kea/doc/guide/dhcp6-srv.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY mdash  "&#x2014;" >
]>

  <chapter id="dhcp6">
    <title>The DHCPv6 Server</title>

    <section id="dhcp6-start-stop">
      <title>Starting and Stopping the DHCPv6 Server</title>

      <para>
      It is recommended that the Kea DHCPv6 server be started and stopped
      using <command>keactrl</command> (described in <xref linkend="keactrl"/>).
      However, it is also possible to run the server directly: it accepts
      the following command-line switches:
      </para>

      <itemizedlist>
          <listitem>
            <simpara>
            <command>-c <replaceable>file</replaceable></command> -
            specifies the configuration file. This is the only mandatory
            switch.</simpara>
          </listitem>
          <listitem>
            <simpara>
            <command>-d</command> - specifies whether the server
            logging should be switched to verbose mode. In verbose mode,
            the logging severity and debuglevel specified in the configuration
            file are ignored and "debug" severity and the maximum debuglevel
            (99) are assumed. The flag is convenient, for temporarily
            switching the server into maximum verbosity, e.g. when
            debugging.</simpara>
          </listitem>
          <listitem>
            <simpara>
            <command>-p <replaceable>port</replaceable></command> -
            specifies UDP port on which the server will listen. This is only
            useful during testing, as a DHCPv6 server listening on
            ports other than default DHCPv6 ports will not be able to
            handle regular DHCPv6 queries.</simpara>
          </listitem>
          <listitem>
            <simpara>
              <command>-v</command> - prints out Kea version and exits.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <command>-V</command> - prints out Kea extended version with
              additional parameters and exits.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <command>-W</command> - prints out Kea configuration report
              and exits.
            </simpara>
          </listitem>
      </itemizedlist>

      <para>
            The <command>-V</command> command returns the versions of the
            external libraries dynamically linked.
      </para>

      <para>
            The <command>-W</command> command describes the environment used
            to build Kea.  This command displays a copy of the
            <filename>config.report</filename> file produced by
            <userinput>./configure</userinput> that is embedded in the
            executable binary.
      </para>

      <para>
            The <filename>config.report</filename> may also be accessed more
            directly.  The following command may be used to extract this
            information.  The binary <userinput>path</userinput> may be found
            in the install directory or in the <filename>.libs</filename>
            subdirectory in the source tree. For example
            <filename>kea/src/bin/dhcp6/.libs/kea-dhcp6</filename>.

<screen>
strings <userinput>path</userinput>/kea-dhcp6 | sed -n 's/;;;; //p'
</screen>
      </para>

      <para>
            When running in a console, the server can be shut down by
            pressing ctrl-c. It detects the key combination and shuts
            down gracefully.
      </para>

      <para>
        On start-up, the server will detect available network interfaces
        and will attempt to open UDP sockets on all interfaces
        mentioned in the configuration file.
      </para>

      <para>
        Since the DHCPv6 server opens privileged ports, it requires root
        access. Make sure you run this daemon as root.
      </para>

      <para>
        During startup the server will attempt to create a PID file of the
        form: [localstatedir]/[conf name].kea-dhcp6.pid
        where:
        <itemizedlist>
            <listitem>
            <simpara><command>localstatedir</command>: The value as passed into the
            build configure script. It defaults to "/usr/local/var".  Note
            that this value may be overridden at run time by setting the environment
            variable KEA_PIDFILE_DIR.  This is intended primarily for testing purposes.
            </simpara>
            </listitem>
            <listitem>
            <simpara><command>conf name</command>: The configuration file name
            used to start the server, minus all preceding path and file extension.
            For example, given a pathname of "/usr/local/etc/kea/myconf.txt", the
            portion used would be "myconf".
            </simpara>
            </listitem>
        </itemizedlist>
        If the file already exists and contains the PID of a live process,
        the server will issue a DHCP6_ALREADY_RUNNING log message and exit. It
        is possible, though unlikely, that the file is a remnant of a system crash
        and the process to which the PID belongs is unrelated to Kea.  In such a
        case it would be necessary to manually delete the PID file.
      </para>
    </section>

    <section id="dhcp6-configuration">
      <title>DHCPv6 Server Configuration</title>


<section>
  <title>Introduction</title>
      <para>
        This section explains how to configure the DHCPv6 server using the
        Kea configuration backend. (Kea configuration using any other
        backends is outside of scope of this document.) Before DHCPv6
        is started, its configuration file has to be created. The
        basic configuration looks as follows:
<screen>
{
# DHCPv6 configuration starts on the next line
"Dhcp6": {

# First we set up global values
    "renew-timer": 1000,
    "rebind-timer": 2000,
    "preferred-lifetime": 3000,
    "valid-lifetime": 4000,

# Next we setup the interfaces to be used by the server.
    "interfaces-config": {
        "interfaces": [ "eth0" ]
    },

# And we specify the type of a lease database
    "lease-database": {
        "type": "memfile",
        "persist": true,
        "name": "/var/kea/dhcp6.leases"
    },

# Finally, we list the subnets from which we will be leasing addresses.
    "subnet6": [
        {
            "subnet": "2001:db8:1::/64",
            "pools": [
                 {
                     "pool": "2001:db8:1::1-2001:db8:1::ffff"
                 }
             ]
        }
    ]
# DHCPv6 configuration ends with the next line
}

} </screen>
</para>

<para>The following paragraphs provide a brief overview of the parameters in
the above example and
their format. Subsequent sections of this chapter go into much greater detail
for these and other parameters.</para>

<para>The lines starting with a hash (#) are comments and are ignored by
the server; they do not impact its
operation in any way.</para>

<para>The configuration starts in the first line with the initial
opening curly bracket (or brace). Each configuration consists of
one or more objects. In this specific example, we have only one
object called Dhcp6. This is a simplified configuration, as usually
there will be additional objects, like <command>Logging</command> or
<command>DhcpDns</command>, but we omit them now for clarity. The Dhcp6
configuration starts with the <command>"Dhcp6": {</command> line
and ends with the corresponding closing brace (in the above example,
the brace after the last comment).  Everything defined between those
lines is considered to be the Dhcp6 configuration.</para>

<para>In the general case, the order in which those parameters appear does not
matter. There are two caveats here though. The first one is to remember that
the configuration file must be well formed JSON. That means that parameters
for any given scope must be separated by a comma and there must not be a comma
after the last parameter. When reordering a configuration file, keep in mind that
moving a parameter to or from the last position in a given scope may require
moving the comma as well. The second caveat is that it is uncommon &mdash; although
legal JSON &mdash; to
repeat the same parameter multiple times. If that happens, the last occurrence of a
given parameter in a given scope is used while all previous instances are
ignored. This is unlikely to cause any confusion as there are no real life
reasons to keep multiple copies of the same parameter in your configuration
file.</para>

<para>Moving onto the DHCPv6 configuration elements, the very first few elements
define some global parameters. <command>valid-lifetime</command>
defines for how long the addresses (leases) given out by the server are valid. If
nothing changes, a client that got an address is allowed to use it for 4000
seconds. (Note that integer numbers are specified as is, without any quotes
around them.) The address will become deprecated in 3000 seconds (clients are
allowed to keep old connections, but can't use this address for creating new
connections). <command>renew-timer</command> and <command>
rebind-timer</command> are values that define T1 and T2 timers that govern when
the client will begin the renewal and rebind procedures.</para>

<para>The <command>interfaces-config</command> map specifies the server
configuration concerning the network interfaces, on which the server should
listen to the DHCP messages. The <command>interfaces</command> parameter
specifies a list of network interfaces on which the server should listen.
Lists are opened and closed with square brackets, with elements separated
by commas. Had we wanted to listen on two interfaces, the
<command>interfaces-config</command> would look like this:
<screen>
"interfaces-config": {
    "interfaces": [ "eth0", "eth1" ]
},
</screen>
</para>

<para>The next couple of lines define the lease database, the place where the server
stores its lease information. This particular example tells the server to use
<command>memfile</command>, which is the simplest (and fastest) database
backend. It uses an in-memory database and stores leases on disk in a CSV
file. This is a very simple configuration. Usually, lease database configuration
is more extensive and contains additional parameters.  Note that
<command>lease-database</command>
is an object and opens up a new scope, using an opening brace.
Its parameters (just one in this example -- <command>type</command>)
follow. Had there been more than one, they would be separated by commas. This
scope is closed with a closing brace. As more parameters follow, a trailing
comma is present.</para>

<para>Finally, we need to define a list of IPv6 subnets. This is the
most important DHCPv6 configuration structure as the server uses that
information to process clients' requests. It defines all subnets from
which the server is expected to receive DHCP requests. The subnets are
specified with the <command>subnet6</command> parameter.  It is a list,
so it starts and ends with square brackets.  Each subnet definition in
the list has several attributes associated with it, so it is a structure
and is opened and closed with braces. At minimum, a subnet definition
has to have at least two parameters: <command>subnet</command> (that
defines the whole subnet) and <command>pool</command> (which is a list of
dynamically allocated pools that are governed by the DHCP server).</para>

<para>The example contains a single subnet. Had more than one been defined,
additional elements
in the <command>subnet6</command> parameter would be specified and
separated by commas. For example, to define two subnets, the following
syntax would be used:
<screen>
"subnet6": [
    {
        "pools": [
        {
            "pool": "2001:db8:1::/112"
        }
        ],
        "subnet": "2001:db8:1::/64"
    },
    {
        "pools": [ { "pool": "2001:db8:2::1-2001:db8:2::ffff" } ],
        "subnet": "2001:db8:2::/64",
        "interface": "eth0"
    }
]
</screen>
Note that indentation is optional and is used for aesthetic purposes only.
In some cases in may be preferable to use more compact notation.
</para>


<para>After all parameters are specified, we have two contexts open:
global and Dhcp6, hence we need two closing curly brackets to close them.
In a real life configuration file there most likely would be additional
components defined such as Logging or DhcpDdns, so the closing brace would
be followed by a comma and another object definition.</para>

</section>

<section>
  <title>Lease Storage</title>
  <para>All leases issued by the server are stored in the lease database.
  Currently there are three database backends available:
  memfile (which is the default backend), MySQL and PostgreSQL.</para>
<section>
  <title>Memfile, Basic Storage for Leases</title>

  <para>The server is able to store lease data in different repositories. Larger
  deployments may elect to store leases in a database. <xref
  linkend="database-configuration6"/> describes this option. In typical
  smaller deployments though, the server will use a CSV file rather than a database to
  store lease information. As well as requiring less administration, an
  advantage of using a file for storage is that it
  eliminates a dependency on third-party database software.</para>

  <para>The configuration of the file backend (Memfile) is controlled through
  the Dhcp6/lease-database parameters. The <command>type</command> parameter
  is mandatory and it specifies which storage for leases the server should use.
  The value of <userinput>"memfile"</userinput> indicates that the file should
  be used as the storage. The following list presents the remaining, not mandatory
  parameters, which can be used to configure the Memfile backend.

  <itemizedlist>
    <listitem>
      <simpara><command>persist</command>: controls whether the new leases and
      updates to existing leases are written to the file. It is strongly
      recommended that the value of this parameter is set to
      <userinput>true</userinput> at all times, during the server's normal
      operation. Not writing leases to disk will mean that if a server is restarted
      (e.g. after a power failure), it will not know what addresses have been
      assigned.  As a result, it may hand out addresses to new clients that are
      already in use. The value of <userinput>false</userinput> is mostly useful
      for performance testing purposes. The default value of the
      <command>persist</command> parameter is <userinput>true</userinput>,
      which enables writing lease updates
      to the lease file.
      </simpara>
    </listitem>

    <listitem>
      <simpara><command>name</command>: specifies an absolute location of the lease
      file in which new leases and lease updates will be recorded. The default value
      for this parameter is <userinput>"[kea-install-dir]/var/kea/kea-leases6.csv"
      </userinput>.</simpara>
    </listitem>

    <listitem>
      <simpara><command>lfc-interval</command>: specifies the interval in seconds, at
      which the server (Memfile backend) will perform a lease file cleanup (LFC),
      which removes the redundant (historical) information from the lease file
      and effectively reduces the lease file size. The cleanup process is described
      in more detailed fashion further in this section. The default value of the
      <command>lfc-interval</command> is <userinput>0</userinput>, which disables
      the LFC.</simpara>
    </listitem>

  </itemizedlist>
  </para>

  <para>The example configuration of the Memfile backend is presented below:

<screen>
"Dhcp6": {
    "lease-database": {
        <userinput>"type": "memfile"</userinput>,
        <userinput>"persist": true</userinput>,
        <userinput>"name": "/tmp/kea-leases6.csv"</userinput>,
        <userinput>"lfc-interval": 1800</userinput>
    }
}
</screen>
  </para>

  <para>It is important to know how the lease file contents are organized
  to understand why the periodic lease file cleanup is needed. Every time when
  the server updates a lease or creates a new lease for the client, the new
  lease information must be recorded in the lease file. For performance reasons,
  the server does not supersede the existing client's lease, as it would require
  the lookup of the specific lease entry, but simply appends the new lease
  information at the end of the lease file. The previous lease entries for the
  client are not removed. When the server loads leases from the lease file, e.g.
  at the server startup, it assumes that the latest lease entry for the client
  is the valid one. The previous entries are discarded. This means that the
  server can re-construct the accurate information about the leases even though
  there may be many lease entries for each client. However, storing many entries
  for each client results in bloated lease file and impairs the performance of
  the server's startup and reconfiguration, as it needs to process larger number
  of lease entries.
  </para>

  <para>The lease file cleanup removes all previous entries for each client and
  leaves only the latest ones. The interval at which the cleanup is performed
  is configurable, and it should be selected according to the frequency of lease
  renewals initiated by the clients. The more frequent renewals are, the lesser
  value of the <command>lfc-interval</command> should be. Note however, that the
  LFC takes time and thus it is possible (although unlikely) that new cleanup
  is started while the previous cleanup instance is still running, if the
  <command>lfc-interval</command> is too short. The server would recover from
  this by skipping the new cleanup when it detects that the previous cleanup
  is still in progress. But, this implies that the actual cleanups will be
  triggered more rarely than configured. Moreover, triggering a new cleanup
  adds an overhead to the server, which will not be able to respond to new
  requests for a short period of time when the new cleanup process is spawned.
  Therefore, it is recommended that the <command>lfc-interval</command> value
  is selected in a way that would allow for completing the cleanup before the
  new cleanup is triggered.
  </para>

  <para>The LFC is performed by a separate process (in background) to avoid
  performance impact on the server process. In order to avoid the conflicts
  between the two processes both using the same lease files, the LFC process
  operates on the copy of the original lease file, rather than on the lease
  file used by the server to record lease updates. There are also other files
  being created as a side effect of the lease file cleanup. The detailed
  description of the LFC is located on the Kea wiki:
  <ulink url="http://kea.isc.org/wiki/LFCDesign"/>.
  </para>
</section>

<section id="database-configuration6">
  <title>Lease Database Configuration</title>

  <note>
    <para>Lease database access information must be configured for the DHCPv6 server,
    even if it has already been configured for the DHCPv4 server.  The servers
    store their information independently, so each server can use a separate
    database or both servers can use the same database.</para>
  </note>

