Configure DHCP in Campus Fabric

DHCP Configuration for Campus Fabric

In a Campus fabric network, DHCP server is deployed as a shared service located in a network that is different from the fabric endpoints. Every fabric edge is configured as a DHCP Relay agent to relay the DHCP traffic between fabric endpoints and DHCP server. DHCP server is located in the non-EID space in the enterprise fabric network and the fabric edge node uses the fabric border as Proxy Tunnel Router (PxTR) to communicate with the DHCP server.

DHCP solution deployment in Campus Fabric is based on Fabric Anycast Gateway model where the Gateway IP for the clients is an anycast Switched Virtual Interface (SVI) IP address configured on all the fabric edge nodes. DHCP is implemented in layer 3 overlay with anycast address support and network address transparency.

DHCP Packet Flow

Figure 1.

In this topology that implements Option-82 Remote-ID Suboption for DHCP:

  • Fabric edge node is configured as LISP Ingress or Egress Tunnel Router (xTR) with locator address as 1.1.1.1

  • Fabric border node is configured as LISP Proxy Tunnel Router (PxTR).

  • Host 1 is the DHCP client attached to fabric edge, VLAN 10, prefix 192.168.10.0/24.

  • Layer 3 interface (SVI) connects to mobility subnet, interface VLAN 10.

  • DHCP relay agent configured for SVI VLAN 10 on fabric edge node.

  • DHCP server attached to the native network and its address is 172.168.1.1/24, reachable via fabric border node.

Sequence of Operations in Assigning IP Address to DHCP Client in Campus Fabric Network

DHCP Client: (Host 1)

1. Host 1 generates a DHCP discovery message and broadcasts it on the network.

DHCP Relay Agent

2. The DHCP relay agent (fabric edge node) intercepts the packet, and sets the following fields in the packet:

  • GIADDR: Set to incoming Anycast SVI interface IP address (192.168.10.1).

  • Option-82 Remote-ID Sub Option: String encoded as “SRLOC IPv4 address" and "VxLAN L3 VNI ID" associated with Client segment.

    Locator address is set to 1.1.1.1

    L3 VNI ID is set to 20

  • Circuit ID Suboption: Encoded in VLAN-PORT-Module format, with VLAN=10, Port/Module set to incoming port and switch number.

3. Builds the DHCP message by re-writing the inner DHCP source address, inner VXLAN Mac header, VXLAN header, UDP header, Outer IP header, and Outer L2 Header. It then forwards this VxLAN encapsulated DHCP unicast packet to the fabric border node.

Fabric Border Node:

4. Fabric Border device decapsulates the VXLAN encapsulated DHCP packet and natively forwards the packets destined to DHCP server address, to the next-hop router.

DHCP Server:

5. The following process occurs on the DHCP server after receiving the DHCP packet from the DHCP relay agent:

  • DHCP server selects the IP pool (192.168.10.0/24) based on the value of GIADDR (192.168.10.1) set in the incoming message.

  • Allocates IP address (192.168.10.2) from the IP pool.

  • Generates DHCP OFFER messages, with the destination address set to the value of GIADDR received. This is piggy-backed with the Option-82 sub-options that incude Circuit ID and Remote ID.

6. DHCP server routes the DHCP reply packets toward the DHCP relay agent through the fabric border. (Fabric border is the entry point for all in-bound traffic toward the fabric).

Fabric Border Node:

7. Fabric border node configured as LISP PxTR acts as an ingress LISP tunnel router for all packets destined to the fabric subnets. When it receives the DHCP reply message (DHCP OFFER) destined to DHCP relay agent address, the fabric border device makes the DHCP OFFER message VXLAN encapsulated using the Option 82 Remote ID fields (Src RLOC IP and VNI fields) and forwards it to the DHCP relay agent.

DHCP Relay agent:

8. DHCP relay agent receives the DHCP OFFER packet, processes it and forwards it to the client.

DHCP Client:

9. DHCP client receives the DHCP OFFER packet, and initiates DHCP request packet to request for the IP address (192.168.10.2).

The DHCP Request packet is then treated the same way as explained in steps 2 to 4 until it reaches the DHCP server.

The DHCP server does a regular processing of DHCP request packet and sends back a DHCP ACK to the DHCP relay agent. DHCP ACK follows the same forwarding procedure as mentioned in steps 5 to 9.

