Kea Administrator Reference Manual¶
Kea is an open source implementation of the Dynamic Host Configuration Protocol (DHCP) servers, developed and maintained by Internet Systems Consortium (ISC).
This is the reference guide for Kea version 2.0.0. Links to the most up-to-date version of this document (in PDF, HTML, and plain text formats) can be found on Read the Docs. Other useful Kea information can be found in our Knowledgebase.
- 1. Introduction
- 2. Quick Start
- 3. Installation
- 4. Kea Database Administration
- 5. Kea Configuration
- 6. Managing Kea with
keactrl
- 7. The Kea Control Agent
- 8. The DHCPv4 Server
- 8.1. Starting and Stopping the DHCPv4 Server
- 8.2. DHCPv4 Server Configuration
- 8.2.1. Introduction
- 8.2.2. Lease Storage
- 8.2.3. Hosts Storage
- 8.2.4. Interface Configuration
- 8.2.5. Issues With Unicast Responses to DHCPINFORM
- 8.2.6. IPv4 Subnet Identifier
- 8.2.7. IPv4 Subnet Prefix
- 8.2.8. Configuration of IPv4 Address Pools
- 8.2.9. Sending T1 (Option 58) and T2 (Option 59)
- 8.2.10. Standard DHCPv4 Options
- 8.2.11. Custom DHCPv4 Options
- 8.2.12. DHCPv4 Private Options
- 8.2.13. DHCPv4 Vendor-Specific Options
- 8.2.14. Nested DHCPv4 Options (Custom Option Spaces)
- 8.2.15. Unspecified Parameters for DHCPv4 Option Configuration
- 8.2.16. Stateless Configuration of DHCPv4 Clients
- 8.2.17. Client Classification in DHCPv4
- 8.2.18. DDNS for DHCPv4
- 8.2.19. Next Server (
siaddr
) - 8.2.20. Echoing Client-ID (RFC 6842)
- 8.2.21. Using Client Identifier and Hardware Address
- 8.2.22. Authoritative DHCPv4 Server Behavior
- 8.2.23. DHCPv4-over-DHCPv6: DHCPv4 Side
- 8.2.24. Sanity Checks in DHCPv4
- 8.2.25. Storing Extended Lease Information
- 8.2.26. Multi-Threading Settings
- 8.2.27. Multi-Threading Settings in Different Backends
- 8.2.28. IPv6-Only Preferred Networks
- 8.2.29. Lease Caching
- 8.3. Host Reservation in DHCPv4
- 8.3.1. Address Reservation Types
- 8.3.2. Conflicts in DHCPv4 Reservations
- 8.3.3. Reserving a Hostname
- 8.3.4. Including Specific DHCPv4 Options in Reservations
- 8.3.5. Reserving Next Server, Server Hostname, and Boot File Name
- 8.3.6. Reserving Client Classes in DHCPv4
- 8.3.7. Storing Host Reservations in MySQL, PostgreSQL, or Cassandra
- 8.3.8. Fine-Tuning DHCPv4 Host Reservation
- 8.3.9. Global Reservations in DHCPv4
- 8.3.10. Pool Selection with Client Class Reservations
- 8.3.11. Subnet Selection with Client Class Reservations
- 8.3.12. Multiple Reservations for the Same IP
- 8.4. Shared Networks in DHCPv4
- 8.5. Server Identifier in DHCPv4
- 8.6. How the DHCPv4 Server Selects a Subnet for the Client
- 8.7. Duplicate Addresses (DHCPDECLINE Support)
- 8.8. Statistics in the DHCPv4 Server
- 8.9. Management API for the DHCPv4 Server
- 8.10. User Contexts in IPv4
- 8.11. Supported DHCP Standards
- 8.12. DHCPv4 Server Limitations
- 8.13. Kea DHCPv4 Server Examples
- 8.14. Configuration Backend in DHCPv4
- 8.15. Kea DHCPv4 Compatibility Configuration Parameters
- 9. The DHCPv6 Server
- 9.1. Starting and Stopping the DHCPv6 Server
- 9.2. DHCPv6 Server Configuration
- 9.2.1. Introduction
- 9.2.2. Lease Storage
- 9.2.3. Hosts Storage