  <para>Lease database configuration is controlled through the
  Dhcp6/lease-database parameters. The type of the database must be set to
  "memfile", "mysql" or "postgresql", e.g.
<screen>
"Dhcp6": { "lease-database": { <userinput>"type": "mysql"</userinput>, ... }, ... }
</screen>
  Next, the name of the database is to hold the leases must be set: this is the
  name used when the lease database was created (see <xref linkend="mysql-database-create"/>
  or <xref linkend="pgsql-database-create"/>).
<screen>
"Dhcp6": { "lease-database": { <userinput>"name": "<replaceable>database-name</replaceable>" </userinput>, ... }, ... }
</screen>
  If the database is located on a different system than the DHCPv6 server, the
  database host name must also be specified (although it should be noted that this
  configuration may have a severe impact on server performance):
<screen>
"Dhcp6": { "lease-database": { <userinput>"host": <replaceable>remote-host-name</replaceable></userinput>, ... }, ... }
</screen>
  The usual state of affairs will be to have the database on the same machine as
  the DHCPv6 server.  In this case, set the value to the empty string:
<screen>
"Dhcp6": { "lease-database": { <userinput>"host" : ""</userinput>, ... }, ... }
</screen>
  Should the database be located on a different system, you may need to specify a longer interval
  for the connection timeout:
<screen>
"Dhcp6": { "lease-database": { <userinput>"connect-timeout" : <replaceable>timeout-in-seconds</replaceable></userinput>, ... }, ... }
</screen>
The default value of five seconds should be more than adequate for local connections.
If a timeout is given though, it should be an integer greater than zero.
  </para>
  <para>Finally, the credentials of the account under which the server will
  access the database should be set:
<screen>
"Dhcp6": { "lease-database": { <userinput>"user": "<replaceable>user-name</replaceable>"</userinput>,
                               <userinput>"password": "<replaceable>password</replaceable>"</userinput>,
                              ... },
           ... }
</screen>
  If there is no password to the account, set the password to the empty string
  "". (This is also the default.)</para>
</section>
</section>

<!-- Uncomment this once 4212 is merged. While the host storage for
     MySQL is there, it is able to store hosts, but not IPv6
     reservations. So technically we have host reservations for v6 in
     MySQL, but in practice it's kinda useless right now as it can't
     store addresses or prefixes. Let's keep it commented out until
     we implement that functionality

<section>
  <title>Hosts Storage</title>

    <note>
      <para>This feature did not undergo the regular system level
      testing conducted by ISC. As such, please treat it as
      experimental.</para>
    </note>

    <para>Kea is also able to store information about host reservations in the
    database. Hosts database configuration uses the same syntax as lease
    database. In fact, Kea server opens independent connections for each
    purpose, be it lease or hosts information. This gives the solution most
    flexibility. Kea can be used to keep leases and host reservations
    separately, but can also point to the same database. Currently the only
    supported hosts database type is MySQL.</para>

    <para>Please note that usage of hosts storage is optional. User can define
    all host reservations in the configuration file. That is the recommended way
    if the number of reservations is small. However, with the number of
    reservations growing it's more convenient to use host storage. Please note
    that both storages (configuration file and MySQL) can be used together. If
    hosts are defined in both places, the definitions from configuration file
    are checked first and external storage is checked later, if
    necessary.</para>

    <para>All hosts leases issued by the server are stored in the hosts
    database. Currently there is only one available backend: MySQL. Other host
    backends will become available in future Kea versions.</para>

<section id="hosts-database-configuration6">
  <title>IPv6 Hosts Database Configuration</title>

  <para>Hosts database configuration is controlled through the Dhcp6/hosts-database
  parameters. If enabled, the type of the database must be set to "mysql". Other
  hosts backends may be added in later Kea versions.
<screen>
"Dhcp6": { "hosts-database": { <userinput>"type": "mysql"</userinput>, ... }, ... }
</screen>
  Next, the name of the database to hold the leases must be set: this is the
  name used when the lease database was created (see <xref linkend="mysql-database-create"/>).
<screen>
"Dhcp6": { "hosts-database": { <userinput>"name": "<replaceable>database-name</replaceable>" </userinput>, ... }, ... }
</screen>
  If the database is located on a different system to the DHCPv6 server, the
  database host name must also be specified (although it should be noted that this
  configuration may have a severe impact on server performance):
<screen>
"Dhcp6": { "hosts-database": { <userinput>"host": <replaceable>remote-host-name</replaceable></userinput>, ... }, ... }
</screen>
  The usual state of affairs will be to have the database on the same machine as
  the DHCPv6 server.  In this case, set the value to the empty string:
<screen>
"Dhcp6": { "hosts-database": { <userinput>"host" : ""</userinput>, ... }, ... }
</screen>
  </para>
  <para>Finally, the credentials of the account under which the server will
  access the database should be set:
<screen>
"Dhcp6": { "hosts-database": { <userinput>"user": "<replaceable>user-name</replaceable>"</userinput>,
                               <userinput>"password": "<replaceable>password</replaceable>"</userinput>,
                              ... },
           ... }
</screen>
  If there is no password to the account, set the password to the empty string
  "". (This is also the default.)</para>
</section>
</section>
-->

<section id="dhcp6-interface-selection">
  <title>Interface selection</title>
  <para>The DHCPv6 server has to be configured to listen on specific network
  interfaces.  The simplest network interface configuration instructs the server to
  listen on all available interfaces:
  <screen>
"Dhcp6": {
    "interfaces-config": {
        "interfaces": [ <userinput>"*"</userinput> ]
    }
    ...
}
</screen>
  The asterisk plays the role of a wildcard and means "listen on all interfaces".
  However, it is usually a good idea to explicitly specify interface names:
  <screen>
"Dhcp6": {
    "interfaces-config": {
        "interfaces": [ <userinput>"eth1", "eth3"</userinput> ]
    },
    ...
}
  </screen>
</para>
  <para>It is possible to use wildcard interface name (asterisk) concurrently
  with the actual interface names:
  <screen>
"Dhcp6": {
    "interfaces-config": {
        "interfaces": [ <userinput>"eth1", "eth3", "*"</userinput> ]
    },
    ...
}
  </screen>
It is anticipated that this will form of usage only be used where it is desired to
temporarily override a list of interface names and listen on all interfaces.
  </para>
</section>

    <section id="ipv6-subnet-id">
      <title>IPv6 Subnet Identifier</title>
      <para>
        The subnet identifier is a unique number associated with a particular subnet.
        In principle, it is used to associate clients' leases with respective subnets.
        When the subnet identifier is not specified for a subnet being configured, it will
        be automatically assigned by the configuration mechanism. The identifiers
        are assigned from 1 and are monotonically increased for each subsequent
        subnet: 1, 2, 3 ....
      </para>
      <para>
       If there are multiple subnets configured with auto-generated identifiers and
       one of them is removed, the subnet identifiers may be renumbered. For example:
       if there are four subnets and the third is removed the last subnet will be assigned
       the identifier that the third subnet had before removal. As a result, the leases
       stored in the lease database for subnet 3 are now associated with
       subnet 4, which may have unexpected consequences. In the future it is planned
       to implement a mechanism to preserve auto-generated subnet ids upon removal
       of one of the subnets. Currently, the only remedy for this issue is to
       manually specify a unique subnet identifier for each subnet.
      </para>

      <para>
        The following configuration will assign the specified subnet
        identifier to the newly configured subnet:

        <screen>
"Dhcp6": {
    "subnet6": [
        {
            "subnet": "2001:db8:1::/64",
            <userinput>"id": 1024</userinput>,
            ...
        }
    ]
}
</screen>
        This identifier will not change for this subnet unless the "id" parameter is
        removed or set to 0. The value of 0 forces auto-generation of the subnet
        identifier.
      </para>
      <!-- @todo: describe whether database needs to be updated after changing
      id -->
    </section>

    <section id="dhcp6-unicast">
      <title>Unicast traffic support</title>
      <para>
        When the DHCPv6 server starts, by default it listens to the DHCP traffic
        sent to multicast address ff02::1:2 on each interface that it is
        configured to listen on (see <xref linkend="dhcp6-interface-selection"/>).
        In some cases it is useful to configure a server to handle incoming
        traffic sent to the global unicast addresses as well. The most common
        reason for that is to have relays send their traffic to the server
        directly. To configure the server to listen on a specific unicast address, the
        notation to specify interfaces has been extended.  An interface name can be
        optionally followed by a slash, followed by the global unicast address on which
        the server should listen. This will be done in addition to normal
        link-local binding + listening on ff02::1:2 address. The sample configuration
        below shows how to listen on 2001:db8::1 (a global address)
        configured on the eth1 interface.
      </para>
      <para>
 <screen>
"Dhcp6": {
    "interfaces-config": {
        "interfaces": [ <userinput>"eth1/2001:db8::1"</userinput> ]
    },
    ...
}
 </screen>

        This configuration will cause the server to listen on
        eth1 on link-local address, multicast group (ff02::1:2) and 2001:db8::1.
      </para>
      <para>
        It is possible to mix interface names, wildcards and interface name/addresses
        on the list of interfaces. It is not possible to specify more than one
        unicast address on a given interface.
      </para>
      <para>
        Care should be taken to specify proper unicast addresses. The server will
        attempt to bind to those addresses specified, without any additional checks.
        This approach is selected on purpose, so the software can be used to
        communicate over uncommon addresses if the administrator so desires.
      </para>
    </section>

    <section id="dhcp6-address-config">
      <title>Subnet and Address Pool</title>
      <para>
        The essential role of a DHCPv6 server is address assignment. For this,
        the server has to be configured with at least one subnet and one pool of dynamic
        addresses to be managed. For example, assume that the server
        is connected to a network segment that uses the 2001:db8:1::/64
        prefix. The Administrator of that network has decided that addresses from range
        2001:db8:1::1 to 2001:db8:1::ffff are going to be managed by the Dhcp6
        server. Such a configuration can be achieved in the following way:
        <screen>
"Dhcp6": {
    <userinput>"subnet6": [
       {
           "subnet": "2001:db8:1::/64",
           "pools": [
               {
                   "pool": "2001:db8:1::1-2001:db8:1::ffff"
               }
           ],
           ...
       }
    ]</userinput>
}</screen>

        Note that subnet is defined as a simple string, but the pool parameter
        is actually a list of pools: for this reason, the pool definition is
        enclosed in square brackets, even though only one range of addresses
        is specified.</para>

        <para>Each <command>pool</command> is a structure that contains the
        parameters that describe a single pool. Currently there is only one
        parameter, <command>pool</command>, which gives the range of addresses
        in the pool. Additional parameters will be added in future releases of
        Kea.</para>

        <para>It is possible to define more than one pool in a
        subnet: continuing the previous example, further assume that
        2001:db8:1:0:5::/80 should also be managed by the server. It could be written as
        2001:db8:1:0:5:: to 2001:db8:1::5:ffff:ffff:ffff, but typing so many 'f's
        is cumbersome. It can be expressed more simply as 2001:db8:1:0:5::/80. Both
        formats are supported by Dhcp6 and can be mixed in the pool list.
        For example, one could define the following pools:
        <screen>
"Dhcp6": {
    <userinput>"subnet6": [
    {
        "subnet": "2001:db8:1::/64",
        "pools": [
            { "pool": "2001:db8:1::1-2001:db8:1::ffff" },
            { "pool": "2001:db8:1:05::/80" }
        ]</userinput>,
        ...
    }
    ]
}</screen>
        The number of pools is not limited, but for performance reasons it is recommended to
        use as few as possible.
      </para>
      <para>
         The server may be configured to serve more than one subnet. To add a second subnet,
         use a command similar to the following:
        <screen>
"Dhcp6": {
    <userinput>"subnet6": [
    {
        "subnet": "2001:db8:1::/64",
        "pools": [
            { "pool": "2001:db8:1::1-2001:db8:1::ffff" }
        ]
    },
    {
        "subnet": "2001:db8:2::/64",
        "pools": [
            { "pool": "2001:db8:2::/64" }
        ]
    },
</userinput>
        ...
    ]
}</screen>
        In this example, we allow the server to
        dynamically assign all addresses available in the whole subnet. Although
        rather wasteful, it is certainly a valid configuration to dedicate the
        whole /64 subnet for that purpose. Note that the Kea server does not preallocate
        the leases, so there is no danger in using gigantic address pools.
      </para>
      <para>
        When configuring a DHCPv6 server using prefix/length notation, please pay
        attention to the boundary values. When specifying that the server can use
        a given pool, it will also be able to allocate the first (typically network
        address) address from that pool. For example for pool 2001:db8:2::/64 the
        2001:db8:2:: address may be assigned as well. If you want to avoid this,
        use the "min-max" notation.
      </para>
    </section>

    <section>
<!-- @todo: add real meat to the prefix delegation config this is just place holder stuff -->
      <title>Subnet and Prefix Delegation Pools</title>
      <para>
        Subnets may also be configured to delegate prefixes, as defined in
            <ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink>.
        A subnet may have one or more prefix delegation pools.  Each pool has
        a prefixed address, which is specified as a prefix and a prefix length,
        as well as a delegated prefix length. <command>delegated-len</command>
            must not be shorter (that is it must be numerically greater or equal)
            than <command>prefix-len</command>.
            If both <command>delegated-len</command>
            and <command>prefix-len</command> are equal, the server will be able to
            delegate only one prefix. The delegated <command>prefix</command> does
        not have to match the <command>subnet</command> prefix.
      </para>
      <para> Below is a sample subnet configuration which enables prefix
      delegation for the subnet:
      <screen>
"Dhcp6": {
    "subnet6": [
        {
            "subnet": "2001:d8b:1::/64",
            <userinput>"pd-pools": [
                {
                    "prefix": "3000:1::",
                    "prefix-len": 64,
                    "delegated-len": 96
                }
            ]</userinput>
        }
    ],
    ...
}</screen>
      </para>
    </section>

    <section id="dhcp6-std-options">
      <title>Standard DHCPv6 options</title>
      <para>
        One of the major features of a DHCPv6 server is to provide configuration
        options to clients.  Although there are several options that require
        special behavior, most options are sent by the server only if the client
        explicitly requests them.  The following example shows how to
        configure DNS servers, which is one of the most frequently used
        options.  Numbers in the first column are added for easier reference and
        will not appear on screen.  Options specified in this way are considered
        global and apply to all configured subnets.

        <screen>
"Dhcp6": {
    "option-data": [
        {
           <userinput>"name": "dns-servers",
           "code": 23,
           "space": "dhcp6",
           "csv-format": true,
           "data": "2001:db8::cafe, 2001:db8::babe"</userinput>
        },
        ...
    ]
}
</screen>
      </para>

    <para>
      The <command>option-data></command> line creates a new entry in
      the option-data table.  This table contains
      information on all global options that the server is supposed to configure
      in all subnets.  The <command>name</command> line specifies the option name.
      (For a complete list
      of currently supported names, see <xref
      linkend="dhcp6-std-options-list"/>.)  The next line specifies the option code,
      which must match one of the values from that list. The line beginning with
      <command>space</command> specifies the option space, which must always be set
      to "dhcp6" as these are standard DHCPv6 options.  For other name spaces,
      including custom option spaces, see <xref
      linkend="dhcp6-option-spaces"/>. The next line specifies the format in
      which the data will be entered: use of CSV (comma separated values) is
      recommended. The <command>data</command> line gives the actual value to be sent to
      clients.  Data is specified as normal text, with values separated by
      commas if more than one value is allowed.
    </para>

    <para>
      Options can also be configured as hexadecimal values.  If "csv-format" is
      set to false, the option data must be specified as a string of hexadecimal
      numbers.  The
      following commands configure the DNS-SERVERS option for all
      subnets with the following addresses: 2001:db8:1::cafe and
      2001:db8:1::babe.
        <screen>
"Dhcp6": {
    "option-data": [
        {
           <userinput>"name": "dns-servers",
           "code": 23,
           "space": "dhcp6",
           "csv-format": false,
           "data": "2001 0DB8 0001 0000 0000 0000 0000 CAFE
                    2001 0DB8 0001 0000 0000 0000 0000 BABE"</userinput>
        },
        ...
    ]
}
</screen>

       The value for the setting of the "data" element is split across two
       lines in this document for clarity: when entering the command, the
       whole string should be entered on the same line.  Care should be taken
       to use proper encoding when using hexadecimal format as Kea's ability
       to validate data correctness in hexadecimal is limited.
      </para>

      <para>
        Most of the parameters in the "option-data" structure are optional and
        can be omitted in some circumstances as discussed in the
        <xref linkend="dhcp6-option-data-defaults"/>.
      </para>


    <para>
      It is possible to override options on a per-subnet basis.  If
      clients connected to most of your subnets are expected to get the
      same values of a given option, you should use global options: you
      can then override specific values for a small number of subnets.
      On the other hand, if you use different values in each subnet,
      it does not make sense to specify global option values
      (Dhcp6/option-data), rather you should set only subnet-specific values
      (Dhcp6/subnet[X]/option-data[Y]).
     </para>
     <para>
      The following commands override the global
      DNS servers option for a particular subnet, setting a single DNS
      server with address 2001:db8:1::3.
<screen>
"Dhcp6": {
    "subnet6": [
        {
            <userinput>"option-data": [
                {
                    "name": "dns-servers",
                    "code": 23,
                    "space": "dhcp6",
                    "csv-format": true,
                    "data": "2001:db8:1::3"
                },
                ...
            ]</userinput>,
            ...
        },
        ...
    ],
    ...
}
</screen>
    </para>

