Configure DHCP in Campus Fabric

DHCP Configuration for Campus Fabric

In a Campus fabric network, DHCP server is deployed as a shared service located in a network that is different from the fabric endpoints. Every fabric edge is configured as a DHCP Relay agent to relay the DHCP traffic between fabric endpoints and DHCP server. DHCP server is located in the non-EID space in the enterprise fabric network and the fabric edge node uses the fabric border as Proxy Tunnel Router (PxTR) to communicate with the DHCP server.

DHCP solution deployment in Campus Fabric is based on Fabric Anycast Gateway model where the Gateway IP for the clients is an anycast Switched Virtual Interface (SVI) IP address configured on all the fabric edge nodes. DHCP is implemented in layer 3 overlay with anycast address support and network address transparency.

DHCP Packet Flow

Figure 1.

In this topology that implements Option-82 Remote-ID Suboption for DHCP:

  • Fabric edge node is configured as LISP Ingress or Egress Tunnel Router (xTR) with locator address as 1.1.1.1

  • Fabric border node is configured as LISP Proxy Tunnel Router (PxTR).

  • Host 1 is the DHCP client attached to fabric edge, VLAN 10, prefix 192.168.10.0/24.

  • Layer 3 interface (SVI) connects to mobility subnet, interface VLAN 10.

  • DHCP relay agent configured for SVI VLAN 10 on fabric edge node.

  • DHCP server attached to the native network and its address is 172.168.1.1/24, reachable via fabric border node.

Sequence of Operations in Assigning IP Address to DHCP Client in Campus Fabric Network

DHCP Client: (Host 1)

1. Host 1 generates a DHCP discovery message and broadcasts it on the network.

DHCP Relay Agent

2. The DHCP relay agent (fabric edge node) intercepts the packet, and sets the following fields in the packet:

  • GIADDR: Set to incoming Anycast SVI interface IP address (192.168.10.1).

  • Option-82 Remote-ID Sub Option: String encoded as “SRLOC IPv4 address" and "VxLAN L3 VNI ID" associated with Client segment.

    Locator address is set to 1.1.1.1

    L3 VNI ID is set to 20

  • Circuit ID Suboption: Encoded in VLAN-PORT-Module format, with VLAN=10, Port/Module set to incoming port and switch number.

3. Builds the DHCP message by re-writing the inner DHCP source address, inner VXLAN Mac header, VXLAN header, UDP header, Outer IP header, and Outer L2 Header. It then forwards this VxLAN encapsulated DHCP unicast packet to the fabric border node.

Fabric Border Node:

4. Fabric Border device decapsulates the VXLAN encapsulated DHCP packet and natively forwards the packets destined to DHCP server address, to the next-hop router.

DHCP Server:

5. The following process occurs on the DHCP server after receiving the DHCP packet from the DHCP relay agent:

  • DHCP server selects the IP pool (192.168.10.0/24) based on the value of GIADDR (192.168.10.1) set in the incoming message.

  • Allocates IP address (192.168.10.2) from the IP pool.

  • Generates DHCP OFFER messages, with the destination address set to the value of GIADDR received. This is piggy-backed with the Option-82 sub-options that incude Circuit ID and Remote ID.

6. DHCP server routes the DHCP reply packets toward the DHCP relay agent through the fabric border. (Fabric border is the entry point for all in-bound traffic toward the fabric).

Fabric Border Node:

7. Fabric border node configured as LISP PxTR acts as an ingress LISP tunnel router for all packets destined to the fabric subnets. When it receives the DHCP reply message (DHCP OFFER) destined to DHCP relay agent address, the fabric border device makes the DHCP OFFER message VXLAN encapsulated using the Option 82 Remote ID fields (Src RLOC IP and VNI fields) and forwards it to the DHCP relay agent.

DHCP Relay agent:

8. DHCP relay agent receives the DHCP OFFER packet, processes it and forwards it to the client.

DHCP Client:

9. DHCP client receives the DHCP OFFER packet, and initiates DHCP request packet to request for the IP address (192.168.10.2).

The DHCP Request packet is then treated the same way as explained in steps 2 to 4 until it reaches the DHCP server.