- 9.2.4. Interface Configuration
- 9.2.5. IPv6 Subnet Identifier
- 9.2.6. IPv6 Subnet Prefix
- 9.2.7. Unicast Traffic Support
- 9.2.8. Configuration of IPv6 Address Pools
- 9.2.9. Subnet and Prefix Delegation Pools
- 9.2.10. Prefix Exclude Option
- 9.2.11. Standard DHCPv6 Options
- 9.2.12. Common Softwire46 Options
- 9.2.13. Custom DHCPv6 Options
- 9.2.14. DHCPv6 Vendor-Specific Options
- 9.2.15. Nested DHCPv6 Options (Custom Option Spaces)
- 9.2.16. Unspecified Parameters for DHCPv6 Option Configuration
- 9.2.17. Controlling the Values Sent for T1 and T2 Times
- 9.2.18. IPv6 Subnet Selection
- 9.2.19. Rapid Commit
- 9.2.20. DHCPv6 Relays
- 9.2.21. Relay-Supplied Options
- 9.2.22. Client Classification in DHCPv6
- 9.2.23. DDNS for DHCPv6
- 9.2.24. DHCPv4-over-DHCPv6: DHCPv6 Side
- 9.2.25. Sanity Checks in DHCPv6
- 9.2.26. Storing Extended Lease Information
- 9.2.27. Multi-Threading Settings
- 9.2.28. Multi-Threading Settings in Different Backends
- 9.2.29. Lease Caching
- 9.3. Host Reservation in DHCPv6
- 9.3.1. Address/Prefix Reservation Types
- 9.3.2. Conflicts in DHCPv6 Reservations
- 9.3.3. Reserving a Hostname
- 9.3.4. Including Specific DHCPv6 Options in Reservations
- 9.3.5. Reserving Client Classes in DHCPv6
- 9.3.6. Storing Host Reservations in MySQL, PostgreSQL, or Cassandra
- 9.3.7. Fine-Tuning DHCPv6 Host Reservation
- 9.3.8. Global Reservations in DHCPv6
- 9.3.9. Pool Selection with Client Class Reservations
- 9.3.10. Subnet Selection with Client Class Reservations
- 9.3.11. Multiple Reservations for the Same IP
- 9.4. Shared Networks in DHCPv6
- 9.5. Server Identifier in DHCPv6
- 9.6. DHCPv6 Data Directory
- 9.7. Stateless DHCPv6 (Information-Request Message)
- 9.8. Support for RFC 7550 (now part of RFC 8415)
- 9.9. Using a Specific Relay Agent for a Subnet
- 9.10. Segregating IPv6 Clients in a Cable Network
- 9.11. MAC/Hardware Addresses in DHCPv6
- 9.12. Duplicate Addresses (DECLINE Support)
- 9.13. Statistics in the DHCPv6 Server
- 9.14. Management API for the DHCPv6 Server
- 9.15. User Contexts in IPv6
- 9.16. Supported DHCPv6 Standards
- 9.17. DHCPv6 Server Limitations
- 9.18. Kea DHCPv6 Server Examples
- 9.19. Configuration Backend in DHCPv6
- 9.20. Kea DHCPv6 Compatibility Configuration Parameters
- 10. Database Connectivity
- 11. Lease Expiration
- 12. Congestion Handling
- 13. The DHCP-DDNS Server
- 13.1. Overview
- 13.2. Starting and Stopping the DHCP-DDNS Server
- 13.3. Configuring the DHCP-DDNS Server
- 13.4. DHCP-DDNS Server Statistics
- 13.5. DHCP-DDNS Server Limitations
- 13.6. Supported Standards
- 14. The LFC Process
- 15. Client Classification
- 15.1. Client Classification Overview
- 15.2. Built-in Client Classes
- 15.3. Using Expressions in Classification
- 15.4. Configuring Classes
- 15.5. Using Static Host Reservations In Classification
- 15.6. Configuring Subnets With Class Information
- 15.7. Configuring Pools With Class Information
- 15.8. Using Classes
- 15.9. Classes and Hooks
- 15.10. Debugging Expressions
- 16. Hooks Libraries
- 16.1. Introduction
- 16.2. Installing Hook Packages
- 16.3. Configuring Hooks Libraries
- 16.4. Available Hooks Libraries
