'll use memfile because it doesn't require any prior set up.
19 "lease-database": {
20 "type": "memfile",
21 "lfc-interval": 3600
22 },
23
24// This is pretty basic stuff, it has nothing to do with reservations.
25 "preferred-lifetime": 3000,
26 "valid-lifetime": 4000,
27 "renew-timer": 1000,
28 "rebind-timer": 2000,
29
30// Kea supports three types of identifiers in DHCPv6: hw-address (hardware/MAC
31// address of the client), duid (DUID inserted by the client) and flex-id
32// (flexible identifier available when flex_id hook library is loaded) When told
33// to do so, Kea can check for each of these identifier types, but it takes a
34// costly database lookup to do so. It is therefore useful from a performance
35// perspective to use only the reservation types that are actually used in a
36// given network.
37 "host-reservation-identifiers": [ "duid", "hw-address", "flex-id" ],
38
39// The following list defines subnets. Subnet, pools and interface definitions
40// are the same as in the regular scenario, without host reservations.
41// least subnet and pool entries.
42 "subnet6": [
43 {
44 "id": 1,
45
46 "subnet": "2001:db8:1::/48",
47
48 // This directive tells Kea that reservations may be made both in-pool
49 // and out-of-pool. For improved performance, you may move all reservations
50 // out of the dynamic pool and set "reservations-out-of-pool" to true.
51 // Kea will then be able to skip querying for host reservations when
52 // assigning leases from dynamic pool.
53
54 // Specify whether the server should look up global reservations.
55 // Defaults to false.
56 "reservations-global": false,
57
58 // Specify whether the server should look up in-subnet reservations.
59 // Defaults to true.
60 "reservations-in-subnet": true,
61
62 // Specify whether the server can assume that all reserved addresses
63 // are out-of-pool. Defaults to false.
64 // Ignored when reservations-in-subnet is false.
65 // If specified, it is inherited by "shared-networks" and
66 // "subnet6" levels.
67 "reservations-out-of-pool": false,
68
69 "pools": [ { "pool": "2001:db8:1::/120" } ],
70
71 "pd-pools": [
72 {
73 "prefix": "2001:db8:1:8000::",
74 "prefix-len": 56,
75 "delegated-len": 64
76 }
77 ],
78 "interface": "eth0",
79
80// Host reservations. Define several reservations, note that
81// they are all within the range of the pool of the dynamically
82// allocated address. The server will exclude the addresses from this
83// pool and only assign them to the client which has a reservation for
84// them.
85 "reservations": [
86// This is a simple host reservation. The host with DUID matching
87// the specified value will get an address of 2001:db8:1::100.
88 {
89 "duid": "01:02:03:04:05:0A:0B:0C:0D:0E",
90 "ip-addresses": [ "2001:db8:1::100" ]
91 },
92// This is similar to the previous one, but this time the reservation
93// is done based on hardware/MAC address. The server will do its best to
94// extract the hardware/MAC address from received packets (see
95// 'mac-sources' directive for details). This particular reservation
96// also specifies two extra options to be available for this client. If
97// there are options with the same code specified in a global, subnet or
98// class scope, the values defined at host level take precedence.
99 {
100 "hw-address": "00:01:02:03:04:05",
101 "ip-addresses": [ "2001:db8:1::101" ],
102 "option-data": [
103 {
104 "name": "dns-servers",
105 "data": "3000:1::234"
106 },
107 {
108 "name": "nis-servers",
109 "data": "3000:1::234"
110 } ],
111 "client-classes": [ "special_snowflake", "office" ]
112 },
113// This is a bit more advanced reservation. The client with the specified
114// DUID will get a reserved address, a reserved prefix and a hostname.
115// This reservation is for an address that it not within the dynamic pool.
116// Finally, this reservation features vendor specific options for CableLabs,
117// which happen to use enterprise-id 4491. Those particular values will
118// be returned only to the client that has a DUID matching this reservation.
