API tools faq
paste
Advertisement
Guest User

/etc/kea/kea-dhcp4.conf

a guest
Sep 6th, 2021
63
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JSON 19.88 KB | None | 0 0
raw download clone embed print report
  1. {
  2.  
  3. "Dhcp4": {
  4.     // Add names of your network interfaces to listen on.
  5.     "interfaces-config": {
  6.         // See section 8.2.4 for more details. You probably want to add just
  7.         // interface name (e.g. "eth0" or specific IPv4 address on that
  8.         // interface name (e.g. "eth0/192.0.2.1").
  9.         "interfaces": [ "ens192" ]
  10.     },
  11.  
  12.     // Kea support control channel, which is a way to receive management
  13.     // commands while the server is running. This is a Unix domain socket that
  14.     // receives commands formatted in JSON, e.g. config-set (which sets new
  15.     // configuration), config-reload (which tells Kea to reload its
  16.     // configuration from file), statistic-get (to retrieve statistics) and many
  17.     // more. For detailed description, see Sections 8.8, 16 and 15.
  18.     "control-socket": {
  19.         "socket-type": "unix",
  20.         "socket-name": "/tmp/kea4-ctrl-socket"
  21.     },
  22.  
  23.     // Use Memfile lease database backend to store leases in a CSV file.
  24.     // Depending on how Kea was compiled, it may also support SQL databases
  25.     // (MySQL and/or PostgreSQL) and even Cassandra. Those database backends
  26.     // require more parameters, like name, host and possibly user and password.
  27.     // There are dedicated examples for each backend. See Section 7.2.2 "Lease
  28.     // Storage" for details.
  29.     "lease-database": {
  30.         // Memfile is the simplest and easiest backend to use. It's a in-memory
  31.         // C++ database that stores its state in CSV file.
  32.         "type": "memfile",
  33.         "lfc-interval": 3600
  34.     },
  35.  
  36.     // Setup reclamation of the expired leases and leases affinity.
  37.     // Expired leases will be reclaimed every 10 seconds. Every 25
  38.     // seconds reclaimed leases, which have expired more than 3600
  39.     // seconds ago, will be removed. The limits for leases reclamation
  40.     // are 100 leases or 250 ms for a single cycle. A warning message
  41.     // will be logged if there are still expired leases in the
  42.     // database after 5 consecutive reclamation cycles.
  43.     "expired-leases-processing": {
  44.         "reclaim-timer-wait-time": 10,
  45.         "flush-reclaimed-timer-wait-time": 25,
  46.         "hold-reclaimed-time": 3600,
  47.         "max-reclaim-leases": 100,
  48.         "max-reclaim-time": 250,
  49.         "unwarned-reclaim-cycles": 5
  50.     },
  51.  
  52.     // Global timers specified here apply to all subnets, unless there are
  53.     // subnet specific values defined in particular subnets.
  54.     "renew-timer": 900,
  55.     "rebind-timer": 1800,
  56.     "valid-lifetime": 3600,
  57.  
  58.     // Many additional parameters can be specified here:
  59.     // - option definitions (if you want to define vendor options, your own
  60.     //                       custom options or perhaps handle standard options
  61.     //                       that Kea does not support out of the box yet)
  62.     // - client classes
  63.     // - hooks
  64.     // - ddns information (how the DHCPv4 component can reach a DDNS daemon)
  65.     //
  66.     // Some of them have examples below, but there are other parameters.
  67.     // Consult Kea User's Guide to find out about them.
  68.  
  69.     // These are global options. They are going to be sent when a client
  70.     // requests them, unless overwritten with values in more specific scopes.
  71.     // The scope hierarchy is:
  72.     // - global (most generic, can be overwritten by class, subnet or host)
  73.     // - class (can be overwritten by subnet or host)
  74.     // - subnet (can be overwritten by host)
  75.     // - host (most specific, overwrites any other scopes)
  76.     //
  77.     // Not all of those options make sense. Please configure only those that
  78.     // are actually useful in your network.
  79.     //
  80.     // For a complete list of options currently supported by Kea, see
  81.     // Section 7.2.8 "Standard DHCPv4 Options". Kea also supports
  82.     // vendor options (see Section 7.2.10) and allows users to define their
  83.     // own custom options (see Section 7.2.9).
