Kea Administrator Reference Manual¶
Kea is an open source implementation of the Dynamic Host Configuration Protocol (DHCP) servers, developed and maintained by Internet Systems Consortium (ISC).
This is the reference guide for Kea version 2.3.4. Links to the most up-to-date version of this document (in PDF, HTML, and plain text formats) can be found on Read the Docs. Other useful Kea information can be found in our Knowledgebase.
- 1. Introduction
- 2. Quick Start
- 3. Installation
- 4. Kea Database Administration
- 5. Kea Configuration
- 6. Managing Kea with
keactrl
- 7. The Kea Control Agent
- 8. The DHCPv4 Server
- 8.1. Starting and Stopping the DHCPv4 Server
- 8.2. DHCPv4 Server Configuration
- 8.2.1. Introduction
- 8.2.2. Lease Storage
- 8.2.3. Hosts Storage
- 8.2.4. Interface Configuration
- 8.2.5. Issues With Unicast Responses to DHCPINFORM
- 8.2.6. IPv4 Subnet Identifier
- 8.2.7. IPv4 Subnet Prefix
- 8.2.8. Configuration of IPv4 Address Pools
- 8.2.9. Sending T1 (Option 58) and T2 (Option 59)
- 8.2.10. Standard DHCPv4 Options
- 8.2.11. Custom DHCPv4 Options
- 8.2.12. DHCPv4 Private Options
- 8.2.13. DHCPv4 Vendor-Specific Options
- 8.2.14. Nested DHCPv4 Options (Custom Option Spaces)
- 8.2.15. Unspecified Parameters for DHCPv4 Option Configuration
- 8.2.16. Support for Long Options
- 8.2.17. Stateless Configuration of DHCPv4 Clients
- 8.2.18. Client Classification in DHCPv4
- 8.2.19. DDNS for DHCPv4
- 8.2.20. Next Server (
siaddr
) - 8.2.21. Echoing Client-ID (RFC 6842)
- 8.2.22. Using Client Identifier and Hardware Address
- 8.2.23. Authoritative DHCPv4 Server Behavior
- 8.2.24. DHCPv4-over-DHCPv6: DHCPv4 Side
- 8.2.25. Sanity Checks in DHCPv4
- 8.2.26. Storing Extended Lease Information
- 8.2.27. Multi-Threading Settings
- 8.2.28. Multi-Threading Settings With Different Database Backends
- 8.2.29. IPv6-Only Preferred Networks
- 8.2.30. Lease Caching
- 8.3. Host Reservations in DHCPv4
- 8.3.1. Address Reservation Types
- 8.3.2. Conflicts in DHCPv4 Reservations
- 8.3.3. Reserving a Hostname
- 8.3.4. Including Specific DHCPv4 Options in Reservations
- 8.3.5. Reserving Next Server, Server Hostname, and Boot File Name
- 8.3.6. Reserving Client Classes in DHCPv4
- 8.3.7. Storing Host Reservations in MySQL or PostgreSQL
- 8.3.8. Fine-Tuning DHCPv4 Host Reservation
- 8.3.9. Global Reservations in DHCPv4
- 8.3.10. Pool Selection with Client Class Reservations
- 8.3.11. Subnet Selection with Client Class Reservations
- 8.3.12. Multiple Reservations for the Same IP
- 8.4. Shared Networks in DHCPv4
- 8.5. Server Identifier in DHCPv4
- 8.6. How the DHCPv4 Server Selects a Subnet for the Client
- 8.7. Duplicate Addresses (DHCPDECLINE Support)
- 8.8. Statistics in the DHCPv4 Server
- 8.9. Management API for the DHCPv4 Server
- 8.10. User Contexts in IPv4
- 8.11. Supported DHCP Standards
- 8.12. DHCPv4 Server Limitations
- 8.13. Kea DHCPv4 Server Examples
- 8.14. Configuration Backend in DHCPv4
- 8.15. Kea DHCPv4 Compatibility Configuration Parameters
- 8.16. Address Allocation Strategies in DHCPv4
- 9. The DHCPv6 Server
- 9.1. Starting and Stopping the DHCPv6 Server
- 9.2. DHCPv6 Server Configuration
- 9.2.1. Introduction
- 9.2.2. Lease Storage
- 9.2.3. Hosts Storage
- 9.2.4. Interface Configuration
- 9.2.5. IPv6 Subnet Identifier
- 9.2.6. IPv6 Subnet Prefix
- 9.2.7. Unicast Traffic Support
- 9.2.8. Configuration of IPv6 Address Pools
- 9.2.9. Subnet and Prefix Delegation Pools
- 9.2.10. Prefix Exclude Option
- 9.2.11. Standard DHCPv6 Options
- 9.2.12. Common Softwire46 Options
- 9.2.13. Custom DHCPv6 Options
- 9.2.14. DHCPv6 Vendor-Specific Options
- 9.2.15. Nested DHCPv6 Options (Custom Option Spaces)
- 9.2.16. Unspecified Parameters for DHCPv6 Option Configuration
- 9.2.17. Controlling the Values Sent for T1 and T2 Times
- 9.2.18. IPv6 Subnet Selection
- 9.2.19. Rapid Commit
- 9.2.20. DHCPv6 Relays
- 9.2.21. Relay-Supplied Options
- 9.2.22. Client Classification in DHCPv6
- 9.2.23. DDNS for DHCPv6
- 9.2.24. DHCPv4-over-DHCPv6: DHCPv6 Side
- 9.2.25. Sanity Checks in DHCPv6
- 9.2.26. Storing Extended Lease Information
- 9.2.27. Multi-Threading Settings
- 9.2.28. Multi-Threading Settings With Different Database Backends
- 9.2.29. Lease Caching
- 9.3. Host Reservations in DHCPv6
- 9.3.1. Address/Prefix Reservation Types
- 9.3.2. Conflicts in DHCPv6 Reservations
- 9.3.3. Reserving a Hostname
- 9.3.4. Including Specific DHCPv6 Options in Reservations
- 9.3.5. Reserving Client Classes in DHCPv6
- 9.3.6. Storing Host Reservations in MySQL or PostgreSQL
- 9.3.7. Fine-Tuning DHCPv6 Host Reservation
- 9.3.8. Global Reservations in DHCPv6
- 9.3.9. Pool Selection with Client Class Reservations
- 9.3.10. Subnet Selection with Client Class Reservations
- 9.3.11. Multiple Reservations for the Same IP
- 9.4. Shared Networks in DHCPv6
- 9.5. Server Identifier in DHCPv6
- 9.6. DHCPv6 Data Directory
- 9.7. Stateless DHCPv6 (INFORMATION-REQUEST Message)
- 9.8. Support for RFC 7550 (now part of RFC 8415)
- 9.9. Using a Specific Relay Agent for a Subnet
- 9.10. Segregating IPv6 Clients in a Cable Network
- 9.11. MAC/Hardware Addresses in DHCPv6
- 9.12. Duplicate Addresses (DHCPDECLINE Support)
- 9.13. Statistics in the DHCPv6 Server
- 9.14. Management API for the DHCPv6 Server
- 9.15. User Contexts in IPv6
- 9.16. Supported DHCPv6 Standards
- 9.17. DHCPv6 Server Limitations
- 9.18. Kea DHCPv6 Server Examples
- 9.19. Configuration Backend in DHCPv6
- 9.20. Kea DHCPv6 Compatibility Configuration Parameters
- 9.21. Address Allocation Strategies in DHCPv6
- 10. Database Connectivity
- 11. Lease Expiration
- 12. Congestion Handling
- 13. The DHCP-DDNS Server
- 13.1. Overview
- 13.2. Starting and Stopping the DHCP-DDNS Server
- 13.3. Configuring the DHCP-DDNS Server
- 13.4. DHCP-DDNS Server Statistics
- 13.5. DHCP-DDNS Server Limitations
- 13.6. Supported Standards
- 14. The LFC Process
- 15. Client Classification
- 15.1. Client Classification Overview
- 15.2. Built-in Client Classes
- 15.3. Using Expressions in Classification
- 15.4. Configuring Classes
- 15.5. Using Static Host Reservations in Classification
- 15.6. Configuring Subnets With Class Information
- 15.7. Configuring Pools With Class Information
- 15.8. Using Classes
- 15.9. Classes and Hooks
- 15.10. Debugging Expressions
- 16. Hook Libraries
- 16.1. Introduction
- 16.2. Installing Hook Packages
- 16.3. Configuring Hook Libraries
- 16.4. Available Hook Libraries
- 16.5.
bootp
: Support for BOOTP Clients - 16.6.
