 
Kea Administrator Reference Manual
Kea is an open source implementation of the Dynamic Host Configuration Protocol (DHCP) servers, developed and maintained by Internet Systems Consortium (ISC).
This is the reference guide for Kea version 3.1.1. Links to the most up-to-date version of this document (in PDF, HTML, and plain text formats) can be found on Read the Docs. Other useful Kea information can be found in our Knowledgebase.
- 1. Introduction
- 2. Quick Start
- 3. Installation
- 4. Kea Database Administration
- 5. Kea Security- 5.1. TLS/HTTPS Support
- 5.2. Secure Kea Control Agent
- 5.3. Securing a Kea Deployment- 5.3.1. Component-Based Design
- 5.3.2. Limiting Application Permissions
- 5.3.3. Securing Kea Administrative Access
- 5.3.4. Securing Database Connections
- 5.3.5. Information Leakage Through Logging
- 5.3.6. Summary of Path Restrictions
- 5.3.7. Cryptography Components
- 5.3.8. TSIG Signatures
- 5.3.9. Raw Socket Support
- 5.3.10. Remote Administrative Access
- 5.3.11. Authentication for Kea's RESTful API
 
- 5.4. Kea Runtime Security Policy Checking
- 5.5. Kea Security Processes
 
- 6. Kea Configuration
- 7. Managing Kea with keactrl
- 8. The Kea Control Agent
- 9. The DHCPv4 Server- 9.1. Starting and Stopping the DHCPv4 Server
- 9.2. DHCPv4 Server Configuration- 9.2.1. Introduction
- 9.2.2. Lease Storage
- 9.2.3. Hosts Storage
- 9.2.4. Interface Configuration
- 9.2.5. Issues With Unicast Responses to DHCPINFORM
- 9.2.6. IPv4 Subnet Identifier
- 9.2.7. IPv4 Subnet Prefix
- 9.2.8. Configuration of IPv4 Address Pools
- 9.2.9. Sending T1 (Option 58) and T2 (Option 59)
- 9.2.10. Standard DHCPv4 Options
- 9.2.11. CableLabs Client Conf Suboptions
- 9.2.12. Custom DHCPv4 Options
- 9.2.13. DHCPv4 Private Options
- 9.2.14. DHCPv4 Vendor-Specific Options
- 9.2.15. Nested DHCPv4 Options (Custom Option Spaces)
- 9.2.16. Unspecified Parameters for DHCPv4 Option Configuration
- 9.2.17. Support for Long Options
- 9.2.18. Support for IPv6-Only Preferred Option
- 9.2.19. Stateless Configuration of DHCPv4 Clients
- 9.2.20. Client Classification in DHCPv4
- 9.2.21. DDNS for DHCPv4
- 9.2.22. Next Server (siaddr)
- 9.2.23. Echoing Client-ID (RFC 6842)
- 9.2.24. Using Client Identifier and Hardware Address
- 9.2.25. Authoritative DHCPv4 Server Behavior
- 9.2.26. DHCPv4-over-DHCPv6: DHCPv4 Side
- 9.2.27. Sanity Checks in DHCPv4
- 9.2.28. Storing Extended Lease Information
- 9.2.29. Stash Agent Options
- 9.2.30. Multi-Threading Settings
- 9.2.31. Multi-Threading Settings With Different Database Backends
- 9.2.32. IPv6-Only Preferred Networks
- 9.2.33. Lease Caching
- 9.2.34. Temporary Allocation on DHCPDISCOVER
- 9.2.35. DNR (Discovery of Network-designated Resolvers) Options for DHCPv4
 
