The 2 AM Wake-Up Call: Why Legacy DHCP Fails
It’s 2 AM on a Tuesday. My phone starts screaming. On the monitoring dashboard, 650 production servers in the secondary data center are flashing red. The culprit? Our legacy isc-dhcp-server finally hit its limit. After six years of ‘it just works’ service, the 300MB lease file corrupted itself. The whole network stayed dark for four agonizing minutes while the service struggled to parse the massive text database. It was a disaster.
This is the harsh reality of managing aging infrastructure. ISC DHCP served the community for decades, but it is a monolithic beast. It lacks a native API and requires a full service restart for every tiny configuration change. Since ISC officially retired the software in late 2022, sticking with it is a security risk. That is why we migrated to Kea DHCP. Kea is modular, fast, and designed for a world where infrastructure is code.
Moving to Kea isn’t just about modernizing. It’s about building a programmable, robust network that won’t fail you in the middle of the night.
Quick Start: Deploying Kea in 5 Minutes
Stop the bleeding. If your current server is failing, follow these steps to get a basic Kea instance running on Ubuntu or Debian. Kea is modular. It separates the DHCP logic from the management agent.
1. Install the Modular Packages
Unlike the old all-in-one server, Kea splits functionality into specific packages. For a standard IPv4 setup, you need the server engine and the Control Agent.
sudo apt update
sudo apt install kea-dhcp4-server kea-ctrl-agent -y2. Check the Baseline
Verify if the services are active. They might show an error initially. This usually happens because they haven’t been pointed to a physical network interface yet.
systemctl status kea-dhcp4-server
systemctl status kea-ctrl-agent3. Locate Your Hardware
Find the exact name of the network interface where Kea should listen for client DISCOVER packets.
ip link showDeep Dive: Configuring the Modern Engine
JSON replaces the old, clunky curly-brace syntax of dhcpd.conf. You can find these files in /etc/kea/. This format is a dream for DevOps teams using Ansible or Terraform to generate configs.
Inside the kea-dhcp4.conf Structure
Navigate to /etc/kea/kea-dhcp4.conf. I usually strip out the default comments to clear the clutter. Here is a production-ready template for a standard 192.168.10.0/24 subnet.
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "eth0" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/tmp/kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/kea-leases4.csv",
"lfc-interval": 3600
},
"valid-lifetime": 4000,
"renew-timer": 1000,
"rebind-timer": 2000,
"subnet4": [
{
"subnet": "192.168.10.0/24",
"pools": [ { "pool": "192.168.10.50 - 192.168.10.150" } ],
"option-data": [
{
"name": "routers",
"data": "192.168.10.1"
},
{
"name": "domain-name-servers",
"data": "8.8.8.8, 1.1.1.1"
}
]
}
]
}
}Crucial Performance Notes
- Interfaces: You must explicitly name your interfaces. Using
"*"is a lazy shortcut that often causes issues in multi-homed servers. - Lease Database: We used
memfilehere for simplicity. If you are managing more than 75,000 concurrent leases, switch tomysqlorpostgresqlbackends. - The LFC (Lease File Cleanup): The
lfc-intervalis your best friend. It periodically compacts the lease file. This prevents the exact corruption that caused my 2 AM outage.
Advanced Usage: The Power of the Control Agent
In the old days, adding a single static reservation meant restarting the entire DHCP service. That dropped active packets and annoyed users. Kea eliminates this downtime using the Control Agent.
Building a REST API Bridge
The kea-ctrl-agent acts as a gateway. It listens for HTTP requests and passes commands to the DHCP engine via a Unix socket. It turns your network into a web service.
To enable the API, edit /etc/kea/kea-ctrl-agent.conf:
{
"Control-agent": {
"http-host": "127.0.0.1",
"http-port": 8000,
"control-sockets": {
"dhcp4": {
"socket-type": "unix",
"socket-name": "/tmp/kea4-ctrl-socket"
}
}
}
}You can now query server health or reload the config using curl. No more systemctl restart required.
curl -X POST -H "Content-Type: application/json" -d '{ "command": "list-commands", "service": [ "dhcp4" ] }' http://127.0.0.1:8000/Extending with Hook Libraries
Kea uses a plugin architecture called “Hooks.” Need to integrate with an external IPAM or run a script when a new device connects? Load a shared library (.so file). It is significantly faster than the old ‘on commit’ shell scripts in ISC DHCP.
Practical Tips for a Smooth Migration
Moving from isc-dhcp-server to Kea shouldn’t be a manual slog. Use these real-world tips to keep your sanity during the transition.
1. Validate Your Syntax Before It Breaks
Kea is picky. A single missing comma in your JSON will stop the service cold. Always run the built-in configuration check tool before you apply any changes:
kea-dhcp4 -t /etc/kea/kea-dhcp4.conf2. Keep Static Reservations Clean
Host reservations live inside the subnet block. If you have hundreds of them, don’t clutter your main file. Use the <?include "hosts.json" ?> directive to pull them from a separate file.
"reservations": [
{
"hw-address": "00:50:56:b4:12:af",
"ip-address": "192.168.10.20",
"hostname": "db-server-01"
}
]3. Ditch the Default Silence
Standard logging is often too quiet for troubleshooting complex issues. Set your severity to INFO or DEBUG. I recommend piping these logs to Grafana Loki to catch ‘DHCP NAK’ storms before they escalate into tickets.
4. Leverage High Availability (HA)
Kea supports native HA hooks for ‘load-balancing’ or ‘hot-standby’ modes. The servers synchronize leases directly. You don’t need complex database replication for most standard setups.
Transitioning to Kea has a learning curve, especially if you love plain text files. However, the stability and automation are unmatched. Once it’s running, the 2 AM lease-file panic becomes a distant memory.
