DHCP Relay/Server in Ring HowTo
Introduction
This document shows how to set up DHCP relay agents and a DHCP server setup in an FRNT ring topology. It is assumed that the ring topology has already been configured on the involved devices. If you need more information about each sub-system and its configurations options, see:
The use-case presented here shows how DHCP functionality can be combined with FRNT in order to create a redundant network setup with dynamic address allocation.
192.168.1.0/24
.-----------------------------------------------------------.
| FRNT |
| .10 .20 .30 | .41
.---+----. .--------. .--------. .---+----.
| DHCP | | DHCP | | DHCP | | DHCP |
| Relay1 +----------+ Relay2 +----------+ Relay3 +----||----+ Server |
| | | | | | | Relay4 |
'---+----' '---+----' '---+----' '--------'
| | |
.-+--. .-+--. .-+--.
| H1 | | H2 | | H3 |
'----' '----' '----'
The major benefit of this setup is the centralized handling of the DHCP configuration. All hosts are connected to a DHCP relay agent on the FRNT ring, and all DHCP traffic is relayed to the DHCP server, which is also configured to act as a relay on the ring. The relay on the server switch is configured to forward all DHCP traffic it receives to itself, since it acts as the server.
The setup has a few interesting advantages:
-
It reduces the amount of broadcast messages on the ring. All hosts requesting a DHCP address go through one of the relays. Any DHCP message that would otherwise have been broadcast on the ring, is now sent as unicast from each relay to the server
-
A DHCP relay on each switch with an access port enables setting up a static IP address per port using DHCP option 82. With this extra data from each relay agent, the DHCP server can identify each access port (using circuit-id and remote-id)
-
Zero second fail-over in case of link break, thanks to FRNT. Worth noting is that the DHCP server has also been configured as the focal point in the FRNT ring, this is not mandatory but may be useful in some use-cases
Relay Agent Configuration
All DHCP relay agents have the same configuration:
-
Forward all DHCP traffic to the
server
located at 192.168.1.41 -
Listen to all DHCP traffic
iface
vlan1, except … -
Traffic on
port
eth3 and eth6 is ignored by the relay agent because these are the FRNT ring ports and no clients are ever directly connected here -
Enable
option82
to append DHCP option 82 on all packets forwarded to the server, consisting of additional information about the relay agent and port (circuit-id, remote-id)
RelayX:/#> configure RelayX:/config/#> dhcp-relay RelayX:/config/dhcp-relay/#> server 192.168.1.41 RelayX:/config/dhcp-relay/#> iface vlan1 RelayX:/config/dhcp-relay/iface-vlan1/#> port eth3,eth6 RelayX:/config/dhcp-relay/iface-vlan1/port-eth3,eth6/#> no enable RelayX:/config/dhcp-relay/iface-vlan1/port-eth3,eth6/#> end RelayX:/config/dhcp-relay/iface-vlan1/#> end RelayX:/config/dhcp-relay/#> option82 Activating Option 82. RelayX:/config/dhcp-relay/option82/#> end RelayX:/config/dhcp-relay/#> leave RelayX:/#>
Server Configuration
The DHCP server switch also acts as a relay to itself. This to handle directly connected hosts and append option 82 to their requests. It also allows the server to only accept DHCP messages from hosts connected to relays on the ring.
First, we configure the local DHCP relay on the server:
-
Forward any DHCP messages to the
server
located on the local device (127.0.0.1) -
Since the device acts as both a DHCP Relay and DHCP Server, the server needs to be located at another port. The relay agent looks for DHCP messages on the default UDP port (67), so the server needs to be located on another. Hence, the
server
port is specified to 6767 -
Enable
option82
on the relay so directly connected hosts are also forwarded with DHCP option 82 information to the server
Server:/#> configure Server:/config/#> dhcp-relay Server:/config/dhcp-relay/#> server 127.0.0.1:6767 Server:/config/dhcp-relay/#> iface vlan1 Server:/config/dhcp-relay/iface-vlan1/#> end Server:/config/dhcp-relay/#> option82 Activating Option 82. Server:/config/dhcp-relay/option82/#> end Server:/config/dhcp-relay/#> end
Next, we need to configure the DHCP server itself:
-
The DHCP
server-port
is set to 6767, as discussed previously -
A
subnet
is defined with a defaultpool
in the range 192.168.1.100 - 192.168.1.199. This will be used by any client that does not have a matching static lease (below)
Server:/config/#> dhcp-server Server:/config/dhcp-server/#> server-port 6767 Server:/config/dhcp-server/#> subnet 192.168.1.0/24 Created new DHCP server for subnet 192.168.1.0. Server:/config/dhcp-server/subnet-192.168.1.0/#> pool 192.168.1.100 100 Server:/config/dhcp-server/subnet-192.168.1.0/#> end Server:/config/dhcp-server/#> leave
Each DHCP message that reach the server has a DHCP option 82 tag from each DHCP relay. This makes it possible to set up Static Lease configurations for specific ports on any of the switches in the LAN.
In this example we want the port eth1
on Relay2
to receive a
specific configuration from the server:
- Create a new
host
configuration with an IP address of 192.168.1.80. - Set up
match
rules:circuit-id string
match for eth1, andremote-id hex
match for0c:50:e5:65:97:00
, which is the MAC address ofRelay2
Server:/#> configure Server:/config/#> dhcp-server Server:/config/#> host 1 Server:/config/dhcp-server/host-1/#> address 192.168.1.80 Server:/config/dhcp-server/host-1/#> match circuit-id string eth1 Server:/config/dhcp-server/host-1/#> match remote-id hex 0c:50:e5:65:97:00 Server:/config/dhcp-server/host-1/#> leave
Server Status
In order to verify that addresses are distributed as intended any provided lease can be viewed on the server:
Server:/#> show dhcp LEASE TIME MAC ADDRESS CLIENT ID IP ADDRESS HOSTNAME 864000 0c:50:e5:07:24:00 01:0c:50:e5:07:24:00 192.168.1.114 H1 864000 0c:50:e5:a0:b3:00 01:0c:50:e5:a0:b3:00 192.168.1.10 H2 864000 0c:50:e5:b2:55:00 01:0c:50:e5:b2:55:00 192.168.1.115 H3