Guest

Cisco IOS Software Releases 12.2 Special and Early Deployments

DHCP Relay Support for MPLS VPN Suboptions

  • Viewing Options

  • PDF (180.1 KB)
  • Feedback
DHCP Relay Support for MPLS VPN Suboptions

Table Of Contents

DHCP Relay Support for MPLS VPN Suboptions

Feature Overview

Benefits

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuring DHCP Relay Support for MPLS VPN Suboptions

Verifying DHCP Relay Support for MPLS VPN Suboptions

Configuration Example

DHCP Relay Support for MPLS VPN Suboptions Example

Command Reference

ip dhcp relay information option

ip helper-address

Glossary


DHCP Relay Support for MPLS VPN Suboptions


Feature History

Release
Modification

12.2(4)B

This feature was introduced.


This feature module describes the DHCP Relay Support for MPLS VPN Suboptions feature in Cisco IOS Release 12.2(4)B and includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuration Example

Command Reference

Glossary

Feature Overview

The DHCP relay agent information option (option 82) enables a Dynamic Host Configuration Protocol (DHCP) relay agent to include information about itself when forwarding client-originated DHCP packets to a DHCP server. The DHCP server can use this information to implement IP address or other parameter-assignment policies. The DHCP relay agent information option is organized as a single DHCP option that contains one or more suboptions that convey information known by the relay agent.

In some environments, a relay agent resides in a network element that also has access to one or more Multiprotocol Label Switching (MPLS) virtual private networks (VPNs). If a DHCP server wants to offer service to DHCP clients on those different VPNs, the DHCP server needs to know the VPN in which each client resides. The network element that contains the relay agent typically knows about the VPN association of the DHCP client and includes this information in the relay agent information option.

The DHCP relay agent forwards this necessary VPN-related information to the DHCP server using the following three suboptions of the DHCP relay agent information option:

VPN identifier

Subnet selection

Server identifier override

The VPN identifier suboption is used by the relay agent to tell the DHCP server the VPN for every DHCP request it passes on to the DHCP server, and is also used to properly forward any DHCP reply that the DHCP server sends back to the relay agent. The VPN identifier suboption contains the VPN ID configured on the incoming interface to which the client is connected. If you configure the VRF name but not the VPN ID, the VRF name is used as the VPN identifier suboption. If the interface is in global routing space, the VPN suboptions are not added.

The option allows the separation of the subnet from the IP address used to communicate with the relay agent. In typical DHCP processing, the gateway address specifies both the subnet on which a DHCP client resides as well as the IP address that the server can use to communicate with the relay agent. Situations exist where the relay agent needs to specify the subnet on which a DHCP client resides that is different from the IP address the server can use to communicate with the relay agent. The subnet selection suboption is included in the relay agent information option and passed on to the DHCP server. The gateway address is changed to the outgoing interface of the relay agent towards the DHCP server. The DHCP server uses this gateway address to send reply packets back to the relay agent.

The server identifier override suboption value is copied in the reply packet from the DHCP server instead of the normal server ID address. Using this information, the DHCP relay agent sends the renew/release packets to the relay agent. The relay agent adds all of the VPN suboptions and then forwards the renew/release packets to the original DHCP server. The server identifier override suboption contains the incoming interface IP address, which is the IP address on the relay agent that is accessible from the client.

After adding these suboptions to the DHCP relay agent information option, the gateway address is changed to the outgoing interface of the relay agent towards the DHCP server. When the packets are returned from the DHCP server, the relay agent removes the relay agent information options and forwards the packets to the DHCP client on the correct VPN.

Benefits

The DHCP Relay Support for MPLS VPN Suboptions feature enables a network administrator to conserve address space by allowing overlapping addresses. The relay agent can now support multiple clients on different VPNs and many of these clients from different VPNs can share the same IP address.

Related Documents

Cisco IOS IP Configuration Guide, Release 12.2

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2

Cisco IOS Switching Services Configuration Guide, Release 12.2

Cisco IOS Switching Services Command Reference, Release 12.2

Introduction to Cisco MPLS VPN Technology 

MPLS Virtual Private Networks 

MPLS VPN ID 

Supported Platforms

Cisco 7200 series

Cisco 7401ASR

Availability of Cisco IOS Software Images

Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or Cisco Feature Navigator.

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

RFC 3046, DHCP Relay Information Option

RFC 2685, Virtual Private Networks Identifier

Prerequisites

Before configuring the DHCP Relay Support for MPLS VPN Suboptions feature, you must configure standard MPLS VPNs. For more information on configuring MPLS VPNs, see the Cisco IOS Switching Services Configuration Guide, Release 12.2. 

Configuration Tasks

See the following sections for configuration tasks for the DHCP Relay Support for MPLS VPN Suboptions feature. Each task in the list is identified as either required or optional.

Configuring DHCP Relay Support for MPLS VPN Suboptions (required)

Verifying DHCP Relay Support for MPLS VPN Suboptions (optional)

Configuring DHCP Relay Support for MPLS VPN Suboptions

To configure the DHCP Relay Support for MPLS VPN Suboptions feature, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# ip dhcp relay information option [vpn]

Enables the system to insert VPN suboptions into the DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server and sets the gateway address to the outgoing interface towards the DHCP server.

vpn—(Optional) Virtual private network.

Step 2 

Router(config)# interface type number

Specifies an interface and enters interface configuration mode.

Step 3 

Router(config-if)# ip helper-address [vrf name | global] address

Forwards UDP broadcasts, including BOOTP, received on an interface.

If the DHCP server resides in a different VPN or global space that is different from the VPN, then the vrf name or global options allow you to specify the name of the VRF or global space in which the DHCP server resides.

vrf name—(Optional) VPN routing/forwarding instance and VRF name.

global—(Optional) Global routing table.

address—(Optional for the no form of the command) Destination broadcast or host address to be used when forwarding UDP broadcasts. There can be more than one helper address per interface.

Verifying DHCP Relay Support for MPLS VPN Suboptions

To verify that the DHCP Relay Support for MPLS VPN Suboptions feature is configured correctly, use the following command in privileged EXEC mode:

Command
Purpose

Router# more system:running-config

Displays the running configuration.


Configuration Example

This section provides the following configuration example:

DHCP Relay Support for MPLS VPN Suboptions Example

DHCP Relay Support for MPLS VPN Suboptions Example

In the following example, the DHCP relay receives a DHCP request on ethernet 0/1 and sends the request to the DHCP server located at IP helper address 10.44.23.7, which is associated with the VRF named "red".

ip dhcp relay information option vpn
!
interface ethernet 0/1
 ip helper-address vrf red 10.44.23.7
!

Command Reference

This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

ip dhcp relay information option

ip helper-address

ip dhcp relay information option

To enable the system to insert the Dynamic Host Configuration Protocol (DHCP) relay agent information option in forwarded BOOTREQUEST messages to a Cisco IOS DHCP server, use the ip dhcp relay information option command in global configuration mode. To disable inserting relay information into forwarded BOOTREQUEST messages, use the no form of this command.

ip dhcp relay information option [vpn]

no ip dhcp relay information option [vpn]

Syntax Description

vpn

(Optional) Virtual private network.


Defaults

The DHCP server does not insert relay information.

Command Modes

Global configuration

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.2(4)B

The vpn keyword was added.


Usage Guidelines

This command is used by cable access router termination systems. This functionality enables a DHCP server to identify the user (cable access router) sending the request and initiate appropriate action based on this information. By default, DHCP does not insert relay information.

The ip dhcp relay information option command automatically adds the circuit identifier suboption and the remote ID suboption to the DHCP relay agent information option (also called option 82).

The vpn optional keyword should only be used when the DHCP server allocates addresses based on VPN identification suboptions.

The ip dhcp relay information option vpn command adds the following VPN-related suboptions into the relay agent information option when DHCP broadcasts are forwarded by the relay agent from clients to a DHCP server:

VPN identifier—Contains the VPN ID if configured or the VRF name if configured on the interface (VPN ID takes precedence over VRF name).

Subnet selection—Contains the incoming interface subnet address.

Server identifier override—Contains the incoming interface IP address.

After successfully adding these suboptions, the gateway address is set to the outgoing interface of the router towards the DHCP server IP address configured using the ip helper-address interface configuration command.

If only the ip dhcp relay information option vpn command is configured, the VPN identifier, subnet selection, and server identifier override suboptions are added to the relay information option. Note that the circuit identifier suboption and the remote ID suboption are not added to the relay information option. However, if both the ip dhcp relay information option command and the ip dhcp relay information option vpn command are configured, all five suboptions are added to the relay agent information option.

When the packets are returned from the DHCP server, option 82 is removed before forwarding the reply to the client.

Even if the vpn option is specified, the VPN suboptions are only added to those DHCP/BOOTP broadcasts picked up by the interface configured with a VRF name and/or VPN ID.