  84.     "option-data": [
  85.         // When specifying options, you typically need to specify
  86.         // one of (name or code) and data. The full option specification
  87.         // covers name, code, space, csv-format and data.
  88.         // space defaults to "dhcp4" which is usually correct, unless you
  89.         // use encapsulate options. csv-format defaults to "true", so
  90.         // this is also correct, unless you want to specify the whole
  91.         // option value as long hex string. For example, to specify
  92.         // domain-name-servers you could do this:
  93.         // {
  94.         //     "name": "domain-name-servers",
  95.         //     "code": 6,
  96.         //     "csv-format": "true",
  97.         //     "space": "dhcp4",
  98.         //     "data": "192.0.2.1, 192.0.2.2"
  99.         // }
  100.         // but it's a lot of writing, so it's easier to do this instead:
  101.         {
  102.             "name": "domain-name-servers",
  103.             "data": "10.32.0.120, 10.32.0.121"
  104.         },
  105.  
  106.         // Typically people prefer to refer to options by their names, so they
  107.         // don't need to remember the code names. However, some people like
  108.         // to use numerical values. For example, option "domain-name" uses
  109.         // option code 15, so you can reference to it either by
  110.         // "name": "domain-name" or "code": 15.
  111.         {
  112.             "code": 15,
  113.             "data": "sitpi.lan"
  114.         },
  115.  
  116.         // Domain search is also a popular option. It tells the client to
  117.         // attempt to resolve names within those specified domains. For
  118.         // example, name "foo" would be attempted to be resolved as
  119.         // foo.mydomain.example.com and if it fails, then as foo.example.com
  120.         {
  121.             "name": "domain-search",
  122.             "data": "sitpi.lan, sitpi.fr"
  123.         },
  124.  
  125.         // String options that have a comma in their values need to have
  126.         // it escaped (i.e. each comma is preceded by two backslashes).
  127.         // That's because commas are reserved for separating fields in
  128.         // compound options. At the same time, we need to be conformant
  129.         // with JSON spec, that does not allow "\,". Therefore the
  130.         // slightly uncommon double backslashes notation is needed.
  131.  
  132.         // Legal JSON escapes are \ followed by "\/bfnrt character
  133.         // or \u followed by 4 hexadecimal numbers (currently Kea
  134.         // supports only \u0000 to \u00ff code points).
  135.         // CSV processing translates '\\' into '\' and '\,' into ','
  136.         // only so for instance '\x' is translated into '\x'. But
  137.         // as it works on a JSON string value each of these '\'
  138.         // characters must be doubled on JSON input.
  139.         {
  140.             "name": "boot-file-name",
  141.             "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
  142.         },
  143.  
  144.         // Options that take integer values can either be specified in
  145.         // dec or hex format. Hex format could be either plain (e.g. abcd)
  146.         // or prefixed with 0x (e.g. 0xabcd).
  147.         {
  148.             "name": "default-ip-ttl",
  149.             "data": "0xf0"
  150.         }
  151.  
  152.         // Note that Kea provides some of the options on its own. In particular,
  153.         // it sends IP Address lease type (code 51, based on valid-lifetime
  154.         // parameter, Subnet mask (code 1, based on subnet definition), Renewal
  155.         // time (code 58, based on renew-timer parameter), Rebind time (code 59,
  156.         // based on rebind-timer parameter).
  157.     ],
  158.  
  159.     // Other global parameters that can be defined here are option definitions
  160.     // (this is useful if you want to use vendor options, your own custom
  161.     // options or perhaps handle options that Kea does not handle out of the box
  162.     // yet).
  163.  
  164.     // You can also define classes. If classes are defined, incoming packets
  165.     // may be assigned to specific classes. A client class can represent any
  166.     // group of devices that share some common characteristic, e.g. Windows
  167.     // devices, iphones, broken printers that require special options, etc.
  168.     // Based on the class information, you can then allow or reject clients
  169.     // to use certain subnets, add special options for them or change values
  170.     // of some fixed fields.
  171.     "client-classes": [
  172.         {
  173.             // This specifies a name of this class. It's useful if you need to
  174.             // reference this class.