- 16.5. user_chk: Checking User Access
- 16.6. legal_log: Forensic Logging Hooks
- 16.7. flex_id: Flexible Identifiers for Host Reservations
- 16.8. flex_option Flexible Option for Option value settings
- 16.9. host_cmds: Host Commands
- 16.9.1. The subnet-id Parameter
- 16.9.2. The reservation-add Command
- 16.9.3. The reservation-get Command
- 16.9.4. The reservation-get-all Command
- 16.9.5. The reservation-get-page command
- 16.9.6. The reservation-get-by-hostname Command
- 16.9.7. The reservation-get-by-id Command
- 16.9.8. The reservation-del Command
- 16.10. lease_cmds: Lease Commands
- 16.10.1. The lease4-add, lease6-add Commands
- 16.10.2. The lease6-bulk-apply Command
- 16.10.3. The lease4-get, lease6-get Commands
- 16.10.4. The lease4-get-all, lease6-get-all Commands
- 16.10.5. The lease4-get-page, lease6-get-page Commands
- 16.10.6. The lease4-get-by-*, lease6-get-by-* Commands
- 16.10.7. The lease4-del, lease6-del Commands
- 16.10.8. The lease4-update, lease6-update Commands
- 16.10.9. The lease4-wipe, lease6-wipe Commands
- 16.10.10. The lease4-resend-ddns, lease6-resend-ddns Commands
- 16.11. subnet_cmds: Subnet Commands
- 16.11.1. The subnet4-list Command
- 16.11.2. The subnet6-list Command
- 16.11.3. The subnet4-get Command
- 16.11.4. The subnet6-get Command
- 16.11.5. The subnet4-add Command
- 16.11.6. The subnet6-add Command
- 16.11.7. The subnet4-update Command
- 16.11.8. The subnet6-update Command
- 16.11.9. The subnet4-del Command
- 16.11.10. The subnet6-del Command
- 16.11.11. The network4-list, network6-list Commands
- 16.11.12. The network4-get, network6-get Commands
- 16.11.13. The network4-add, network6-add Commands
- 16.11.14. The network4-del, network6-del Commands
- 16.11.15. The network4-subnet-add, network6-subnet-add Commands
- 16.11.16. The network4-subnet-del, network6-subnet-del Commands
- 16.12. BOOTP Support
- 16.13. class_cmds: Class Commands
- 16.14. cb_cmds: Configuration Backend Commands
- 16.14.1. Commands Structure
- 16.14.2. Control Commands for DHCP Servers
- 16.14.3. Metadata
- 16.14.4. remote-server4-del, remote-server6-del commands
- 16.14.5. remote-server4-get, remote-server6-get commands
- 16.14.6. remote-server4-get-all, remote-server6-get-all commands
- 16.14.7. remote-server4-set, remote-server6-set commands
- 16.14.8. The remote-global-parameter4-del, remote-global-parameter6-del Commands
- 16.14.9. The remote-global-parameter4-get, remote-global-parameter6-get Commands
- 16.14.10. The remote-global-parameter4-get-all, remote-global-parameter6-get-all Commands
- 16.14.11. The remote-global-parameter4-set, remote-global-parameter6-set Commands
- 16.14.12. The remote-network4-del, remote-network6-del Commands
- 16.14.13. The remote-network4-get, remote-network6-get Commands
- 16.14.14. The remote-network4-list, remote-network6-list Commands
- 16.14.15. The remote-network4-set, remote-network6-set Commands
- 16.14.16. The remote-option-def4-del, remote-option-def6-del Commands
- 16.14.17. The remote-option-def4-get, remote-option-def6-get Commands
- 16.14.18. The remote-option-def4-get-all, remote-option-def6-get-all Commands
