Table Of Contents
DHCP Relay Support for MPLS VPN Suboptions
This feature module describes the DHCP Relay Support for MPLS VPN Suboptions feature in Cisco IOS Release 12.2(4)B and includes the following sections:
The DHCP relay agent information option (option 82) enables a Dynamic Host Configuration Protocol (DHCP) relay agent to include information about itself when forwarding client-originated DHCP packets to a DHCP server. The DHCP server can use this information to implement IP address or other parameter-assignment policies. The DHCP relay agent information option is organized as a single DHCP option that contains one or more suboptions that convey information known by the relay agent.
In some environments, a relay agent resides in a network element that also has access to one or more Multiprotocol Label Switching (MPLS) virtual private networks (VPNs). If a DHCP server wants to offer service to DHCP clients on those different VPNs, the DHCP server needs to know the VPN in which each client resides. The network element that contains the relay agent typically knows about the VPN association of the DHCP client and includes this information in the relay agent information option.
The DHCP relay agent forwards this necessary VPN-related information to the DHCP server using the following three suboptions of the DHCP relay agent information option:
•Server identifier override
The VPN identifier suboption is used by the relay agent to tell the DHCP server the VPN for every DHCP request it passes on to the DHCP server, and is also used to properly forward any DHCP reply that the DHCP server sends back to the relay agent. The VPN identifier suboption contains the VPN ID configured on the incoming interface to which the client is connected. If you configure the VRF name but not the VPN ID, the VRF name is used as the VPN identifier suboption. If the interface is in global routing space, the VPN suboptions are not added.
The option allows the separation of the subnet from the IP address used to communicate with the relay agent. In typical DHCP processing, the gateway address specifies both the subnet on which a DHCP client resides as well as the IP address that the server can use to communicate with the relay agent. Situations exist where the relay agent needs to specify the subnet on which a DHCP client resides that is different from the IP address the server can use to communicate with the relay agent. The subnet selection suboption is included in the relay agent information option and passed on to the DHCP server. The gateway address is changed to the outgoing interface of the relay agent towards the DHCP server. The DHCP server uses this gateway address to send reply packets back to the relay agent.
The server identifier override suboption value is copied in the reply packet from the DHCP server instead of the normal server ID address. Using this information, the DHCP relay agent sends the renew/release packets to the relay agent. The relay agent adds all of the VPN suboptions and then forwards the renew/release packets to the original DHCP server. The server identifier override suboption contains the incoming interface IP address, which is the IP address on the relay agent that is accessible from the client.
After adding these suboptions to the DHCP relay agent information option, the gateway address is changed to the outgoing interface of the relay agent towards the DHCP server. When the packets are returned from the DHCP server, the relay agent removes the relay agent information options and forwards the packets to the DHCP client on the correct VPN.
The DHCP Relay Support for MPLS VPN Suboptions feature enables a network administrator to conserve address space by allowing overlapping addresses. The relay agent can now support multiple clients on different VPNs and many of these clients from different VPNs can share the same IP address.
•Cisco 7200 series
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or Cisco Feature Navigator.
Supported Standards, MIBs, and RFCs
No new or modified standards are supported by this feature.
No new or modified MIBs are supported by this feature.
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
•RFC 3046, DHCP Relay Information Option
•RFC 2685, Virtual Private Networks Identifier
Before configuring the DHCP Relay Support for MPLS VPN Suboptions feature, you must configure standard MPLS VPNs. For more information on configuring MPLS VPNs, see the Cisco IOS Switching Services Configuration Guide, Release 12.2.
See the following sections for configuration tasks for the DHCP Relay Support for MPLS VPN Suboptions feature. Each task in the list is identified as either required or optional.
Configuring DHCP Relay Support for MPLS VPN Suboptions
To configure the DHCP Relay Support for MPLS VPN Suboptions feature, use the following commands beginning in global configuration mode:
Verifying DHCP Relay Support for MPLS VPN Suboptions
To verify that the DHCP Relay Support for MPLS VPN Suboptions feature is configured correctly, use the following command in privileged EXEC mode:
This section provides the following configuration example:
DHCP Relay Support for MPLS VPN Suboptions Example
In the following example, the DHCP relay receives a DHCP request on ethernet 0/1 and sends the request to the DHCP server located at IP helper address 10.44.23.7, which is associated with the VRF named "red".ip dhcp relay information option vpn!interface ethernet 0/1ip helper-address vrf red 10.44.23.7!
This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.
ip dhcp relay information option
To enable the system to insert the Dynamic Host Configuration Protocol (DHCP) relay agent information option in forwarded BOOTREQUEST messages to a Cisco IOS DHCP server, use the ip dhcp relay information option command in global configuration mode. To disable inserting relay information into forwarded BOOTREQUEST messages, use the no form of this command.
ip dhcp relay information option [vpn]
no ip dhcp relay information option [vpn]
The DHCP server does not insert relay information.