  175.             "name": "voip",
  176.  
  177.             // This is a test. It is an expression that is being evaluated on
  178.             // each incoming packet. It is supposed to evaluate to either
  179.             // true or false. If it's true, the packet is added to specified
  180.             // class. See Section 12 for a list of available expressions. There
  181.             // are several dozens. Section 8.2.14 for more details for DHCPv4
  182.             // classification and Section 9.2.19 for DHCPv6.
  183.             "test": "substring(option[60].hex,0,6) == 'Aastra'",
  184.  
  185.             // If a client belongs to this class, you can define extra behavior.
  186.             // For example, certain fields in DHCPv4 packet will be set to
  187.             // certain values.
  188.             "next-server": "192.0.2.254",
  189.             "server-hostname": "hal9000",
  190.             "boot-file-name": "/dev/null"
  191.  
  192.             // You can also define option values here if you want devices from
  193.             // this class to receive special options.
  194.         }
  195.     ],
  196.  
  197.     // Another thing possible here are hooks. Kea supports a powerful mechanism
  198.     // that allows loading external libraries that can extract information and
  199.     // even influence how the server processes packets. Those libraries include
  200.     // additional forensic logging capabilities, ability to reserve hosts in
  201.     // more flexible ways, and even add extra commands. For a list of available
  202.     // hook libraries, see https://gitlab.isc.org/isc-projects/kea/wikis/Hooks-available.
  203.     "hooks-libraries": [
  204.     {
  205.       "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
  206.     },
  207.     {
  208.       "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_stat_cmds.so"
  209.     },
  210.     {
  211.         "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
  212.         "parameters": {
  213.             "high-availability": [{
  214.                 "this-server-name": "cti-dhcp-prd01",
  215.                 "mode": "load-balancing",
  216.                 "heartbeat-delay": 10000,
  217.                 "max-response-delay": 10000,
  218.                 "max-ack-delay": 5000,
  219.                 "max-unacked-clients": 5,
  220.                 "peers": [{
  221.                     "name": "cti-dhcp-prd01",
  222.                     "url": "http://10.32.0.4:8000/",
  223.                     "role": "primary",
  224.                     "auto-failover": true
  225.                 }, {
  226.                     "name": "ros-dhcp-prd01",
  227.                     "url": "http://10.32.0.5:8000/",
  228.                     "role": "secondary",
  229.                     "auto-failover": true
  230.                 }]
  231.             }]
  232.     }
  233.     }
  234.       //{
  235.       //    // Forensic Logging library generates forensic type of audit trail
  236.       //    // of all devices serviced by Kea, including their identifiers
  237.       //    // (like MAC address), their location in the network, times
  238.       //    // when they were active etc.
  239.       //    "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_legal_log.so"
  240.       //    "parameters": {
  241.       //        "path": "/var/lib/kea",
  242.       //        "base-name": "kea-forensic4"
  243.       //    }
  244.       //},
  245.       //{
  246.       //    // Flexible identifier (flex-id). Kea software provides a way to
  247.       //    // handle host reservations that include addresses, prefixes,
  248.       //    // options, client classes and other features. The reservation can
  249.       //    // be based on hardware address, DUID, circuit-id or client-id in
  250.       //    // DHCPv4 and using hardware address or DUID in DHCPv6. However,
  251.       //    // there are sometimes scenario where the reservation is more
  252.       //    // complex, e.g. uses other options that mentioned above, uses part
  253.       //    // of specific options or perhaps even a combination of several
  254.       //    // options and fields to uniquely identify a client. Those scenarios
  255.       //    // are addressed by the Flexible Identifiers hook application.
  256.       //    "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_flex_id.so",
  257.       //    "parameters": {
  258.       //        "identifier-expression": "substring(relay6[0].option[18],0,8)"
  259.       //    }
  260.       //}
  261.     ],
  262.  