cb_cmds
: Configuration Backend Commands- 16.6.1. Command Structure
- 16.6.2. Control Commands for DHCP Servers
- 16.6.3. Metadata
- 16.6.4. The
remote-server4-del
,remote-server6-del
Commands - 16.6.5. The
remote-server4-get
,remote-server6-get
Commands - 16.6.6. The
remote-server4-get-all
,remote-server6-get-all
Commands - 16.6.7. The
remote-server4-set
,remote-server6-set
Commands - 16.6.8. The
remote-global-parameter4-del
,remote-global-parameter6-del
Commands - 16.6.9. The
remote-global-parameter4-get
,remote-global-parameter6-get
Commands - 16.6.10. The
remote-global-parameter4-get-all
,remote-global-parameter6-get-all
Commands - 16.6.11. The
remote-global-parameter4-set
,remote-global-parameter6-set
Commands - 16.6.12. The
remote-network4-del
,remote-network6-del
Commands - 16.6.13. The
remote-network4-get
,remote-network6-get
Commands - 16.6.14. The
remote-network4-list
,remote-network6-list
Commands - 16.6.15. The
remote-network4-set
,remote-network6-set
Commands - 16.6.16. The
remote-option-def4-del
,remote-option-def6-del
Commands - 16.6.17. The
remote-option-def4-get
,remote-option-def6-get
Commands - 16.6.18. The
remote-option-def4-get-all
,remote-option-def6-get-all
Commands - 16.6.19. The
remote-option-def4-set
,remote-option-def6-set
Commands - 16.6.20. The
remote-option4-global-del
,remote-option6-global-del
Commands - 16.6.21. The
remote-option4-global-get
,remote-option6-global-get
Commands - 16.6.22. The
remote-option4-global-get-all
,remote-option6-global-get-all
Commands - 16.6.23. The
remote-option4-global-set
,remote-option6-global-set
Commands - 16.6.24. The
remote-option4-network-del
,remote-option6-network-del
Commands - 16.6.25. The
remote-option4-network-set
,remote-option6-network-set
Commands - 16.6.26. The
remote-option6-pd-pool-del
Command - 16.6.27. The
remote-option6-pd-pool-set
Command - 16.6.28. The
remote-option4-pool-del
,remote-option6-pool-del
Commands - 16.6.29. The
remote-option4-pool-set
,remote-option6-pool-set
Commands - 16.6.30. The
remote-option4-subnet-del
,remote-option6-subnet-del
Commands - 16.6.31. The
remote-option4-subnet-set
,remote-option6-subnet-set
Commands - 16.6.32. The
remote-subnet4-del-by-id
,remote-subnet6-del-by-id
Commands - 16.6.33. The
remote-subnet4-del-by-prefix
,remote-subnet6-del-by-prefix
Commands - 16.6.34. The
remote-subnet4-get-by-id
,remote-subnet6-get-by-id
Commands - 16.6.35. The
remote-subnet4-get-by-prefix
,remote-subnet6-get-by-prefix
Commands - 16.6.36. The
remote-subnet4-list
,remote-subnet6-list
Commands - 16.6.37. The
remote-subnet4-set
,remote-subnet6-set
Commands - 16.6.38. The
remote-class4-del
,remote-class6-del
Commands - 16.6.39. The
remote-class4-get
,remote-class6-get
Commands - 16.6.40. The
remote-class4-get-all
,remote-class6-get-all
Commands - 16.6.41. The
remote-class4-set
,remote-class6-set
Commands
- 16.7.
class_cmds
: Class Commands - 16.8.
ddns_tuning
: DDNS Tuning - 16.9.
flex_id
: Flexible Identifier for Host Reservations - 16.10.
flex_option
: Flexible Option Actions for Option Value Settings - 16.11.
gss-tsig
: Sign DNS Updates With GSS-TSIG - 16.12.