How to Configure DHCP Client / Server

The following configuration can be done in any order. Ensure that the device is configured before on-boarding a host.

Configure a Fabric Edge Node as a DHCP Relay Agent

These steps describe how to configure fabric edge as a DHCP relay agent. For more information on configuring DHCP Client-Server in a Campus Fabric, see the Cisco IOS XE 16.6.1 Configure DHCP for Campus Fabric document.
Procedure
     Command or ActionPurpose
    Step 1configure terminal


    Example: 
    Switch# configure terminal
     

    Enters the global configuration mode.

     
    Step 2ip dhcp snooping


    Example: 
    Switch(config)# ip dhcp snooping
     

    Enables DHCP snooping globally.

     
    Step 3ip dhcp snooping vlan


    Example: 
    Switch(config-if)# ip dhcp snooping vlan
     

    Enables DHCP snooping on a specified VLAN.

     
    Step 4ip dhcp relay information option


    Example: 
    Switch(config-if)# ip dhcp relay information option
     

    Enables the system to insert the DHCP relay agent information option (Option-82 field) in the messages forwarded to a DHCP server.

     

    Configure Fabric Edge Node as Anycast SVI

    Procedure
       Command or ActionPurpose
      Step 1 Switch# configure terminal 

      Enters global configuration mode.

       
      Step 2Switch(config)# interface interface 

      Enters SVI configuration mode.

       
      Step 3Switch(config-if)# ip vrf forwarding vrf-name 

      Configures VRF on the interface.

       
      Step 4Switch(config-if)# ip address ip address  

      Configures the IP address on the interface..

       
      Step 5Switch(config-if)# ip helper-address ipaddress 

      DHCP broadcasts will be forwarded as a unicast to this specific helper address rather than be dropped by the router.

       
      Step 6Switch(config-if)# lisp mobility dynamic-EID  

      Configures the interface to participate in LISP virtual machine mobility which is dynamic-EID roaming.

       
      Step 7Switch(config-if)# no lisp mobility liveness test  

      Disables the liveness test on the interface.

       

      Configure LISP on the Fabric Edge node

      Follow these steps to configure fabric edge devices:

      Procedure
         Command or ActionPurpose
        Step 1switch#configure terminal 

        Enters the global configuration mode.

         
        Step 2switch(config)#router lisp  

        Enters LISP configuration mode.

         
        Step 3Switch(config-router-lisp)#locator-set name  

        Specifies a named locator set.

         
        Step 4Switch(config-router-lisp-locator-set)# IPv4-interface loopback Loopback-address { priority priority_value |weight weight}  

        Configure the loopback ip address to ensure the device is reachable.

         
        Step 5Switch(config-router-lisp-locator-set)#exit-locator-set  

        Exits the locator-set configuration mode.

         
        Step 6Switch(config-router-lisp)#instance-id instance  

        Creates a LISP EID instance to group multiple services. Configuration under this instance-id will apply to all services underneath it.

         
        Step 7Switch(config-router-lisp-instance)#dynamic-eid dynamic-EID  

        Creates the dynamic-eid policy and enters the dynamic-eid configuration mode.

         
        Step 8Switch(config-router-lisp-instance-dynamic-eid)#database-mapping eid locator-set RLOC name  

        Configures EID to RLOC mapping relationship.

         
        Step 9Switch(config-router-lisp-instance-dynamic-eid)#exit-dynamic-eid  

        Exits the dynamic-eid configuration mode

         
        Step 10Switch(config-router-lisp-instance)#service ipv4  

        Enables layer 3 network services for the IPv4 Address family and enters the service submode.

         
        Step 11Switch(config-router-lisp-instance-service)#eid-table vrf vrf-table  

        Associates the LISP instance-id configured earlier with a virtual routing and forwarding (VRF) table through which the endpoint identifier address space is reachable.

         
        Step 12Switch(config-router-lisp-instance-service)#map-cache destination-eid map-request  

        Generates a static map request for the destination-eid.

         
        Step 13Switch(config-router-lisp-instance-service)#itr map-resolver map-resolver-address 

        Configures the map-resolver IP from where it needs to query the RLOC corresponding to destination endpoint identifier (EID) IP.

         
        Step 14Switch(config-router-lisp-instance-service)#itr 

        Specifies that this device acts as an Ingress Tunnel Router (ITR).