  263.     "subnet4": [
  264.         {
  265.             "user-context": {
  266.                 "sit-vlan-id": "203",
  267.                 "sit-vlan-name": "vlan_prod"
  268.             },
  269.             "subnet": "10.32.0.0/24",
  270.             "pools": [ { "pool": "10.32.0.131 - 10.32.0.149" } ],
  271.             "option-data": [
  272.                 {
  273.                     "name": "routers",
  274.                     "data": "10.32.0.250"
  275.                 }
  276.             ]
  277.         },
  278.         {
  279.             "user-context": {
  280.                 "sit-vlan-id": "205",
  281.                 "sit-vlan-name": "vlan_pole_infra"
  282.             },
  283.             "subnet": "10.32.5.0/24",
  284.             "pools": [ { "pool": "10.32.5.60 - 10.32.5.160" } ],
  285.             "option-data": [
  286.                 {
  287.                     "name": "routers",
  288.                     "data": "10.32.5.250"
  289.                 }
  290.             ]
  291.         },
  292.         {
  293.             "user-context": {
  294.                 "sit-vlan-id": "206",
  295.                 "sit-vlan-name": "vlan_dmz"
  296.             },
  297.             "subnet": "10.32.11.0/24",
  298.             "pools": [ { "pool": "10.32.11.252 - 10.32.11.254" } ],
  299.             "option-data": [
  300.                 {
  301.                     "name": "routers",
  302.                     "data": "10.32.11.250"
  303.                 }
  304.             ]
  305.         },
  306.         {
  307.             "user-context": {
  308.                 "sit-vlan-id": "207",
  309.                 "sit-vlan-name": "vlan_personnel_sitpi"
  310.             },
  311.             "subnet": "10.32.208.0/24",
  312.             "pools": [ { "pool": "10.32.208.50 - 10.32.208.100" } ],
  313.             "option-data": [
  314.                 {
  315.                     "name": "routers",
  316.                     "data": "10.32.208.250"
  317.                 }
  318.             ]
  319.         },
  320.         {
  321.             "user-context": {
  322.                 "sit-vlan-id": "210",
  323.                 "sit-vlan-name": "vlan_tse"
  324.             },
  325.             "subnet": "10.32.9.0/24",
  326.             "pools": [ { "pool": "10.32.9.240 - 10.32.9.245" } ],
  327.             "option-data": [
  328.                 {
  329.                     "name": "routers",
  330.                     "data": "10.32.208.250"
  331.                 }
  332.             ]
  333.         },
  334.         {
  335.             "user-context": {
  336.                 "sit-vlan-id": "211",
  337.                 "sit-vlan-name": "sit-vlan-tst"
  338.             },
  339.             "subnet": "10.32.3.0/24",
  340.             "pools": [ { "pool": "10.32.3.200 - 10.32.3.219" } ],
  341.             "option-data": [
  342.                 {
  343.                     "name": "routers",
  344.                     "data": "10.32.3.250"
  345.                 }
  346.             ],
  347.             "reservations": [
  348.                   {
  349.                       "hw-address": "00:50:56:12:03:34",
  350.                       "ip-address": "10.32.3.208"
  351.           }
  352.             ]
  353.         },
  354.        {
  355.             "user-context": {
  356.                 "sit-vlan-id": "213",
  357.                 "sit-vlan-name": "vlan_pre"
  358.             },
  359.             "subnet": "10.32.4.0/24",
  360.             "pools": [ { "pool": "10.32.4.240 - 10.32.4.245" } ],
  361.             "option-data": [
  362.                 {
  363.                     "name": "routers",
  364.                     "data": "10.32.4.250"
  365.                 }
  366.             ]
  367.         },
  368.         {
  369.             "user-context": {
  370.                 "sit-vlan-id": "215",
  371.                 "sit-vlan-name": "vlan_telemaint"
  372.             },
  373.             "subnet": "10.32.15.0/24",
  374.             "pools": [ { "pool": "10.32.15.20 - 10.32.15.29" } ],
  375.             "option-data": [
  376.                 {
  377.                     "name": "routers",
  378.                     "data": "10.32.15.250"
  379.                 }
  380.             ]
  381.         },
  382.         {
  383.             "user-context": {
  384.                 "sit-vlan-id": "222",
  385.                 "sit-vlan-name": "vlan_dmz_ech"
  386.             },
  387.             "subnet": "10.32.22.0/24",
  388.             "pools": [ { "pool": "10.32.22.240 - 10.32.22.245" } ],
  389.             "option-data": [
