diff options
| author | Thomas Markwalder <tmark@isc.org> | 2023-01-25 16:00:12 +0100 |
|---|---|---|
| committer | Thomas Markwalder <tmark@isc.org> | 2023-02-13 19:48:36 +0100 |
| commit | 2ec065a08a2d29d9a857c9caf660b515be5dc07b (patch) | |
| tree | 2e8b297a02fd301fa722449375fa57ae33ab647a /doc/sphinx/arm/dhcp4-srv.rst | |
| parent | [#2723] Note about multiple tokens (diff) | |
| download | kea-2ec065a08a2d29d9a857c9caf660b515be5dc07b.tar.xz kea-2ec065a08a2d29d9a857c9caf660b515be5dc07b.zip | |
[#2631] Global reserved addresses must be feasible
kea-dhcp<4/6> both now enforce globally reserved addresses
to be within the selected subnet/shared-network
Added a ChangeLog entry
doc/sphinx/arm/dhcp4-srv.rst
doc/sphinx/arm/dhcp6-srv.rst
Updated global reservation commmentary
src/lib/dhcpsrv/alloc_engine.cc
AllocEngine::allocateGlobalReservedLeases6() - modified to enforce
address feasibility/subnet reselect
AllocEngine::labelNetworkOrSubnet() - new convenience method for logging
hasAddressReservation() - modified to enforce
address feasibility/subnet reselect
src/lib/dhcpsrv/alloc_engine_messages.mes
New log messages:
ALLOC_ENGINE_IGNORING_UNSUITABLE_GLOBAL_ADDRESS
ALLOC_ENGINE_IGNORING_UNSUITABLE_GLOBAL_ADDRESS6
src/lib/dhcpsrv/tests/alloc_engine4_unittest.cc
src/lib/dhcpsrv/tests/alloc_engine6_unittest.cc
src/lib/dhcpsrv/tests/alloc_engine_utils.*
src/bin/dhcp4/tests/host_unittest.cc
src/bin/dhcp6/tests/host_unittest.cc
New and updated tests
Diffstat (limited to 'doc/sphinx/arm/dhcp4-srv.rst')
| -rw-r--r-- | doc/sphinx/arm/dhcp4-srv.rst | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/doc/sphinx/arm/dhcp4-srv.rst b/doc/sphinx/arm/dhcp4-srv.rst index 555997c1d4..746896a787 100644 --- a/doc/sphinx/arm/dhcp4-srv.rst +++ b/doc/sphinx/arm/dhcp4-srv.rst @@ -5225,16 +5225,21 @@ every subnet that has global reservations enabled. This feature can be used to assign certain parameters, such as hostname or other dedicated, host-specific options. It can also be used to assign -addresses. However, global reservations that assign addresses bypass the -whole topology determination provided by the DHCP logic implemented in Kea. -It is very easy to misuse this feature and get a configuration that is -inconsistent. To give a specific example, imagine a global reservation -for the address 192.0.2.100 and two subnets 192.0.2.0/24 and 192.0.5.0/24. -If global reservations are used in both subnets and a device matching -global host reservations visits part of the network that is serviced by -192.0.5.0/24, it will get an IP address 192.0.2.100, a subnet 192.0.5.0, -and a default router 192.0.5.1. Obviously, such a configuration is -unusable, as the client will not be able to reach its default gateway. +addresses. + +An address assigned via global host reservation must be feasible for the +subnet the server selects for the client. In other words, the address must +lie within the subnet otherwise it will be ignored and the server will +attempt to dynamically allocate an address. In the event the selected subnet +belongs to a shared-network the server will check for feasibility against +the subnet's siblings, selecting the first in-range subnet. If no such +subnet exists, the server will fallback to dynamically allocating the address. + +.. note:: + + Prior to release 2.3.5, the server did not perform feasibility checks on + globally reserved addresses. This allowed the server to be configured to + hand out nonsensical leases for arbitrary address values. To use global host reservations, a configuration similar to the following can be used: |