學校在純 IPv4 的環境時,採用 ISC-DHCP Server 來發放教學區域的私有 IP(10.10.xxx.xxx),並使用閘道 Fortigate 作 NAT 連接到 Internet。
採用 IPv6 後,原本是要使用 ISC-DHCPv6 來作為 IPv6 發放,結果 ISC-DHCPv6 架不起來。不過在查詢 DHCPv6 的過程中,發現 ISC(Internet System Consortium)已開發出下一代的 DHCP Server:Kea Dhcp Server。
Kea Dhcp Server 官網:https://www.isc.org/kea/
摘錄 https://www.itread01.com/content/1548712273.html 對 Kea DHCP Server 的介紹:
Kea DHCP Server 由 Internet Systems Consortium(ISC) 開發的開源 DHCPv4/DHCPv6 伺服器。Kea DHCP Server 是一個高效能的,可擴充套件的DHCP伺服器引擎。通過hooks library可以很容易的修改和擴充套件。
Kea包含的功能元件
keactrl — kea伺服器啟動,停止,配置重置和狀態查詢元件
kea-dhcp4 — DHCPv4伺服器程式,用於響應客戶端的DHCPv4查詢。
kea-dhcp6 — DHCPv6伺服器程式,用於響應客戶端的DHCPv6查詢。
kea-dhcp-ddns — DHCP動態DNS程式.這個程式在DHCP伺服器和DNS伺服器之間扮演者調解者。它接收來自DHCP伺服器域名更新請求和傳送DNS更新訊息給DNS伺服器。也就是說DDNS捕獲使用者每次變化的IP地址,然後將其與域名相對應,這樣其他上網使用者就可以通過域名來進行交流。而最終客戶所要記憶的全部,就是記住動態域名商給予的域名即可,而不用去管他們是如何實現的。
軟體執行環境
加密庫Botan或者OpenSSL
log4cplus 1.0.3+
如果有需要mysql,需要MySQL headers and libraries。可選(postgresql、cassandra類同)
選用 Kea DHCP Server 的原因,第一,提供 DHCPv4 和 DHCPv6,第二,可以使用資料庫儲存相關資訊,這樣子便可以多台 DHCP 伺服器共享同一發放資訊,所以目前將使用一台 Ubuntu 伺服器作為主要的 DCHP,而網頁/DNS 伺服器作為備援。
Kea DHCP 設定檔有三個:/etc/kea/kea-dhcp4.conf、kea-dhcp6.conf、kea-dhcp-ddns.conf,分別管理 DHCPv4、DHCPv6 和 DDNS(沒有用到)。
kea-dhcp4.conf 簡錄
{
"Dhcp4":
{
"interfaces-config": {
"interfaces": ["*"]
},
"lease-database": {
"host": "xxxx",
"type": "mysql",
"name": "xxxx",
"user": "xxxx",
"password": "xxxx"
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 7200,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"valid-lifetime": 14400,
"subnet4": [
{ "subnet": "10.10.10.0/24",
"pools": [ { "pool": "10.10.10.100 - 10.10.10.200" } ],
"option-data": [{
"name": "domain-name-servers",
"data": "1.1.1.3, 120.96.252.40"
}, {
"name": "routers",
"data": "10.10.10.254"
}],
"reservations": [
{
"hw-address": "00:14:fd:1a:79:71",
"ip-address": "10.10.10.10",
"hostname": "a5-nas-N2810PRO"
},
……
{
"hw-address": "ac:84:c6:71:ef:0d",
"ip-address": "10.10.10.111",
"hostname": "tplink-ac1200"
}
]
}
]
},
"option-data": [
{
"name": "domain-name-servers",
"data": "1.1.1.3, 120.96.252.40, 8.8.8.8",
"always-send": true
}
],
"Logging":
{
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea-dhcp4.log"
}
],
"severity": "ERROR",
"debuglevel": 0
},
]
}
}
kea-dhcp6.conf 簡錄:
{
"Dhcp6":
{
"interfaces-config": {
"interfaces": ["p2p1/2001:288:102b:a4::12"]
},
"lease-database": {
"type": "mysql",
"host": "xxxx",
"name": "xxxx",
"user": "xxxx",
"password": "xxxx"
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 7200,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"preferred-lifetime": 3000,
"valid-lifetime": 14400,
"renew-timer": 1000,
"rebind-timer": 2000,
"subnet6": [
{ "subnet": "2001:288:102b:a4::/64",
"pools": [ { "pool": "2001:288:102b:a4:1::1-2001:288:102b:a4:1::ffff" } ],
"option-data": [{
"name": "dns-servers",
"data": "2606:4700:4700::1113, 2001:288:102b::120:96:252:40, 2001:4860:4860::8888"
}]
},
……
{ "subnet": "2001:288:102b:bb20::/64",
"pools": [ { "pool": "2001:288:102b:bb20:1::1-2001:288:102b:bb20:1::ffff" } ],
"option-data": [{
"name": "dns-servers",
"data": "2606:4700:4700::1113, 2001:288:102b::120:96:252:40, 2001:4860:4860::8888"
}]
}
]
},
"option-data": [
{
"name": "dns-servers",
"data": "2606:4700:4700::1113, 2001:288:102b::120:96:252:40, 2001:4860:4860::8888",
"always-send": true
}
],
"Logging":
{
"loggers": [
{
"name": "kea-dhcp6",
"output_options": [
{
"output": "/var/log/kea-dhcp6.log"
}
],
"severity": "ERROR",
"debuglevel": 0
},
]
}
}