- 9.3. Host Reservations in DHCPv4- 9.3.1. Address Reservation Types
- 9.3.2. Conflicts in DHCPv4 Reservations
- 9.3.3. Reserving a Hostname
- 9.3.4. Including Specific DHCPv4 Options in Reservations
- 9.3.5. Reserving Next Server, Server Hostname, and Boot File Name
- 9.3.6. Reserving Client Classes in DHCPv4
- 9.3.7. Storing Host Reservations in MySQL or PostgreSQL
- 9.3.8. Fine-Tuning DHCPv4 Host Reservation
- 9.3.9. Global Reservations in DHCPv4
- 9.3.10. Pool Selection with Client Class Reservations
- 9.3.11. Subnet Selection with Client Class Reservations
- 9.3.12. Multiple Reservations for the Same IP
- 9.3.13. Host Reservations as Basic Access Control
 
- 9.4. Shared Networks in DHCPv4
- 9.5. Server Identifier in DHCPv4
- 9.6. How the DHCPv4 Server Selects a Subnet for the Client
- 9.7. Duplicate Addresses (DHCPDECLINE Support)
- 9.8. Statistics in the DHCPv4 Server
- 9.9. Management API for the DHCPv4 Server
- 9.10. User Contexts in IPv4
- 9.11. Supported DHCP Standards
- 9.12. DHCPv4 Server Limitations
- 9.13. Kea DHCPv4 Server Examples
- 9.14. Configuration Backend in DHCPv4
- 9.15. Kea DHCPv4 Compatibility Configuration Parameters
- 9.16. Address Allocation Strategies in DHCPv4
 
- 10. The DHCPv6 Server- 10.1. Starting and Stopping the DHCPv6 Server
- 10.2. DHCPv6 Server Configuration- 10.2.1. Introduction
- 10.2.2. Lease Storage
- 10.2.3. Hosts Storage
- 10.2.4. Interface Configuration
- 10.2.5. IPv6 Subnet Identifier
- 10.2.6. IPv6 Subnet Prefix
- 10.2.7. Unicast Traffic Support
- 10.2.8. Configuration of IPv6 Address Pools
- 10.2.9. Subnet and Prefix Delegation Pools
- 10.2.10. Prefix Exclude Option
- 10.2.11. Standard DHCPv6 Options
- 10.2.12. Common Softwire46 Options
- 10.2.13. DNR (Discovery of Network-designated Resolvers) Options for DHCPv6
- 10.2.14. NTP Server Suboptions
- 10.2.15. Custom DHCPv6 Options
- 10.2.16. DHCPv6 Vendor-Specific Options
- 10.2.17. Nested DHCPv6 Options (Custom Option Spaces)
- 10.2.18. Unspecified Parameters for DHCPv6 Option Configuration
- 10.2.19. Controlling the Values Sent for T1 and T2 Times
- 10.2.20. IPv6 Subnet Selection
- 10.2.21. Rapid Commit
- 10.2.22. DHCPv6 Relays
- 10.2.23. Relay-Supplied Options
- 10.2.24. Client Classification in DHCPv6
- 10.2.25. DDNS for DHCPv6
- 10.2.26. DHCPv4-over-DHCPv6: DHCPv6 Side
- 10.2.27. Sanity Checks in DHCPv6
- 10.2.28. Storing Extended Lease Information
- 10.2.29. Multi-Threading Settings
- 10.2.30. Multi-Threading Settings With Different Database Backends
- 10.2.31. Lease Caching
 
- 10.3. Host Reservations in DHCPv6- 10.3.1. Address/Prefix Reservation Types
- 10.3.2. Conflicts in DHCPv6 Reservations
- 10.3.3. Reserving a Hostname
- 10.3.4. Including Specific DHCPv6 Options in Reservations
- 10.3.5. Reserving Client Classes in DHCPv6
- 10.3.6. Storing Host Reservations in MySQL or PostgreSQL
- 10.3.7. Fine-Tuning DHCPv6 Host Reservation
- 10.3.8. Global Reservations in DHCPv6
- 10.3.9. Pool Selection with Client Class Reservations
- 10.3.10. Subnet Selection with Client Class Reservations
- 10.3.11. Multiple Reservations for the Same IP
- 10.3.12. Host Reservations as Basic Access Control
 