- 16.14.19. The remote-option-def4-set, remote-option-def6-set Commands
- 16.14.20. The remote-option4-global-del, remote-option6-global-del Commands
- 16.14.21. The remote-option4-global-get, remote-option6-global-get Commands
- 16.14.22. The remote-option4-global-get-all, remote-option6-global-get-all Commands
- 16.14.23. The remote-option4-global-set, remote-option6-global-set Commands
- 16.14.24. The remote-option4-network-del, remote-option6-network-del Commands
- 16.14.25. The remote-option4-network-set, remote-option6-network-set Commands
- 16.14.26. The remote-option6-pd-pool-del Command
- 16.14.27. The remote-option6-pd-pool-set Command
- 16.14.28. The remote-option4-pool-del, remote-option6-pool-del Commands
- 16.14.29. The remote-option4-pool-set, remote-option6-pool-set Commands
- 16.14.30. The remote-option4-subnet-del, remote-option6-subnet-del Commands
- 16.14.31. The remote-option4-subnet-set, remote-option6-subnet-set Commands
- 16.14.32. The remote-subnet4-del-by-id, remote-subnet6-del-by-id Commands
- 16.14.33. The remote-subnet4-del-by-prefix, remote-subnet6-del-by-prefix Commands
- 16.14.34. The remote-subnet4-get-by-id, remote-subnet6-get-by-id Commands
- 16.14.35. The remote-subnet4-get-by-prefix, remote-subnet6-get-by-prefix Commands
- 16.14.36. The remote-subnet4-list, remote-subnet6-list Commands
- 16.14.37. The remote-subnet4-set, remote-subnet6-set Commands
- 16.14.38. The remote-class4-del, remote-class6-del Commands
- 16.14.39. The remote-class4-get, remote-class6-get Commands
- 16.14.40. The remote-class4-get-all, remote-class6-get-all Commands
- 16.14.41. The remote-class4-set, remote-class6-set Commands
- 16.15. ha: High Availability
- 16.15.1. Supported Configurations
- 16.15.2. Clocks on Active Servers
- 16.15.3. HTTPS Support
- 16.15.4. Server States
- 16.15.5. Scope Transition in a Partner-Down Case
- 16.15.6. Load-Balancing Configuration
- 16.15.7. Load Balancing with Advanced Classification
- 16.15.8. Hot-Standby Configuration
- 16.15.9. Passive-Backup Configuration
- 16.15.10. Lease Information Sharing
- 16.15.11. Controlling Lease-Page Size Limit
- 16.15.12. Timeouts
- 16.15.13. Pausing the HA State Machine
- 16.15.14. Control Agent Configuration
- 16.15.15. Multi-threaded Configuration (HA+MT)
- 16.15.16. Parked Packet Limit
- 16.15.17. Controlled Shutdown and Maintenance of DHCP servers
- 16.15.18. Upgrading from Older HA Versions
- 16.15.19. Control Commands for High Availability
- 16.15.19.1. The ha-sync Command
- 16.15.19.2. The ha-scopes Command
- 16.15.19.3. The ha-continue Command
- 16.15.19.4. The ha-heartbeat Command
- 16.15.19.5. The status-get Command
- 16.15.19.6. The ha-maintenance-start Command
- 16.15.19.7. The ha-maintenance-cancel Command
- 16.15.19.8. The ha-maintenance-notify Command
- 16.15.19.9. The ha-reset Command
- 16.15.19.10. The ha-sync-complete-notify Command
- 16.16. stat_cmds: Supplemental Statistics Commands
- 16.17. radius: RADIUS Server Support
- 16.18. host_cache: Caching Host Reservations
- 16.19. lease_query: Leasequery
- 16.20. Run Script Support
- 16.21. User Contexts in Hooks
- 17. Statistics
