DHCP service

1. About

TL;DR

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used for automatically assigning IP addresses and other communication parameters to devices connected to the network.

2. Systems

2.1 Frontend

FQDN IPv6 IPv4
dhcp.bfh.info 2a07:6b40::30 147.87.0.30

2.2 Backend

Warning

Never use the backend nodes directly:

  • backend may change without notice at any time (e.g. IP addresses, DNS records, configuration, etc.)
  • backend has no legacy support or grace periods, changes are implemented instantly
  • backend can be rebootet without notice at any time
  • backend access will soon be restricted

FQDN IPv6 IPv4
node1.dhcp.bfh.info 2a07:6b40::31 147.87.0.31
node2.dhcp.bfh.info 2a07:6b40::32 147.87.0.32
node3.dhcp.bfh.info 2a07:6b40::33 147.87.0.33
node4.dhcp.bfh.info 2a07:6b40::34 147.87.0.34

3. Features

3.1 Server

  • high-availabilty with 2 nodes in load-balancing and 2 nodes in backup configuration

  • requests are relayed via UDP instead of raw socket, supporting RFC6939

  • multi-threaded lease processing

  • multi-threaded lease synchronisation using dedicated HA control agents

  • persistent DHCP6 server ID with guaranteed fixed MACs

3.2 IPv4 options

  • DHCP options:

    • Router (3):

    • Domain Server (6): 147.87.0.10

    • Domain Name (15): bfh.ch

    • NTP Servers (42): 147.87.0.41, 147.87.0.42, 147.87.0.43, 147.87.0.44

    • Server-Name (66):

      • x86-BIOS: 147.87.24.37

      • x64-UEFI: 10.3.198.22

    • Bootfile-Name (67):

      • x86-BIOS: /boot/pxelinux/lpxelinux.0

      • x64-UEFI: smsboot\x64\wdsmgfw.efi

    • TCode (101): Europe/Zurich

    • Vendor options (43):

      • ZTP for Arista

      • WLC for Cisco WLAN APs

  • Kea options:

    • lfc-interval: 600

    • lease-checks: fix-del

    • reclaim-timer-wait-time: 10

    • flush-reclaimed-timer-wait-time: 25

    • hold-reclaimed-time: 3600

    • max-reclaim-leases: 100

    • max-reclaim-time: 250

    • unwarned-reclaim-cycles: 5

    • calculate-tee-times: true

    • min-valid-lifetime: 300

    • valid-lifetime: 600

    • max-valid-lifetime: 900

    • decline-probation-period: 3600,

3.3 DHCP6 Options

  • TODO

3.4 DDNS Options

  • dns-send-updates: true

  • ddns-override-no-update: true

  • ddns-override-client-update: true

  • ddns-replace-client-name: when-not-present

  • ddns-generated-prefix: dhcp

  • ddns-qualifying-suffix: bfh.ch

  • ddns-update-on-renew: true

  • ddns-use-conflict-resolution: true

  • hostname-char-set: [^A-Za-z0-9.-]

  • hostname-char-replacement: _

4. Backlog

4.1 Legacy

  • 2023: allow Microsoft Active Directory to write its zones

  • 2023: use TSIG instead of IP allow-list for DDNS now that Infoblox is gone

  • 2023-03-31: cleanup all unused reservations

  • ????: retire msc-dhcp-temp.bfh.ch

4.2 Features

  • 2023: logrotate /var/log/kea via kea-tools

  • 2023: use bind-mounts for kea leases and logs for persistency

  • 2023: think again about tls and kea-ctrl-agents, maybe apache reverse proxy for the one or the other

  • 2023: verify and sync dhcp6 config from dhcp

  • 2023: add bin/update in subnets

  • 2023: add bin/check in subnets and kea repos

  • 2023: setup stork

  • 2023: verify if using postgresql as storage backend for all kea instances is a good idea

  • 2023: disable NetBIOS over TCP/IP for Microsoft systems

  • ????: benchmarking

4.3 Known issues

  • upstream: kea-shell seems broken

  • downstream: kea hooks are in architecture-dependend path (#1023126)

  • upstream: Android does not support dhcp6 (#36949085)