而以往使用 Webmin 來觀察 ISC-DHCP 發放情形,現在因為採用資料庫系統來儲存,可以自己寫 PHP 來列表:
參考資料:
採用 IPv6 後,原本是要使用 ISC-DHCPv6 來作為 IPv6 發放,結果 ISC-DHCPv6 架不起來。不過在查詢 DHCPv6 的過程中,發現 ISC(Internet System Consortium)已開發出下一代的 DHCP Server:Kea Dhcp Server。
Kea Dhcp Server 官網:https://www.isc.org/kea/
摘錄 https://www.itread01.com/content/1548712273.html 對 Kea DHCP Server 的介紹:
Kea DHCP Server 由 Internet Systems Consortium(ISC) 開發的開源 DHCPv4/DHCPv6 伺服器。Kea DHCP Server 是一個高效能的,可擴充套件的DHCP伺服器引擎。通過hooks library可以很容易的修改和擴充套件。
Kea包含的功能元件
keactrl — kea伺服器啟動,停止,配置重置和狀態查詢元件
kea-dhcp4 — DHCPv4伺服器程式,用於響應客戶端的DHCPv4查詢。
kea-dhcp6 — DHCPv6伺服器程式,用於響應客戶端的DHCPv6查詢。
kea-dhcp-ddns — DHCP動態DNS程式.這個程式在DHCP伺服器和DNS伺服器之間扮演者調解者。它接收來自DHCP伺服器域名更新請求和傳送DNS更新訊息給DNS伺服器。也就是說DDNS捕獲使用者每次變化的IP地址,然後將其與域名相對應,這樣其他上網使用者就可以通過域名來進行交流。而最終客戶所要記憶的全部,就是記住動態域名商給予的域名即可,而不用去管他們是如何實現的。
軟體執行環境
加密庫Botan或者OpenSSL
log4cplus 1.0.3+
如果有需要mysql,需要MySQL headers and libraries。可選(postgresql、cassandra類同)
選用 Kea DHCP Server 的原因,第一,提供 DHCPv4 和 DHCPv6,第二,可以使用資料庫儲存相關資訊,這樣子便可以多台 DHCP 伺服器共享同一發放資訊,所以目前將使用一台 Ubuntu 伺服器作為主要的 DCHP,而網頁/DNS 伺服器作為備援。
Kea DHCP 設定檔有三個:/etc/kea/kea-dhcp4.conf、kea-dhcp6.conf、kea-dhcp-ddns.conf,分別管理 DHCPv4、DHCPv6 和 DDNS(沒有用到)。
kea-dhcp4.conf 簡錄
{
"Dhcp4":
{
"interfaces-config": {
"interfaces": ["*"]
},
"lease-database": {
"host": "xxxx",
"type": "mysql",
"name": "xxxx",
"user": "xxxx",
"password": "xxxx"
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 7200,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"valid-lifetime": 14400,
"subnet4": [
{ "subnet": "10.10.10.0/24",
"pools": [ { "pool": "10.10.10.100 - 10.10.10.200" } ],
"option-data": [{
"name": "domain-name-servers",
"data": "1.1.1.3, 120.96.252.40"
}, {
"name": "routers",
"data": "10.10.10.254"
}],
"reservations": [
{
"hw-address": "00:14:fd:1a:79:71",
"ip-address": "10.10.10.10",
"hostname": "a5-nas-N2810PRO"
},
……
{
"hw-address": "ac:84:c6:71:ef:0d",
"ip-address": "10.10.10.111",
"hostname": "tplink-ac1200"
}
]
}
]
},
"option-data": [
{
"name": "domain-name-servers",
"data": "1.1.1.3, 120.96.252.40, 8.8.8.8",
"always-send": true
}
],
"Logging":
{
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea-dhcp4.log"
}
],
"severity": "ERROR",
"debuglevel": 0
},
]
}
}
kea-dhcp6.conf 簡錄:
{
"Dhcp6":
{
"interfaces-config": {
"interfaces": ["p2p1/2001:288:102b:a4::12"]
},
"lease-database": {
"type": "mysql",
"host": "xxxx",
"name": "xxxx",
"user": "xxxx",
"password": "xxxx"
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 7200,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"preferred-lifetime": 3000,
"valid-lifetime": 14400,
"renew-timer": 1000,
"rebind-timer": 2000,
"subnet6": [
{ "subnet": "2001:288:102b:a4::/64",
"pools": [ { "pool": "2001:288:102b:a4:1::1-2001:288:102b:a4:1::ffff" } ],
"option-data": [{
"name": "dns-servers",
"data": "2606:4700:4700::1113, 2001:288:102b::120:96:252:40, 2001:4860:4860::8888"
}]
},
……
{ "subnet": "2001:288:102b:bb20::/64",
"pools": [ { "pool": "2001:288:102b:bb20:1::1-2001:288:102b:bb20:1::ffff" } ],
"option-data": [{
"name": "dns-servers",
"data": "2606:4700:4700::1113, 2001:288:102b::120:96:252:40, 2001:4860:4860::8888"
}]
}
]
},
"option-data": [
{
"name": "dns-servers",
"data": "2606:4700:4700::1113, 2001:288:102b::120:96:252:40, 2001:4860:4860::8888",
"always-send": true
}
],
"Logging":
{
"loggers": [
{
"name": "kea-dhcp6",
"output_options": [
{
"output": "/var/log/kea-dhcp6.log"
}
],
"severity": "ERROR",
"debuglevel": 0
},
]
}
}
而以往使用 Webmin 來觀察 ISC-DHCP 發放情形,現在因為採用資料庫系統來儲存,可以自己寫 PHP 來列表:
參考資料:
留言
張貼留言