Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e3f6de57b9
Branches Tags
kea
/
src
/
lib
/
dhcpsrv
/
libdhcpsrv.dox

libdhcpsrv.dox 6.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. // Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
    2. 

  2. //
    3. 

  3. // Permission to use, copy, modify, and/or distribute this software for any
    4. 

  4. // purpose with or without fee is hereby granted, provided that the above
    5. 

  5. // copyright notice and this permission notice appear in all copies.
    6. 

  6. //
    7. 

  7. // THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
    8. 

  8. // REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
    9. 

  9. // AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
    10. 

  10. // INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
    11. 

  11. // LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
    12. 

  12. // OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
    13. 

  13. // PERFORMANCE OF THIS SOFTWARE.
    14. 

  14. 

  15. /**
    16. 

  16.  @page libdhcpsrv libdhcpsrv - Server DHCP library
    17. 

  17. 

  18. This library contains code useful for DHCPv4 and DHCPv6 server operations, like
    19. 

  19. Lease Manager that stores leases information, configuration manager that stores
    20. 

  20. configuration etc. The code here is server specific. For generic (useful in
    21. 

  21. server, client, relay and other tools like perfdhcp) code, please see
    22. 

  22. \ref libdhcp.
    23. 

  23. 

  24. This library contains several crucial elements of the DHCP server operation:
    25. 

  25. 

  26. - isc::dhcp::LeaseMgr - Lease Manager is a name for database backend that stores
    27. 

  27.   leases.
    28. 

  28. - isc::dhcp::CfgMgr - Configuration Manager that holds DHCP specific
    29. 

  29.   configuration information (subnets, pools, options, timer values etc.) in
    30. 

  30.   easy to use format.
    31. 

  31. - AllocEngine - allocation engine that handles new requestes and allocates new
    32. 

  32.   leases.
    33. 

  33. 

  34. @section leasemgr Lease Manager
    35. 

  35. 

  36. LeaseMgr provides a common, unified abstract API for all database backends. All
    37. 

  37. backends are derived from the base class isc::dhcp::LeaseMgr. Currently the
    38. 

  38. only available backend is MySQL (see \ref isc::dhcp::MySqlLeaseMgr).
    39. 

  39. 

  40. @section cfgmgr Configuration Manager
    41. 

  41. 

  42. Configuration Manager (\ref isc::dhcp::CfgMgr) stores configuration information
    43. 

  43. necessary for DHCPv4 and DHCPv6 server operation. In particular, it stores
    44. 

  44. subnets (\ref isc::dhcp::Subnet4 and \ref isc::dhcp::Subnet6) together with
    45. 

  45. their pools (\ref isc::dhcp::Pool4 and \ref isc::dhcp::Pool6), options and
    46. 

  46. other information specified by the used in BIND10 configuration.
    47. 

  47. 

  48. @section allocengine Allocation Engine
    49. 

  49. 

  50. Allocation Engine (\ref isc::dhcp::AllocEngine) is what its name say - an engine
    51. 

  51. that handles allocation of new leases. It takes parameters that the client
    52. 

  52. provided (client-id, DUID, subnet, a hint if the user provided one, etc.) and
    53. 

  53. then attempts to allocate a lease.
    54. 

  54. 

  55. There is no single best soluction to the address assignment problem. Server
    56. 

  56. is expected to pick an address from its available pools is currently not used.
    57. 

  57. There are many possible algorithms that can do that, each with its own advantages
    58. 

  58. and drawbacks. This allocation engine must provide robust operation is radically
    59. 

  59. different scenarios, so there address selection problem was abstracted into
    60. 

  60. separate module, called allocator. Its sole purpose is to pick an address from
    61. 

  61. a pool. Allocation engine will then check if the picked address is free and if
    62. 

  62. it is not, then will ask allocator to pick again.
    63. 

  63. 

  64. At least 3 allocators will be implemented:
    65. 

  65. 

  66. - Iterative - it iterates over all resources (addresses or prefixes) in
    67. 

  67. available pools, one by one. The advantages of this approach are: speed
    68. 