119 {
120 "duid": "01:02:03:04:05:06:07:08:09:0A",
121 "ip-addresses": [ "2001:db8:1:cafe::1" ],
122 "prefixes": [ "2001:db8:2:abcd::/64" ],
123 "hostname": "foo.example.com",
124 "option-data": [ {
125 "name": "vendor-opts",
126 "data": "4491"
127 },
128 {
129 "name": "tftp-servers",
130 "space": "vendor-4491",
131 "data": "3000:1::234"
132 } ]
133
134 },
135// This reservation is using flexible identifier. Instead of relying
136// on specific field, sysadmin can define an expression similar to what
137// is used for client classification,
138// e.g. substring(relay[0].option[17],0,6). Then, based on the value of
139// that expression for incoming packet, the reservation is matched.
140// Expression can be specified either as hex or plain text using single
141// quotes.
142// Note: flexible identifier requires flex_id hook library to be
143// loaded to work.
144 {
145 "flex-id": "'somevalue'",
146 "ip-addresses": [ "2001:db8:1:cafe::2" ]
147 }
148
149 ]
150 }
151 ],
152
153// The following configures logging. It assumes that messages with at
154// least informational level (info, warn, error and fatal) should be
155// logged to stdout.
156 "loggers": [
157 {
158 "name": "kea-dhcp6",
159 "output-options": [
160 {
161 "output": "stdout"
162 }
163 ],
164 "debuglevel": 0,
165 "severity": "INFO"
166 }
167 ]
168}
169
170}
kea6/several-subnets.json
1// This is an example configuration file for DHCPv6 server in Kea.
2// It's a basic scenario with four IPv6 subnets configured. In each
3// subnet, there's a smaller pool of dynamic addresses.
4
5{ "Dhcp6":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// We need to specify the database used to store leases. As of
14// June 2022, three database backends are supported: MySQL,
15// PostgreSQL and the in-memory database, Memfile.
16// We'll use memfile because it doesn't require any prior set up.
17 "lease-database": {
18 "type": "memfile"
19 },
20
21// Addresses will be assigned with preferred and valid lifetimes
22// being 3000 and 4000, respectively. Client is told to start
23// renewing after 1000 seconds. If the server does not respond
24// after 2000 seconds since the lease was granted, client is supposed
25// to start REBIND procedure (emergency renewal that allows switching
26// to a different server).
27 "preferred-lifetime": 3000,
28 "valid-lifetime": 4000,
29 "renew-timer": 1000,
30 "rebind-timer": 2000,
31
32// The following list defines subnets. Each subnet consists of at
33// least subnet and pool entries.
34 "subnet6": [
35 { "pools": [ { "pool": "2001:db8:1::/80" } ],
36 "id": 1, "subnet": "2001:db8:1::/64" },
37 { "pools": [ { "pool": "2001:db8:2::/80" } ],
38 "id": 2, "subnet": "2001:db8:2::/64" },
39 { "pools": [ { "pool": "2001:db8:3::/80" } ],
40 "id": 3, "subnet": "2001:db8:3::/64" },
41 { "pools": [ { "pool": "2001:db8:4::/80" } ],
42 "id": 4, "subnet": "2001:db8:4::/64" } ],
43
44// The following configures logging. It assumes that messages with at
45// least informational level (info, warn, error and fatal) should be
46// logged to stdout.
47 "loggers": [
48 {
49 "name": "kea-dhcp6",
50 "output-options": [
51 {
52 "output": "stdout"
53 }
54 ],
55 "debuglevel": 0,
56 "severity": "INFO"
57 }
58 ]
59}
60
61}
kea6/simple.json
1// This is an example configuration file for DHCPv6 server in Kea.
2// It's a basic scenario with one IPv6 subnet configured. It is
3// assumed that one subnet (2001:db8:1::/64 is available directly
4// over eth0 interface.
5
6{ "Dhcp6":
7
8{
9// Kea is told to listen on eth0 interface only.
10 "interfaces-config": {
11 "interfaces": [ "eth0" ]
12 },
13
14// We need to specify the database used to store leases. As of
15// June 2022, three database backends are supported: MySQL,
16// PostgreSQL and the in-memory database, Memfile.
17// We'll use memfile because it doesn't require any prior set up.