    <para>
      The currently supported standard DHCPv6 options are
      listed in <xref linkend="dhcp6-std-options-list"/>.
      The "Name" and "Code"
      are the values that should be used as a name in the option-data
      structures. "Type" designates the format of the data: the meanings of
      the various types is given in <xref linkend="dhcp-types"/>.
    </para>
    <para>
      Experimental options (like standard options but with a code
      which was not assigned by IANA) are listed in
      <xref linkend="dhcp6-exp-options-list"/>.
    </para>
    <para>
      Some options are designated as arrays, which means that more than one
      value is allowed in such an option. For example the option dns-servers
      allows the specification of more than one IPv6 address, allowing
      clients to obtain the addresses of multiple DNS servers.
    </para>

<!-- @todo: describe record types -->

      <para>
        The <xref linkend="dhcp6-custom-options"/> describes the configuration
        syntax to create custom option definitions (formats). It is generally not
        allowed to create custom definitions for standard options, even if the
        definition being created matches the actual option format defined in the
        RFCs. There is an exception from this rule for standard options for which
        Kea does not provide a definition yet. In order to use such options,
        a server administrator must create a definition as described in
        <xref linkend="dhcp6-custom-options"/> in the 'dhcp6' option space. This
        definition should match the option format described in the relevant
        RFC but the configuration mechanism would allow any option format as it has
        no means to validate the format at the moment.
      </para>


    <para>
      <table frame="all" id="dhcp6-std-options-list">
        <title>List of standard DHCPv6 options</title>
        <tgroup cols='4'>
        <colspec colname='name'/>
        <colspec colname='code' align='center'/>
        <colspec colname='type' align='center'/>
        <colspec colname='array' align='center'/>
        <thead>
          <row><entry>Name</entry><entry>Code</entry><entry>Type</entry><entry>Array?</entry></row>
        </thead>
        <tbody>
<!-- Our engine uses those options on its own, admin must not configure them on his own
<row><entry>clientid</entry><entry>1</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>serverid</entry><entry>2</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>ia-na</entry><entry>3</entry><entry>record</entry><entry>false</entry></row>
<row><entry>ia-ta</entry><entry>4</entry><entry>uint32</entry><entry>false</entry></row>
<row><entry>iaaddr</entry><entry>5</entry><entry>record</entry><entry>false</entry></row>
<row><entry>oro</entry><entry>6</entry><entry>uint16</entry><entry>true</entry></row> -->
<row><entry>preference</entry><entry>7</entry><entry>uint8</entry><entry>false</entry></row>

<!-- Our engine uses those options on its own, admin must not configure them on his own
<row><entry>elapsed-time</entry><entry>8</entry><entry>uint16</entry><entry>false</entry></row>
<row><entry>relay-msg</entry><entry>9</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>auth</entry><entry>11</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>unicast</entry><entry>12</entry><entry>ipv6-address</entry><entry>false</entry></row>
<row><entry>status-code</entry><entry>13</entry><entry>record</entry><entry>false</entry></row>
<row><entry>rapid-commit</entry><entry>14</entry><entry>empty</entry><entry>false</entry></row>
<row><entry>user-class</entry><entry>15</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>vendor-class</entry><entry>16</entry><entry>record</entry><entry>false</entry></row>
-->
<!-- Vendor-specific Information is configurable by the administrator -->
<row><entry>vendor-opts</entry><entry>17</entry><entry>uint32</entry><entry>false</entry></row>
<!--
<row><entry>interface-id</entry><entry>18</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>reconf-msg</entry><entry>19</entry><entry>uint8</entry><entry>false</entry></row>
<row><entry>reconf-accept</entry><entry>20</entry><entry>empty</entry><entry>false</entry></row> -->
-->
<row><entry>sip-server-dns</entry><entry>21</entry><entry>fqdn</entry><entry>true</entry></row>
<row><entry>sip-server-addr</entry><entry>22</entry><entry>ipv6-address</entry><entry>true</entry></row>
<row><entry>dns-servers</entry><entry>23</entry><entry>ipv6-address</entry><entry>true</entry></row>
<row><entry>domain-search</entry><entry>24</entry><entry>fqdn</entry><entry>true</entry></row>
<!-- <row><entry>ia-pd</entry><entry>25</entry><entry>record</entry><entry>false</entry></row> -->
<!-- <row><entry>iaprefix</entry><entry>26</entry><entry>record</entry><entry>false</entry></row> -->
<row><entry>nis-servers</entry><entry>27</entry><entry>ipv6-address</entry><entry>true</entry></row>
<row><entry>nisp-servers</entry><entry>28</entry><entry>ipv6-address</entry><entry>true</entry></row>
<row><entry>nis-domain-name</entry><entry>29</entry><entry>fqdn</entry><entry>true</entry></row>
<row><entry>nisp-domain-name</entry><entry>30</entry><entry>fqdn</entry><entry>true</entry></row>
<row><entry>sntp-servers</entry><entry>31</entry><entry>ipv6-address</entry><entry>true</entry></row>
<row><entry>information-refresh-time</entry><entry>32</entry><entry>uint32</entry><entry>false</entry></row>
<row><entry>bcmcs-server-dns</entry><entry>33</entry><entry>fqdn</entry><entry>true</entry></row>
<row><entry>bcmcs-server-addr</entry><entry>34</entry><entry>ipv6-address</entry><entry>true</entry></row>
<row><entry>geoconf-civic</entry><entry>36</entry><entry>record (uint8, uint16, binary)</entry><entry>false</entry></row>
<row><entry>remote-id</entry><entry>37</entry><entry>record (uint32, binary)</entry><entry>false</entry></row>
<row><entry>subscriber-id</entry><entry>38</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>client-fqdn</entry><entry>39</entry><entry>record (uint8, fqdn)</entry><entry>false</entry></row>
<row><entry>pana-agent</entry><entry>40</entry><entry>ipv6-address</entry><entry>true</entry></row>
<row><entry>new-posix-timezone</entry><entry>41</entry><entry>string</entry><entry>false</entry></row>
<row><entry>new-tzdb-timezone</entry><entry>42</entry><entry>string</entry><entry>false</entry></row>
<row><entry>ero</entry><entry>43</entry><entry>uint16</entry><entry>true</entry></row>
<row><entry>lq-query</entry><entry>44</entry><entry>record (uint8, ipv6-address)</entry><entry>false</entry></row>
<row><entry>client-data</entry><entry>45</entry><entry>empty</entry><entry>false</entry></row>
<row><entry>clt-time</entry><entry>46</entry><entry>uint32</entry><entry>false</entry></row>
<row><entry>lq-relay-data</entry><entry>47</entry><entry>record (ipv6-address, binary)</entry><entry>false</entry></row>
<row><entry>lq-client-link</entry><entry>48</entry><entry>ipv6-address</entry><entry>true</entry></row>
<row><entry>bootfile-url</entry><entry>59</entry><entry>string</entry><entry>false</entry></row>
<row><entry>bootfile-param</entry><entry>60</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>client-arch-type</entry><entry>61</entry><entry>uint16</entry><entry>true</entry></row>
<row><entry>nii</entry><entry>62</entry><entry>record (uint8, uint8, uint8)</entry><entry>false</entry></row>
<row><entry>erp-local-domain-name</entry><entry>65</entry><entry>fqdn</entry><entry>false</entry></row>
<row><entry>rsoo</entry><entry>66</entry><entry>empty</entry><entry>false</entry></row>
<row><entry>client-linklayer-addr</entry><entry>79</entry><entry>binary</entry><entry>false</entry></row>
<!-- <row><entry>dhcpv4-message</entry><entry>87</entry><entry>binary</entry><entry>false</entry></row> -->
<row><entry>dhcp4o6-server-addr</entry><entry>88</entry><entry>ipv6-address</entry><entry>true</entry></row>
        </tbody>
        </tgroup>
      </table>
    </para>

    <para>
      <table frame="all" id="dhcp6-exp-options-list">
        <title>List of experimental DHCPv6 options</title>
        <tgroup cols='4'>
        <colspec colname='name'/>
        <colspec colname='code' align='center'/>
        <colspec colname='type' align='center'/>
        <colspec colname='array' align='center'/>
        <thead>
          <row><entry>Name</entry><entry>Code</entry><entry>Type</entry><entry>Array?</entry></row>
        </thead>
        <tbody>
<row><entry>public-key</entry><entry>701</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>certificate</entry><entry>702</entry><entry>binary</entry><entry>false</entry></row>
<row><entry>signature</entry><entry>703</entry><entry>record (uint8, uint8, binary)</entry><entry>false</entry></row>
<row><entry>timestamp</entry><entry>704</entry><entry>binary</entry><entry>false</entry></row>
        </tbody>
        </tgroup>
      </table>
    </para>
    </section>

    <section id="dhcp6-custom-options">
      <title>Custom DHCPv6 options</title>
      <para>It is also possible to define options other than the standard ones.
      Assume that we want to define a new DHCPv6 option called "foo" which will have
      code 100 and will convey a single unsigned 32 bit integer value. We can define
      such an option by using the following commands:
<screen>
"Dhcp6": {
    "option-def": [
        {
            <userinput>"name": "foo",
            "code": 100,
            "type": "uint32",
            "array": false,
            "record-types": "",
            "space": "dhcp6",
            "encapsulate": ""</userinput>
        }, ...
    ],
    ...
}
</screen>
      The "false" value of the "array" parameter determines that the option does
      NOT comprise an array of "uint32" values but rather a single value.  Two
      other parameters have been left blank: "record-types" and "encapsulate".
      The former specifies the comma separated list of option data fields if the
      option comprises a record of data fields. The "record-fields" value should
      be non-empty if the "type" is set to "record". Otherwise it must be left
      blank. The latter parameter specifies the name of the option space being
      encapsulated by the particular option. If the particular option does not
      encapsulate any option space it should be left blank.  Note that the above
      set of comments define the format of the new option and do not set its
      values.
      </para>

      <para>The <command>name</command>, <command>code</command> and
      <command>type</command> parameters are required, all others are
      optional. The <command>array</command> default value is
      <command>false</command>. The <command>record-types</command>
      and <command>encapsulate</command> default values are blank
      (i.e. ""). The default <command>space</command> is "dhcp6".
      </para>

      <para>Once the new option format is defined, its value is set
      in the same way as for a standard option. For example the following
      commands set a global value that applies to all subnets.
<screen>
"Dhcp6": {
    "option-data": [
        {
            <userinput>"name": "foo",
            "code": 100,
            "space": "dhcp6",
            "csv-format": true,
            "data": "12345"</userinput>
        }, ...
    ],
    ...
}
</screen>
      </para>

      <para>New options can take more complex forms than simple use of
      primitives (uint8, string, ipv6-address etc): it is possible to
      define an option comprising a number of existing primitives.
      </para>
      <para>
      Assume we want to define a new option that will consist of an IPv6
      address, followed by an unsigned 16 bit integer, followed by a
      boolean value, followed by a text string. Such an option could
      be defined in the following way:
<screen>
"Dhcp6": {
    "option-def": [
        {
            <userinput>"name": "bar",
            "code": 101,
            "space": "dhcp6",
            "type": "record",
            "array": false,
            "record-types": "ipv6-address, uint16, boolean, string",
            "encapsulate": ""</userinput>
        }, ...
    ],
    ...
}
</screen>
      The "type" is set to "record" to indicate that the option contains
      multiple values of different types.  These types are given as a comma-separated
      list in the "record-types" field and should be those listed in <xref linkend="dhcp-types"/>.
      </para>
      <para>
      The values of the option are set as follows:
<screen>
"Dhcp6": {
    "option-data": [
        {
            <userinput>"name": "bar",
            "space": "dhcp6",
            "code": 101,
            "csv-format": true,
            "data": "2001:db8:1::10, 123, false, Hello World"</userinput>
        }
    ],
    ...
}</screen>

      <command>csv-format</command> is set <command>true</command> to indicate
      that the <command>data</command> field comprises a command-separated list
      of values.  The values in the "data" must correspond to the types set in
      the "record-types" field of the option definition.
      </para>

      <note>
       <para>In the general case, boolean values are specified as <command>true</command> or
       <command>false</command>, without quotes. Some specific boolean parameters may
       accept also <command>"true"</command>, <command>"false"</command>,
       <command>0</command>, <command>1</command>, <command>"0"</command> and
       <command>"1"</command>. Future Kea versions will accept all those values
       for all boolean parameters.</para>
      </note>

    </section>

    <section id="dhcp6-vendor-opts">
      <title>DHCPv6 vendor specific options</title>
      <para>
      Currently there are two option spaces defined for the DHCPv6
      daemon: "dhcp6" (for top level DHCPv6 options) and "vendor-opts-space",
      which is empty by default, but options can be defined in it.
      Those options will be carried in the Vendor-specific
      Information option (code 17). The following examples show how to
      define an option "foo" with code 1 that consists of an IPv6 address,
      an unsigned 16 bit integer and a string. The "foo" option is
      conveyed in a Vendor-specific Information option. This option
      comprises a single uint32 value that is set to "12345".
      The sub-option "foo" follows the data field holding this value.
      <screen>
"Dhcp6": {
    "option-def": [
        {
            <userinput>"name": "foo",
            "code": 1,
            "space": "vendor-opts-space",
            "type": "record",
            "array": false,
            "record-types": "ipv6-address, uint16, string",
            "encapsulate": ""</userinput>
        }
    ],
    ...
}</screen>
     (Note that the option space is set to <command>vendor-opts-space</command>.)
     Once the option format is defined, the next step is to define actual values
     for that option:
<screen>
"Dhcp6": {
    "option-data": [
        {
            <userinput>"name": "foo",
            "space": "vendor-opts-space",
            "data": "2001:db8:1::10, 123, Hello World"</userinput>
        },
        ...
    ],
    ...
}</screen>
    We should also define a value (enterprise-number) for the
    Vendor-specific Information option, that conveys our option "foo".
<screen>
"Dhcp6": {
    "option-data": [
        ...,
        {
            <userinput>"name": "vendor-opts",
            "data": "12345"</userinput>
        }
    ],
    ...
}</screen>
    Alternatively, the option can be specified using its code.
<screen>
"Dhcp6": {
    "option-data": [
        ...,
        {
            <userinput>"code": 17,
            "data": "12345"</userinput>
        }
    ],
    ...
}</screen>
      </para>
    </section>

    <section id="dhcp6-option-spaces">
      <title>Nested DHCPv6 options (custom option spaces)</title>
      <para>It is sometimes useful to define completely new option
      spaces.  This is useful if the user wants his new option to
      convey sub-options that use a separate numbering scheme, for
      example sub-options with codes 1 and 2. Those option codes
      conflict with standard DHCPv6 options, so a separate option
      space must be defined.
      </para>
      <para>Note that it is not required to create a new option space when
      defining sub-options for a standard option because it is
      created by default if the standard option is meant to convey
      any sub-options (see <xref linkend="dhcp6-vendor-opts"/>).
      </para>
      <para>
      Assume that we want to have a DHCPv6 option called "container"
      with code 102 that conveys two sub-options with codes 1 and 2.
      First we need to define the new sub-options:
<screen>
"Dhcp6": {
    "option-def": [
        {
            <userinput>"name": "subopt1",
            "code": 1,
            "space": "isc",
            "type": "ipv6-address",
            "record-types": "",
            "array": false,
            "encapsulate": ""</userinput>
        },
        {
            <userinput>"name": "subopt2",
            "code": 2,
            "space": "isc",
            "type": "string",
            "record-types": "",
            "array": false
            "encapsulate": ""</userinput>
        }
    ],
    ...
}</screen>
    Note that we have defined the options to belong to a new option space
    (in this case, "isc").
    </para>
    <para>
The next step is to define a regular DHCPv6 option and specify that it
should include options from the isc option space:
<screen>
"Dhcp6": {
    "option-def": [
        ...,
        {
            <userinput>"name": "container",
            "code": 102,
            "space": "dhcp6",
            "type": "empty",
            "array": false,
            "record-types": "",
            "encapsulate": "isc"</userinput>
        }
    ],
    ...
}</screen>