- 10.4. Shared Networks in DHCPv6
- 10.5. Server Identifier in DHCPv6
- 10.6. DHCPv6 Data Directory
- 10.7. Stateless DHCPv6 (INFORMATION-REQUEST Message)
- 10.8. Support for RFC 7550 (now part of RFC 8415)
- 10.9. Using a Specific Relay Agent for a Subnet
- 10.10. Segregating IPv6 Clients in a Cable Network
- 10.11. MAC/Hardware Addresses in DHCPv6
- 10.12. Duplicate Addresses (DHCPDECLINE Support)
- 10.13. Address Registration (RFC 9686 Support)
- 10.14. Statistics in the DHCPv6 Server
- 10.15. Management API for the DHCPv6 Server
- 10.16. User Contexts in IPv6
- 10.17. Supported DHCPv6 Standards
- 10.18. DHCPv6 Server Limitations
- 10.19. Kea DHCPv6 Server Examples
- 10.20. Configuration Backend in DHCPv6
- 10.21. Kea DHCPv6 Compatibility Configuration Parameters
- 10.22. Allocation Strategies in DHCPv6
 
- 11. Database Connectivity
- 12. Lease Expiration
- 13. Congestion Handling
- 14. The DHCP-DDNS Server- 14.1. Overview
- 14.2. Starting and Stopping the DHCP-DDNS Server
- 14.3. Configuring the DHCP-DDNS Server
- 14.4. DHCP-DDNS Server Statistics
- 14.5. DHCP-DDNS Server Limitations
- 14.6. Supported Standards
 
- 15. The LFC Process
- 16. Client Classification- 16.1. Client Classification Overview
- 16.2. Built-in Client Classes
- 16.3. Using Expressions in Classification
- 16.4. Configuring Classes
- 16.5. Using Static Host Reservations in Classification
- 16.6. Configuring Subnets With Class Information
- 16.7. Configuring Pools With Class Information
- 16.8. Class Priority
- 16.9. Option Class-Tagging
- 16.10. Classes and Hooks
- 16.11. Debugging Expressions
 
- 17. Hook Libraries- 17.1. Introduction
- 17.2. Installing Hook Packages
- 17.3. Configuring Hook Libraries
- 17.4. Available Hook Libraries
- 17.5. libdhcp_bootp.so: Support for BOOTP Clients
- 17.6. libdhcp_cb_cmds.so: Configuration Backend Commands- 17.6.1. Command Structure
- 17.6.2. Control Commands for DHCP Servers
- 17.6.3. Metadata
- 17.6.4. Option Class-tags as Keys
- 17.6.5. The remote-server4-del,remote-server6-delCommands
- 17.6.6. The remote-server4-get,remote-server6-getCommands
- 17.6.7. The remote-server4-get-all,remote-server6-get-allCommands
- 17.6.8. The remote-server4-set,remote-server6-setCommands
- 17.6.9. The remote-global-parameter4-del,remote-global-parameter6-delCommands
- 17.6.10. The remote-global-parameter4-get,remote-global-parameter6-getCommands
- 17.6.11. The remote-global-parameter4-get-all,remote-global-parameter6-get-allCommands
- 17.6.12. The remote-global-parameter4-set,remote-global-parameter6-setCommands
- 17.6.13. The remote-network4-del,remote-network6-delCommands
- 17.6.14. The remote-network4-get,remote-network6-getCommands
- 17.6.15. The remote-network4-list,remote-network6-listCommands
- 17.6.16. The remote-network4-set,remote-network6-setCommands
- 17.6.17. The remote-option-def4-del,remote-option-def6-delCommands
- 17.6.18. The remote-option-def4-get,remote-option-def6-getCommands
- 17.6.19. The remote-option-def4-get-all,remote-option-def6-get-allCommands
- 17.6.20. The remote-option-def4-set,remote-option-def6-setCommands
- 17.6.21. The remote-option4-global-del,remote-option6-global-delCommands
- 17.6.22. The remote-option4-global-get,remote-option6-global-getCommands
- 17.6.23. The remote-option4-global-get-all,remote-option6-global-get-allCommands
- 17.6.24. The remote-option4-global-set,remote-option6-global-setCommands
- 17.6.25. The remote-option4-network-del,remote-option6-network-delCommands
- 17.6.26. The remote-option4-network-set,remote-option6-network-setCommands
- 17.6.27. The remote-option6-pd-pool-delCommand
- 17.6.28. The remote-option6-pd-pool-setCommand
- 17.6.29. The remote-option4-pool-del,remote-option6-pool-delCommands
- 17.6.30. The remote-option4-pool-set,remote-option6-pool-setCommands
- 17.6.31. The remote-option4-subnet-del,remote-option6-subnet-delCommands
- 17.6.32. The remote-option4-subnet-set,remote-option6-subnet-setCommands
- 17.6.33. The remote-subnet4-del-by-id,remote-subnet6-del-by-idCommands
- 17.6.34. The remote-subnet4-del-by-prefix,remote-subnet6-del-by-prefixCommands
- 17.6.35. The remote-subnet4-get-by-id,remote-subnet6-get-by-idCommands
- 17.6.36. The remote-subnet4-get-by-prefix,remote-subnet6-get-by-prefixCommands
- 17.6.37. The remote-subnet4-list,remote-subnet6-listCommands
- 17.6.38. The remote-subnet4-set,remote-subnet6-setCommands
- 17.6.39. The remote-class4-del,remote-class6-delCommands
- 17.6.40. The remote-class4-get,remote-class6-getCommands
- 17.6.41. The remote-class4-get-all,remote-class6-get-allCommands
- 17.6.42. The remote-class4-set,remote-class6-setCommands
 