18 "lease-database": {
19 "type": "memfile",
20 "lfc-interval": 3600
21 },
22
23// Addresses will be assigned with preferred and valid lifetimes
24// being 3000 and 4000, respectively. Client is told to start
25// renewing after 1000 seconds. If the server does not respond
26// after 2000 seconds since the lease was granted, client is supposed
27// to start REBIND procedure (emergency renewal that allows switching
28// to a different server).
29 "preferred-lifetime": 3000,
30 "valid-lifetime": 4000,
31 "renew-timer": 1000,
32 "rebind-timer": 2000,
33
34// The following list defines subnets. Each subnet consists of at
35// least subnet and pool entries.
36 "subnet6": [
37 {
38 "id": 1,
39 "pools": [ { "pool": "2001:db8:1::/80" } ],
40 "subnet": "2001:db8:1::/64",
41 "interface": "eth0"
42 }
43 ],
44
45// The following configures logging. It assumes that messages with at
46// least informational level (info, warn, error and fatal) should be
47// logged to stdout. Alternatively, you can specify stderr here, a filename
48// or 'syslog', which will store output messages via syslog.
49 "loggers": [
50 {
51 "name": "kea-dhcp6",
52 "output-options": [
53 {
54 "output": "stdout"
55 }
56 ],
57 "debuglevel": 0,
58 "severity": "INFO"
59 }
60 ]
61}
62
63}
kea6/softwire46.json
1// This is an example configuration file for DHCPv6 server in Kea.
2// It demonstrates how user can specify values for Softwire options
3// defined in RFC 7598 for Lightweight 4over6 architecture.
4
5{ "Dhcp6":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// Let's use a Memfile backend to store leases.
14 "lease-database": {
15 "type": "memfile"
16 },
17
18// Addresses will be assigned with preferred and valid lifetimes
19// being 3000 and 4000, respectively. Client is told to start
20// renewing after 1000 seconds. If the server does not respond
21// after 2000 seconds since the lease was granted, client is supposed
22// to start REBIND procedure (emergency renewal that allows switching
23// to a different server).
24 "preferred-lifetime": 3000,
25 "valid-lifetime": 4000,
26 "renew-timer": 1000,
27 "rebind-timer": 2000,
28
29// The following list defines subnets. Each subnet consists of at
30// least subnet and pool entries.
31 "subnet6": [
32 {
33 "id": 1,
34 "pools": [ { "pool": "2001:db8:1::/80" } ],
35 "subnet": "2001:db8:1::/64",
36 "interface": "eth0",
37// Include MAP-E Container option for hosts connected to this subnet.
38 "option-data": [
39 {
40 "name": "s46-cont-mape"
41 }
42 ],
43// Send host specific softwire options.
44 "reservations": [
45 {
46 "duid": "01:02:03:04:05:06:07:08:09:0A",
47 "option-data": [
48// These two options will be included in the MAP-E Container
49 {
50 "space": "s46-cont-mape-options",
51 "name": "s46-rule",
52 "data": "1, 0, 24, 192.0.2.0, 2001:db8:1::/64"
53 },
54 {
55 "space": "s46-cont-mape-options",
56 "name": "s46-br",
57 "data": "2001:db8:cafe::1"
58 },
59// This option will be included in the S46 Rule option. It includes
60// PSID/PSID length value in a user friendly form. The PSID length
61// specifies the number of bits on which PSID is coded. The PSID
62// value 3 is a 4th value that is coded on these 4 bits: "0011b".
63 {
64 "space": "s46-rule-options",
65 "name": "s46-portparams",
66 "data": "0, 3/4"
67 }
68 ]
69 }
70 ]
71 }
72 ],
73
74// The following configures logging. Kea will log all debug messages
75// to /var/log/kea/kea-debug.log file.
76 "loggers": [
77 {
78 "name": "kea-dhcp6",
79 "output-options": [
80 {
81 "output": "/var/log/kea/kea-debug.log"
82 }
83 ],
84 "debuglevel": 99,
85 "severity": "DEBUG"
86 }
87 ]
88}
89
90}
kea6/stateless.json
1// A very simply stateless configuration that provides information about DNS
2// servers to all clients, regardless of their point of attachment.