ha
: High Availability Outage Resilience for Kea Servers- 16.12.1. Supported Configurations
- 16.12.2. Clocks on Active Servers
- 16.12.3. HTTPS Support
- 16.12.4. Server States
- 16.12.5. Scope Transition in a Partner-Down Case
- 16.12.6. Load-Balancing Configuration
- 16.12.7. Load Balancing With Advanced Classification
- 16.12.8. Hot-Standby Configuration
- 16.12.9. Passive-Backup Configuration
- 16.12.10. Lease Information Sharing
- 16.12.11. Controlling Lease-Page Size Limit
- 16.12.12. Timeouts
- 16.12.13. Pausing the HA State Machine
- 16.12.14. Control Agent Configuration
- 16.12.15. Multi-Threaded Configuration (HA+MT)
- 16.12.16. Parked-Packet Limit
- 16.12.17. Controlled Shutdown and Maintenance of DHCP Servers
- 16.12.18. Upgrading From Older HA Versions
- 16.12.19. Control Commands for High Availability
- 16.12.19.1. The
ha-sync
Command - 16.12.19.2. The
ha-scopes
Command - 16.12.19.3. The
ha-continue
Command - 16.12.19.4. The
ha-heartbeat
Command - 16.12.19.5. The
status-get
Command - 16.12.19.6. The
ha-maintenance-start
Command - 16.12.19.7. The
ha-maintenance-cancel
Command - 16.12.19.8. The
ha-maintenance-notify
Command - 16.12.19.9. The
ha-reset
Command - 16.12.19.10. The
ha-sync-complete-notify
Command
- 16.12.19.1. The
- 16.13.
host_cache
: Host Cache Reservations for Improved Performance - 16.14.
host_cmds
: Host Commands- 16.14.1. The
subnet-id
Parameter - 16.14.2. The
reservation-add
Command - 16.14.3. The
reservation-get
Command - 16.14.4. The
reservation-get-all
Command - 16.14.5. The
reservation-get-page
command - 16.14.6. The
reservation-get-by-hostname
Command - 16.14.7. The
reservation-get-by-id
Command - 16.14.8. The
reservation-del
Command
- 16.14.1. The
- 16.15.
lease_cmds
: Lease Commands for Easier Lease Management- 16.15.1. The
lease4-add
,lease6-add
Commands - 16.15.2. The
lease6-bulk-apply
Command - 16.15.3. The
lease4-get
,lease6-get
Commands - 16.15.4. The
lease4-get-all
,lease6-get-all
Commands - 16.15.5. The
lease4-get-page
,lease6-get-page
Commands - 16.15.6. The
lease4-get-by-*
,lease6-get-by-*
Commands - 16.15.7. The
lease4-del
,lease6-del
Commands - 16.15.8. The
lease4-update
,lease6-update
Commands - 16.15.9. The
lease4-wipe
,lease6-wipe
Commands - 16.15.10. The
lease4-resend-ddns
,lease6-resend-ddns
Commands - 16.15.11. The
lease4-write
,lease6-write
Commands
- 16.15.1. The
- 16.16.
lease_query
: Leasequery Support - 16.17.
legal_log
: Forensic Logging - 16.18.
limits
: Limits to Manage Lease Allocation and Packet Processing - 16.19.
mysql_cb
: Configuration Backend for MySQL - 16.20.
pgsql_cb
: Configuration Backend for PostgreSQL - 16.21.
radius
: RADIUS Server Support - 16.22.
rbac
: Role-Based Access Control - 16.23.
run_script
: Run Script Support for External Hook Scripts - 16.24.
stat_cmds
: Statistics Commands for Supplemental Lease Statistics - 16.25.
subnet_cmds
: Subnet Commands to Manage Subnets and Shared Networks- 16.25.1. The
subnet4-list
Command - 16.25.2. The
subnet6-list
Command - 16.25.3. The
subnet4-get
Command - 16.25.4. The
subnet6-get
Command - 16.25.5. The
subnet4-add
Command - 16.25.6. The
subnet6-add
Command - 16.25.7. The
subnet4-update
Command - 16.25.8. The
subnet6-update
Command - 16.25.9. The
subnet4-del
Command - 16.25.10. The
subnet6-del
Command - 16.25.11. The
subnet4-delta-add
Command - 16.25.12. The
subnet6-delta-add
Command - 16.25.13. The
subnet4-delta-del
Command - 16.25.14. The
subnet6-delta-del
Command - 16.25.15. The
network4-list
,network6-list
Commands - 16.25.16. The
network4-get
,network6-get
Commands - 16.25.17. The
network4-add
,network6-add
Commands - 16.25.18. The
network4-del
,network6-del
Commands - 16.25.19. The
network4-subnet-add
,network6-subnet-add
Commands - 16.25.20. The
network4-subnet-del
,network6-subnet-del
Commands
- 16.25.1. The
- 16.26.
