# Kea 2.3.2, October 26 2022, Release Notes Welcome to Kea 2.3.2, the third monthly release of the 2.3 development series. As with any other development release, use this with caution: development releases are not recommended for production use. Kea is a DHCP implementation developed by Internet Systems Consortium (ISC) that features DHCPv4 and DHCPv6 servers with DNS updating and a REST API; optional database support (MySQL and PostgreSQL); optional RADIUS, Kerberos, and YANG/NETCONF support; and much more. Kea provides extensive management capabilities, including but not limited to: TLS support, run-time configuration monitoring and updates via a REST API, host reservations, client classification, and more. The text below references issue numbers. For more details, visit the Kea GitLab page at https://gitlab.isc.org/isc-projects/kea/issues. This month the Kea team focused on fixing bugs and improving our build process. The following bugfixes and features have been implemented since the previous release, version 2.3.1: 1. **NETCONF and Sysrepo**: The support for NETCONF/Yang received a major overhaul; the Kea code has been migrated to libyang 2.x/Sysrepo 2.x from the previously supported 1.x versions. Both the libyang and Sysrepo dependencies continue to evolve substantially, so this update required over 2500 lines of code to be changed. **Be advised that the recent libyang 2 and Sysrepo 2.x require a compiler that supports the c++20 standard.** However, this is only required if you compile Kea with NETCONF support [#2311]. In addition, the interaction with Sysrepo has been updated: instead of retrieving configuration elements one by one, the whole configuration is retrieved in one step and then dissected by Kea. The larger your configuration is, the greater this performance improvement should be: for our test configuration with 60,000 entries, the configuration took 9 minutes and 30 seconds with the older code and just 3 seconds with this new change. For more details, see [#2400] and its merge request [!1824]. Since this is a radical change in the logic, NETCONF support is considered experimental. 2. **Package improvements**: Kea's official APK, Deb, and RPM packages have been restructured and made to follow a consistent packaging standard. Some of the package names have been modified, and some packages have been consolidated into larger packages as a result of these changes. Kea now runs under a service user on RPM systems. Upgrading Kea on Debian and Ubuntu systems should be done with ``apt dist-upgrade`` when upgrading to this release or later, as some packages need to be removed before being reinstalled. Depending on how Kea was previously installed, upgrading to this release or later on Debian or Ubuntu systems could cause the DHCPv6 and/or the DDNS server, as well as the open-source hooks, to be removed. To ensure they are properly installed, either install the ``isc-kea`` metapackage, or install the packages explicitly by name. Further details can be found in [#2220] and [#2398]. 3. **Template classes**: Work is underway to implement a template class mechanism, similar to spawning classes in ISC DHCP. The code for this functionality has been merged, but the documentation explaining how to use it is not, and it has only been very lightly tested. As such, the feature's status is currently experimental and undocumented. For more adventurous users, it is now possible to define an expression using `template-test` in a class. The expression should evaluate to a string; if evaluated to a non-empty value, the packet is assigned to a `SPAWN__` class. Proper documentation is expected in the next release [#2568]. 4. **Optional link selection suboption**: The link selection suboption is now optional; previously, Kea always tried to use it when it was present in a packet. Right now, its use is enabled by default, but it can be disabled using the `ignore-rai-link-selection` parameter [#2543]. 5. **Affinity for released leases**: Unless specifically told not to, Kea now keeps leases for a period of time after they are released. This is useful for devices that send RELEASE on reboot, so they are very likely to get the same lease after after their reboot is complete. This behavior is controlled by `flush-reclaimed-timer-wait-time` and `hold-reclaimed-time`. If both are non-zero, when the client sends a release message the lease is expired; previously, it was deleted from lease storage. The default values are 25 and 3600 respectively, effectively changing the default server behavior [#2548]. 5. **Bulk Leasequery (BLQ)**: The long-term effort to implement BLQ is nearing a critical phase. While the functionality itself is not yet active, we have most of the building blocks in place, and we expect to have some working capability soon. Our focus is to make memfile for DHCPv6 operational first and then gradually extend this to other backends and DHCPv4. In this release many BLQ-related tickets were merged: we fixed warnings in MySQL [#2604]; improved lease extended info storage, so Kea can now retain more information that is necessary for BLQ to function properly [#2595]; implemented the code that retrieves leases as requested by BLQ from the memfile v6 storage [#2585]; extended the definitions for RAI suboptions, which is a necessary step to parse suboptions used in BLQ [#2357]; updated the user context structure in leases to avoid negative interactions between various hooks that use context [#2587]; changed the reclaimLeaseInDatabase command so it now clears the user context [#2588]; created memfile v6 storage that is more friendly to BLQ queries [#2584]; modified the extended info store so it now stores explicit relay sub-option values [#2573]; and moved the ThreadPool code from libhttp to the asiolink library. This refactor is the first step towards reusing existing connection management (which currently is only used in HTTP) to be more generic. In the near future, it will also be used to handle incoming BLQ connections [#2573]. 6. **RADIUS**: The `reservation-get-page` API command now returns an empty list instead of an error when querying the RADIUS backend. The RADIUS protocol does not allow returning more than one entity, so it is impossible to implement this functionality; it simply signals that the requested operation cannot be completed [#2566]. 7. **Bug fixes**: A crash in the limits hook code has been fixed [#2614]. ## Incompatible Changes Many of the native packages have been substantially updated. See item 2 above for a brief overview, and the new `Installation From Cloudsmith Packages` and `Caveats for Upgrading Kea Packages` sections in the [Kea ARM](https://kea.readthedocs.io/en/latest/arm/intro.html) for more details. The `reservation-get-page` API command now returns an empty list instead of an error when querying the RADIUS backend. The released leases are now, by default, kept for a period of time in case a rebooting device comes back. See item 5 above for details. The layout of extended information optionally stored in the lease user context was changed. Kea handles the transition automatically, but external systems that interact with user context in leases may need to be updated. For details, see [#2587]. ## License This version of Kea is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 The premium and subscriber-only hook libraries are provided under the terms of a Kea Hooks Basic Commercial End User License Agreement. ## Download Pre-built ISC packages for current versions of the most popular Linux operating systems are available at: https://cloudsmith.io/\~isc/repos/ The Kea source and PGP signature for this release may be downloaded from: https://www.isc.org/download, as well as from the Cloudsmith repository. The signature was generated with the ISC code signing key, which is available at: https://www.isc.org/pgpkey ISC provides detailed documentation, including installation instructions and usage tutorials, in the Kea Administrator Reference Manual. Documentation is included with the installation or at https://kea.readthedocs.io/en/latest/index.html. Limitations and known issues with this release can be found at https://gitlab.isc.org/isc-projects/kea/wikis/known-issues-list. We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the Kea Users mailing list (https://lists.isc.org/mailman/listinfo/kea-users. We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Kea GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Kea is available from ISC. We encourage all professional users to consider this option; Kea maintenance is funded with support subscriptions. For more information on ISC's Kea and DHCP software support see https://www.isc.org/support/. Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list. ## Changes The following summarizes changes and important upgrade notes since the 2.3.1 release for Kea core: 2073. [build] razvan The library version numbers have been bumped for the Kea 2.3.2 development release. (Gitlab #2607) 2072. [func] razvan If both "flush-reclaimed-timer-wait-time" and "hold-reclaimed-time" are non-zero, when the client sends a release message the lease is expired. Previously it was deleted from the lease storage. The default values are 25 and 3600 respectively, effectively changing the default server behavior. (Gitlab #2548) 2071. [perf] andrei Significantly improved the performance of editing configuration with kea-netconf. Instead of making a request to the sysrepo datastore for each leaf and leaf-list node, a single request is done and the config is translated from the received data node. This approach is considered experimental. (Gitlab #2400) 2070. [func] andrei kea-netconf now requires libyang v2 and sysrepo v2 to compile and run. Suport for libyang v1 and sysrepo v1 has been dropped. (Gitlab #2311) 2069. [func] fdupont Added a new sanity checker named "extended-info-checks" which checks and eventually upgrades lease extended info which store into lease user context in DHCPv4 the dhcp-agent-options content and in DHCPv6 the relay-msg fields and options. (Gitlab #2595) 2068. [func] djt Kea's official APK, Deb, and RPM packages have been restructured and made to follow a consistent packaging standard. Some of the package names have been modified, and some packages have been consolidated into larger packages as a result of these changes. Kea now runs under a service user on RPM systems. Upgrading Kea on Debian and Ubuntu systems should be done with ``apt dist-upgrade`` when upgrading to this release or later, as some packages need to be removed before being reinstalled. Depending on how Kea was installed, upgrading to this release or later on Debian or Ubuntu systems could cause the DHCPv6 and/or the DDNS server, as well as the open-source hooks to be removed. In order to ensure they are properly installed, either install the ``isc-kea`` metapackage, or install the packages explicitly by name. Further details can be found in the Gitlab issue. (Gitlab #2220) 2067. [func] fdupont Updated the layout of extended information optionally stored in lease user context to add remote and relay identifier (sub-)options. (Gitlab #2587) 2066. [bug] fdupont Fixed lease reuse process to clear the user context when the lease expired and was reclaimed. (Gitlab #2588) 2065. [func] djt A compatibility config option called ignore-rai-link-selection has been added to the DHCPv4 config allow operators to ignore Link Selection suboption data in Relay Agent information options. When this configuration value is set to true, Kea will no longer use data provided in the suboption for subnet selection. (Gitlab #2543) And for Kea premium: 158. [func] razvan Added support for template classes. The limits hooks library is able to handle restrictions on subclasses spawned at runtime by template classes. (Gitlab #248) 157. [bug] fdupont Updated the RADIUS code to no longer throw on methods returning host collections: instead it does not contribute to the final result. For instance the command "reservation-get-all" no longer fails but it still can't be used to retrieve RADIUS or host cache content. (Gitlab #2566) See https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes for a complete list of release notes. Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.