    The name of the option space in which the sub-options are defined is set in
    the <command>encapsulate</command> field. The <command>type</command> field
    is set to <command>empty</command> which limits this option to only carrying
    data in sub-options.
    </para>
    <para>
    Finally, we can set values for the new options:
<screen>
"Dhcp6": {
    "option-data": [
        {
            <userinput>"name": "subopt1",
            "code": 1,
            "space": "isc",
            "data": "2001:db8::abcd"</userinput>
        },
        }
            <userinput>"name": "subopt2",
            "code": 2,
            "space": "isc",
            "data": "Hello world"</userinput>
        },
        {
            <userinput>"name": "container",
            "code": 102,
            "space": "dhcp6"</userinput>
        }
    ],
    ...
}
</screen>
    </para>

    <para>Note that it is possible to create an option which carries some data
    in addition to the sub-options defined in the encapsulated option space.
    For example, if the "container" option from the previous example was
    required to carry an uint16 value as well as the sub-options, the "type"
    value would have to be set to "uint16" in the option definition. (Such an
    option would then have the following data structure: DHCP header, uint16
    value, sub-options.) The value specified with the "data" parameter &mdash; which
    should be a valid integer enclosed in quotes, e.g. "123" &mdash; would then be
    assigned to the uint16 field in the "container" option.
    </para>
    </section>

    <section id="dhcp6-option-data-defaults">
      <title>Unspecified parameters for DHCPv6 option configuration</title>
      <para>In many cases it is not required to specify all parameters for
      an option configuration and the default values can be used. However, it is
      important to understand the implications of not specifying some of them
      as it may result in configuration errors. The list below explains
      the behavior of the server when a particular parameter is not explicitly
      specified:

      <itemizedlist>
        <listitem>
          <simpara><command>name</command> - the server requires an option name or
          option code to identify an option. If this parameter is unspecified, the
          option code must be specified.
          </simpara>
        </listitem>

        <listitem>
          <simpara><command>code</command> - the server requires an option name or
          option code to identify an option. This parameter may be left unspecified if
          the <command>name</command> parameter is specified. However, this also
          requires that the particular option has its definition (it is either a
          standard option or an administrator created a definition for the option
          using an 'option-def' structure), as the option definition associates an
          option with a particular name. It is possible to configure an option
          for which there is no definition (unspecified option format).
          Configuration of such options requires the use of option code.
          </simpara>
        </listitem>

        <listitem>
          <simpara><command>space</command> - if the option space is unspecified it
          will default to 'dhcp6' which is an option space holding DHCPv6 standard
          options.
          </simpara>
        </listitem>

        <listitem>
          <simpara><command>data</command> - if the option data is unspecified it
          defaults to an empty value. The empty value is mostly used for the
          options which have no payload (boolean options), but it is legal to specify
          empty values for some options which carry variable length data and which
          spec allows for the length of 0. For such options, the data parameter
          may be omitted in the configuration.</simpara>
        </listitem>

        <listitem>
          <simpara><command>csv-format</command> - if this value is not specified
          and the definition for the particular option exists, the server will assume
          that the option data is specified as a list of comma separated values to be
          assigned to individual fields of the DHCP option. If the definition
          does not exist for this option, the server will assume that the data
          parameter contains the option payload in the binary format (represented
          as a string of hexadecimal digits). Note that not specifying this
          parameter doesn't imply that it defaults to a fixed value, but
          the configuration data interpretation also depends on the presence
          of the option definition. An administrator must be aware if the
          definition for the particular option exists when this parameter
          is not specified. It is generally recommended to not specify this
          parameter only for the options for which the definition exists, e.g.
          standard options. Setting <command>csv-format</command> to an explicit
          value will cause the server to strictly check the format of the option
          data specified.
          </simpara>
        </listitem>
      </itemizedlist>
      </para>

    </section>

    <section id="dhcp6-config-subnets">
      <title>IPv6 Subnet Selection</title>
      <para>
        The DHCPv6 server may receive requests from local (connected to the
        same subnet as the server) and remote (connecting via relays) clients.
        As the server may have many subnet configurations defined, it must select
        an appropriate subnet for a given request.
      </para>
      <para>
        The server can not assume which of the configured subnets are local. In IPv4
        it is possible as there is a reasonable expectation that the
        server will have a (global) IPv4 address configured on the interface,
        and can use that information to detect whether a subnet is local or
        not. That assumption is not true in IPv6, the DHCPv6 server must be able
        to operate while only having link-local addresses. Therefore an optional
        &quot;interface&quot; parameter is available within a subnet definition
        to designate that a given subnet is local, i.e. reachable directly over
        the specified interface. For example the server that is intended to serve
        a local subnet over eth0 may be configured as follows:
        <screen>
"Dhcp6": {
    "subnet6": [
        {
            "subnet": "2001:db8:beef::/48",
            "pools": [
                 {
                     "pool": "2001:db8:beef::/48"
                 }
             ],
            <userinput>"interface": "eth0"</userinput>
        }
    ],
    ...
}
</screen>
        </para>
      </section>

      <section id="dhcp6-rapid-commit">
        <title>Rapid Commit</title>
        <para>The Rapid Commit option, described in
        <ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink>, is supported
        by the Kea DHCPv6 server. However, support is disabled by default for
        all subnets. It can be enabled for a particular subnet using the
        <command>rapid-commit</command> parameter as shown below:
<screen>
"Dhcp6": {
    "subnet6": [
        {
            "subnet": "2001:db8:beef::/48",
            <userinput>"rapid-commit": true</userinput>,
            "pools": [
                 {
                     "pool": "2001:db8:beef::1-2001:db8:beef::10"
                 }
             ],
        }
    ],
    ...
}
</screen>
        </para>
        <para>
          This setting only affects the subnet for which the
          <command>rapid-commit</command> is set to <command>true</command>.
          For clients connected to other subnets, the server will ignore the
          Rapid Commit option sent by the client and will follow the 4-way
          exchange procedure, i.e. respond with the Advertise for the Solicit
          containing Rapid Commit option.
        </para>
      </section>

      <section id="dhcp6-relays">
        <title>DHCPv6 Relays</title>
        <para>
          A DHCPv6 server with multiple subnets defined must select the
          appropriate subnet when it receives a request from a client.  For clients
          connected via relays, two mechanisms are used:
        </para>
        <para>
          The first uses the linkaddr field in the RELAY_FORW message. The name
          of this field is somewhat misleading in that it does not contain a link-layer
          address: instead, it holds an address (typically a global address) that is
          used to identify a link. The DHCPv6 server checks if the address belongs
          to a defined subnet and, if it does, that subnet is selected for the client's
          request.
        </para>
        <para>
          The second mechanism is based on interface-id options. While forwarding a client's
          message, relays may insert an interface-id option into the message that
          identifies the interface on the relay that received the message. (Some
          relays allow configuration of that parameter, but it is sometimes
          hardcoded and may range from the very simple (e.g. "vlan100") to the very cryptic:
          one example seen on real hardware was "ISAM144|299|ipv6|nt:vp:1:110"). The
          server can use this information to select the appropriate subnet.
          The information is also returned to the relay which then knows the
          interface to use to transmit the response to the client. In order for
          this to work successfully, the relay interface IDs must be unique within
          the network and the server configuration must match those values.
        </para>
        <para>
          When configuring the DHCPv6 server, it should be noted that two
          similarly-named parameters can be configured for a subnet:
          <itemizedlist>
            <listitem><simpara>
              "interface" defines which local network interface can be used
              to access a given subnet.
            </simpara></listitem>
            <listitem><simpara>
              "interface-id" specifies the content of the interface-id option
              used by relays to identify the interface on the relay to which
              the response packet is sent.
            </simpara></listitem>
          </itemizedlist>
          The two are mutually exclusive: a subnet cannot be both reachable locally
          (direct traffic) and via relays (remote traffic). Specifying both is a
          configuration error and the DHCPv6 server will refuse such a configuration.
        </para>

        <para>
          To specify interface-id with value "vlan123", the following commands can
          be used:
          <screen>
"Dhcp6": {
    "subnet6": [
        {
            "subnet": "2001:db8:beef::/48",
            "pools": [
                 {
                     "pool": "2001:db8:beef::/48"
                 }
             ],
            <userinput>"interface-id": "vlan123"</userinput>
        }
    ],
    ...
}
</screen>
        </para>
      </section>

    <section id="dhcp6-rsoo">
      <title>Relay-Supplied Options</title>
      <para><ulink url="http://tools.ietf.org/html/rfc6422">RFC 6422</ulink>
      defines a mechanism called Relay-Supplied DHCP Options. In certain cases relay
      agents are the only entities that may have specific information. They can
      insert options when relaying messages from the client to the server. The
      server will then do certain checks and copy those options to the response
      that will be sent to the client.</para>

      <para>There are certain conditions that must be met for the option to be
      included. First, the server must not provide the option by itself. In
      other words, if both relay and server provide an option, the server always
      takes precedence. Second, the option must be RSOO-enabled. IANA maintains a
      list of RSOO-enabled options <ulink url="http://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml#options-relay-supplied">here</ulink>.
      However, there may be cases when system administrators want to echo other
      options. Kea can be instructed to treat other options as RSOO-enabled.
      For example, to mark options 110, 120 and 130 as RSOO-enabled, the following
      syntax should be used:
<screen>
"Dhcp6": {
    <userinput>"relay-supplied-options": [ "110", "120", "130" ],</userinput>
    ...
}
</screen>
      </para>
      <para>As of March 2015, only option 65 is RSOO-enabled by IANA. This
      option will always be treated as such and there's no need to explicitly
      mark it. Also, when enabling standard options, it is possible to use their
      names, rather than option code, e.g. (e.g. use
      <command>dns-servers</command> instead of <command>23</command>). See
      <xref linkend="dhcp6-std-options-list" /> for the names. In certain cases
      it could also work for custom options, but due to the nature of the parser
      code this may be unreliable and should be avoided.
      </para>

    </section>

    <section id="dhcp6-client-classifier">
      <title>Client Classification in DHCPv6</title>

      <para>
      The DHCPv6 server includes support for client classification.  At the
      current time the capabilities of the classification process are limited
      but it is expected they will be expanded in the future. For a deeper
      discussion of the classification process see <xref linkend="classify"/>.
      </para>

      <para>
      In certain cases it is useful to differentiate between different types
      of clients and treat them accordingly. It is envisaged that client
      classification will be used for changing the behavior of almost any part of
      the DHCP message processing, including the assignment of leases from different
      pools, the assignment of different options (or different values of the same
      options) etc. In the current release of the software however, there are
      only two mechanisms that take advantage of client classification:
      subnet selection and assignment of different options.
      </para>

      <para>
      Kea can be instructed to limit access to given subnets based on class information.
      This is particularly useful for cases where two types of devices share the
      same link and are expected to be served from two different subnets. The
      primary use case for such a scenario is cable networks. There are two
      classes of devices: the cable modem itself, which should be handed a lease
      from subnet A and all other devices behind the modem that should get a lease
      from subnet B. That segregation is essential to prevent overly curious
      users from playing with their cable modems. For details on how to set up
      class restrictions on subnets, see <xref linkend="classification-subnets"/>.
      </para>

      <para>
      The process of doing classification is conducted in three steps. The first step
      is to assess an incoming packet and assign it to zero or more classes.  The
      second step is to choose a subnet, possibly based on the class information.
      The third step is to assign options again possibly based on the class
      information.
      </para>

      <para>
      There are two methods of doing classification. The first is automatic and relies
      on examining the values in the vendor class options. Information from these
      options is extracted and a class name is constructed from it and added to
      the class list for the packet. The second allows you to specify an expression
      that is evaluated for each packet. If the result is true the packet is
      a member of the class.
      </para>

      <note><para>
        Care should be taken with client classification as it is easy for
        clients that do not meet class criteria to be denied any service altogether.
      </para></note>

      <section>
        <title>Defining and Using Custom Classes</title>
        <para>
        The following example shows how to configure a class using an expression
        and a subnet making use of that class. This configuration defines the
        class named &quot;Client_enterprise&quot;. It is comprised
        of all clients who's client identifiers start with the given hex string (which
        would indicate a DUID based on an enterprise id of 0xAABBCCDD).
        They will be given an address from 2001:db8:1::0 to 2001:db8:1::FFFF and
        2001:db8:0::1 and 2001:db8:2::1 for their domain name servers. For a deeper
        discussion of the classification process see <xref linkend="classify"/>.

        <screen>
"Dhcp6": {
    "client-classes": [
        {<userinput>
            "name": "Client_enterprise",
            "test": "substring(option[1].hex,0,6) == 0x0002AABBCCDD'",
            "option-data": [
                {
                    "name": "dns-servers",
                    "code": 23,
                    "space": "dhcp6",
                    "csv-format": true,
                    "data": "2001:db8:0::1, 2001:db8:2::1"
                }
            ]</userinput>
        },
        ...
    ],
    "subnet6": [
        {
            "subnet": "2001:db8:1::/64",
            "pools": [ { "pool": "2001:db8:1::-2001:db8:1::ffff" } ],
            <userinput>"client-class": "Client_enterprise"</userinput>
        }
    ],
    ...
}</screen>
      </para>

      <para>
      This example shows a configuration using an automatically generated
      "VENDOR_CLASS_" class. The Administrator of the network has
      decided that addresses from range 2001:db8:1::1 to 2001:db8:1::ffff are
      going to be managed by the Dhcp6 server and only clients belonging to the
      eRouter1.0 client class are allowed to use that pool.

        <screen>
"Dhcp6": {
    "subnet6": [
        {
            "subnet": "2001:db8:1::/64",
            "pools": [
                 {
                     "pool": "2001:db8:1::-2001:db8:1::ffff"
                 }
             ],
            <userinput>"client-class": "VENDOR_CLASS_eRouter1.0"</userinput>
        }
    ],
    ...
}
</screen>
        </para>
      </section>
    </section>

    <section id="dhcp6-ddns-config">
      <title>DDNS for DHCPv6</title>
      <para>
      As mentioned earlier, kea-dhcp6 can be configured to generate requests to
      the DHCP-DDNS server (referred to here as "D2") to update
      DNS entries.  These requests are known as NameChangeRequests or NCRs.
      Each NCR contains the following information:
      <orderedlist>
      <listitem><para>
      Whether it is a request to add (update) or remove DNS entries
      </para></listitem>
      <listitem><para>
      Whether the change requests forward DNS updates (AAAA records), reverse
      DNS updates (PTR records), or both.
      </para></listitem>
      <listitem><para>
      The FQDN, lease address, and DHCID
      </para></listitem>
      </orderedlist>
      The parameters controlling the generation of NCRs for submission to D2
      are contained in the "dhcp-ddns" section of kea-dhcp6
      configuration. The mandatory parameters for the DHCP DDNS configuration
      are <command>enable-updates</command> which is unconditionally
      required, and <command>qualifying-suffix</command> which has no
      default value and is required when <command>enable-updates</command>
      is set to <command>true</command>.