         
        Step 15Switch(config-router-lisp-instance-service)#etr map-server map-server-addr key {0 | 6} authentication key 

        Configures the locator address of the LISP map server to be used by the Egress Tunnel Router (ETR) when registering the IPv4 endpoint identifiers.

         
        Step 16Switch(config-router-lisp-instance-service)#etr 

        Specifies that this device acts as an Egress Tunnel Router (ETR).

         
        Step 17Switch(config-router-lisp-instance-service)#use-petr locator-address { priority priority_value | weight weight_value} 

        Configures the device to use Proxy Egress Tunnel Router (PETR).

         
        Step 18Switch(config-router-lisp-instance-service)#exit-service-ipv4 

        Exits the service submode.

         
        Step 19Switch(config-router-lisp-instance)# exit-instance-id 

        Exits the instance submode.

         

        DHCP Configuration Example

        Consider the following topology:

        Configure Loopback 0 on the fabric edge node

        Configure terminal
interface loopback 0
ip address 1.1.1.1/32
exit

        Configure fabric edge as Proxy ITR with a 0/0 map-cache for the DHCP request to be sent in the Overlay.

        router lisp
 locator-set edge1
 IPv4-interface loopback 0
 exit-locator-set
 ! 
 instance-id 4098
  dynamic-eid user
   database-mapping 10.1.18.0/24 locator-set edge1
   exit-dynamic-eid
  !
  service ipv4
   eid-table vrf User
   map-cache 0.0.0.0/0 map-request
   itr map-resolver 3.3.3.3
   proxy-itr 1.1.1.1
   etr map-server 3.3.3.3 key uci
   etr
   use-petr 3.3.3.3
   exit-service-ipv4
  !
  exit-instance-id
!
exit-router-lisp

        Enable DHCP snooping on all the VLANs in the fabric

        ip dhcp relay information option
ip dhcp snooping
ip dhcp snooping vlan 101

        Discover/Request Packets are sent via overlay in VRF “dhcp” destined to 20.20.20.20 (DHCP Server IP). Configure the DHCP server helper address under the SVI which is the gateway.

        interface Vlan101
 ip vrf forwarding User
 ip address 10.1.18.1 255.255.255.0 
 ip helper-address 20.20.20.20
 no lisp mobility liveness test
 lisp mobility user
end

        Configure host facing ports on the fabric edge.

        interface GigabitEthernet1/0/38
 description conn_IX_0104
 switchport access vlan 101
 switchport mode access
 spanning-tree portfast
end

        Configure fabric border which is also the Mapserver router that connects to the network where DHCP server is located.

        router lisp
locator-table default
locator-set border
  IPv4-interface Loopback0 priority 10 weight 10
!
instance-id 4098
  service ipv4
   eid-table vrf PACAF
   route-export site-registrations
   distance site-registrations 250
   map-cache site-registration     
  exit-service-ipv4
  !
exit-instance-id

router bgp 65002
 bgp log-neighbor-changes
!
address-family ipv4 vrf USER
  aggregate-address 10.1.18.0 255.255.255.0 summary-only 
  redistribute lisp metric 10  
  neighbor 30.1.1.1 remote-as 200
  exit-address-family

        Create Loopback interface for Anycast SVI IP Address per VNI at the border to facilitate punting the DHCP packets received from the DHCP server to the CPU.

        interface Loopback3000
 vrf forwarding User
 ip address 10.1.18.1 255.255.255.255
end

        Advertise Anycast SVI address to BGP peers.

        router bgp 100
 address-family ipv4 vrf User
  bgp router-id 23.1.1.1
  network 10.1.18.1 mask 255.255.255.255 
  aggregate-address 10.1.18.0 255.255.0.0 summary-only
  redistribute lisp metric 10
  neighbor 23.1.1.2 remote-as 200
  neighbor 23.1.1.2 ebgp-multihop 3
  neighbor 23.1.1.2 activate
 exit-address-family

        Create DHCP Pool. On the DHCP server, ensure that the default-router IP address is the SVI gateway within LISP.

        ip dhcp excluded-address 10.1.18.1
ip dhcp excluded-address 10.1.18.202 10.1.18.255
!

ip dhcp pool User
   network 10.1.18.0 255.255.255.0
   default-router 10.1.18.1 
!

        Feature History for DHCP Solution in Campus Fabric

        Release

        Modification

        Cisco IOS XE Everest 16.6.1

        This feature was introduced.