Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 461164b527
Branches Tags
kea
/
src
/
lib
/
dhcp
/
libdhcsrv.dox

libdhcsrv.dox 4.7 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. /**
    2. 

  2.  @page libdhcpsrv libdhcpsrv - Server DHCP library
    3. 

  3. 

  4. This library contains code useful for DHCPv4 and DHCPv6 server operations, like
    5. 

  5. Lease Manager that stores leases information, configuration manager that stores
    6. 

  6. configuration etc. The code here is server specific. For generic (useful in
    7. 

  7. server, client, relay and other tools like perfdhcp) code, please see
    8. 

  8. \ref libdhcp.
    9. 

  9. 

  10. This library contains several crucial elements of the DHCP server operation:
    11. 

  11. 

  12. - isc::dhcp::LeaseMgr - Lease Manager is a name for database backend that stores
    13. 

  13.   leases.
    14. 

  14. - isc::dhcp::CfgMgr - Configuration Manager that holds DHCP specific
    15. 

  15.   configuration information (subnets, pools, options, timer values etc.) in
    16. 

  16.   easy to use format.
    17. 

  17. - AllocEngine - allocation engine that handles new requestes and allocates new
    18. 

  18.   leases.
    19. 

  19. 

  20. @section leasemgr Lease Manager
    21. 

  21. 

  22. LeaseMgr provides a common, unified abstract API for all database backends. All
    23. 

  23. backends are derived from the base class isc::dhcp::LeaseMgr. Currently the
    24. 

  24. only available backend is MySQL (see \ref isc::dhcp::MySqlLeaseMgr).
    25. 

  25. 

  26. @section cfgmgr Configuration Manager
    27. 

  27. 

  28. Configuration Manager (\ref isc::dhcp::CfgMgr) stores configuration information
    29. 

  29. necessary for DHCPv4 and DHCPv6 server operation. In particular, it stores
    30. 

  30. subnets (\ref isc::dhcp::Subnet4 and \ref isc::dhcp::Subnet6) together with
    31. 

  31. their pools (\ref isc::dhcp::Pool4 and \ref isc::dhcp::Pool6), options and
    32. 

  32. other information specified by the used in BIND10 configuration.
    33. 

  33. 

  34. @section allocengine Allocation Engine
    35. 

  35. 

  36. Allocation Engine (\ref isc::dhcp::AllocEngine) is what its name say - an engine
    37. 

  37. that handles allocation of new leases. It takes parameters that the client
    38. 

  38. provided (client-id, DUID, subnet, a hint if the user provided one, etc.) and
    39. 

  39. then attempts to allocate a lease.
    40. 

  40. 

  41. There is no single best soluction to the address assignment problem. Server
    42. 

  42. is expected to pick an address from its available pools is currently not used.
    43. 

  43. There are many possible algorithms that can do that, each with its own advantages
    44. 

  44. and drawbacks. This allocation engine must provide robust operation is radically
    45. 

  45. different scenarios, so there address selection problem was abstracted into
    46. 

  46. separate module, called allocator. Its sole purpose is to pick an address from
    47. 

  47. a pool. Allocation engine will then check if the picked address is free and if
    48. 

  48. it is not, then will ask allocator to pick again.
    49. 

  49. 

  50. At lease 3 allocators will be implemented:
    51. 

  51. 

  52. - Iterative - it iterates over all addresses in available pools, one
    53. 

  53. by one. The advantages of this approach are speed (typically it only needs to
    54. 

  54. increase last address), the guarantee to cover all addresses and predictability.
    55. 

  55. This allocator behaves very good in case of nearing depletion. Even when pools
    56. 

  56. are almost completely allocated, it still will be able to allocate outstanding
    57. 

  57. leases efficiently. Predictability can also be considered a serious flaw in
    58. 

  58. some environments, as prediction of the next address is trivial and can be
    59. 

  59. leveraged by an attacker. Another drawback of this allocator is that it does
    60. 

  60. not attempt to give the same address to returning clients (clients that released
    61. 

  61. or expired their leases and are requesting a new lease will likely to get a 
    62. 

  62. different lease). This allocator is implemented in \ref isc::dhcp::AllocEngine::IterativeAllocator.
    63. 

  63. 

  64. - Hashed - ISC-DHCP uses hash of the client-id or DUID to determine, which
    65. 

  65. address is tried first. If that address is not available, the result is hashed
    66. 

  66. again. That procedure is repeated until available address is found or there
    67. 

  67. are no more addresses left. The benefit of that approach is that it provides
    68. 

  68. a relative lease stability, so returning old clients are likely to get the same
    69. 

  69. address again. The drawbacks are increased computation cost, as each iteration
    70. 

  70. requires use of a hashing function. That is especially difficult when the 
    71. 

  71. pools are almost depleted. It also may be difficult to guarantee that the
    72. 

  72. repeated hashing will iterate over all available addresses in all pools. Flawed
    73. 

  73. hash algorithm can go into cycles that iterate over only part of the addresses.
    74. 

  74. It is difficult to detect such issues as only some initial seed (client-id
    75. 

  75. or DUID) values may trigger short cycles. This allocator is currently not
    76. 

  76. implemented.
    77. 

  77. 

  78. - Random - Another possible approach to address selection is randomization. This
    79. 

  79. allocator can pick an address randomly from the configured pool. The benefit
    80. 

  80. of this approach is that it is easy to implement and makes attacks based on
    81. 

  81. address prediction more difficult. The drawback of this approach is that
    82. 

  82. returning clients are almost guaranteed to get a different address. Another
    83. 

  83. drawback is that with almost depleted pools it is increasingly difficult to
    84. 

  84. "guess" an address that is free. This allocator is currently not implemented.
    85. 

  85. 

  86. */
    87.