      The two (disabled and enabled) minimal DHCP DDNS configurations are:
<screen>
"Dhcp6": {
    "dhcp-ddns": {
        <userinput>"enable-updates": false</userinput>
    },
    ...
}
</screen>
      and for example:
<screen>
"Dhcp6": {
    "dhcp-ddns": {
        <userinput>"enable-updates": true,
        "qualifying-suffix": "example."</userinput>
    },
    ...
}
</screen>

      The default values for the "dhcp-ddns" section are as follows:
      <itemizedlist>
      <listitem><simpara>
      <command>"server-ip": "127.0.0.1"</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"server-port": 53001</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"sender-ip": ""</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"sender-port": 0</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"max-queue-size": 1024</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"ncr-protocol": "UDP"</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"ncr-format": "JSON"</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"override-no-update": false</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"override-client-update": false</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"replace-client-name": "never"</command>
      </simpara></listitem>
      <listitem><simpara>
      <command>"generated-prefix": "myhost"</command>
      </simpara></listitem>
      </itemizedlist>
      </para>


      <section id="dhcpv6-d2-io-config">
      <title>DHCP-DDNS Server Connectivity</title>
      <para>
      In order for NCRs to reach the D2 server, kea-dhcp6 must be able
      to communicate with it.  kea-dhcp6 uses the following configuration
      parameters to control how it communications with D2:
      <itemizedlist>
      <listitem><simpara>
      <command>enable-updates</command> - determines whether or not kea-dhcp6 will
      generate NCRs.  If missing, this value is assumed to be false hence DDNS updates
      are disabled.  To enable DDNS updates set this value to true:
      </simpara></listitem>
      <listitem><simpara>
      <command>server-ip</command> - IP address on which D2 listens for requests. The default is
      the local loopback interface at address 127.0.0.1. You may specify
      either an IPv4 or IPv6 address.
      </simpara></listitem>
      <listitem><simpara>
      <command>server-port</command> - port on which D2 listens for requests.  The default value
      is 53001.
      </simpara></listitem>
      <listitem><simpara>
      <command>sender-ip</command> - IP address which kea-dhcp6 should use to send requests to D2.
      The default value is blank which instructs kea-dhcp6 to select a suitable
      address.
      </simpara></listitem>
      <listitem><simpara>
      <command>sender-port</command> - port which kea-dhcp6 should use to send requests to D2. The
      default value of 0 instructs kea-dhcp6 to select a suitable port.
      </simpara></listitem>
      <listitem><simpara>
      <command>max-queue-size</command> - maximum number of requests allowed to queue waiting to
      be sent to D2. This value guards against requests accumulating
      uncontrollably if they are being generated faster than they can be
      delivered.  If the number of requests queued for transmission reaches
      this value, DDNS updating will be turned off until the queue backlog has
      been sufficiently reduced.  The intent is to allow kea-dhcp6 to
      continue lease operations.  The default value is 1024.
      </simpara></listitem>
      <listitem><simpara>
      <command>ncr-protocol</command> - Socket protocol use when sending requests to D2.  Currently
      only UDP is supported.  TCP may be available in an upcoming release.
      </simpara></listitem>
      <listitem><simpara>
      <command>ncr-format</command> - Packet format to use when sending requests to D2.
      Currently only JSON format is supported.  Other formats may be available
      in future releases.
      </simpara></listitem>
      </itemizedlist>
      By default, kea-dhcp-ddns is assumed to running on the same machine as kea-dhcp6, and
      all of the default values mentioned above should be sufficient.
      If, however, D2 has been configured to listen on a different address or
      port, these values must altered accordingly. For example, if D2 has been
      configured to listen on 2001:db8::5 port 900, the following commands
      would be required:
<screen>
"Dhcp6": {
    "dhcp-ddns": {
        <userinput>"server-ip": "2001:db8::5",
        "server-port": 900</userinput>,
        ...
    },
    ...
}
</screen>
      </para>
      </section>
      <section id="dhcpv6-d2-rules-config">
      <title>When does kea-dhcp6 generate DDNS request</title>


      <para>kea-dhcp6 follows the behavior prescribed for DHCP servers in
      <ulink url="http://tools.ietf.org/html/rfc4704">RFC 4704</ulink>.
      It is important to keep in mind that kea-dhcp6 provides the initial
      decision making of when and what to update and forwards that
      information to D2 in the form of NCRs. Carrying out the actual
      DNS updates and dealing with such things as conflict resolution
      are the purview of D2 (<xref linkend="dhcp-ddns-server"/>).</para>

      <para>
      This section describes when kea-dhcp6 will generate NCRs and the
      configuration parameters that can be used to influence this decision.
      It assumes that the "enable-updates" parameter is true.
      </para>
      <note>
        <para>
        Currently the interface between kea-dhcp6 and D2 only supports requests
        which update DNS entries for a single IP address.  If a lease grants
        more than one address, kea-dhcp6 will create the DDNS update request for
        only the first of these addresses.  Support for multiple address
        mappings may be provided in a future release.
        </para>
      </note>
      <para>
      In general, kea-dhcp6 will generate DDNS update requests when:
      <orderedlist>
      <listitem><para>
      A new lease is granted in response to a REQUEST
      </para></listitem>
      <listitem><para>
      An existing lease is renewed but the FQDN associated with it has
      changed.
      </para></listitem>
      <listitem><para>
      An existing lease is released in response to a RELEASE
      </para></listitem>
      </orderedlist>
      In the second case, lease renewal, two  DDNS requests will be issued: one
      request to remove entries for the previous FQDN and a second request to
      add entries for the new FQDN.  In the last case, a lease release, a
      single DDNS request to remove its entries will be made.  The decision
      making involved when granting a new lease is more involved and is
      discussed next.
      </para>
      <para>
      kea-dhcp6 will generate a DDNS update request only if the REQUEST
      contains the FQDN option (code 39). By default kea-dhcp6 will
      respect the FQDN N and S flags specified by the client as shown in the
      following table:
      </para>
        <table id="dhcp6-fqdn-flag-table">
          <title>Default FQDN Flag Behavior</title>
          <tgroup cols='4' align='left'>
          <colspec colname='cflags'/>
          <colspec colname='meaning'/>
          <colspec colname='response'/>
          <colspec colname='sflags'/>
          <thead>
              <row>
                <entry>Client Flags:N-S</entry>
                <entry>Client Intent</entry>
                <entry>Server Response</entry>
                <entry>Server Flags:N-S-O</entry>
              </row>
          </thead>
          <tbody>
            <row>
                <entry>0-0</entry>
                <entry>
                Client wants to do forward updates, server should do reverse updates
                </entry>
                <entry>Server generates reverse-only request</entry>
                <entry>1-0-0</entry>
            </row>
            <row>
                <entry>0-1</entry>
                <entry>Server should do both forward and reverse updates</entry>
                <entry>Server generates request to update both directions</entry>
                <entry>0-1-0</entry>
            </row>
            <row>
                <entry>1-0</entry>
                <entry>Client wants no updates done</entry>
                <entry>Server does not generate a request</entry>
                <entry>1-0-0</entry>
            </row>
          </tbody>
          </tgroup>
        </table>
      <para>
      The first row in the table above represents "client delegation". Here
      the DHCP client states that it intends to do the forward DNS updates and
      the server should do the reverse updates.  By default, kea-dhcp6 will honor
      the client's wishes and generate a DDNS request to D2 to update only
      reverse DNS data.  The parameter, "override-client-update", can be used
      to instruct the server to override client delegation requests.  When
      this parameter is true, kea-dhcp6 will disregard requests for client
      delegation and generate a DDNS request to update both forward and
      reverse DNS data.  In this case, the N-S-O flags in the server's
      response to the client will be 0-1-1 respectively.
      </para>
      <para>
      (Note that the flag combination N=1, S=1 is prohibited according to
      RFC 4702. If such a combination is received from the client, the packet
      will be dropped by kea-dhcp6.)
      </para>
      <para>
      To override client delegation, issue the following commands:
      </para>
<screen>
"Dhcp6": {
    "dhcp-ddns": {
        <userinput>"override-client-update": true</userinput>,
        ...
    },
    ...
}
</screen>
      <para>
      The third row in the table above describes the case in which the client
      requests that no DNS updates be done. The parameter, "override-no-update",
      can be used to instruct the server to disregard the client's wishes. When
      this parameter is true, kea-dhcp6 will generate DDNS update requests to
      kea-dhcp-ddns even if the client requests no updates be done.  The N-S-O
      flags in the server's response to the client will be 0-1-1.
      </para>
      <para>
      To override client delegation, issue the following commands:
      </para>
<screen>
"Dhcp6": {
    "dhcp-ddns": {
        <userinput>"override-no-update": true</userinput>,
        ...
    },
    ...
}
</screen>
      </section>
      <section id="dhcpv6-fqdn-name-generation">
      <title>kea-dhcp6 name generation for DDNS update requests</title>

      <para>Each NameChangeRequest must of course include the fully qualified
      domain name whose DNS entries are to be affected.  kea-dhcp6 can be
      configured to supply a portion or all of that name based upon what it
      receives from the client.</para>
      <para>
       The default rules for constructing the FQDN that will be used for DNS
       entries are:
      <orderedlist>
      <listitem><para>
        If the DHCPREQUEST contains the client FQDN option, the candidate name
        is taken from there.
      </para></listitem>
      <listitem><para>
        If the candidate name is a partial (i.e. unqualified) name then add a
        configurable suffix to the name and use the result as the FQDN.
      </para></listitem>
      <listitem><para>
        If the candidate name provided is empty, generate a FQDN using a
        configurable prefix and suffix.
      </para></listitem>
      <listitem><para>
        If the client provided neither option, then no DNS action will be taken.
      </para></listitem>
      </orderedlist>
        These rules can amended by setting the
        <command>replace-client-name</command> parameter which provides the
        following modes of behavior:
      <itemizedlist>
      <listitem><para>
        <command>never</command> - Use the name the client sent.  If the client
        sent no name, do not generate one.  This is the default mode.
      </para></listitem>
      <listitem><para>
        <command>always</command> - Replace the name the client sent. If the
        client sent no name, generate one for the client.
      </para></listitem>
      <listitem><para>
        <command>when-present</command> - Replace the name the client sent.
        If the client sent no name, do not generate one.
      </para></listitem>
      <listitem><para>
        <command>when-not-present</command> - Use the name the client sent.
        If the client sent no name, generate one for the client.
      </para></listitem>
      </itemizedlist>
    <note>
    Note that formerly, this parameter was a boolean and permitted only values
    of <command>true</command> and <command>false</command>.  Boolean values
    will still be accepted but may eventually be deprecated. A value of
    <command>true</command> equates to <command>when-present</command>,
    <command>false</command> equates to <command>never</command>.
    </note>

      For example, To instruct kea-dhcp6 to always generate the FQDN for a
      client, set the parameter <command>replace-client-name</command> to
      <command>always</command> as follows:
      </para>
<screen>
"Dhcp6": {
    "dhcp-ddns": {
        <userinput>"replace-client-name": "always"</userinput>,
        ...
    },
    ...
}
</screen>
      <para>
      The prefix used when generating a FQDN is specified by the
      "generated-prefix" parameter.  The default value is "myhost".  To alter
      its value, simply set it to the desired string:
      </para>
<screen>
"Dhcp6": {
    "dhcp-ddns": {
        <userinput>"generated-prefix": "another.host"</userinput>,
        ...
    },
    ...
}
</screen>
      <para>
      The suffix used when generating a FQDN or when qualifying a
      partial name is specified by
      the <command>qualifying-suffix</command> parameter. This
      parameter has no default value, thus it is mandatory when
      DDNS updates are enabled.
      To set its value simply set it to the desired string:
      </para>
<screen>
"Dhcp6": {
    "dhcp-ddns": {
        <userinput>"qualifying-suffix": "foo.example.org"</userinput>,
        ...
    },
    ...
}
</screen>
      </section>
      <para>
      When qualifying a partial name, kea-dhcp6 will construct a name with the
      format:
      </para>
      <para>
        [candidate-name].[qualifying-suffix].
      </para>
      <para>
      where candidate-name is the partial name supplied in the REQUEST.
      For example, if FQDN domain name value was "some-computer" and
      qualifying-suffix "example.com", the generated FQDN would be:
      </para>
      <para>
        some-computer.example.com.
      </para>
      <para>
      When generating the entire name, kea-dhcp6 will construct name of the
      format:
      </para>
      <para>
        [generated-prefix]-[address-text].[qualifying-suffix].
      </para>
      <para>
      where address-text is simply the lease IP address converted to a
      hyphenated string.  For example, if lease address is 3001:1::70E,
      the qualifying suffix "example.com", and the default value is used for
      <command>generated-prefix</command>, the generated FQDN would be:
      </para>
      <para>
        myhost-3001-1--70E.example.com.
      </para>
    </section>

   </section>

  <!-- Host reservation is a large topic. There will be many subsections,
   so it should be a section on its own. -->
  <section id="host-reservation-v6">
    <title>Host reservation in DHCPv6</title>

    <para>There are many cases where it is useful to provide a configuration on
    a per host basis. The most obvious one is to reserve specific, static IPv6
    address or/and prefix for exclusive use by a given client (host) &dash; returning
    client will get the same address or/and prefix every time and other clients will
    never get that address. Note that there may be cases when the
    new reservation has been made for the client for the address or prefix being
    currently in use by another client. We call this situation a "conflict". The
    conflicts get resolved automatically over time as described in the subsequent
    sections. Once conflict is resolved, the client will keep receiving the reserved
    configuration when it renews.</para>

    <para>Another example when the host reservations are applicable is when a host
    that has specific requirements, e.g. a printer that needs additional DHCP options
    or a cable modem needs specific parameters. Yet another possible use case for
    host reservation is to define unique names for hosts.  Although not all of
    the presented use cases are implemented yet, Kea software will support them
    in the near future.</para>

    <para>Hosts reservations are defined as parameters for each subnet. Each host
    can be identified by either DUID or its hardware/MAC address. See
    <xref linkend="mac-in-dhcpv6"/> for details. There is an optional
    <command>reservations</command> array in the
    <command>Subnet6</command> structure. Each element in that array
    is a structure, that holds information about a single host. In
    particular, such a structure has to have an identifier that
    uniquely identifies a host.  In DHCPv6 context, such an identifier
    is a hardware (MAC) address or a DUID.  Also, either one or more
    addresses or prefixes should be specified. It is possible to
    specify a hostname. Additional capabilities are planned.</para>

    <para>The following example shows how to reserve addresses and prefixes
    for specific hosts:

<screen>
"subnet6": [
    {
        "subnet": "2001:db8:1::/48",
        "pools": [ { "pool": "2001:db8:1::/80" } ],
        "pd-pools": [
            {
                "prefix": "2001:db8:1:8000::",
                "prefix-len": 56,
                "delegated-len": 64
            }
        ],
        <userinput>"reservations": [
            {
                "duid": "01:02:03:04:05:0A:0B:0C:0D:0E",
                "ip-addresses": [ "2001:db8:1::100" ]
            },
            {
                "hw-address": "00:01:02:03:04:05",
                "ip-addresses": [ "2001:db8:1::101" ]
            },
            {
                "duid": "01:02:03:04:05:06:07:08:09:0A",
                "ip-addresses": [ "2001:db8:1::102" ],
                "prefixes": [ "2001:db8:2:abcd::/64" ],
                "hostname": "foo.example.com"
            }
        ]</userinput>
    }
]
</screen>
    This example makes 3 reservations. The first one reserves 2001:db8:1::100 address
    for the client using DUID 01:02:03:04:05:0A:0B:0C:0D:0E. The second one
    also reserves an address, but does so using MAC or hardware address, rather than
    DUID. The third example is most advanced. It reserves an address, a prefix and
    a hostname at the same time.
    </para>

    <para>Note that DHCPv6 allows for a single client to lease multiple addresses
    and multiple prefixes at the same time. In the upcoming Kea releases, it will
    be possible to have multiple addresses and prefixes reserved for a single
    host. Therefore <command>ip-addresses</command> and <command>prefixes</command>
    are plural and are actually arrays. As of 0.9.1 having more than one IPv6
    address or prefix is only partially supported.</para>

    <para>Making a reservation for a mobile host that may visit multiple subnets
    requires a separate host definition in each subnet it is expected to visit.
    It is not allowed to define multiple host definitions with the same hardware
    address in a single subnet. It is a valid configuration, if such definitions
    are specified in different subnets, though. The reservation for a given host
    should include only one identifier, either DUID or hardware address. Defining
    both for the same host is considered a configuration error, but as of 0.9.1
    beta, it is not rejected.
    </para>

    <para>Adding host reservation incurs a performance penalty. In principle,
    when the server that does not support host reservation responds to a query,
    it needs to check whether there is a lease for a given address being
    considered for allocation or renewal. The server that also supports host
    reservation, has to perform additional checks: not only if the address is
    currently used (if there is a lease for it), but also whether the address
    could be used by someone else (if there is a reservation for it). That
    additional check incurs performance penalty.</para>