  68. (typically it only needs to increase address just one), the guarantee to cover
    69. 

  69. all addresses and predictability.  This allocator behaves reasonably good in
    70. 

  70. case of nearing depletion. Even when pools are almost completely allocated, it
    71. 

  71. still will be able to allocate outstanding leases efficiently. Predictability
    72. 

  72. can also be considered a serious flaw in some environments, as prediction of the
    73. 

  73. next address is trivial and can be leveraged by an attacker. Another drawback of
    74. 

  74. this allocator is that it does not attempt to give the same address to returning
    75. 

  75. clients (clients that released or expired their leases and are requesting a new
    76. 

  76. lease will likely to get a different lease). This allocator is not suitable for
    77. 

  77. temporary addresses, which must be randomized. This allocator is implemented
    78. 

  78. in \ref isc::dhcp::AllocEngine::IterativeAllocator.
    79. 

  79. 

  80. - Hashed - ISC-DHCP uses hash of the client-id or DUID to determine, which
    81. 

  81. address is tried first. If that address is not available, the result is hashed
    82. 

  82. again. That procedure is repeated until available address is found or there
    83. 

  83. are no more addresses left. The benefit of that approach is that it provides
    84. 

  84. a relative lease stability, so returning old clients are likely to get the same
    85. 

  85. address again. The drawbacks are increased computation cost, as each iteration
    86. 

  86. requires use of a hashing function. That is especially difficult when the
    87. 

  87. pools are almost depleted. It also may be difficult to guarantee that the
    88. 

  88. repeated hashing will iterate over all available addresses in all pools. Flawed
    89. 

  89. hash algorithm can go into cycles that iterate over only part of the addresses.
    90. 

  90. It is difficult to detect such issues as only some initial seed (client-id
    91. 

  91. or DUID) values may trigger short cycles. This allocator is currently not
    92. 

  92. implemented. This will be the only allocator allowed for temporary addresses.
    93. 

  93. 

  94. - Random - Another possible approach to address selection is randomization. This
    95. 

  95. allocator can pick an address randomly from the configured pool. The benefit
    96. 

  96. of this approach is that it is easy to implement and makes attacks based on
    97. 

  97. address prediction more difficult. The drawback of this approach is that
    98. 

  98. returning clients are almost guaranteed to get a different address. Another
    99. 

  99. drawback is that with almost depleted pools it is increasingly difficult to
    100. 

  100. "guess" an address that is free. This allocator is currently not implemented.
    101. 

  101. 

  102. @subsection allocEngineTypes Different lease types support
    103. 

  103. 

  104. Allocation Engine has been extended to support different types of leases. Four
    105. 

  105. types are supported: TYPE_V4 (IPv4 addresses), TYPE_NA (normal IPv6 addresses),
    106. 

  106. TYPE_TA (temporary IPv6 addresses) and TYPE_PD (delegated prefixes). Support for
    107. 

  107. TYPE_TA is partial. Some routines are able to handle it, while other are
    108. 

  108. not. The major missing piece is the RandomAllocator, so there is no way to randomly
    109. 

  109. generate an address. This defeats the purpose of using temporary addresses for now.
    110. 

  110. 

  111. @subsection allocEnginePD Prefix Delegation support in AllocEngine
    112. 

  112. 

  113. The Allocation Engine supports allocation of the IPv6 addresses and prefixes.
    114. 

  114. For a prefix pool, the iterative allocator "walks over"
    115. 

  115. every available pool. It is similar to how it iterates over address pool,
    116. 

  116. but instead of increasing address by just one, it walks over the whole delegated
    117. 

  117. prefix length in one step. This is implemented in
    118. 

  118. isc::dhcp::AllocEngine::IterativeAllocator::increasePrefix(). Functionally the
    119. 

  119. increaseAddress(addr) call is equivalent to increasePrefix(addr, 128)
    120. 

  120. (increasing by a /128 prefix, i.e. a single address).  However, both methods are
    121. 

  121. kept, because increaseAddress() is faster and this is a routine that may be
    122. 

  122. called many hundred thousands times per second.
    123. 

  123. 

  124. */
    125.