The DHCP server does a regular processing of DHCP request packet and sends back a DHCP ACK to the DHCP relay agent. DHCP ACK follows the same forwarding procedure as mentioned in steps 5 to 9.

How to Configure DHCP Client / Server

The following configuration can be done in any order. Ensure that the device is configured before on-boarding a host.

Configure a Fabric Edge Node as a DHCP Relay Agent

These steps describe how to configure fabric edge as a DHCP relay agent. For more information on configuring DHCP Client-Server in a Campus Fabric, see the Cisco IOS XE 16.6.1 Configure DHCP for Campus Fabric document.

Procedure

  Command or Action Purpose
Step 1

configure terminal

Example:

Switch# configure terminal

Enters the global configuration mode.

Step 2

ip dhcp snooping

Example:

Switch(config)# ip dhcp snooping

Enables DHCP snooping globally.

Step 3

ip dhcp snooping vlan

Example:

Switch(config-if)# ip dhcp snooping vlan

Enables DHCP snooping on a specified VLAN.

Step 4

ip dhcp relay information option

Example:

Switch(config-if)# ip dhcp relay information option

Enables the system to insert the DHCP relay agent information option (Option-82 field) in the messages forwarded to a DHCP server.

Configure Fabric Edge Node as Anycast SVI

Procedure

  Command or Action Purpose
Step 1

Switch# configure terminal

Enters global configuration mode.
Step 2

Switch(config)# interface interface

Enters SVI configuration mode.
Step 3

Switch(config-if)# ip vrf forwarding vrf-name

Configures VRF on the interface.
Step 4

Switch(config-if)# ip address ip address

Configures the IP address on the interface..
Step 5

Switch(config-if)# ip helper-address ipaddress

DHCP broadcasts will be forwarded as a unicast to this specific helper address rather than be dropped by the router.
Step 6

Switch(config-if)# lisp mobility dynamic-EID

Configures the interface to participate in LISP virtual machine mobility which is dynamic-EID roaming.
Step 7

Switch(config-if)# no lisp mobility liveness test

Disables the liveness test on the interface.

Configure LISP on the Fabric Edge node

Follow these steps to configure fabric edge devices:

Procedure

  Command or Action Purpose
Step 1

switch#configure terminal

Enters the global configuration mode.

Step 2

switch(config)#router lisp

Enters LISP configuration mode.

Step 3

Switch(config-router-lisp)#locator-set name

Specifies a named locator set.
Step 4

Switch(config-router-lisp-locator-set)# IPv4-interface loopback Loopback-address { priority priority_value |weight weight}

Configure the loopback ip address to ensure the device is reachable.
Step 5

Switch(config-router-lisp-locator-set)#exit-locator-set

Exits the locator-set configuration mode.
Step 6

Switch(config-router-lisp)#instance-id instance

Creates a LISP EID instance to group multiple services. Configuration under this instance-id will apply to all services underneath it.

Step 7

Switch(config-router-lisp-instance)#dynamic-eid dynamic-EID

Creates the dynamic-eid policy and enters the dynamic-eid configuration mode.
Step 8

Switch(config-router-lisp-instance-dynamic-eid)#database-mapping eid locator-set RLOC name

Configures EID to RLOC mapping relationship.

Step 9

Switch(config-router-lisp-instance-dynamic-eid)#exit-dynamic-eid

Exits the dynamic-eid configuration mode

Step 10

Switch(config-router-lisp-instance)#service ipv4

Enables layer 3 network services for the IPv4 Address family and enters the service submode.
Step 11

Switch(config-router-lisp-instance-service)#eid-table vrf vrf-table

Associates the LISP instance-id configured earlier with a virtual routing and forwarding (VRF) table through which the endpoint identifier address space is reachable.

Step 12

Switch(config-router-lisp-instance-service)#map-cache destination-eid map-request

Generates a static map request for the destination-eid.
Step 13

Switch(config-router-lisp-instance-service)#itr map-resolver map-resolver-address

Configures the map-resolver IP from where it needs to query the RLOC corresponding to destination endpoint identifier (EID) IP.

Step 14

Switch(config-router-lisp-instance-service)#itr

Specifies that this device acts as an Ingress Tunnel Router (ITR).
Step 15

Switch(config-router-lisp-instance-service)#etr map-server map-server-addr key {0 | 6} authentication key

Configures the locator address of the LISP map server to be used by the Egress Tunnel Router (ETR) when registering the IPv4 endpoint identifiers.