- 17.7. libdhcp_class_cmds.so: Class Commands
- 17.8. libdhcp_ddns_tuning.so: DDNS Tuning
- 17.9. libdhcp_flex_id.so: Flexible Identifier for Host Reservations
- 17.10. libdhcp_flex_option.so: Flexible Option Actions for Option Value Settings
- 17.11. libddns_gss_tsig.so: Sign DNS Updates With GSS-TSIG
- 17.12. libdhcp_ha.so: High Availability Outage Resilience for Kea Servers- 17.12.1. Supported Configurations
- 17.12.2. Clocks on Active Servers
- 17.12.3. HTTPS Support
- 17.12.4. Server States
- 17.12.5. Scope Transition in a Partner-Down Case
- 17.12.6. Load-Balancing Configuration
- 17.12.7. Load Balancing With Advanced Classification
- 17.12.8. Hot-Standby Configuration
- 17.12.9. Passive-Backup Configuration
- 17.12.10. Lease Information Sharing
- 17.12.11. Controlling Lease-Page Size Limit
- 17.12.12. Timeouts
- 17.12.13. Pausing the HA State Machine
- 17.12.14. Control Agent Configuration
- 17.12.15. Multi-Threaded Configuration (HA+MT)
- 17.12.16. Parked-Packet Limit
- 17.12.17. Controlled Shutdown and Maintenance of DHCP Servers
- 17.12.18. Control Commands for High Availability- 17.12.18.1. The ha-syncCommand
- 17.12.18.2. The ha-scopesCommand
- 17.12.18.3. The ha-continueCommand
- 17.12.18.4. The ha-heartbeatCommand
- 17.12.18.5. The status-getCommand
- 17.12.18.6. The ha-maintenance-startCommand
- 17.12.18.7. The ha-maintenance-cancelCommand
- 17.12.18.8. The ha-maintenance-notifyCommand
- 17.12.18.9. The ha-resetCommand
- 17.12.18.10. The ha-sync-complete-notifyCommand
 