    <section id="reservation6-types">
      <title>Address/prefix reservation types</title>

      <para>In a typical scenario there's an IPv6 subnet defined with a certain
      part of it dedicated for dynamic address allocation by the DHCPv6
      server. There may be an additional address space defined for prefix
      delegation. Those dynamic parts are referred to as dynamic pools, address
      and prefix pools or simply pools. In principle, the host reservation can
      reserve any address or prefix that belongs to the subnet. The reservations
      that specify an address that belongs to configured pools are called
      <command>in-pool reservations</command>. In contrast, those that do not
      belong to dynamic pools are called <command>out-of-pool
      reservations</command>. There is no formal difference in the reservation
      syntax. As of 0.9.1, both reservation types are handled
      uniformly. However, upcoming releases may offer improved performance if
      there are only out-of-pool reservations as the server will be able to skip
      reservation checks when dealing with existing leases. Therefore, system
      administrators are encouraged to use out-of-pool reservations, if
      possible.</para>
    </section>

    <section id="reservation6-conflict">
      <title>Conflicts in DHCPv6 reservations</title>
      <para>As reservations and lease information are stored in different places,
      conflicts may arise. Consider the following series of events. The server
      has configured the dynamic pool of addresses from the range of 2001:db8::10
      to 2001:db8::20. Host A requests an address and gets 2001:db8::10. Now the
      system administrator decides to reserve an address for host B. He decides
      to reserve 2001:db8::10 for that purpose. In general, reserving an address
      that is currently assigned to someone else is not recommended, but there
      are valid use cases where such an operation is warranted.</para>

      <para>The server now has a conflict to resolve. Let's analyze the
      situation here. If host B boots up and request an address, the server is
      not able to assign the reserved address 2001:db8::10. A naive approach
      would to be immediately remove the lease for host A and create a new one
      for host B. That would not solve the problem, though, because as soon as
      host B get the address, it will detect that the address is already in use
      by someone else (host A) and would send Decline. Therefore in this
      situation, the server has to temporarily assign a different address from the
      dynamic pool (not matching what has been reserved) to host B.</para>

      <para>When the host A renews its address, the server will discover that
      the address being renewed is now reserved for someone else (host
      B). Therefore the server will remove the lease for 2001:db8::10 and select
      a new address and will create a new lease for it. It will send two
      addresses in its response: the old address with lifetimes set to 0 to
      explicitly indicate that it is no longer valid and a new address with
      non-zero lifetimes. When the host B renews its temporarily assigned
      address, the server will detect that the existing lease does not match
      reservation, so it will release the current address host B has and will
      create a new lease matching the reservation. Similar as before, the server
      will send two addresses: the temporarily assigned one with zeroed
      lifetimes, and the new one that matches reservation with proper lifetimes
      set.</para>

      <para>This recovery will succeed, even if other hosts will attempt to get
      the reserved address. Had the host C requested address 2001:db8::10 after
      the reservation was made, the server will propose a different address.</para>

      <para>This recovery mechanism allows the server to fully recover from a
      case where reservations conflict with existing leases. This procedure
      takes time and will roughly take as long as renew-timer value specified.
      The best way to avoid such recovery is to not define new reservations that
      conflict with existing leases. Another recommendation is to use
      out-of-pool reservations. If the reserved address does not belong to a
      pool, there is no way that other clients could get this address (note that
      having multiple reservations for the same address is not allowed).
      </para>
    </section>

    <section id="reservation6-hostname">
      <title>Reserving a hostname</title>
      <para>When the reservation for the client includes the <command>hostname
      </command>, the server will assign this hostname to the client and send
      it back in the Client FQDN, if the client sent the FQDN option to the
      server. The reserved hostname always takes precedence over the hostname
       supplied by the client (via the FQDN option) or the autogenerated
      (from the IPv6 address) hostname.</para>

      <para>The server qualifies the reserved hostname with the value
      of the <command>qualifying-suffix</command> parameter. For example, the
      following subnet configuration:
<screen>
"subnet6": [
    {
        "subnet": "2001:db8:1::/48",
        "pools": [ { "pool": "2001:db8:1::/80" } ],
        "reservations": [
            {
                "duid": "01:02:03:04:05:0A:0B:0C:0D:0E",
                "ip-addresses": [ "2001:db8:1::100" ]
                "hostname": "alice-laptop"
            }
        ]
    }
],
"dhcp-ddns": {
    "enable-updates": true,
    "qualifying-suffix": "example.isc.org."
}
</screen>
      will result in assigning the "alice-laptop.example.isc.org." hostname to the
      client using the DUID "01:02:03:04:05:0A:0B:0C:0D:0E". If the <command>qualifying-suffix
      </command> is not specified, the default (empty) value will be used, and
      in this case the value specified as a <command>hostname</command> will
      be treated as fully qualified name.  Thus, by leaving the
      <command>qualifying-suffix</command> empty it is possible to qualify
      hostnames for the different clients with different domain names:
<screen>
"subnet6": [
    {
        "subnet": "2001:db8:1::/48",
        "pools": [ { "pool": "2001:db8:1::/80" } ],
        "reservations": [
            {
                "duid": "01:02:03:04:05:0A:0B:0C:0D:0E",
                "ip-addresses": [ "2001:db8:1::100" ]
                "hostname": "mark-desktop.example.org."
            }
        ]
    }
],
"dhcp-ddns": {
    "enable-updates": true,
}
</screen>
      will result in assigning the "mark-desktop.example.org." hostname to the
      client using the DUID "01:02:03:04:05:0A:0B:0C:0D:0E".
    </para>
</section>

    <section id="reservation6-options">
      <title>Reserving specific options</title>
      <!-- @todo: replace this with the actual text once #3573 is implemented -->
      <para>Currently it is not possible to specify options in host
      reservation. Such a feature will be added in the upcoming Kea
      releases.</para>
    </section>

    <section id="reservation6-mode">
      <title>Fine Tuning IPv6 Host Reservation</title>

      <note>
        <para><command>reservation-mode</command> in the DHCPv6 server is
        implemented in Kea 0.9.1 beta, but has not been tested and is
        considered experimental.</para>
      </note>

      <para>Host reservation capability introduces additional restrictions for the
      allocation engine during lease selection and renewal. In particular, three
      major checks are necessary. First, when selecting a new lease, it is not
      sufficient for a candidate lease to be not used by another DHCP client. It
      also must not be reserved for another client. Second, when renewing a lease,
      additional check must be performed whether the address being renewed is not
      reserved for another client. Finally, when a host renews an address or a
      prefix, the server has to check whether there's a reservation for this host,
      so the existing (dynamically allocated) address should be revoked and the
      reserved one be used instead.</para>
      <para>Some of those checks may be unnecessary in certain deployments. Not
      performing them may improve performance. The Kea server provides the
      <command>reservation-mode</command> configuration parameter to select the
      types of reservations allowed for the particular subnet. Each reservation
      type has different constraints for the checks to be performed by the
      server when allocating or renewing a lease for the client.
      Allowed values are:

      <itemizedlist>
      <listitem><simpara> <command>all</command> - enables all host reservation
      types. This is the default value. This setting is the safest and the most
      flexible. It allows in-pool and out-of-pool reservations. As all checks
      are conducted, it is also the slowest.
      </simpara></listitem>

      <listitem><simpara> <command>out-of-pool</command> - allows only out of
      pool host reservations.  With this setting in place, the server may assume
      that all host reservations are for addresses that do not belong to the
      dynamic pool. Therefore it can skip the reservation checks when dealing
      with in-pool addresses, thus improving performance. Do not use this mode
      if any of your reservations use in-pool address. Caution is advised when
      using this setting. Kea 0.9.1 does not sanity check the reservations against
      <command>reservation-mode</command>. Misconfiguration may cause problems.
      </simpara></listitem>

      <listitem><simpara>
      <command>disabled</command> - host reservation support is disabled. As there
      are no reservations, the server will skip all checks. Any reservations defined
      will be completely ignored. As the checks are skipped, the server may
      operate faster in this mode.
      </simpara></listitem>

      </itemizedlist>
      </para>

      <para>
        An example configuration that disables reservation looks like follows:
        <screen>
"Dhcp6": {
    "subnet6": [
        {
        "subnet": "2001:db8:1::/64",
        <userinput>"reservation-mode": "disabled"</userinput>,
        ...
        }
    ]
}
</screen>
      </para>
   </section>

    <!-- @todo: add support for per IA reservation (that specifies IAID in
                the ip-addresses and prefixes) -->
  </section>
  <!-- end of host reservations section -->

    <section id="dhcp6-serverid">
      <title>Server Identifier in DHCPv6</title>
      <para>The DHCPv6 protocol uses a "server identifier" (also known
      as a DUID) for clients to be able to discriminate between several
      servers present on the same link.
      <ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink>
      defines three DUID types: DUID-LLT, DUID-EN and DUID-LL.
      <ulink url="http://tools.ietf.org/html/rfc6355">RFC 6355</ulink>
      also defines DUID-UUID. Future specifications may introduce new
      DUID types.</para>

      <para>Kea DHCPv6 server generates a server identifier once, upon
      the first startup, and stores it in a file. This identifier isn't
      modified across restarts of the server (stable identifier).</para>

      <para>Kea follows recommendation from
      <ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink>
      to use DUID-LLT as a default server identifier. However, we have
      received reports that some deployments require different DUID
      types, and there is a need to administratively select both DUID
      type and/or its contents.</para>

      <para>The server identifier can be configured using parameters
      within the <command>server-id</command> map element in the global
      scope of the Kea configuration file. The following example
      demonstrates how to select DUID-EN as a server identifier:

<screen>
"Dhcp6": {
    "server-id": {
        "type": "EN"
    },
    ...
}
</screen>

      </para>

      <para>Currently supported values for <command>type</command>
      parameter are: "LLT", "EN" and "LL", for DUID-LLT, DUID-EN and
      DUID-LL respectively.</para>

      <para>When a new DUID type is selected the server will generate its
      value and replace any existing DUID in the file. The server will
      use the new server identifier in all future interactions with the
      clients.</para>

      <note><para>If the new server identifier is created after some clients
      have obtained their leases, the clients using old identifier will not
      be able to renew the leases. The server will ignore messages
      containing the old server identifier. Clients will continue sending
      Renew until they transition to rebinding state. In this state they
      will start sending Rebind messages to multicast address and without
      a server identifier. The server will respond to the Rebind messages
      with a new server identifier and the clients will associate the
      new server identifier with their leases. Although the clients will
      be able to keep their leases and will eventually learn the new server
      identifier, this will be at the cost of increased number of renewals
      and multicast traffic due to a need to rebind. Therefore it is
      recommended to avoid modification of the server identifier type
      and its value if the server has already assigned leases and these
      leases are still valid.</para></note>

      <para>There are cases when an administrator needs to explicitly
      specify a DUID value, rather than allow the server to generate it.
      The following example demonstrates how to explicitly set all
      components of a DUID-LLT.

<screen>
"Dhcp6": {
    "server-id": {
        "type": "LLT",
        "htype": 8,
        "identifier": "A65DC7410F05",
        "time": 2518920166
    },
    ...
}
</screen>

      where:
      <itemizedlist>
        <listitem><simpara><command>htype</command> is a 16-bit unsigned value
        specifying hardware type,</simpara></listitem>
        <listitem><simpara><command>identifier</command> is a link layer
        address, specified as a string of hexadecimal digits,</simpara>
        </listitem>
        <listitem><simpara><command>time</command> is a 32-bit unsigned
        time value.</simpara></listitem>
      </itemizedlist>
      </para>

      <para>The hexadecimal representation of the DUID generated as a result
      of the configuration specified above will be:
<screen>
00:01:00:08:96:23:AB:E6:A6:5D:C7:41:0F:05
------------------------------------------
|type|htype|   time    |   identifier    |
</screen>
      </para>

      <para>It is allowed to use special value of 0 for "htype" and "time",
      which indicates that the server should use ANY value for these
      components. If the server already uses a DUID-LLT it will use the
      values from this DUID. If the server uses a DUID of a different type
      or doesn't use any DUID yet, it will generate these values.
      Similarly, if the "identifier" is assigned an empty string, the
      value of the identifier will be generated. Omitting any of these
      parameters is equivalent to setting them to those special values.
      </para>

      <para>For example, the following configuration:
<screen>
"Dhcp6": {
    "server-id": {
        "type": "LLT",
        "htype": 0,
        "identifier": "",
        "time": 2518920166
    },
    ...
}
</screen>

      indicates that the server should use ANY link layer address and
      hardware type. If the server is already using DUID-LLT it will
      use link layer address and hardware type from the existing DUID.
      If the server is not using any DUID yet, it will use link layer
      address and hardware type from one of the available network
      interfaces. The server will use explicit value of time. If it
      is different than a time value present in the currently used
      DUID, this value will be replaced. This will effectively cause
      modification of the current server identifier.
      </para>

      <para>
        The following example demonstrates an explicit configuration of
        a DUID-EN:

<screen>
"Dhcp6": {
    "server-id": {
        "type": "EN",
        "enterprise-id": 2495,
        "identifier": "87ABEF7A5BB545"
    },
    ...
}
</screen>

      where:
      <itemizedlist>
        <listitem><simpara><command>enterprise-id</command> is a 32-bit
        unsigned value holding enterprise number,</simpara></listitem>
        <listitem><simpara><command>identifier</command> is a variable
        length identifier within DUID-EN.</simpara></listitem>
      </itemizedlist>
      </para>

      <para>
        The hexadecimal representation of the DUID-EN created according to
        the configuration above is:
<screen>
00:02:00:00:09:BF:87:AB:EF:7A:5B:B5:45
--------------------------------------
|type|  ent-id   |    identifier     |
</screen>
      </para>

      <para>As in the case of the DUID-LLT, special values can be used for the
      configuration of the DUID-EN. If the "enterprise-id" is 0, the server
      will use a value from the existing DUID-EN. If the server is not using
      any DUID or the existing DUID has a different type, the ISC enterprise
      id will be used. When an empty string is used for "identifier", the
      identifier from the existing DUID-EN will be used. If the server is
      not using any DUID-EN the new 6-bytes long identifier will be generated.
      </para>

      <para>DUID-LL is configured in the same way as DUID-LLT with an exception
      that the <command>time</command> parameter has no effect for DUID-LL,
      because this DUID type only comprises a hardware type and link layer
      address. The following example demonstrates how to configure DUID-LL:

<screen>
"Dhcp6": {
    "server-id": {
        "type": "LL",
        "htype": 8,
        "identifier": "A65DC7410F05"
    },
    ...
}
</screen>

      </para>

      <para>
      which will result in the following server identifier:

<screen>
00:03:00:08:A6:5D:C7:41:0F:05
------------------------------
|type|htype|   identifier   |
</screen>
      </para>

      <para>Server stores a generated server identifier in the following
      location: <userinput>[kea-install-dir]/var/kea/kea-dhcp6-serverid
      </userinput>.
      </para>

      <para>In some uncommon deployments where no stable storage is
      available, it is desired to configure the server to not try to
      store the server identifier on the stable storage. It is controlled
      by the value of <command>persist</command> boolean parameter:
<screen>
"Dhcp6": {
    "server-id": {
        "type": "EN",
        "enterprise-id": 2495,
        "identifier": "87ABEF7A5BB545",
        "persist": false
    },
    ...
}
</screen>
      </para>
      <para>The default value of the "persist" parameter is
      <command>true</command> which configures the server to store the
      server identifier on a disk.</para>

      <para>In the example above, the server is configured to not store
      the generated server identifier on a disk. But, if the server
      identifier is not modified in the configuration the same value
      will be used after server restart, because entire server
      identifier is explicitly specified in a configuration.</para>
    </section>

    <section id="stateless-dhcp6">
      <title>Stateless DHCPv6 (Information-Request Message)</title>
      <para>Typically DHCPv6 is used to assign both addresses and options. These
      assignments (leases) have state that changes over time, hence
      their name, stateful. DHCPv6 also supports a stateless mode,
      where clients request configuration options only. This mode is
      considered lightweight from the server perspective, as it does not require
      any state tracking; hence its name.</para>
      <para>The Kea server supports stateless mode. Clients can send
      Information-Request messages and the server will send back
      answers with the requested options (providing the options are
      available in the server configuration).  The server will attempt to
      use per-subnet options first. If that fails - for whatever reason - it
      will then try to provide options defined in the global scope.</para>