- 17.1. Statistics Overview
- 17.2. Statistics Lifecycle
- 17.3. Commands for Manipulating Statistics
- 17.3.1. The statistic-get Command
- 17.3.2. The statistic-reset Command
- 17.3.3. The statistic-remove Command
- 17.3.4. The statistic-get-all Command
- 17.3.5. The statistic-reset-all Command
- 17.3.6. The statistic-remove-all Command
- 17.3.7. The statistic-sample-age-set Command
- 17.3.8. The statistic-sample-age-set-all Command
- 17.3.9. The statistic-sample-count-set Command
- 17.3.10. The statistic-sample-count-set-all Command
- 17.4. Time Series
- 18. Management API
- 18.1. Data Syntax
- 18.2. Using the Control Channel
- 18.3. Commands Supported by Both the DHCPv4 and DHCPv6 Servers
- 18.3.1. The build-report Command
- 18.3.2. The config-get Command
- 18.3.3. The config-reload Command
- 18.3.4. The config-test Command
- 18.3.5. The config-write Command
- 18.3.6. The leases-reclaim Command
- 18.3.7. The libreload Command
- 18.3.8. The list-commands Command
- 18.3.9. The config-set Command
- 18.3.10. The shutdown Command
- 18.3.11. The dhcp-disable Command
- 18.3.12. The dhcp-enable Command
- 18.3.13. The status-get Command
- 18.3.14. The server-tag-get Command:
- 18.3.15. The config-backend-pull Command:
- 18.3.16. The version-get Command
- 18.4. Commands Supported by the D2 Server
- 18.5. Commands Supported by the Control Agent
- 19. Logging
- 20. The Kea Shell
- 21. Integration with external systems
- 21.1. YANG/NETCONF
- 21.1.1. Overview
- 21.1.2. Installing NETCONF
- 21.1.3. Quick Sysrepo Overview
- 21.1.4. Supported YANG Models
- 21.1.5. Using the NETCONF Agent
- 21.1.6. Configuration
- 21.1.7. A kea-netconf Configuration Example
- 21.1.8. Starting and Stopping the NETCONF Agent
- 21.1.9. A Step-by-Step NETCONF Agent Operation Example
- 21.1.9.1. Setup of NETCONF Agent Operation Example
- 21.1.9.2. Error Handling in NETCONF Operation Example
- 21.1.9.3. NETCONF Operation Example with Two Pools
- 21.1.9.4. NETCONF Operation Example with Two Subnets
- 21.1.9.5. NETCONF Operation Example with Logging
- 21.1.9.6. Migrating YANG data from sysrepo v0.x to v1.x
- 21.2. GSS-TSIG
- 21.2.1. GSS-TSIG Overview
- 21.2.2. GSS-TSIG Compilation
- 21.2.3. GSS-TSIG Deployment
- 21.2.4. Using GSS-TSIG
- 21.2.5. GSS-TSIG Commands
- 21.2.5.1. The gss-tsig-get-all Command
- 21.2.5.2. The gss-tsig-get Command
- 21.2.5.3. The gss-tsig-list Command
- 21.2.5.4. The gss-tsig-key-get Command
- 21.2.5.5. The gss-tsig-key-expire Command
- 21.2.5.6. The gss-tsig-key-del Command
- 21.2.5.7. The gss-tsig-purge-all Command
- 21.2.5.8. The gss-tsig-purge Command
- 21.1. YANG/NETCONF
- 22. Monitoring Kea With Stork
- 23. Kea Security
- 23.1. TLS/HTTPS support
- 23.2. Securing Kea deployment
- 23.2.1. Component-based design
- 23.2.2. Limiting application permissions
- 23.2.3. Securing Kea administrative access
- 23.2.4. Securing database connections
- 23.2.5. Information leakage through logging
- 23.2.6. Cryptography components
- 23.2.7. TSIG signatures
- 23.2.8. Raw socket support
- 23.2.9. Remote Administrative Access
- 23.2.10. Authentication for Kea’s REST API
- 23.3. Kea security processes