DHCP service
1. About
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used for automatically assigning IP addresses and other communication parameters to devices connected to the network.
2. Systems
2.2 Backend
Never use the backend nodes directly:
- backend may change without notice at any time (e.g. IP addresses, DNS records, configuration, etc.)
- backend has no legacy support or grace periods, changes are implemented instantly
- backend can be rebootet without notice at any time
- backend access will soon be restricted
| FQDN | IPv6 | IPv4 |
|---|---|---|
| node1.dhcp.bfh.info | 2a07:6b40::31 | 147.87.0.31 |
| node2.dhcp.bfh.info | 2a07:6b40::32 | 147.87.0.32 |
| node3.dhcp.bfh.info | 2a07:6b40::33 | 147.87.0.33 |
| node4.dhcp.bfh.info | 2a07:6b40::34 | 147.87.0.34 |
3. Features
3.1 Server
high-availabilty with 2 nodes in load-balancing and 2 nodes in backup configuration
requests are relayed via UDP instead of raw socket, supporting RFC6939
multi-threaded lease processing
multi-threaded lease synchronisation using dedicated HA control agents
persistent DHCP6 server ID with guaranteed fixed MACs
3.2 IPv4 options
DHCP options:
Router (3):
Domain Server (6): 147.87.0.10
Domain Name (15): bfh.ch
NTP Servers (42): 147.87.0.41, 147.87.0.42, 147.87.0.43, 147.87.0.44
Server-Name (66):
x86-BIOS: 147.87.24.37
x64-UEFI: 10.3.198.22
Bootfile-Name (67):
x86-BIOS: /boot/pxelinux/lpxelinux.0
x64-UEFI: smsboot\x64\wdsmgfw.efi
TCode (101): Europe/Zurich
Vendor options (43):
ZTP for Arista
WLC for Cisco WLAN APs
Kea options:
lfc-interval: 600
lease-checks: fix-del
reclaim-timer-wait-time: 10
flush-reclaimed-timer-wait-time: 25
hold-reclaimed-time: 3600
max-reclaim-leases: 100
max-reclaim-time: 250
unwarned-reclaim-cycles: 5
calculate-tee-times: true
min-valid-lifetime: 300
valid-lifetime: 600
max-valid-lifetime: 900
decline-probation-period: 3600,
3.4 DDNS Options
dns-send-updates: true
ddns-override-no-update: true
ddns-override-client-update: true
ddns-replace-client-name: when-not-present
ddns-generated-prefix: dhcp
ddns-qualifying-suffix: bfh.ch
ddns-update-on-renew: true
ddns-use-conflict-resolution: true
hostname-char-set: [^A-Za-z0-9.-]
hostname-char-replacement: _
4. Operations
4.2 Check DHCP logs
Until the DHCP webfrontend (Stork) is ready, logs have to be manually checked on both DHCP nodes.
ssh node1.dhcp.bfh.info
sudo -i
# search for either IP or MAC
grep 147.87.225.22 /var/log/kea/kea-dhcp4.log
grep f8:75:a4:ac:76:82 /var/log/kea/kea-dhcp4.log
# search for multiples of IP and MAC
grep -E '(147.87.225.22|147.87.209.22|f8:75:a4:ac:76:82|7e:0f:cc:4c:9b:55)' /var/log/kea/kea-dhcp4.log
# search for hostname
grep daniel.bfh.ch /var/log/kea/kea-ddns.log
ssh node2.dhcp.bfh.info
sudo -i
[...]
5. Links
5.4 IDS device inventories
Infoterminals [gnw1] (pright.bfh.ch): P:SERVICES14 IT-ServicesIDS10_Identity30_PolyrightDokumentation
Vending [gnw1] (vend.bfh.ch): P:SERVICES14 IT-ServicesIDS10_Identity30_PolyrightDokumentation
Zutrittskontrolle [gbs4] (zuko.bfh.ch): https://confluence.its.bfh.ch/pages/viewpage.action?spaceKey=IDS&title=BFH+Controller+ZuKo+BSW
6. Backlog
Legacy
cleanup all unused reservations
cleanup all subnets
retire msc-dhcp-temp.bfh.ch
regenerate containers with Debian 12
upgrade to current kea
Setup
use TSIG instead of IP allow-list for DDNS now that Infoblox is gone
logrotate /var/log/kea via kea-tools
use bind-mounts for kea leases and logs for persistency
verify and sync dhcp6 config from dhcp
finish ddns subnet config script
add bin/update in subnets
add bin/check in subnets and kea repos
Features
think again about tls and kea-ctrl-agents, maybe apache reverse proxy for the one or the other
setup stork
verify if using postgresql as storage backend for all kea instances is a good idea
disable NetBIOS over TCP/IP for Microsoft systems
test environment
benchmarking
enable DDNS for IPv6 once MWS is ready
move all managed Clients to bfh.ch subzones (win.bfh.ch, mac.bfh.ch) once MWS is ready
move all unmanaged CLients to bfh.ch subzone (like clients.bfh.ch or pool.bfh.ch or so)