      <para>Stateless and stateful mode can be used together. No special
      configuration directives are required to handle this. Simply use the
      configuration for stateful clients and the stateless clients will get
      just options they requested.</para>

      <para>This usage of global options allows for an interesting case.
      It is possible to run a server that provides just options and no
      addresses or prefixes. If the options have the same value in each
      subnet, the configuration can define required options in the global
      scope and skip subnet definitions altogether. Here's a simple example of
      such a configuration:
<screen>
"Dhcp6": {
    "interfaces-config": {
        "interfaces": [ "ethX" ]
    },
    <userinput>"option-data": [ {
        "name": "dns-servers",
        "data": "2001:db8::1, 2001:db8::2"
    } ]</userinput>,
    "lease-database": { "type": "memfile" }
 }
</screen>
      This very simple configuration will provide DNS server information
      to all clients in the network, regardless of their location. Note the
      specification of the memfile lease database: this is required since,
      as of version 0.9.1, Kea requires a lease database to be specified
      even if it is not used.</para>
    </section>

    <section id="dhcp6-rfc7550">
      <title>Support for RFC 7550</title>
      <para>The <ulink url="http://tools.ietf.org/html/rfc7550">RFC 7550</ulink>
      has introduced some changes to the DHCPv6 protocol to resolve a few issues
      with the coexistence of multiple stateful options in the messages sent
      between the clients and servers.</para>

      <para>The typical example is when the client, such as a requesting
      router, requests an allocation of both addresses and prefixes when
      it performs the 4-way (SARR) exchange with the server. If the
      server is not configured to allocate any prefixes but it can allocate
      some addresses, it will respond with the IA_NA(s) containing allocated
      addresses and the IA_PD(s) containing the NoPrefixAvail status code. If
      the client can operate without prefixes it may transition to the
      'bound' state when it sends Renew/Rebind messages to the server,
      according to the T1 and T2 times, to extend the lifetimes of the
      allocated addresses. If the client is still interested in obtaining
      prefixes from the server it may also include IA_PD in the Renew/Rebind
      to request allocation of the prefixes. If the server still cannot
      allocate the prefixes, it will respond with the IA_PD(s) containing
      NoPrefixAvail status code. However, if the server can now allocate
      the prefixes it will do so, and send them in the IA_PD(s) to the client.
      Allocation of leases during the Renew/Rebind was not supported in the
      <ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink>
      and <ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink>,
      and has been introduced in
      <ulink url="http://tools.ietf.org/html/rfc7550">RFC 7550</ulink>.
      Kea supports this new behavior and it doesn't provide any configuration
      mechanisms to disable it.
      </para>

      <para>
        The following are the other behaviors specified in the
        <ulink url="http://tools.ietf.org/html/rfc7550">RFC 7550</ulink>
        supported by the Kea DHCPv6 server:
        <itemizedlist>
          <listitem><simpara>set T1/T2 timers to the same value for all
          stateful (IA_NA and IA_PD) options to facilitate renewal of all
          client's leases at the same time (in a single message exchange),
          </simpara></listitem>
          <listitem><simpara>NoAddrsAvail and NoPrefixAvail status codes
          are placed in the IA_NA and IA_PD options in the Advertise message,
          rather than as the top level options.</simpara></listitem>
        </itemizedlist>
      </para>
    </section>

    <section id="dhcp6-relay-override">
      <title>Using specific relay agent for a subnet</title>
      <para>
        The relay has to have an interface connected to the link on which
        the clients are being configured. Typically the relay has a global IPv6
        address configured on the interface that belongs to the subnet from which
        the server will assign addresses. In the typical case, the
        server is able to use the IPv6 address inserted by the relay (in the link-addr
        field in RELAY-FORW message) to select the appropriate subnet.
      </para>
      <para>
        However, that is not always the case. The relay
        address may not match the subnet in certain deployments. This
        usually means that there is more than one subnet allocated for a given
        link. The two most common examples where this is the case are long lasting
        network renumbering (where both old and new address space is still being
        used) and a cable network. In a cable network both cable modems and the
        devices behind them are physically connected to the same link, yet
        they use distinct addressing. In such case, the DHCPv6 server needs
        additional information (like the value of interface-id option or IPv6
        address inserted in the link-addr field in RELAY-FORW message) to
        properly select an appropriate subnet.
      </para>
      <para>
        The following example assumes that there is a subnet 2001:db8:1::/64
        that is accessible via relay that uses 3000::1 as its IPv6 address.
        The server will be able to select this subnet for any incoming packets
        that came from a relay that has an address in 2001:db8:1::/64 subnet.
        It will also select that subnet for a relay with address 3000::1.
        <screen>
"Dhcp6": {
    "subnet6": [
        {
            "subnet": "2001:db8:1::/64",
            "pools": [
                 {
                     "pool": "2001:db8:1::1-2001:db8:1::ffff"
                 }
             ],
             <userinput>"relay": {
                 "ip-address": "3000::1"
             }</userinput>
        }
    ]
}
</screen>
      </para>

    </section>

      <section id="dhcp6-client-class-relay">
        <title>Segregating IPv6 clients in a cable network</title>
        <para>
          In certain cases, it is useful to mix relay address information,
          introduced in <xref linkend="dhcp6-relay-override"/> with client
          classification, explained in <xref linkend="classify"/>.
          One specific example is a cable network, where typically modems
          get addresses from a different subnet than all devices connected
          behind them.
        </para>
        <para>
          Let's assume that there is one CMTS (Cable Modem Termination System)
          with one CM MAC (a physical link that modems are connected to).
          We want the modems to get addresses from the 3000::/64 subnet,
          while everything connected behind modems should get addresses from
          another subnet (2001:db8:1::/64). The CMTS that acts as a relay
          an uses address 3000::1. The following configuration can serve
          that configuration:
        <screen>
"Dhcp6": {
    "subnet6": [
        {
            "subnet": "3000::/64",
            "pools": [
                { "pool": "3000::2 - 3000::ffff" }
            ],
            <userinput>"client-class": "VENDOR_CLASS_docsis3.0",
            "relay": {
                "ip-address": "3000::1"
            }</userinput>
        },

        {
            "subnet": "2001:db8:1::/64",
            "pools": [
                 {
                     "pool": "2001:db8:1::1-2001:db8:1::ffff"
                 }
             ],
             <userinput>"relay": {
                 "ip-address": "3000::1"
             }</userinput>
        }
    ]
}
</screen>
      </para>
      </section>

    <section id="mac-in-dhcpv6">
      <title>MAC/Hardware addresses in DHCPv6</title>
      <para>MAC/hardware addresses are available in DHCPv4 messages
      from the clients and administrators
      frequently use that information to perform certain tasks, like per host
      configuration, address reservation for specific MAC addresses and other.
      Unfortunately, the DHCPv6 protocol does not provide any completely reliable way
      to retrieve that information. To mitigate that issue a number of mechanisms
      have been implemented in Kea that attempt to gather that information. Each
      of those mechanisms works in certain cases, but may fail in other cases.
      Whether the mechanism works or not in the particular deployment is
      somewhat dependent on the network topology and the technologies used.</para>

      <para>Kea allows for configuration which of the supported methods should be
      used and in which order. This configuration may be considered a fine tuning
      of the DHCP deployment. In a typical deployment the default
      value of <command>"any"</command> is sufficient and there is no
      need to select specific methods. Changing the value of this parameter
      is the most useful in cases when an administrator wants to disable
      certain method, e.g. if the administrator trusts the network infrastructure
      more than the information provided by the clients themselves, the
      administrator may prefer information provided by the relays over that
      provided by the clients. The format of this parameter is as follows:
        <screen>
"Dhcp6": {
    <userinput>"mac-sources": [ "method1", "method2", "method3", ... ]</userinput>,

    "subnet6": [ ... ],

    ...
}
</screen>

    When not specified, a special value of <emphasis>any</emphasis> is used, which
    instructs the server to attempt to use all the methods in sequence and use
    value returned by the first one that succeeds.</para>

    <para>Supported methods are:
    <itemizedlist>
      <listitem>
        <simpara><command>any</command> - not an actual method, just a keyword that
        instructs Kea to try all other methods and use the first one that succeeds.
        This is the default operation if no <command>mac-sources</command> are defined.
        </simpara>
      </listitem>
      <listitem>
        <simpara><command>raw</command> - In principle, a DHCPv6 server could use raw
        sockets to receive incoming traffic and extract MAC/hardware address
        information. This is currently not implemented for DHCPv6 and this value has
        no effect.
        </simpara>
      </listitem>
      <listitem>
        <simpara><command>duid</command> - DHCPv6 uses DUID identifiers instead of
        MAC addresses. There are currently four DUID types defined, with two of them
        (DUID-LLT, which is the default one and DUID-LL) convey MAC address information.
        Although RFC 3315 forbids it, it is possible to parse those DUIDs and extract
        necessary information from them. This method is not completely reliable, as
        clients may use other DUID types, namely DUID-EN or DUID-UUID.
        </simpara>
      </listitem>
      <listitem>
        <simpara><command>ipv6-link-local</command> - Another possible acquisition
        method comes from the source IPv6 address. In typical usage, clients are
        sending their packets from IPv6 link-local addresses. There's a good chance
        that those addresses are based on EUI-64, which contains MAC address. This
        method is not completely reliable, as clients may use other link-local address
        types.  In particular, privacy extensions, defined in RFC 4941, do not use
        MAC addresses.  Also note that successful extraction requires that the
        address's u-bit must be set to 1 and its g-bit set to 0, indicating that it
        is an interface identifier as per
        <ulink url="http://tools.ietf.org/html/rfc2373#section-2.5.1">
        RFC 2373, section 2.5.1</ulink>.
        </simpara>
      </listitem>
      <listitem>
        <simpara><command>client-link-addr-option</command> - One extension defined
        to alleviate missing MAC issues is client link-layer address option, defined
        in <ulink url="http://tools.ietf.org/html/rfc6939">RFC 6939</ulink>. This is
        an option that is inserted by a relay and contains information about client's
        MAC address. This method requires a relay agent that supports the option and
        is configured to insert it. This method is useless for directly connected
        clients. This parameter can also be specified as <command>rfc6939</command>,
        which is an alias for <command>client-link-addr-option</command>.
        </simpara>
      </listitem>
      <listitem>
        <simpara><command>remote-id</command> - <ulink
        url="http://tools.ietf.org/html/rfc4649">RFC 4649</ulink>
        defines remote-id option that is inserted by a relay agent. Depending
        on the relay agent configuration, the inserted option may convey client's
        MAC address information. This parameter can also be specified as
        <command>rfc4649</command>, which is an alias for <command>remote-id</command>.
        </simpara>
      </listitem>
      <listitem>
        <simpara><command>subscriber-id</command> - Another option
        that is somewhat similar to the previous one is subscriber-id,
        defined in <ulink url="http://tools.ietf.org/html/rfc4580">RFC
        4580</ulink>. It is, too, inserted by a relay agent that is
        configured to insert it. This parameter can also be specified
        as <command>rfc4580</command>, which is an alias for
        <command>subscriber-id</command>. This method is currently not
        implemented.
        </simpara>
      </listitem>
      <listitem>
        <simpara><command>docsis-cmts</command> - Yet another possible source of MAC
        address information are DOCSIS options inserted by a CMTS that acts
        as a DHCPv6 relay agent in cable networks. This method attempts to extract
        MAC address information from suboption 1026 (cm mac) of the vendor specific option
        with vendor-id=4491. This vendor option is extracted from the relay-forward message,
        not the original client's message.
        </simpara>
      </listitem>
      <listitem>
        <simpara><command>docsis-modem</command> - Yet another possible source of MAC
        address information are DOCSIS options inserted by the cable modem itself.
        This method attempts to extract MAC address information from suboption 36 (device id)
        of the vendor specific option with vendor-id=4491. This vendor option is extracted from
        the original client's message, not from any relay options.
        </simpara>
      </listitem>
    </itemizedlist>
    </para>
  </section>

    <section id="dhcp6-decline">
      <title>Duplicate Addresses (DECLINE support)</title>

      <para>The DHCPv6 server is configured with a certain pool of
      addresses that it is expected to hand out to the DHCPv6 clients.
      It is assumed that the server is authoritative and has complete
      jurisdiction over those addresses. However, due to various
      reasons, such as misconfiguration or a faulty client implementation
      that retains its address beyond the valid lifetime, there may be
      devices connected that use those addresses without the server's
      approval or knowledge.</para>

      <para>Such an unwelcome event can be detected
      by legitimate clients (using Duplicate Address Detection) and
      reported to the DHCPv6 server using a DECLINE message. The server
      will do a sanity check (if the client declining an address really
      was supposed to use it), then will a conduct clean up operation
      and confirm it by sending back a REPLY message. Any DNS entries
      related to that address will be removed, the fact will be logged
      and hooks will be triggered. After that is done, the address
      will be marked as declined (which indicates that it is used by
      an unknown entity and thus not available for assignment to
      anyone) and a probation time will be set on it. Unless otherwise
      configured, the probation period lasts 24 hours. After that
      period, the server will recover the lease, i.e. put it back into
      the available state. The address will be available for assignment
      again. It should be noted that if the underlying issue of a
      misconfigured device is not resolved, the duplicate address
      scenario will repeat. On the other hand, it provides an
      opportunity to recover from such an event automatically, without
      any sysadmin intervention.</para>

      <para>To configure the decline probation period to a value different
      than the default, the following syntax can be used:
<screen>
  "Dhcp6": {
    <userinput>"decline-probation-period": 3600</userinput>,
    "subnet6": [ ... ],
    ...
}
</screen>
      The parameter is expressed in seconds, so the example above will instruct
      the server to recycle declined leases after an hour.</para>

      <para>There are several statistics and hook points associated with the
      Decline handling procedure. The lease6_decline hook is triggered after the
      incoming Decline message has been sanitized and the server is about to decline
      the lease. The declined-addresses statistic is increased after the hook
      returns (both global and subnet specific variants).</para>

      <para>Once the probation time elapses, the declined lease is recovered
      using the standard expired lease reclamation procedure, with several
      additional steps. In particular, both declined-addresses statistics
      (global and subnet specific) are decreased. At the same time,
      reclaimed-declined-addresses statistics (again in two variants, global and
      subnet specific) are increased.</para>

      <para>Note about statistics: The server does not decrease
      assigned-addresses statistics when a DECLINE message is received and
      processed successfully. While technically a declined address is no longer
      assigned, the primary usage of the assigned-addresses statistic is to
      monitor pool utilization. Most people would forget to include
      declined-addresses in the calculation, and simply do
      assigned-addresses/total-addresses. This would have a bias towards
      under-representing pool utilization. As this has a potential for major
      issues, we decided not to decrease assigned addresses immediately after
      receiving Decline, but to do it later when we recover the address back to
      the available pool.</para>
    </section>

    <section id="dhcp6-stats">
      <title>Statistics in DHCPv6 server</title>
      <note>
        <para>This section describes DHCPv6-specific statistics. For a general
        overview and usage of statistics, see <xref linkend="stats" />.</para>
      </note>

      <para>
        The DHCPv6 server supports the following statistics:
      </para>
        <table frame="all" id="dhcp6-statistics">
          <title>DHCPv6 Statistics</title>
          <tgroup cols='3'>
          <colspec colname='statistic' align='center'/>
          <colspec colname='type' align='center'/>
          <colspec colname='description' align='left'/>
          <thead>
            <row>
              <entry>Statistic</entry>
              <entry>Data Type</entry>
              <entry>Description</entry>
            </row>
          </thead>
          <tbody>

            <row>
              <entry>pkt6-received</entry>
              <entry>integer</entry>
              <entry>Number of DHCPv6 packets received. This includes all packets:
              valid, bogus, corrupted, rejected etc. This statistic is expected
              to grow rapidly.</entry>
            </row>

