Kea 2.6.0 Released

ISC’s software engineering team is thrilled to announce the release of Kea 2.6, the newest stable branch of the Kea DHCP server. This branch, which is suitable for production deployment, brings users a variety of new features that were previewed in the 2.5 development branch over the last 10 months. For the full list of additions and updates, please read the Kea 2.6.0 Release Notes.

With this release, Kea 2.2 has now reached End of Life (EOL). If you are running Kea 2.2 or an earlier version, we encourage you to update to one of the current stable versions, Kea 2.4.1 (released in November 2023) or the new 2.6 branch. Please refer to the ISC Software Support Policy to learn about the full Kea release schedule.

We maintain two stable branches at a time, and one development branch (which eventually becomes the next stable version). We try to maintain a steady pace of new development, to offer our customers and users the features they require. Enterprise networks are getting more complex, and since DHCP is used as a control plane for devices, we see a constant stream of new feature requests. Users who have questions or suggestions about our release timeline are encouraged to share them on the Kea-users mailing list.

Some changes in this version are not backward-compatible. Please consult our documentation to learn more about differences that may affect you. Please also refer to the incompatible changes section of the release notes.

Hub-and-Spoke High Availability

Kea’s High Availability (HA) feature is a popular replacement for ISC DHCP’s failover capabilities, with two commonly used configurations. In load-balancing mode, HA allows two partners to share a lease database so that both can serve clients at the same time; if one fails, the other is already up-to-date and ready to assign leases. In hot-standby mode, one server is active, serving requests, while the other waits as a backup if the first stops working.

Many users have asked for a hub-and-spoke arrangement for High Availability. In Kea 2.6.0, it is possible for multiple Kea servers at different locations to use a single central server as their hot-standby backup. The central server is configured with different subnets for each of the spokes, so that it can take over for any branch servers that fail. This gives administrators more flexibility in designing their networks, and eliminates the need to have a backup server at every location.

New Hook Libraries

Kea is designed to be flexible and customizable via its use of hook libraries. By keeping some features in external libraries, the Kea base code remains small and manageable, but installations that want to use the add-ons can install them as they wish. We are constantly working on developing both new open source hook libraries for all Kea users, as well as hooks that are available for separate purchase or with a paid ISC support contract.

New hook libraries in Kea 2.6 include:

  • The native RADIUS hook library, which lets users take advantage of RADIUS access and accounting features, as Kea can interact directly with RADIUS. This replaces an older RADIUS hook that was based on an external FreeRADIUS-client library, which was not maintained and had serious problems.
  • The Ping Check hook library, which replicates a feature previously available in ISC DHCP, where Kea checks the availability of an IPv4 address before assigning it to a DHCP client.
  • The Performance Monitoring hook library, which gives the Kea DHCPv4 and DHCPv6 servers the ability to track and report performance data.

Support for More Client Options

We have continued to extend support for complex device options, such as vivco sub-options with multiple different enterprise IDs. Kea manages the complex option encoding for the Discovery of Network-designated Resolvers (DNR), implemented in RFC 9463, to allow configuration of DNS for both DHCPv4 and DHCPv6 over various transports, such as TLS (DNS-over-TLS or DoT), HTTPS (DNS-over-HTTPS or DoH), and others. Kea is also fully compliant with the new RFCs for Service Binding Mapping for DNS and Service Binding and Parameter Specification.

We continue to implement IETF RFCs in Kea: please see the DHCPv4 standards and DHCPv6 standards lists in the Kea Administrator Reference Manual (ARM).

For a complete list of new features, please check out the Kea 2.6.0 Release Notes.

Docker

By popular demand, this release comes with Docker images: both pre-built Docker images and Docker files are available. Users can install a single container with a specific service, such as kea-dhcp4, or use the kea-compose script that makes deployment of a cluster of containers (kea-dhcp4, kea-dhcp6, and a PostgreSQL database) much easier. Running a DHCP server in a Docker container is a bit more complicated than a typical service, as a DHCPv4 server needs to be able to receive traffic from clients that do not yet have an IP address assigned; simple port forwarding is not sufficient. Users should read about ipvlans before deploying Docker containers. Please use caution and share your feedback. The images are based on Alpine 3.19. For details, see the README file in https://gitlab.isc.org/isc-projects/kea-docker/.

Cloudsmith Packages

Our Cloudsmith repositories for binary packages remain popular; we believe the majority of our subscribers are now using those repositories. Native Deb, RPM, and APK packages are available for Alpine 3.16, 3.17, 3.18, and 3.19; Debian 10, 11, and 12; Fedora 36, 38, and 39; FreeBSD 13; RHEL 8 and 9; and Ubuntu 18.04, 20.04, and 22.04. All packages are built for amd64 architecture. For details, see https://cloudsmith.io/~isc/repos/.

Kea 2.6.0 is also the first release that provides native packages for ARM (aarch64) architecture for some systems.

Kea’s official APK, Debian, and RPM packages follow a consistent packaging standard. Please see the Installation From Cloudsmith Packages and Caveats When Upgrading Kea Packages sections in the Kea ARM for more details.


Kea Hooks Basic Commercial End User License

The Kea open source base code and hooks remain licensed under MPL 2.0. Certain Kea hook libraries are available as a Premium hooks package, purchased online without support. These premium hooks are subject to the Kea Hooks Basic Commercial End User License.

The Premium bundle of hooks is available to smaller businesses and non-profits at modest price points: we offer 12-month license subscription options for 1,000, 6,000, 15,000, and 30,000 active leases, at prices starting at $549. We think it is fair for large enterprises and service providers to pay more, but we want to offer a lower-cost option for universities and other non-profits. Please visit our online store to purchase the Premium hooks, or contact us for additional information.

Larger deployments can access both the Premium hook bundle and additional Subscriber hooks, either without support at the Basic level, or with support at Bronze, Silver, or Gold levels. Our levels are:

  • Basic - Premium and Subscriber hooks; Advance Security Notifications (ASNs); no support
  • Bronze - Premium and Subscriber hooks; ASNs; email support during business hours
  • Silver - Premium, Subscriber, and the Role-Based Access Control (RBAC) hook; ASNs; 24x7 email and phone support with SLAs
  • Gold - Premium, Subscriber, and the RBAC hook; ASNs; 24x7 email and phone support with faster response times

The annual cost of our Kea support subscriptions is based on deployment size, as measured by the number of simultaneous leases provided. For more information on the support options, please see our Support page and our Kea Support Subscription datasheet. Please feel free to contact us for more information.


Helpful References

Recent Posts

What's New from ISC