user_chk
: User Check
- 17. Statistics
- 17.1. Statistics Overview
- 17.2. Statistics Lifecycle
- 17.3. Commands for Manipulating Statistics
- 17.3.1. The
statistic-get
Command - 17.3.2. The
statistic-reset
Command - 17.3.3. The
statistic-remove
Command - 17.3.4. The
statistic-get-all
Command - 17.3.5. The
statistic-reset-all
Command - 17.3.6. The
statistic-remove-all
Command - 17.3.7. The
statistic-sample-age-set
Command - 17.3.8. The
statistic-sample-age-set-all
Command - 17.3.9. The
statistic-sample-count-set
Command - 17.3.10. The
statistic-sample-count-set-all
Command
- 17.3.1. The
- 17.4. Time Series
- 18. Management API
- 18.1. Data Syntax
- 18.2. Control Agent Command Response Format
- 18.3. Using the Control Channel
- 18.4. Commands Supported by Both the DHCPv4 and DHCPv6 Servers
- 18.4.1. The
build-report
Command - 18.4.2. The
config-get
Command - 18.4.3. The
config-reload
Command - 18.4.4. The
config-test
Command - 18.4.5. The
config-write
Command - 18.4.6. The
leases-reclaim
Command - 18.4.7. The
libreload
Command - 18.4.8. The
list-commands
Command - 18.4.9. The
config-set
Command - 18.4.10. The
shutdown
Command - 18.4.11. The
dhcp-disable
Command - 18.4.12. The
dhcp-enable
Command - 18.4.13. The
status-get
Command - 18.4.14. The
server-tag-get
Command: - 18.4.15. The
config-backend-pull
Command: - 18.4.16. The
version-get
Command
- 18.4.1. The
- 18.5. Commands Supported by the D2 Server
- 18.6. Commands Supported by the Control Agent
- 19. Logging
- 20. The Kea Shell
- 21. Integration With External Systems
- 21.1. YANG/NETCONF
- 21.1.1. Overview
- 21.1.2. Installing NETCONF
- 21.1.3. Compiling With NETCONF
- 21.1.4. Quick Sysrepo Overview
- 21.1.5. Supported YANG Models
- 21.1.6. Using the NETCONF Agent
- 21.1.7. Configuration
- 21.1.8. A
kea-netconf
Configuration Example - 21.1.9. Starting and Stopping the NETCONF Agent
- 21.1.10. A Step-by-Step NETCONF Agent Operation Example
- 21.1.10.1. Setup of NETCONF Agent Operation Example
- 21.1.10.2. Error Handling in NETCONF Operation Example
- 21.1.10.3. NETCONF Operation Example with Two Pools
- 21.1.10.4. NETCONF Operation Example with Two Subnets
- 21.1.10.5. NETCONF Operation Example with Logging
- 21.1.10.6. Migrating YANG Data from a prior Sysrepo version
- 21.2. GSS-TSIG
- 21.2.1. GSS-TSIG Overview
- 21.2.2. GSS-TSIG Compilation
- 21.2.3. GSS-TSIG Deployment
- 21.2.4. Using GSS-TSIG
- 21.2.5. GSS-TSIG Statistics
- 21.2.6. GSS-TSIG Commands
- 21.2.6.1. The
gss-tsig-get-all
Command - 21.2.6.2. The
gss-tsig-get
Command - 21.2.6.3. The
gss-tsig-list
Command - 21.2.6.4. The
gss-tsig-key-get
Command - 21.2.6.5. The
gss-tsig-key-expire
Command - 21.2.6.6. The
gss-tsig-key-del
Command - 21.2.6.7. The
gss-tsig-purge-all
Command - 21.2.6.8. The
gss-tsig-purge
Command - 21.2.6.9. The
gss-tsig-rekey-all
Command - 21.2.6.10. The
gss-tsig-rekey
Command
- 21.2.6.1. The
- 21.1. YANG/NETCONF
- 22. Monitoring Kea With Stork
- 23. Kea Security
- 23.1. TLS/HTTPS Support
- 23.2. Securing a Kea Deployment
- 23.2.1. Component-Based Design
- 23.2.2. Limiting Application Permissions
- 23.2.3. Securing Kea Administrative Access
- 23.2.4. Securing Database Connections
- 23.2.5. Information Leakage Through Logging
- 23.2.6. Cryptography Components
- 23.2.7. TSIG Signatures
- 23.2.8. Raw Socket Support
- 23.2.9. Remote Administrative Access
- 23.2.10. Authentication for Kea's RESTful API
- 23.3. Kea Security Processes