            <row>
              <entry>pkt6-receive-drop</entry>
              <entry>integer</entry>
              <entry>Number of incoming packets that were dropped. Exact reason
              for dropping packets is logged, but the most common reasons may
              be: an unacceptable or not supported packet type, direct responses
              are forbidden, the server-id sent by the client does not match the
              server's server-id or the packet is malformed.</entry>
            </row>

            <row>
              <entry>pkt6-parse-failed</entry>
              <entry>integer</entry>
              <entry>Number of incoming packets that could not be parsed.
              A non-zero value of this statistic indicates that the server
              received a malformed or truncated packet. This may indicate problems
              in your network, faulty clients, faulty relay agents or server
              code bug.</entry>
            </row>

            <row>
              <entry>pkt6-solicit-received</entry>
              <entry>integer</entry>
              <entry>
                Number of SOLICIT packets received. This statistic is expected
                to grow.  Its increase means that clients that just booted
                started their configuration process and their initial packets
                reached your server.
              </entry>
            </row>

            <row>
              <entry>pkt6-advertise-received</entry>
              <entry>integer</entry>
              <entry>
                Number of ADVERTISE packets received. Advertise packets are sent
                by the server and the server is never expected to receive them. A non-zero
                value of this statistic indicates an error occurring in the network.
                One likely cause would be a misbehaving relay agent that incorrectly
                forwards ADVERTISE messages towards the server, rather back to the
                clients.
              </entry>
            </row>

            <row>
              <entry>pkt6-request-received</entry>
              <entry>integer</entry>
              <entry>Number of REQUEST packets received. This statistic
                is expected to grow. Its increase means that clients that just booted
                received the server's response (ADVERTISE), accepted it and are now
                requesting an address (REQUEST).
              </entry>
            </row>

            <row>
              <entry>pkt6-reply-received</entry>
              <entry>integer</entry>
              <entry>Number of REPLY packets received. This statistic is
              expected to remain zero at all times, as REPLY packets are sent by
              the server and the server is never expected to receive
              them. A non-zero value indicates an error. One likely cause would be
              a misbehaving relay agent that incorrectly forwards REPLY messages
              towards the server, rather back to the clients.
              </entry>
            </row>

            <row>
              <entry>pkt6-renew-received</entry>
              <entry>integer</entry>
              <entry>Number of RENEW packets received. This statistic
                is expected to grow. Its increase means that clients received their
                addresses and prefixes and are trying to renew them.
              </entry>
            </row>

            <row>
              <entry>pkt6-rebind-received</entry>
              <entry>integer</entry>
              <entry>Number of REBIND packets received. A non-zero value
              indicates that clients didn't receive responses to their RENEW messages
              (regular lease renewal mechanism) and are attempting to find any server
              that is able to take over their leases. It may mean that some server's
              REPLY messages never reached the clients.
              </entry>
            </row>

            <row>
              <entry>pkt6-release-received</entry>
              <entry>integer</entry>
              <entry>Number of RELEASE packets received. This statistic is expected
              to grow when a device is being shut down in the network. It
              indicates that the address or prefix assigned is reported as no longer
              needed. Note that many devices, especially wireless, do not send RELEASE,
              because of design choice or due to moving out of range.
              </entry>
            </row>

            <row>
            <entry>pkt6-decline-received</entry>
            <entry>integer</entry>
            <entry>
              Number of DECLINE packets received. This statistic is expected to
              remain close to zero. Its increase means that a client leased an
              address, but discovered that the address is currently used by an
              unknown device in your network. If this statistic is growing, it
              may indicate misconfigured server or devices that have statically
              assigned conflicting addresses.
            </entry>
            </row>

            <row>
              <entry>pkt6-infrequest-received</entry>
              <entry>integer</entry>
              <entry>
                Number of INFORMATION-REQUEST packets received. This statistic
                is expected to grow if there are devices that are using
                stateless DHCPv6. INFORMATION-REQUEST messages are used by
                clients that request stateless configuration, i.e. options
                and parameters other than addresses or prefixes.
              </entry>
            </row>

            <row>
              <entry>pkt6-unknown-received</entry>
              <entry>integer</entry>
              <entry>Number of packets received of an unknown type. Non-zero
              value of this statistic indicates that the server received a
              packet that it wasn't able to recognize: either with unsupported
              type or possibly malformed.</entry>
            </row>

            <row>
              <entry>pkt6-sent</entry>
              <entry>integer</entry>
              <entry>Number of DHCPv6 packets sent. This statistic is expected
              to grow every time the server transmits a packet. In general, it
              should roughly match pkt6-received, as most incoming packets cause
              the server to respond. There are exceptions (e.g. server receiving a
              REQUEST with server-id matching other server), so do not worry, if
              it is lesser than pkt6-received.</entry>
            </row>

            <row>
              <entry>pkt6-advertise-sent</entry>
              <entry>integer</entry>
              <entry>Number of ADVERTISE packets sent. This statistic is
              expected to grow in most cases after a SOLICIT is processed. There
              are certain uncommon, but valid cases where incoming SOLICIT is
              dropped, but in general this statistic is expected to be close to
              pkt6-solicit-received.</entry>
            </row>

            <row>
              <entry>pkt6-reply-sent</entry>
              <entry>integer</entry>
              <entry>Number of REPLY packets sent. This statistic is expected to
              grow in most cases after a SOLICIT (with rapid-commit), REQUEST,
              RENEW, REBIND, RELEASE, DECLINE or INFORMATION-REQUEST is
              processed. There are certain cases where there is no response.
              </entry>
            </row>

            <row>
            <entry>subnet[id].total-nas</entry>
            <entry>integer</entry>
            <entry>
            This statistic shows the total number of NA addresses available for
            DHCPv6 management for a given subnet. In other words, this is the sum
            of all addresses in all configured pools. This statistic changes only
            during configuration changes. Note it does not take into account any
            addresses that may be reserved due to host reservation. The
            <emphasis>id</emphasis> is the subnet-id of a given subnet. This
            statistic is exposed for each subnet separately. This statistic is
            reset during a reconfiguration event.
            </entry>
            </row>

            <row>
            <entry>subnet[id].assigned-nas</entry>
            <entry>integer</entry>
            <entry>
            This statistic shows the number of NA addresses in a given subnet that
            are assigned. This statistic increases every time a new lease is allocated
            (as a result of receiving a REQUEST message) and is decreased every time a
            lease is released (a RELEASE message is received) or expires. The
            <emphasis>id</emphasis> is the subnet-id of a given subnet. This
            statistic is exposed for each subnet separately. This statistic is
            reset during a reconfiguration event.
            </entry>
            </row>

            <row>
            <entry>subnet[id].total-pds</entry>
            <entry>integer</entry>
            <entry>
            This statistic shows the total number of PD prefixes available for
            DHCPv6 management for a given subnet. In other words, this is the sum
            of all prefixes in all configured pools. This statistic changes only
            during configuration changes. Note it does not take into account any
            prefixes that may be reserved due to host reservation. The
            <emphasis>id</emphasis> is the subnet-id of a given subnet. This
            statistic is exposed for each subnet separately. This statistic is
            reset during a reconfiguration event.
            </entry>
            </row>

            <row>
            <entry>subnet[id].assigned-pds</entry>
            <entry>integer</entry>
            <entry>
            This statistic shows the number of PD prefixes in a given subnet that
            are assigned. This statistic increases every time a new lease is allocated
            (as a result of receiving a REQUEST message) and is decreased every time a
            lease is released (a RELEASE message is received) or expires. The
            <emphasis>id</emphasis> is the subnet-id of a given subnet. This statistic
            is exposed for each subnet separately. This statistic is reset during a
            reconfiguration event.
            </entry>
            </row>

            <row>
            <entry>declined-addresses</entry>
            <entry>integer</entry>
            <entry>
              This statistic shows the number of IPv6 addresses that are
              currently declined. This statistic counts the number of leases
              currently unavailable. Once a lease is recovered, this
              statistic will be decreased. Ideally, this statistic should be
              zero. If this statistic is non-zero (or worse increasing),
              a network administrator should investigate if there is
              a misbehaving device in his network. This is a global statistic
              that covers all subnets.
            </entry>
            </row>

            <row>
            <entry>subnet[id].declined-addresses</entry>
            <entry>integer</entry>
            <entry>
              This statistic shows the number of IPv6 addresses that are
              currently declined in a given subnet. This statistic counts the
              number of leases currently unavailable. Once a lease is
              recovered, this statistic will be decreased. Ideally, this
              statistic should be zero. If this statistic is
              non-zero (or worse increasing), a network administrator should
              investigate if there is a misbehaving device in his network. The
              <emphasis>id</emphasis> is the subnet-id of a given subnet. This
              statistic is exposed for each subnet separately.
            </entry>
            </row>

            <row>
            <entry>reclaimed-declined-addresses</entry>
            <entry>integer</entry>
            <entry>
              This statistic shows the number of IPv6 addresses that were
              declined, but have now been recovered. Unlike
              declined-addresses, this statistic never decreases. It can be used
              as a long term indicator of how many actual valid Declines were
              processed and recovered from. This is a global statistic that
              covers all subnets.
            </entry>
            </row>

            <row>
            <entry>subnet[id].reclaimed-declined-addresses</entry>
            <entry>integer</entry>
            <entry>
              This statistic shows the number of IPv6 addresses that were
              declined, but have now been recovered. Unlike
              declined-addresses, this statistic never decreases. It can be used
              as a long term indicator of how many actual valid Declines were
              processed and recovered from. The
              <emphasis>id</emphasis> is the subnet-id of a given subnet. This
              statistic is exposed for each subnet separately.
            </entry>
            </row>

        </tbody>
        </tgroup>
        </table>
    </section>

    <section id="dhcp6-ctrl-channel">
      <title>Management API for the DHCPv6 server</title>
      <para>
        Management API has been introduced in Kea 0.9.2-beta. It allows issuing specific
        management commands, like statistics retrieval, reconfiguration or shutdown.
        For more details, see <xref linkend="ctrl-channel" />. Currently the only
        supported communication channel type is UNIX stream socket. By default there
        are no sockets open. To instruct Kea to open a socket, the following entry
        in the configuration file can be used:
<screen>
"Dhcp6": {
    "control-socket": {
        "socket-type": "unix",
        "socket-name": <userinput>"/path/to/the/unix/socket"</userinput>
    },

    "subnet6": [
        ...
    ],
    ...
}
</screen>
      </para>

      <para>
        The length of the path specified by the <command>socket-name</command>
        parameter is restricted by the maximum length for the unix socket name
        on your operating system, i.e. the size of the <command>sun_path</command>
        field in the <command>sockaddr_un</command> structure, decreased by 1.
        This value varies on different operating systems between 91 and 107
        characters. The typical values are 107 on Linux and 103 on FreeBSD.
      </para>

      <para>
        Communication over control channel is conducted using JSON structures.
        See the Control Channel section in the Kea Developer's Guide for more details.
      </para>

      <para>DHCPv6 server supports <command>statistic-get</command>,
      <command>statistic-reset</command>, <command>statistic-remove</command>,
      <command>statistic-get-all</command>, <command>statistic-reset-all</command>
      and <command>statistic-remove-all</command>, specified in
      <xref linkend="command-stats"/>. It also supports
      <command>list-commands</command> and <command>shutdown</command>,
      specified in <xref linkend="command-list-commands" /> and
      <xref linkend="command-shutdown" />, respectively.</para>
    </section>

    <section id="dhcp6-std">
      <title>Supported DHCPv6 Standards</title>
      <para>The following standards are currently
      supported:</para>
      <itemizedlist>
          <listitem>
            <simpara><emphasis>Dynamic Host Configuration Protocol for IPv6</emphasis>,
            <ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink>:
            Supported messages are SOLICIT,
            ADVERTISE, REQUEST, RELEASE, RENEW, REBIND, INFORMATION-REQUEST,
            CONFIRM and REPLY.</simpara>
          </listitem>
          <listitem>
            <simpara><emphasis>IPv6 Prefix Options for
            Dynamic Host Configuration Protocol (DHCP) version 6</emphasis>,
            <ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink>:
            Supported options are IA_PD and
            IA_PREFIX. Also supported is the status code NoPrefixAvail.</simpara>
          </listitem>
          <listitem>
            <simpara><emphasis>DNS Configuration options for Dynamic Host
            Configuration Protocol for IPv6 (DHCPv6)</emphasis>,
            <ulink url="http://tools.ietf.org/html/rfc3646">RFC 3646</ulink>:
            Supported option is DNS_SERVERS.</simpara>
          </listitem>
          <listitem>
            <simpara><emphasis>The Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
            Relay Agent Remote-ID Option</emphasis>,
            <ulink url="http://tools.ietf.org/html/rfc4649">RFC 4649</ulink>:
            REMOTE-ID option is supported.</simpara>
          </listitem>
          <listitem>
            <simpara><emphasis>The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Client
            Fully Qualified Domain Name (FQDN) Option</emphasis>,
            <ulink url="http://tools.ietf.org/html/rfc4704">RFC 4704</ulink>:
            Supported option is CLIENT_FQDN.</simpara>
          </listitem>
          <listitem>
            <simpara><emphasis>Relay-Supplied DHCP Options</emphasis>,
            <ulink url="http://tools.ietf.org/html/rfc6422">RFC 6422</ulink>:
            Full functionality is supported: OPTION_RSOO, ability of the server
            to echo back the options, checks whether an option is RSOO-enabled,
            ability to mark additional options as RSOO-enabled.</simpara>
          </listitem>
          <listitem>
            <simpara><emphasis>Client Link-Layer Address Option in
            DHCPv6</emphasis>,
            <ulink url="http://tools.ietf.org/html/rfc6939">RFC
            6939</ulink>: Supported option is client link-layer
            address option.</simpara>
          </listitem>
          <listitem>
            <simpara><emphasis>Issues and Recommendations with Multiple
            Stateful DHCPv6 Options</emphasis>,
            <ulink url="http://tools.ietf.org/html/rfc7550">RFC
            7550</ulink>: All recommendations related to the DHCPv6 server
            operation are supported.</simpara>
          </listitem>
      </itemizedlist>
    </section>

    <section id="dhcp6-limit">
      <title>DHCPv6 Server Limitations</title>
      <para> These are the current limitations and known problems
      with the DHCPv6 server
      software. Most of them are reflections of the early stage of
      development and should be treated as <quote>not implemented
      yet</quote>, rather than actual limitations.</para>
      <itemizedlist>
          <listitem> <!-- see tickets #3234, #3281 -->
            <para>
              On-line configuration has some limitations. Adding new subnets or
              modifying existing ones work, as is removing the last subnet from
              the list. However, removing non-last (e.g. removing subnet 1,2 or 3 if
              there are 4 subnets configured) will cause issues. The problem is
              caused by simplistic subnet-id assignment. The subnets are always
              numbered, starting from 1. That subnet-id is then used in leases
              that are stored in the lease database. Removing non-last subnet will
              cause the configuration information to mismatch data in the lease
              database. It is possible to manually update subnet-id fields in
              MySQL or PostgreSQL database, but it is awkward and error prone
              process. A better reconfiguration support is planned.
            </para>
          </listitem>

        <listitem>
          <simpara>
            The server will allocate, renew or rebind a maximum of one lease
            for a particular IA option (IA_NA or IA_PD) sent by a client.
            <ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink> and
            <ulink url="http://tools.ietf.org/html/rfc3633">RFC 3633</ulink> allow
            for multiple addresses or prefixes to be allocated for a single IA.
          </simpara>
        </listitem>

        <listitem>
          <simpara>Temporary addresses are not supported.</simpara>
        </listitem>

        <listitem>
          <simpara>
            Duplication report (DECLINE) and client reconfiguration (RECONFIGURE) are
            not yet supported.
          </simpara>
        </listitem>
      </itemizedlist>
    </section>

    <!--
    <section id="dhcp6-srv-examples">
      <title>Kea DHCPv6 server examples</title>

      <para>
        This section provides easy to use example. Each example can be read
        separately. It is not intended to be read sequentially as there will
        be many repetitions between examples. They are expected to serve as
        easy to use copy-paste solutions to many common deployments.
      </para>

      @todo: add simple configuration for direct clients
      @todo: add configuration for relayed clients
      @todo: add client classification example

    </section> -->

  </chapter>