- 17.12.18.1. The 
- 17.12.19. Hub and Spoke Configuration
 
- 17.13. libdhcp_host_cache.so: Host Cache Reservations for Improved Performance
- 17.14. libdhcp_host_cmds.so: Host Commands- 17.14.1. The subnet-idParameter
- 17.14.2. The operation-targetParameter
- 17.14.3. The reservation-addCommand
- 17.14.4. The reservation-getCommand
- 17.14.5. The reservation-get-allCommand
- 17.14.6. The reservation-get-pageCommand
- 17.14.7. The reservation-get-by-addressCommand
- 17.14.8. The reservation-get-by-hostnameCommand
- 17.14.9. The reservation-get-by-idCommand
- 17.14.10. The reservation-delCommand
- 17.14.11. The reservation-updateCommand
- 17.14.12. General Mentions
 
- 17.14.1. The 
- 17.15. libdhcp_lease_cmds.so: Lease Commands for Easier Lease Management- 17.15.1. The lease4-add,lease6-addCommands
- 17.15.2. The lease6-bulk-applyCommand
- 17.15.3. The lease4-get,lease6-getCommands
- 17.15.4. The lease4-get-all,lease6-get-allCommands
- 17.15.5. The lease4-get-page,lease6-get-pageCommands
- 17.15.6. The lease4-get-by-*,lease6-get-by-*Commands
- 17.15.7. The lease4-del,lease6-delCommands
- 17.15.8. The lease4-update,lease6-updateCommands
- 17.15.9. The lease4-wipe,lease6-wipeCommands
- 17.15.10. The lease4-resend-ddns,lease6-resend-ddnsCommands
- 17.15.11. The lease4-write,lease6-writeCommands
- 17.15.12. Binding Variables
 
- 17.15.1. The 
- 17.16. libdhcp_lease_query.so: Leasequery Support
- 17.17. libdhcp_legal_log.so: Forensic Logging
- 17.18. libdhcp_limits.so: Limits to Manage Lease Allocation and Packet Processing
- 17.19. libdhcp_mysql.so: Database Backend for MySQL
- 17.20. libdhcp_perfmon.so: Performance Monitoring
- 17.21. libdhcp_ping_check.so: Ping Check
- 17.22. libdhcp_pgsql.so: Database Backend for PostgreSQL
- 17.23. libdhcp_radius.so: RADIUS Server Support
- 17.24. libdhcp_rbac.so: Role-Based Access Control
- 17.25. libdhcp_run_script.so: Run Script Support for External Hook Scripts
- 17.26. libdhcp_stat_cmds.so: Statistics Commands for Supplemental Lease Statistics
- 17.27. libdhcp_subnet_cmds.so: Subnet Commands to Manage Subnets and Shared Networks- 17.27.1. The subnet4-listCommand
- 17.27.2. The subnet6-listCommand
- 17.27.3. The subnet4-getCommand
- 17.27.4. The subnet6-getCommand
- 17.27.5. The subnet4-addCommand
- 17.27.6. The subnet6-addCommand
- 17.27.7. The subnet4-updateCommand
- 17.27.8. The subnet6-updateCommand
- 17.27.9. The subnet4-delCommand
- 17.27.10. The subnet6-delCommand
- 17.27.11. The subnet4-delta-addCommand
- 17.27.12. The subnet6-delta-addCommand
- 17.27.13. The subnet4-delta-delCommand
- 17.27.14. The subnet6-delta-delCommand
- 17.27.15. The network4-list,network6-listCommands
- 17.27.16. The network4-get,network6-getCommands
- 17.27.17. The network4-add,network6-addCommands
- 17.27.18. The network4-del,network6-delCommands
- 17.27.19. The network4-subnet-add,network6-subnet-addCommands
- 17.27.20. The network4-subnet-del,network6-subnet-delCommands
 
- 17.27.1. The 
- 17.28. libdhcp_user_chk.so: User Check
 
- 18. Statistics- 18.1. Statistics Overview
- 18.2. Statistics Lifecycle
- 18.3. Commands for Manipulating Statistics- 18.3.1. The statistic-getCommand
- 18.3.2. The statistic-resetCommand
- 18.3.3. The statistic-removeCommand
- 18.3.4. The statistic-get-allCommand
- 18.3.5. The statistic-reset-allCommand
- 18.3.6. The statistic-remove-allCommand
- 18.3.7. The statistic-sample-age-setCommand
- 18.3.8. The statistic-sample-age-set-allCommand
- 18.3.9. The statistic-sample-count-setCommand
- 18.3.10. The statistic-sample-count-set-allCommand
 
- 18.3.1. The 
- 18.4. Time Series
 
- 19. Management API- 19.1. Data Syntax
- 19.2. Control Agent Command Response Format
- 19.3. Using the Control Channel
- 19.4. Commands Supported by Both the DHCPv4 and DHCPv6 Servers- 19.4.1. The build-reportCommand
- 19.4.2. The config-getCommand
- 19.4.3. The config-hash-getCommand
- 19.4.4. The config-reloadCommand
- 19.4.5. The config-testCommand
- 19.4.6. The config-writeCommand
- 19.4.7. The leases-reclaimCommand
- 19.4.8. The list-commandsCommand
- 19.4.9. The config-setCommand
- 19.4.10. The shutdownCommand
- 19.4.11. The dhcp-disableCommand
- 19.4.12. The dhcp-enableCommand
- 19.4.13. The status-getCommand
- 19.4.14. The server-tag-getCommand:
- 19.4.15. The config-backend-pullCommand:
- 19.4.16. The version-getCommand
 
- 19.4.1. The 
- 19.5. Commands Supported by the DHCPv4 Server
- 19.6. Commands Supported by the DHCPv6 Server
- 19.7. Commands Supported by the D2 Server
- 19.8. Commands Supported by the Control Agent
- 19.9. Migration from the Control Agent
 
- 20. Logging
- 21. The Kea Shell
- 22. Integration With External Systems- 22.1. YANG/NETCONF- 22.1.1. Overview
- 22.1.2. Installing NETCONF
- 22.1.3. Compiling With NETCONF
- 22.1.4. Quick Sysrepo Overview
- 22.1.5. Supported YANG Models
- 22.1.6. Using the NETCONF Agent
- 22.1.7. Configuration
- 22.1.8. A kea-netconfConfiguration Example
- 22.1.9. Starting and Stopping the NETCONF Agent
- 22.1.10. A Step-by-Step NETCONF Agent Operation Example- 22.1.10.1. Setup of NETCONF Agent Operation Example
- 22.1.10.2. Example of Error Handling in NETCONF Operation
- 22.1.10.3. NETCONF Operation Example with Two Pools
- 22.1.10.4. NETCONF Operation Example with Two Subnets
- 22.1.10.5. NETCONF Operation Example With Logging
- 22.1.10.6. Migrating YANG Data From a Prior Sysrepo Version
 
 
- 22.2. GSS-TSIG- 22.2.1. GSS-TSIG Overview
- 22.2.2. GSS-TSIG Compilation
- 22.2.3. GSS-TSIG Deployment
- 22.2.4. Using GSS-TSIG
- 22.2.5. GSS-TSIG Statistics
- 22.2.6. GSS-TSIG Commands- 22.2.6.1. The gss-tsig-get-allCommand
- 22.2.6.2. The gss-tsig-getCommand
- 22.2.6.3. The gss-tsig-listCommand
- 22.2.6.4. The gss-tsig-key-getCommand
- 22.2.6.5. The gss-tsig-key-expireCommand
- 22.2.6.6. The gss-tsig-key-delCommand
- 22.2.6.7. The gss-tsig-purge-allCommand
- 22.2.6.8. The gss-tsig-purgeCommand
- 22.2.6.9. The gss-tsig-rekey-allCommand
- 22.2.6.10. The gss-tsig-rekeyCommand
 
- 22.2.6.1. The 
 
- 22.3. RADIUS
 
- 22.1. YANG/NETCONF
- 23. Monitoring Kea With Stork