3//
4// It is also possible to specify options on a per subnet basis
5// in the same way as in stateful mode.
6//
7
8{
9"Dhcp6": {
10 "interfaces-config": {
11 "interfaces": [ "eth0" ]
12 },
13
14// This is the list of options that will be granted to all clients that ask.
15 "option-data": [ {
16 "name": "dns-servers",
17 "data": "2001:db8::1, 2001:db8::2"
18 } ],
19
20// Kea 0.9.1 requires lease-database to be specified, even it is not used.
21// In stateless mode, only options are granted, not addresses or
22// prefixes, so there will be no leases (unless stateless and stateful
23// mode is used together).
24 "lease-database": {
25 "type": "memfile",
26 "lfc-interval": 3600
27 }
28}
29}
kea6/tee-times.json
1// This is an example configuration file for DHCPv6 server in Kea.
2// It's a basic scenario with three IPv6 subnets use different
3// methods for determining T1 and T2 values.
4
5{ "Dhcp6":
6
7{
8// Kea is told to listen on eth0 interface only.
9 "interfaces-config": {
10 "interfaces": [ "eth0" ]
11 },
12
13// We need to specify the database used to store leases. As of
14// June 2022, three database backends are supported: MySQL,
15// PostgreSQL and the in-memory database, Memfile.
16// We'll use memfile because it doesn't require any prior set up.
17 "lease-database": {
18 "type": "memfile"
19 },
20
21// Addresses will be assigned with preferred and valid lifetimes
22// being 3000 and 4000, respectively. By default calculate-tee-times
23// is true with values of .5 and .8 for t1-percent and t2-percent
24// respectively. Since some of our subnets will use calculated values and
25// we must NOT specify global values for renew-timer and rebind-timer.
26 "preferred-lifetime": 3000,
27 "valid-lifetime": 4000,
28
29// The following list defines subnets. Each subnet consists of at
30// least subnet and pool entries.
31 "subnet6": [
32 {
33 // This subnet use default calculation
34 "id": 1,
35 "subnet": "2001:db8:1::/64",
36 "pools": [ { "pool": "2001:db8:1::/80" } ]
37 },
38 {
39 // This subnet will use explicit values. Explicit
40 // values override calculation.
41 "id": 2,
42 "subnet": "2001:db8:2::/64",
43 "pools": [ { "pool": "2001:db8:2::/80" } ],
44 "renew-timer": 1000,
45 "rebind-timer": 2000
46 },
47 {
48 // This subnet will use custom percents
49 "id": 3,
50 "subnet": "2001:db8:3::/64",
51 "pools": [ { "pool": "2001:db8:3::/80" } ],
52 "t1-percent": .45,
53 "t2-percent": .7
54 }],
55
56// The following configures logging. It assumes that messages with at
57// least informational level (info, warn, error and fatal) should be
58// logged to stdout.
59 "loggers": [
60 {
61 "name": "kea-dhcp6",
62 "output-options": [
63 {
64 "output": "stdout"
65 }
66 ],
67 "debuglevel": 0,
68 "severity": "INFO"
69 }
70 ]
71}
72
73}
kea6/with-ddns.json
1// This is an example configuration file for DHCPv6 server in Kea.
2// It's a basic scenario with one IPv6 subnet configured. It is
3// assumed that one subnet (2001:db8:1::/64 is available directly
4// over eth0 interface.
5
6{ "Dhcp6":
7
8{
9// Kea is told to listen on eth0 interface only.
10 "interfaces-config": {
11 "interfaces": [ "eth0" ]
12 },
13
14// We need to specify the database used to store leases. As of
15// June 2022, three database backends are supported: MySQL,
16// PostgreSQL and the in-memory database, Memfile.
17// We'll use memfile because it doesn't require any prior set up.
18 "lease-database": {
19 "type": "memfile",
20 "lfc-interval": 3600
21 },
22
23// Addresses will be assigned with preferred and valid lifetimes
24// being 3000 and 4000, respectively. Client is told to start
25// renewing after 1000 seconds. If the server does not respond
26// after 2000 seconds since the lease was granted, client is supposed
27// to start REBIND procedure (emergency renewal that allows switching
28// to a different server).