For clients from unnumbered ATM or serial interfaces, when this command is enabled, the VPN identifier suboption will contain the VRF name of the unnumbered interface.

Subnet selection and server identifier override suboptions are added from the IP address of the unnumbered interface. The client host route will be added on the respective VRF routing tables.

If the ip dhcp smart-relay global configuration command is enabled, then the server identifier override and subnet selection suboptions will use the secondary IP address of the incoming interface when the same client retransmits more than three DHCP DISCOVER packets (for both numbered and unnumbered interfaces).

Examples

The following example configures a DHCP server to insert the DHCP relay agent information option, including VPN suboptions, in forwarded BOOTREQUEST messages. In this example, the circuit identifier suboption and the remote ID suboption are not included in the relay information option:

ip dhcp relay information option vpn

The following example configures a DHCP server to insert the DHCP relay agent information option, including VPN suboptions, the circuit identifier suboption, and the remote ID suboption, in forwarded BOOTREQUEST messages:

ip dhcp relay information option vpn
ip dhcp relay information option

Related Commands

Command
Description

ip dhcp relay information check

Configures a Cisco IOS DHCP server to validate the relay agent information option in forwarded BOOTREPLY messages.

ip dhcp relay information policy

Configures the information reforwarding policy of a DHCP relay agent (what a DHCP relay agent should do if a message already contains relay information).

ip dhcp smart-relay

Allows the Cisco IOS DHCP relay agent to switch the gateway address (giaddr field of a DHCP packet) to secondary addresses when there is no DHCPOFFER message from a DHCP server

ip helper-address

Forwards UDP broadcasts, including BOOTP, received on an interface.


ip helper-address

To have the Cisco IOS software forward User Datagram Protocol (UDP) broadcasts, including BOOTP, received on an interface, use the ip helper-address command in interface configuration mode. To disable the forwarding of broadcast packets to specific addresses, use the no form of this command.

ip helper-address [vrf name | global] address

no ip helper-address [vrf name | global] [address]

Syntax Description

vrf name

(Optional) VPN routing/forwarding instance and VRF name.

global

(Optional) Global routing table.

address

(Optional for the no form of the command) Destination broadcast or host address to be used when forwarding UDP broadcasts. There can be more than one helper address per interface.


Defaults

Disabled

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.

12.2(4)B

The following keywords and argument were added:

vrf name

global


Usage Guidelines

Combined with the ip forward-protocol global configuration command, the ip helper-address command allows you to control which broadcast packets and which protocols are forwarded.

One common application that requires helper addresses is Dynamic Host Configuration Protocol (DHCP), which is defined in RFC 1531. DHCP protocol information is carried inside of BOOTP packets. To enable BOOTP broadcast forwarding for a set of clients, configure a helper address on the router interface closest to the client. The helper address should specify the address of the DHCP server. If you have multiple servers, you can configure one helper address for each server. Because BOOTP packets are forwarded by default, DHCP information can now be forwarded by the router. The DHCP server now receives broadcasts from the DHCP clients.

If the DHCP server resides in a different virtual private network (VPN) or global space that is different from the interface VPN, then the vrf name or global options allow you to specify the name of the VRF or global space in which the DHCP server resides.

The ip helper-address vrf name address option uses the address associated with the VRF name regardless of the VRF of the incoming interface. If the ip helper-address vrf name address command is configured and later the vrf is deleted from the configuration, then all IP helper addresses associated with that VRF name will be removed from the interface configuration.

If the ip helper-address address command is already configured on an interface with no VRF name configured, and later the interface is configured with the ip helper-address vrf name address command, then the previously configured ip helper-address address is considered to be global.


Note The ip helper-address command does not work on an X.25 interface on a destination router because the router cannot tell if the packet was intended as a physical broadcast.


Examples

The following example defines an address that acts as a helper address and is associated with the VRF named "red":

interface ethernet 1/0
 ip helper-address vrf red 121.24.43.2

Related Commands

Command
Description

ip forward-protocol

Specifies which protocols and ports the router forwards when forwarding broadcast packets.


Glossary

client—A host trying to configure its interface (obtain an IP address) using DHCP or BOOTP protocols.

MPLS—Multiprotocol Label Switching. Emerging industry standard upon which tag switching is based.

relay agent—A router that forwards DHCP and BOOTP messages between a server and a client on different subnets.

server—DHCP or BOOTP server.

VPN—Virtual private network. Enables IP traffic to use tunneling to travel securely over a public TCP/IP network.

VRF—VPN routing/forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a provider edge router.