This command is used by cable access router termination systems. This functionality enables a DHCP server to identify the user (cable access router) sending the request and initiate appropriate action based on this information. By default, DHCP does not insert relay information.
The ip dhcp relay information option command automatically adds the circuit identifier suboption and the remote ID suboption to the DHCP relay agent information option (also called option 82).
The vpn optional keyword should only be used when the DHCP server allocates addresses based on VPN identification suboptions.
The ip dhcp relay information option vpn command adds the following VPN-related suboptions into the relay agent information option when DHCP broadcasts are forwarded by the relay agent from clients to a DHCP server:
•VPN identifier—Contains the VPN ID if configured or the VRF name if configured on the interface (VPN ID takes precedence over VRF name).
•Subnet selection—Contains the incoming interface subnet address.
•Server identifier override—Contains the incoming interface IP address.
After successfully adding these suboptions, the gateway address is set to the outgoing interface of the router towards the DHCP server IP address configured using the ip helper-address interface configuration command.
If only the ip dhcp relay information option vpn command is configured, the VPN identifier, subnet selection, and server identifier override suboptions are added to the relay information option. Note that the circuit identifier suboption and the remote ID suboption are not added to the relay information option. However, if both the ip dhcp relay information option command and the ip dhcp relay information option vpn command are configured, all five suboptions are added to the relay agent information option.
When the packets are returned from the DHCP server, option 82 is removed before forwarding the reply to the client.
Even if the vpn option is specified, the VPN suboptions are only added to those DHCP/BOOTP broadcasts picked up by the interface configured with a VRF name and/or VPN ID.
For clients from unnumbered ATM or serial interfaces, when this command is enabled, the VPN identifier suboption will contain the VRF name of the unnumbered interface.
Subnet selection and server identifier override suboptions are added from the IP address of the unnumbered interface. The client host route will be added on the respective VRF routing tables.
If the ip dhcp smart-relay global configuration command is enabled, then the server identifier override and subnet selection suboptions will use the secondary IP address of the incoming interface when the same client retransmits more than three DHCP DISCOVER packets (for both numbered and unnumbered interfaces).
The following example configures a DHCP server to insert the DHCP relay agent information option, including VPN suboptions, in forwarded BOOTREQUEST messages. In this example, the circuit identifier suboption and the remote ID suboption are not included in the relay information option:
ip dhcp relay information option vpn
The following example configures a DHCP server to insert the DHCP relay agent information option, including VPN suboptions, the circuit identifier suboption, and the remote ID suboption, in forwarded BOOTREQUEST messages:
ip dhcp relay information option vpnip dhcp relay information option
To have the Cisco IOS software forward User Datagram Protocol (UDP) broadcasts, including BOOTP, received on an interface, use the ip helper-address command in interface configuration mode. To disable the forwarding of broadcast packets to specific addresses, use the no form of this command.
ip helper-address [vrf name | global] address
no ip helper-address [vrf name | global] [address]
This command was introduced.
The following keywords and argument were added:
Combined with the ip forward-protocol global configuration command, the ip helper-address command allows you to control which broadcast packets and which protocols are forwarded.
One common application that requires helper addresses is Dynamic Host Configuration Protocol (DHCP), which is defined in RFC 1531. DHCP protocol information is carried inside of BOOTP packets. To enable BOOTP broadcast forwarding for a set of clients, configure a helper address on the router interface closest to the client. The helper address should specify the address of the DHCP server. If you have multiple servers, you can configure one helper address for each server. Because BOOTP packets are forwarded by default, DHCP information can now be forwarded by the router. The DHCP server now receives broadcasts from the DHCP clients.
If the DHCP server resides in a different virtual private network (VPN) or global space that is different from the interface VPN, then the vrf name or global options allow you to specify the name of the VRF or global space in which the DHCP server resides.
The ip helper-address vrf name address option uses the address associated with the VRF name regardless of the VRF of the incoming interface. If the ip helper-address vrf name address command is configured and later the vrf is deleted from the configuration, then all IP helper addresses associated with that VRF name will be removed from the interface configuration.
If the ip helper-address address command is already configured on an interface with no VRF name configured, and later the interface is configured with the ip helper-address vrf name address command, then the previously configured ip helper-address address is considered to be global.
Note The ip helper-address command does not work on an X.25 interface on a destination router because the router cannot tell if the packet was intended as a physical broadcast.
The following example defines an address that acts as a helper address and is associated with the VRF named "red":interface ethernet 1/0ip helper-address vrf red 18.104.22.168
Specifies which protocols and ports the router forwards when forwarding broadcast packets.
client—A host trying to configure its interface (obtain an IP address) using DHCP or BOOTP protocols.
MPLS—Multiprotocol Label Switching. Emerging industry standard upon which tag switching is based.
relay agent—A router that forwards DHCP and BOOTP messages between a server and a client on different subnets.
server—DHCP or BOOTP server.
VPN—Virtual private network. Enables IP traffic to use tunneling to travel securely over a public TCP/IP network.
VRF—VPN routing/forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a provider edge router.