# Kea 1.9.7, April 28th 2021, Release Notes

Welcome to Kea 1.9.7, the eighth monthly release of the 1.9 development 
branch. As with any other development release, use this with caution: 
development releases are not recommended for production use.

This release adds new features, improves existing features, clarifies 
documentation, and fixes a few bugs. The most notable changes introduced 
in this version are:

1. **Experimental Multi-Threaded High Availability (HA+MT)**. Kea 1.8.0 
introduced multi-threaded support that significantly increased the 
packet processing performance. Sadly, many deployments couldn't take 
advantage of it because while the packet processing engine is very 
capable, the relatively slow communication between HA partners was a 
bottleneck. This problem is being addressed in this release. After 
several months of work, the HA component now has experimental 
multi-threaded support. This is a substantial architectural change. When 
HA+MT is enabled, the DHCPv4 and DHCPv6 daemons are now able to open 
HTTP sockets on their own and connect directly to each other, bypassing 
the Control Agent (CA). This eliminates the bottlenecks of sequential 
UNIX socket connection and the need to translate between HTTP and UNIX 
socket connections. The HA+MT itself can create multiple threads with 
each thread opening its own connections. Running in multiple threads, 
multiple connections improve performance substantially, in some cases by 
an order of magnitude. Before using this feature, please read the new 
`16.15.15 Mutli-threaded Configuration (HA+MT)` in detail. The feature 
is disabled by default. The status of this feature is experimental and 
there are known issues. In particular, the shutdown procedure is not 
exactly thread-safe, so there may be problems during daemon shutdown. 
Use with caution and please report any issues you may discover. Do not 
use in production! This work has been conducted in many tickets [#1732, 
#1733, #1734, #1735, #1736, #1807].

2. **Comments in API commands**. Kea supports various (#, // and /* */) 
comment styles in its configuration files. However, these were not 
supported in the API calls. This posed a problem in some deployments, 
where users had nicely commented configuration files that couldn't be 
used in `config-set` and similar commands. This limitation has been 
removed [#1515, #1652].

3. **kea-admin password handling**. Earlier `kea-admin` tool versions 
offered only one way to specify the password - using the command line 
parameter. This approach was basic and had some security drawbacks. Now 
there are three alternative methods available to specify passwords: 
explicitly on the command line (`-p secret`), using a prompt that will 
not echo the password in the terminal (`-p`), or using environment 
variables. This selection should allow administrators to pick the 
solution that suits their deployment and their threat models [#1675].

4. **ARM Security Section**. With the recent introduction of TLS 
support, we decided to add a section on `23. Kea Security` to the Kea 
Administrator Reference Manual. This covers topics such as which daemons 
to run, how to run without root access, and how to secure access. Some 
additional process-related issues are described as well [#1587].

5. **Build improvements**. An assorted collection of general build 
improvements made it into this release. Support for Autoconf 2.70 has 
been significantly improved [#1651, #1632]. Hammer, Kea's internal build 
tool, has been extended and various problems were addressed. The problem 
with pg_hba.conf on RPM-based systems is now fixed [#1814]. Distcheck 
failure on CentOS7 was fixed [#1804]. Some improvements have been made 
for FreeRadius on Ubuntu 20.10 [#1813] and Fedora 33 [#1808]. Fixes for 
unit tests running on Postgres were made [#1811].

## Incompatible Changes

There are no backward-incompatible changes in this release.

## Known Issues

For details on known issues, visit:

https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list

And for the list of issues marked as bugs:

https://gitlab.isc.org/isc-projects/kea/issues?label_name%5B%5D=bug

## Release Model

The Kea project has a significant production deployment base with users 
who are looking for stability, rather than a constant stream of new 
"bleeding-edge" features. At the same time, we want to continue 
developing the software and add some new powerful, but 
difficult-to-implement, features. To meet both of these requirements we 
have both Stable and Development branches.

Stable releases are what you would expect: stable, released 
infrequently, without new features or significant changes, very 
well-tested. These can be identified by an even-numbered minor version 
number. The current stable release is 1.8.2. The older stable version of 
1.6.3 is also available. If we discover important bugs that require 
fixing, we may release additional maintenance versions on the 1.8 
branch, but that will be determined on a case-by-case basis. The next 
major stable version will be 2.0.0.

Development releases can be easily identified by an odd minor version 
number: for example, 1.9.0 is a development release. Subsequent releases 
on the same minor release branch get numbered with 1.9.1, 1.9.2, and so 
on.

Our goal is to make the development release available on the last 
Wednesday of each month. There may be exceptions (such as during 
holidays), but that's the general plan.

We encourage users to test the development releases and report back 
their findings.