29 "preferred-lifetime": 3000,
30 "valid-lifetime": 4000,
31 "renew-timer": 1000,
32 "rebind-timer": 2000,
33
34// The following list defines subnets. Each subnet consists of at
35// least subnet and pool entries.
36 "subnet6": [
37 {
38 "pools": [ { "pool": "2001:db8:1::/80" } ],
39 "id": 1,
40 "subnet": "2001:db8:1::/64",
41 "interface": "eth0"
42 }
43 ],
44
45// Enable connectivity with kea-dhcp-ddns
46// (Required for dynamic DNS updates)
47 "dhcp-ddns" : {
48 "enable-updates" : true,
49 "server-ip" : "3001::1",
50 "server-port" : 3432,
51 "sender-ip" : "3001::2",
52 "sender-port" : 3433,
53 "max-queue-size" : 2048,
54 "ncr-protocol" : "UDP",
55 "ncr-format" : "JSON"
56 },
57
58
59// Enable DDNS updates and configure DDNS update behavior
60 "ddns-send-updates" : true,
61 "ddns-override-no-update" : true,
62 "ddns-override-client-update" : true,
63 "ddns-replace-client-name" : "when-present",
64 "ddns-generated-prefix" : "test.prefix",
65 "ddns-qualifying-suffix" : "test.suffix.",
66 "ddns-update-on-renew" : false,
67 "ddns-conflict-resolution-mode": "check-with-dhcid",
68 "ddns-ttl-percent" : 0.75,
69 "hostname-char-set": "[^A-Za-z0-9.-]",
70 "hostname-char-replacement": "x",
71
72// The following configures logging. It assumes that messages with at
73// least informational level (info, warn, error and fatal) should be
74// logged to stdout.
75 "loggers": [
76 {
77 "name": "kea-dhcp6",
78 "output-options": [
79 {
80 "output": "stdout"
81 }
82 ],
83 "debuglevel": 0,
84 "severity": "INFO"
85 }
86 ]
87}
88
89}
netconf
netconf/comments.json
1// This is a example of a configuration for Netconf.
2// It uses embedded (i.e., which will be included in configuration objects
3// and not stripped by at lexical analysis) comments.
4
5{
6 "Netconf":
7 {
8 // Global scope
9 "comment": "The Netconf Agent",
10
11 // In servers
12 "managed-servers":
13 {
14 "dhcp4":
15 {
16 "comment": "the model is mandatory",
17 "model": "kea-dhcp4-server",
18 // In control socket.
19 "control-socket":
20 {
21 "comment": "using unix/local socket",
22 "socket-type": "unix",
23 "socket-name": "kea4-ctrl-socket"
24 }
25 }
26 },
27
28 // In loggers
29 "loggers": [
30 {
31 "comment": "A logger",
32 "name": "kea-netconf"
33 }
34 ]
35 }
36}
netconf/kea-dhcp6-operations
netconf/kea-dhcp6-operations/boot.json
1{
2 "Dhcp6": {
3 "control-socket": {
4 "socket-type": "unix",
5 "socket-name": "kea6-ctrl-socket"
6 }
7 }
8}
netconf/kea-dhcp6-operations/netconf.json
1{
2 "Netconf":
3 {
4 "managed-servers":
5 {
6 "dhcp6":
7 {
8 "control-socket":
9 {
10 "socket-type": "unix",
11 "socket-name": "kea6-ctrl-socket"
12 }
13 }
14 },
15
16 "loggers":
17 [
18 {
19 "name": "kea-netconf",
20 "output-options":
21 [
22 {
23 "output": "stderr"
24 }
25 ],
26 "severity": "DEBUG",
27 "debuglevel": 99
28 }
29 ]
30 }
31}
netconf/simple-dhcp4.json
1// This is a simple example of a configuration for Netconf that handles
2// DHCPv4 configuration. This example provides YANG interface for
3// DHCPv4 server only.