  390.                 {
  391.                     "name": "routers",
  392.                     "data": "10.32.22.250"
  393.                 }
  394.             ]
  395.         },
  396.         {
  397.             "user-context": {
  398.                 "sit-vlan-id": "261",
  399.                 "sit-vlan-name": "vlan_nas"
  400.             },
  401.             "subnet": "10.32.61.0/24",
  402.             "pools": [ { "pool": "10.32.61.240 - 10.32.61.245" } ],
  403.             "option-data": [
  404.                 {
  405.                     "name": "routers",
  406.                     "data": "10.32.61.250"
  407.                 }
  408.             ]
  409.         },
  410.         {
  411.             "user-context": {
  412.                 "sit-vlan-id": "270",
  413.                 "sit-vlan-name": "vlan_adm_vmware"
  414.             },
  415.             "subnet": "10.32.70.0/24",
  416.             "pools": [ { "pool": "10.32.70.240 - 10.32.70.245" } ],
  417.             "option-data": [
  418.                 {
  419.                     "name": "routers",
  420.                     "data": "10.32.70.250"
  421.                 }
  422.             ]
  423.         },
  424.         {
  425.             "user-context": {
  426.                 "sit-vlan-id": "2255",
  427.                 "sit-vlan-name": "vlan_monitor"
  428.             },
  429.             "subnet": "10.32.255.0/24",
  430.             "pools": [ { "pool": "10.32.255.240 - 10.32.255.245" } ],
  431.             "option-data": [
  432.                 {
  433.                     "name": "routers",
  434.                     "data": "10.32.255.250"
  435.                 }
  436.             ]
  437.         },
  438.         {
  439.             "user-context": {
  440.                 "sit-vlan-id": "4009",
  441.                 "sit-vlan-name": "vlan_wifi_invite"
  442.             },
  443.             "subnet": "10.32.254.0/24",
  444.             "pools": [ { "pool": "10.32.254.1 - 10.32.254.249" } ],
  445.             "option-data": [
  446.                 {
  447.                     "name": "routers",
  448.                     "data": "10.32.254.250"
  449.                 }
  450.             ]
  451.         }
  452.     ],
  453.  
  454.     // There are many, many more parameters that DHCPv4 server is able to use.
  455.     // They were not added here to not overwhelm people with too much
  456.     // information at once.
  457.  
  458. // Logging configuration starts here. Kea uses different loggers to log various
  459. // activities. For details (e.g. names of loggers), see Chapter 18.
  460.     "loggers": [
  461.     {
  462.         // This section affects kea-dhcp4, which is the base logger for DHCPv4
  463.         // component. It tells DHCPv4 server to write all log messages (on
  464.         // severity INFO or more) to a file.
  465.         "name": "kea-dhcp4",
  466.         "output_options": [
  467.             {
  468.                 // Specifies the output file. There are several special values
  469.                 // supported:
  470.                 // - stdout (prints on standard output)
  471.                 // - stderr (prints on standard error)
  472.                 // - syslog (logs to syslog)
  473.                 // - syslog:name (logs to syslog using specified name)
  474.                 // Any other value is considered a name of a time
  475.                 "output": "syslog",
  476.  
  477.                 // Shorter log pattern suitable for use with systemd,
  478.                 // avoids redundant information
  479.                 "pattern": "%-5p %m\n",
  480.  
  481.                 // This governs whether the log output is flushed to disk after
  482.                 // every write.
  483.                 // "flush": false,
  484.  
  485.                 // This specifies the maximum size of the file before it is
  486.                 // rotated.
  487.                 "maxsize": 1048576,
  488.  
  489.                 // This specifies the maximum number of rotated files to keep.
  490.                 "maxver": 8
  491.             }
  492.         ],
  493.         // This specifies the severity of log messages to keep. Supported values
  494.         // are: FATAL, ERROR, WARN, INFO, DEBUG
  495.         "severity": "INFO",
  496.  
  497.         // If DEBUG level is specified, this value is used. 0 is least verbose,
  498.         // 99 is most verbose. Be cautious, Kea can generate lots and lots
  499.         // of logs if told to do so.
  500.         "debuglevel": 0
  501.     }
  502.   ]
  503. }
  504. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!