For more details on the plan, see ISC's Software Support Policy at:

https://kb.isc.org/docs/aa-00896

## Kea Overview

Kea is a DHCP implementation developed by Internet Systems Consortium, 
Inc. that features fully functional DHCPv4 and DHCPv6 servers, a dynamic 
DNS update daemon, a Control Agent (CA) that provides a REST API to 
control the DHCP and DNS update servers, an example shell client to 
connect to the CA, a daemon that is able to retrieve YANG configuration 
and updates from Sysrepo, and a DHCP performance-measurement tool. Both 
DHCP servers support server discovery, address assignment, renewal, 
rebinding, release, decline, information request, DNS updates, client 
classification, and host reservations. The DHCPv6 server also supports 
prefix delegation. Lease information is stored in a CSV file by default; 
it can optionally be stored in a MySQL, PostgreSQL, or Cassandra 
database instead. Host reservations can be stored in a configuration 
file, or in a MySQL, PostgreSQL, or Cassandra database. They can also be 
retrieved from a RADIUS server, although this functionality is somewhat 
limited. Kea DHCPv4 and DHCPv6 daemons provide support for YANG models, 
which are stored in a Sysrepo datastore and can be configured via the 
NETCONF protocol.

This text references issue numbers. For more details, visit the Kea 
GitLab page at:

https://gitlab.isc.org/isc-projects/kea/-/issues

## License

This version of Kea is released under the Mozilla Public License, 
version 2.0.

https://www.mozilla.org/en-US/MPL/2.0

The premium and subscriber-only hooks libraries are provided in source 
code form, under the terms of an End User License Agreement (you will 
get the source code that you can modify freely, but you are not 
permitted to redistribute it).

## Download

Pre-built ISC packages for current versions of the most popular Linux 
operating systems are available at:

https://cloudsmith.io/~isc/repos/

The Kea source and PGP signature for this release may be downloaded from:

https://www.isc.org/download

The signature was generated with the ISC code-signing key which is 
available at:

https://www.isc.org/pgpkey

ISC provides detailed documentation, including installation instructions 
and usage tutorials, in the Kea Administrator Reference Manual (ARM). 
Documentation is included with the installation, at:

* https://kea.readthedocs.io/en/latest/
* or via https://kb.isc.org/docs/kea-administrator-reference-manual in 
HTML, plain text, or PDF formats

ISC maintains a public open source code tree, a wiki, an issue tracking 
system, milestone planning, and a roadmap at:

https://gitlab.isc.org/isc-projects/kea

We ask users of this software to please let us know how it worked for 
you and what operating system you tested on. Feel free to share your 
feedback on the Kea Users mailing list at:

https://lists.isc.org/mailman/listinfo/kea-users

We would also like to hear whether the documentation is adequate and 
accurate. Please open tickets in the Kea GitLab project for bugs, 
documentation omissions and errors, and enhancement requests. We want to 
hear from you even if everything worked.

## Support

Professional support for Kea is available from ISC. We encourage all 
professional users to consider this option; Kea development and 
maintenance are funded with support subscriptions. For more information 
on ISC's Kea and DHCP software support see:

https://www.isc.org/support/

Free best-effort support is provided by our user community via a mailing 
list. Information on all public email lists is available at:

https://www.isc.org/community/mailing-List

If you have any comments or questions about working with Kea, please 
share them on the Kea Users List:

https://lists.isc.org/mailman/listinfo/kea-users

Bugs and feature requests may be submitted via GitLab at:

https://gitlab.isc.org/isc-projects/kea/-/issues

## Changes

The following summarizes changes since the previous release of 1.9.6:

```
1891.	[build]		razvan
	Library version numbers bumped for Kea 1.9.7 development
	version.
	(Gitlab #1820)

1890.	[doc]		fdupont
	Added a new section to the ARM, Kea Security, which describes
	various security related topics and how to address them.
	(Gitlab #1587)

1889.	[func]		fdupont
	Accept comments (shell '#', C++ '//' and C '/*...*/') in
	JSON commands sent via the control channel or the Control
	Agent.
	(Gitlab #1652)

1888.	[func]		tmark
	Added a new operational mode, HA+MT, to the HA hook library.
	HA+MT provides direct, multi-threaded HTTP communication
	between peers for the exchange HA protocol commands and
	responses.
	(Gitlab #1736)

1887.	[build]		andrei, fdupont
	Migrated autoconf macros, which became warningly deprecated
	since autoconf 2.70, to supported macros.
	(Gitlab #1632, #1651)

1886.	[doc]		tomek
	Added a section in the ARM explaining the relationship between
	keactrl and systemd scripts.
	(Gitlab #1759)

1885.	[func]		andrei
	kea-admin is now able to interactively ask for a password if no
	parameter follows the -p or the --password parameters. This
	requires the user to give it as the last parameter. The entered
	password is not echoed back to the terminal in order to prevent
	over-the-shoulder snooping or other social engineering
	techniques. Alternatively, you can set the password via the
	KEA_ADMIN_DB_PASSWORD environment variable.
	(Gitlab #1675)

1884.	[doc]		fdupont
	HTTP_CONNECTION_HANDSHAKE_FAILED log message got a
	description.
	(Gitlab #1779)
```

Thank you again to everyone who assisted us in making this release 
possible.

We look forward to receiving your feedback.