4{
5 "Netconf":
6 {
7 // Three flags control netconf (default values are true):
8 // - "boot-update" about the YANG configuration load when
9 // netconf boots.
10 // - "subscribe-changes" about the subscription to notifications
11 // when the running YANG module is changed.
12 // - "validate-changes" allows to validate changes or not.
13 "boot-update": true,
14 "subscribe-changes": true,
15 "validate-changes": true,
16
17 // This map specifies how each server is managed:
18 // the YANG model to use and the control channel.
19 "managed-servers":
20 {
21 // This is how Netconf can communicate with the DHCPv4 server.
22 "dhcp4":
23 {
24 // Eventually, the kea-netconf will be able to handle multiple
25 // models. However, for the time being the only choice for
26 // DHCPv4 server is kea-dhcp4-server model.
27 "model": "kea-dhcp4-server",
28
29 // The three control flags can be defined in this scope too
30 // and takes precedence over global and default values.
31 // boot-update determines whether the initial configuration
32 // should be retrieved from netconf during kea-netconf startup.
33 // You almost always want to set this to yes.
34 "boot-update": true,
35
36 // This flag control whether the kea-netconf daemon should
37 // subscribe to any changes. If set to true, kea-netconf will
38 // monitor sysrepo and will pick up any changes that may be
39 // introduced, either using netconf clients or sysrepocfg.
40 "subscribe-changes": true,
41
42 // This parameters specifies whether kea-netconf will attempt
43 // to verify if the upcoming NETCONF configuration is sane. The
44 // verification is done by calling config-test. Depending on
45 // Kea response, the new configuration is accepted or rejected.
46 "validate-changes": false,
47
48 // Currently three control channel types are supported:
49 // - "stdout" which output the configuration on the standard
50 // output (this is mainly for testing purposes, but you can
51 // use simple script (such as curl or socat) to pass that
52 // information to the server.
53 // - "unix" which uses the local control channel supported by
54 // "dhcp4" and "dhcp6" servers ("d2" support is coming in Kea 1.5)
55 // - "http" (not yet supported?).
56 "control-socket":
57 {
58 "socket-type": "unix",
59 "socket-name": "kea4-ctrl-socket"
60 },
61
62 // Comment is optional. You can put some notes here.
63 "comment": "Kea DHCPv4 server serving network on floor 13"
64 }
65
66 },
67
68 // Netconf is able to load hook libraries that augment its operation.
69 // The primary functionality is the ability to add new commands.
70
71 // Uncomment this section to load a hook library.
72
73 // "hooks-libraries": [
74 // // Hook libraries list may contain more than one library.
75 // {
76 // // The only necessary parameter is the library filename.
77 // "library": "netconf-commands.so",
78
79 // // Some libraries may support parameters. Make sure you
80 // // type this section carefully, as the server does not validate
81 // // it (because the format is library-specific).
82 // "parameters": {
83 // "param1": "foo"
84 // }
85 // }
86 // ]
87
88 // Similar to other Kea components, Netconf also uses logging.
89 "loggers": [
90 {
91 "name": "kea-netconf",
92 "output-options": [
93 {
94 // "output": "/var/log/kea/kea-netconf.log",
95 "output": "stdout",
96 // Several additional parameters are possible in addition
97 // to the typical output. Flush determines whether logger
98 // flushes output to a file. Maxsize determines maximum
99 // filesize before the file is rotated. maxver
100 // specifies the maximum number of rotated files being
101 // kept.
102 "flush": true,
103 "maxsize": 204800,
104 "maxver": 4,
105 // We use pattern to specify custom log message layout
106 "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
107 }
108 ],
109 // You can change the severity to DEBUG, INFO, WARN, ERROR or
110 // CRIT. For DEBUG level, you can also additionally specify
111 // debuglevel (0-99, higher = more verbose). All configurations
112 // are logged on DEBUG/55.
113 "severity": "INFO",
114 "debuglevel": 0
115 }
116 ]
117 }
118}
netconf/simple-dhcp6.json
1// This is a simple example of a configuration for Netconf that handles
2// DHCPv6 configuration. This example provides YANG interface for
3// DHCPv6 server only.
