The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
In a Campus fabric network, DHCP server is deployed as a shared service located in a network that is different from the fabric endpoints. Every fabric edge is configured as a DHCP Relay agent to relay the DHCP traffic between fabric endpoints and DHCP server. DHCP server is located in the non-EID space in the enterprise fabric network and the fabric edge node uses the fabric border as Proxy Tunnel Router (PxTR) to communicate with the DHCP server.
DHCP solution deployment in Campus Fabric is based on Fabric Anycast Gateway model where the Gateway IP for the clients is an anycast Switched Virtual Interface (SVI) IP address configured on all the fabric edge nodes. DHCP is implemented in layer 3 overlay with anycast address support and network address transparency.
In this topology that implements Option-82 Remote-ID Suboption for DHCP:
Fabric edge node is configured as LISP Ingress or Egress Tunnel Router (xTR) with locator address as 1.1.1.1
Fabric border node is configured as LISP Proxy Tunnel Router (PxTR).
Host 1 is the DHCP client attached to fabric edge, VLAN 10, prefix 192.168.10.0/24.
Layer 3 interface (SVI) connects to mobility subnet, interface VLAN 10.
DHCP relay agent configured for SVI VLAN 10 on fabric edge node.
DHCP server attached to the native network and its address is 172.168.1.1/24, reachable via fabric border node.
1. Host 1 generates a DHCP discovery message and broadcasts it on the network.
2. The DHCP relay agent (fabric edge node) intercepts the packet, and sets the following fields in the packet:
GIADDR: Set to incoming Anycast SVI interface IP address (192.168.10.1).
Option-82 Remote-ID Sub Option: String encoded as “SRLOC IPv4 address" and "VxLAN L3 VNI ID" associated with Client segment.
Locator address is set to 1.1.1.1
L3 VNI ID is set to 20
Circuit ID Suboption: Encoded in VLAN-PORT-Module format, with VLAN=10, Port/Module set to incoming port and switch number.
3. Builds the DHCP message by re-writing the inner DHCP source address, inner VXLAN Mac header, VXLAN header, UDP header, Outer IP header, and Outer L2 Header. It then forwards this VxLAN encapsulated DHCP unicast packet to the fabric border node.
4. Fabric Border device decapsulates the VXLAN encapsulated DHCP packet and natively forwards the packets destined to DHCP server address, to the next-hop router.
5. The following process occurs on the DHCP server after receiving the DHCP packet from the DHCP relay agent:
DHCP server selects the IP pool (192.168.10.0/24) based on the value of GIADDR (192.168.10.1) set in the incoming message.
Allocates IP address (192.168.10.2) from the IP pool.
Generates DHCP OFFER messages, with the destination address set to the value of GIADDR received. This is piggy-backed with the Option-82 sub-options that incude Circuit ID and Remote ID.
6. DHCP server routes the DHCP reply packets toward the DHCP relay agent through the fabric border. (Fabric border is the entry point for all in-bound traffic toward the fabric).
7. Fabric border node configured as LISP PxTR acts as an ingress LISP tunnel router for all packets destined to the fabric subnets. When it receives the DHCP reply message (DHCP OFFER) destined to DHCP relay agent address, the fabric border device makes the DHCP OFFER message VXLAN encapsulated using the Option 82 Remote ID fields (Src RLOC IP and VNI fields) and forwards it to the DHCP relay agent.
8. DHCP relay agent receives the DHCP OFFER packet, processes it and forwards it to the client.
9. DHCP client receives the DHCP OFFER packet, and initiates DHCP request packet to request for the IP address (192.168.10.2).
The DHCP Request packet is then treated the same way as explained in steps 2 to 4 until it reaches the DHCP server.
The DHCP server does a regular processing of DHCP request packet and sends back a DHCP ACK to the DHCP relay agent. DHCP ACK follows the same forwarding procedure as mentioned in steps 5 to 9.
The following configuration can be done in any order. Ensure that the device is configured before on-boarding a host.
Command or Action | Purpose | |
---|---|---|
Step 1 | Switch# configure terminal |
Enters global configuration mode. |
Step 2 | Switch(config)# interface interface |
Enters SVI configuration mode. |
Step 3 | Switch(config-if)# ip vrf forwarding vrf-name |
Configures VRF on the interface. |
Step 4 | Switch(config-if)# ip address ip address |
Configures the IP address on the interface.. |
Step 5 | Switch(config-if)# ip helper-address ipaddress |
DHCP broadcasts will be forwarded as a unicast to this specific helper address rather than be dropped by the router. |
Step 6 | Switch(config-if)# lisp mobility dynamic-EID |
Configures the interface to participate in LISP virtual machine mobility which is dynamic-EID roaming. |
Step 7 | Switch(config-if)# no lisp mobility liveness test |
Disables the liveness test on the interface. |
Follow these steps to configure fabric edge devices:
Consider the following topology:
Configure terminal interface loopback 0 ip address 1.1.1.1/32 exit
router lisp locator-set edge1 IPv4-interface loopback 0 exit-locator-set ! instance-id 4098 dynamic-eid user database-mapping 10.1.18.0/24 locator-set edge1 exit-dynamic-eid ! service ipv4 eid-table vrf User map-cache 0.0.0.0/0 map-request itr map-resolver 3.3.3.3 proxy-itr 1.1.1.1 etr map-server 3.3.3.3 key uci etr use-petr 3.3.3.3 exit-service-ipv4 ! exit-instance-id ! exit-router-lisp
ip dhcp relay information option ip dhcp snooping ip dhcp snooping vlan 101
interface Vlan101 ip vrf forwarding User ip address 10.1.18.1 255.255.255.0 ip helper-address 20.20.20.20 no lisp mobility liveness test lisp mobility user end
interface GigabitEthernet1/0/38 description conn_IX_0104 switchport access vlan 101 switchport mode access spanning-tree portfast end
router lisp locator-table default locator-set border IPv4-interface Loopback0 priority 10 weight 10 ! instance-id 4098 service ipv4 eid-table vrf PACAF route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id router bgp 65002 bgp log-neighbor-changes ! address-family ipv4 vrf USER aggregate-address 10.1.18.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 30.1.1.1 remote-as 200 exit-address-family
interface Loopback3000 vrf forwarding User ip address 10.1.18.1 255.255.255.255 end
router bgp 100 address-family ipv4 vrf User bgp router-id 23.1.1.1 network 10.1.18.1 mask 255.255.255.255 aggregate-address 10.1.18.0 255.255.0.0 summary-only redistribute lisp metric 10 neighbor 23.1.1.2 remote-as 200 neighbor 23.1.1.2 ebgp-multihop 3 neighbor 23.1.1.2 activate exit-address-family
ip dhcp excluded-address 10.1.18.1 ip dhcp excluded-address 10.1.18.202 10.1.18.255 ! ip dhcp pool User network 10.1.18.0 255.255.255.0 default-router 10.1.18.1 !
Release |
Modification |
---|---|
Cisco IOS XE Everest 16.6.1 |
This feature was introduced. |