Step 16

Switch(config-router-lisp-instance-service)#etr

Specifies that this device acts as an Egress Tunnel Router (ETR).
Step 17

Switch(config-router-lisp-instance-service)#use-petr locator-address { priority priority_value | weight weight_value}

Configures the device to use Proxy Egress Tunnel Router (PETR).
Step 18

Switch(config-router-lisp-instance-service)#exit-service-ipv4

Exits the service submode.
Step 19

Switch(config-router-lisp-instance)# exit-instance-id

Exits the instance submode.

DHCP Configuration Example

Consider the following topology:

Configure Loopback 0 on the fabric edge node

Configure terminal
interface loopback 0
ip address 1.1.1.1/32
exit

Configure fabric edge as Proxy ITR with a 0/0 map-cache for the DHCP request to be sent in the Overlay.

router lisp
 locator-set edge1
 IPv4-interface loopback 0
 exit-locator-set
 ! 
 instance-id 4098
  dynamic-eid user
   database-mapping 10.1.18.0/24 locator-set edge1
   exit-dynamic-eid
  !
  service ipv4
   eid-table vrf User
   map-cache 0.0.0.0/0 map-request
   itr map-resolver 3.3.3.3
   proxy-itr 1.1.1.1
   etr map-server 3.3.3.3 key uci
   etr
   use-petr 3.3.3.3
   exit-service-ipv4
  !
  exit-instance-id
!
exit-router-lisp

Enable DHCP snooping on all the VLANs in the fabric

ip dhcp relay information option
ip dhcp snooping
ip dhcp snooping vlan 101

Discover/Request Packets are sent via overlay in VRF “dhcp” destined to 20.20.20.20 (DHCP Server IP). Configure the DHCP server helper address under the SVI which is the gateway. 

interface Vlan101
 ip vrf forwarding User
 ip address 10.1.18.1 255.255.255.0 
 ip helper-address 20.20.20.20
 no lisp mobility liveness test
 lisp mobility user
end

Configure host facing ports on the fabric edge.

interface GigabitEthernet1/0/38
 description conn_IX_0104
 switchport access vlan 101
 switchport mode access
 spanning-tree portfast
end

Configure fabric border which is also the Mapserver router that connects to the network where DHCP server is located.

router lisp
locator-table default
locator-set border
  IPv4-interface Loopback0 priority 10 weight 10
!
instance-id 4098
  service ipv4
   eid-table vrf PACAF
   route-export site-registrations
   distance site-registrations 250
   map-cache site-registration     
  exit-service-ipv4
  !
exit-instance-id

router bgp 65002
 bgp log-neighbor-changes
!
address-family ipv4 vrf USER
  aggregate-address 10.1.18.0 255.255.255.0 summary-only 
  redistribute lisp metric 10  
  neighbor 30.1.1.1 remote-as 200
  exit-address-family

Create Loopback interface for Anycast SVI IP Address per VNI at the border to facilitate punting the DHCP packets received from the DHCP server to the CPU. 

interface Loopback3000
 vrf forwarding User
 ip address 10.1.18.1 255.255.255.255
end

Advertise Anycast SVI address to BGP peers.

router bgp 100
 address-family ipv4 vrf User
  bgp router-id 23.1.1.1
  network 10.1.18.1 mask 255.255.255.255 
  aggregate-address 10.1.18.0 255.255.0.0 summary-only
  redistribute lisp metric 10
  neighbor 23.1.1.2 remote-as 200
  neighbor 23.1.1.2 ebgp-multihop 3
  neighbor 23.1.1.2 activate
 exit-address-family

Create DHCP Pool. On the DHCP server, ensure that the default-router IP address is the SVI gateway within LISP.

ip dhcp excluded-address 10.1.18.1
ip dhcp excluded-address 10.1.18.202 10.1.18.255
!

ip dhcp pool User
   network 10.1.18.0 255.255.255.0
   default-router 10.1.18.1 
!

Feature History for DHCP Solution in Campus Fabric

Release

Modification

Cisco IOS XE Everest 16.6.1

This feature was introduced.