4{
5 "Netconf":
6 {
7 // Three flags control netconf (default values are true):
8 // - "boot-update" about the YANG configuration load when
9 // netconf boots.
10 // - "subscribe-changes" about the subscription to notifications
11 // when the running YANG module is changed.
12 // - "validate-changes" allows to validate changes or not.
13 "boot-update": true,
14 "subscribe-changes": true,
15 "validate-changes": true,
16
17 // This map specifies how each server is managed:
18 // the YANG model to use and the control channel.
19 "managed-servers":
20 {
21 // This is how Netconf can communicate with the DHCPv6 server.
22 "dhcp6":
23 {
24 // Eventually, the kea-netconf will be able to handle multiple
25 // models. However, for the time being the choices for
26 // DHCPv6 server are kea-dhcp6-server and
27 // ietf-dhcpv6-server models but only the first is usable.
28 "model": "kea-dhcp6-server",
29
30 // The three control flags can be defined in this scope too
31 // and takes precedence over global and default values.
32 // boot-update determines whether the initial configuration
33 // should be retrieved from netconf during kea-netconf startup.
34 // You almost always want to set this to yes.
35 "boot-update": true,
36
37 // This flag control whether the kea-netconf daemon should
38 // subscribe to any changes. If set to true, kea-netconf will
39 // monitor sysrepo and will pick up any changes that may be
40 // introduced, either using netconf clients or sysrepocfg.
41 "subscribe-changes": true,
42
43 // This parameters specifies whether kea-netconf will attempt
44 // to verify if the upcoming NETCONF configuration is sane. The
45 // verification is done by calling config-test. Depending on
46 // Kea response, the new configuration is accepted or rejected.
47 "validate-changes": false,
48
49 // Currently three control channel types are supported:
50 // - "stdout" which output the configuration on the standard
51 // output (this is mainly for testing purposes, but you can
52 // use simple script (such as curl or socat) to pass that
53 // information to the server.
54 // - "unix" which uses the local control channel supported by
55 // "dhcp4" and "dhcp6" servers ("d2" support is coming in Kea 1.5)
56 // - "http" (not yet supported?).
57 "control-socket":
58 {
59 "socket-type": "unix",
60 "socket-name": "kea6-ctrl-socket"
61 },
62
63 // Comment is optional. You can put some notes here.
64 "comment": "Kea DHCPv6 server serving network on floor 13"
65 }
66
67 },
68
69 // Netconf is able to load hook libraries that augment its operation.
70 // The primary functionality is the ability to add new commands.
71
72 // Uncomment this section to load a hook library.
73
74 // "hooks-libraries": [
75 // // Hook libraries list may contain more than one library.
76 // {
77 // // The only necessary parameter is the library filename.
78 // "library": "netconf-commands.so",
79
80 // // Some libraries may support parameters. Make sure you
81 // // type this section carefully, as the server does not validate
82 // // it (because the format is library-specific).
83 // "parameters": {
84 // "param1": "foo"
85 // }
86 // }
87 // ]
88
89 // Similar to other Kea components, Netconf also uses logging.
90 "loggers": [
91 {
92 "name": "kea-netconf",
93 "output-options": [
94 {
95 // "output": "/var/log/kea/kea-netconf.log",
96 "output": "stdout",
97 // Several additional parameters are possible in addition
98 // to the typical output. Flush determines whether logger
99 // flushes output to a file. Maxsize determines maximum
100 // filesize before the file is rotated. maxver
101 // specifies the maximum number of rotated files being
102 // kept.
103 "flush": true,
104 "maxsize": 204800,
105 "maxver": 4,
106 // We use pattern to specify custom log message layout
107 "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
108
109 }
110 ],
111 // You can change the severity to DEBUG, INFO, WARN, ERROR or
112 // CRIT. For DEBUG level, you can also additionally specify
113 // debuglevel (0-99, higher = more verbose). All configurations
114 // are logged on DEBUG/55.
115 "severity": "INFO",
116 "debuglevel": 0
117 }
118 ]
119 }
120}