Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-30369

kea: create KB about missing ping-check

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • kea
    • None
    • None
    • rhel-stacks-services-scripting
    • ssg_core_services
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      UPDATE 04/09/25:

      Since 2.7.7 the ping check hook has been open sourced, release notes:

      210.	[func]		razvan
	The following hook libraries are now open source:
	for the kea-dhcp4 and the kea-dhcp6 servers
	'libdhcp_class_cmds', 'libdhcp_ddns_tuning',
	'libdhcp_flex_id', 'libdhcp_legal_log',
	'libdhcp_host_cache', 'libdhcp_host_cmds',
	'libdhcp_lease_query', 'libdhcp_limits',
	'libdhcp_ping_check', 'libdhcp_radius',
	'libdhcp_subnet_cmds' and for the kea-dhcp-ddns server
	'libddns_gss_tsig'.
	(Gitlab #3333)

       

      This is an actively used ISC DHCPD functionality by our customers to check whether IP address is already taken before offering it to the client.

      DHCPD config snippet:

      ping-check true;
ping-timeout 2;

      It's not supported by Kea, it will be in 2.6 stable, but only as a commercial hook:

      https://kb.isc.org/docs/why-doesnt-kea-support-ping-check

      It is advised to use dhcp client that scans the network by itself and supports DECLINE msg to inform Kea not to offer this IP for `decline-probation-period` interval. DHCPCD supports this.

      It would be good o create KB about this.

      Update:

      Ping check got recently implemented/supported in commercial version since 2.6.0, from Release Notes:

      2. **Ping Check hook**: One of the few ISC DHCP features that was not 
previously available in Kea is ping check; following customer requests, 
it has now been added. The basic idea is that, before handing out an 
IPv4 lease, the Kea DHCP server attempts to ping the address to be 
offered. If it receives a response, it marks the lease as being declined 
and discards the offer. Pings are not 100% reliable due to access 
technologies, firewalls, broken clients, and other factors, but in some 
deployments ping check may be very helpful [#3008, #3008, #3012, #3053, 
#3054, #3055, #3083, #3187, #3110]. A new hook point `lease4-offer` was 
implemented [#3063, #3038] and documented [#3067]. This hook was tested 
on Linux and BSD systems [#3101, #3099]. The Ping Check hook library is 
available only to ISC paid support subscribers. [#2781, #3084, #3165].

              rhn-support-mosvald Martin Osvald
              rhn-support-mosvald Martin Osvald
              Martin Osvald Martin Osvald
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: