Using the Kea DHCP Server 1

Posted by Henry Du on Friday, September 18, 2020

Using the Kea DHCP Server 1


This is the study notes from ISC webinar

DHCP is short for Dynamic Host Configuration Protocol. It is addressed in RFC 2131 for IPv4 and RFC 8415 for IPv6.

DHCPv4 Protocol

The DHCPv4 server or relay agents listen on port 67. The DHCPv4 clients listen on port 68 for messages from a server or relay agent.

The communication between a client and a DHCP server follow the DORA procedures.

  • DHCPDISCOVER: client asks: is there a DHCP server that can give me an address. This is link layer broadcast traffic because the client doesn’t have IP address and doesn’t know if DHCP server exists.
  • DHCPOFFER: DHCP server offers an address to the client
  • DHCPREQUEST: the client requests the IP address offered by the server.
  • DHCPACK: server marks the IP address as leased and confirms that transaction.

DHCP client has the following state

  • init-reboot
  • init
  • selecting
  • bound
  • renewing
  • rebinding

DHCPv4 Lease concept

When using the DHCP protocol, a client can never keep an IP Address forever. Each IP address given out by a DHCP server has a “lease” time, which is in seconds that the clients is allowed to use the IP address.

The lease time is delivered in a DHCP option as a 32bit value. The max lease time is about 136 years.

According to the RFC, DHCP server must store the lease information to permanent storage before confirming the IP address to a client. This can be a performance bottleneck on a DHCP server.

Host Reservation

DHCP IP address should always be given to the same DHCP client machine. A host reservation binds a DHCP client via a client identifier (MAC address) to an IP address.

Shared Subnet

A shared subnet is a physical network with more than one DHCPv4 managed subnet inside. Shared subnet are sometimes created if a larger number of IP addresses are needed in a network, but because of IPv4 address shortage no continuous range of IPv4 addresses are available.


It seems that DHCPv6 works the same way as DHCPv4. However, it is quite different. DHCPv6 is not upgrade version of DHCPv4. It is a protocol of its own.

DHCPv6 is solely a Layer 3 protocol. A DHCPv6 client already has a working link-local IPv6 address (fe80::) when sending the first DHCPv6 request. It is unlike DHCPv4 link layer / ethernet based broadcast.

DHCPv6 clients communicate using link-local multicast addresses. For example

  • All-DHCP-Relay-Agents-and-Servers: ff02::1:2
  • All-DHCP-Servers: ff05::1:3

DHCPv6 has been designed to provide it’s service in cooperation with the local routers. DHCPv6 must be enabled in the router configuration (M-Flag or O-Flag). The default gateway address will be retrieved from a router and not from the DHCPv6 server.

For DHCPv6 address allocation, DHCPv6 server must issue IP addresses randomly from the available address pool. Unlike some DHCPv4 server issue IP addresses continuously. The DHCPv6 scheme makes it harder to guess an IP address or scan a network segment.

A DHCPv6 client can send different kind of IP address requests. DHCPv6 allocation types are as follows

  • Non-temporary
  • Temporary
  • multiple
  • Prefix delegation Unlike DHCPv4, a DHCPv6 is able to request multiple IPv6 addresses.

IPv6 supports Stateless Automatic Address Configuration (SLAAC). SLAAC can be used as an alternative to DHCPv6. Both SLAAC and DHCPv6 can be combined. SLAAC is a stateless configuration that IPv6 address will be determined without a DHCP server. DHCPv6 is a stateful configuration because IPv6 address will be received from a DHCPv6 server.

DHCPv6 is able to rapid commit. It speeds up the process of joining a network. With rapid commit, there is no information send to the DHPCv6 server telling the server whether the client is using the advertised IPv6 address.

Identity Association (IA)

An identity association is a construct through which a server and a client can identify, group, and manage a set of related IPv6 addresses or delegated prefixes.

Each IA consists of an Identity Association ID (IAID), and associated configuration information.

If a client has more than one network interface, every interface will be associated with one distinct IAID.

DHCPv6 clients can receive temporary and non-temporary addresses. Temporary and non-temporary (stable) IPv6 addresses are managed with the help of IAID.