SD-WAN

Back to discussions
Expand all | Collapse all

Looking for a guide or examples for setting up DHCP Relay in 128T routers

  • 1.  Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 01-25-2019 10:34
    Good morning,
    I've been setting up a Guest LAN to use for Guest WiFi. I have it setup at our HQ and it's working well. So far I've added a Network Interface(Guest-LAN) to the device interface connected to the LAN and assigned it to VLAN 7. I have VMs running DNS and DHCP servers also assigned to VLAN 7. These are all on a separate subnet(192.168.11.0/24) from our Corporate LAN. Finally I have a wireless network assigned to our access points with a new SSID that puts wireless clients on VLAN 7. All of this is configured and working at our HQ location, now I would like to start testing it out at our satellite locations. I'll be able to do the same VLAN 7 configuration for the Network interfaces and wireless network at those locations, but I would like to use DHCP Relay so that I can assign IPs to guests on other guest network subnets, from the DHCP server at the HQ location, rather than configuring a DHCP server for each Guest LAN subnet.

    I've seen some release notes mentioning 128T adding DHCP Relay functionality, but I have not seen any guides or configurations using it. I'd appreciate it if anyone would be able to share what their DHCP Relay configs look like.
    Thanks,

    ------------------------------
    Austin Stoffel
    Systems Administrator
    BARD Materials
    ------------------------------


  • 2.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 01-25-2019 10:45
    Hey @Austin. I can tell you there is some DHCP information in the works. For now, @Evan Carson may be able to answer some of your questions.​​
    #DHCP
    ------------------------------
    Victoria Smiley
    Interchange Community Manager
    Burlington MA
    ------------------------------

    Original Message


  • 3.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 01-25-2019 11:35
    Hi Austin,

    You are correct, DHCP relay is available on our recent software releases. If I understand your config correctly you have a subnet 192.168.11.0/24 on an interface on vlan 7 and would like to relay this to a DHCP server. If you are using a router managed by a conductor the following configuration steps should work.

    Start by configuring a special type of service for the DHCP relay setting the "application-type" to "dhcp-relay":
    config authority <authority> service <relay service name>
enabled true
application-type dhcp-relay
access-policy <tenant>
source <tenant>
permission allow
top​

    The "<relay service name>" can be a name of your choosing, otherwise substitute <authority> and <tenant> with your authority name and the name of the tenant associated with your relay network-interface (in your case this would be on VLAN7).

    The access-policy is used to indicate which tenants are eligible for the relay service. In terms of tenancy, DHCP is a little unusual because the initial client transactions are broadcast and the client has no IP address the tenant must be associated directly at the network-interface level. If you don't have the tenant already set on the interface you can set it like so:

    config authority <authority> router <router> node <node> device-interface <device interface name> network-interface <network interface name> tenant <tenant>

    Now the only thing remaining to do is create a service route with a nat-target to indicate the path to the DHCP server. This should be on the router that is the exit point to the DHCP server, ie: if you are using SVR to get from a branch to a data center router then the data center router would be the place to add the service-route. Configuration would look something like this:

    config authority <authority> router <router> service-route <service route name>
service-name <relay service name>
nat-target <dhcp server address>

    In the above case <service route name> is an arbitrary name you specify and <relay service name> is the service name you defined earlier. The nat-target points to the IP address of the DHCP server. If you have a redundant DHCP server on another IP address you can add a second service-route with a nat-target to that server.

    The above config steps should work with a router managed by a conductor which will generate all the intermediate configuration for SVR routing to work. If you have an unmanaged router it is still possible to do this manually but it is a little more complex, let me know if you don't have a conductor and I can write up some more steps for this case.

    The only other thing to note is that the DHCP relay packets being relayed will use the network-interface/address/ip-address of your interface as the gateway address (giaddr). The dhcp server will use this address in order to figure out which address-pool to assign addresses from. Not sure which server you are using but in the linux dhcpd application you might use a subnet designation like this in your dhcpd.conf:

    subnet 192.168.11.0 netmask 255.255.255.0 {
   // ... your dhcp config here
}​

    Let me know if you have any questions or run into any issues getting this working.

    There's also another post earlier from Gene that discusses a similar setup that might be helpful too: https://community.128technology.com/communities/community-home/digestviewer/viewthread?GroupId=43&MID=125&CommunityKey=1cca2e49-ba26-471a-9522-f5ccd96c86fe&tab=digestviewer&ReturnUrl=%2fcommunities%2fcommunity-home%2fdigestviewer%3fcommunitykey%3d1cca2e49-ba26-471a-9522-f5ccd96c86fe%26tab%3ddigestviewer

    #DHCP #configuration

    Evan

    ------------------------------
    Evan Carson
    Software Engineer
    MA
    ------------------------------

    Original Message


  • 4.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 02-01-2019 18:31
    Sorry I haven't replied, I'm finally getting around to trying this out.

    "If I understand your config correctly you have a subnet 192.168.11.0/24 on an interface on vlan 7 and would like to relay this to a DHCP server." Slight correction: The subnet 192.168.11.0/24 is the first Guest subnet that I've built, it is on an interface on VLAN 7, but this will be where the DHCP server for all of the guest networks will live, at 192.168.11.252. The first satellite guest network that I'll want to Relay DHCP to that server will be 192.168.22.0/24 and it will be setup the same way as the first, on a network interface on VLAN 7.

    I've run through the config, and I think I have everything setup properly. I'll have to reboot one of the routers over the weekend, for the VLAN to update on the guest lan interface. The only thing I'm unsure of at this point is the DHCP config, as I'm setting up ISC DHCP for the first time. I'll let you know how testing goes on Monday!

    Thanks for the in depth Tutorial Evan!

    ------------------------------
    Austin Stoffel
    Systems Administrator
    ------------------------------

    Original Message


  • 5.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 02-13-2019 15:37
    @Evan Carson, I had some time the last couple mornings to go to the remote site that we are testing the DHCP Relay at first and test and troubleshoot. I haven't been able to get anywhere with the DHCP relay and DNS(hosted on the same subnet as the DHCP server). I'm able to set a static IP on that location's guest subnet, and if I set a public DNS server, I'm able to ping stuff externally. But I couldn't get an IP via DHCP nor get DNS through the DNS server I have setup for the guest networks.

    After rereading over your, and @Gene's DHCP Relay posts, I noticed that show fib was returning on of the public IPs for the Data Center router, and not a gateway. Which helped me realize that the Next hop for the service route may have been missed. I've just added the next hop to the service route I created on the Data Center router, but I'm not sure if that will update the auto generated routes or not. So far, I'm getting the same public IP address when doing a show fib and not the gateway address I'd expect to see.

    Thanks,
    Austin


    ------------------------------
    Austin Stoffel
    Systems Administrator
    ------------------------------

    Original Message


  • 6.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 02-14-2019 07:58
    Hi Austin,

    The services and routes should be regenerated every time you apply configuration changes. If you updated the next-hop on the data center router that should have regenerated the services when the config was applied. You should be able to see them if you "show config running", they'll look something like this: "_dhcp_relay_21_10.233.90.30__hq". One caveat to be aware of, note that it is possible to modify these generated services in your config by changing the "generated true" flag to "generated false". If they have been edited and have this flag set to false they will not be regenerated again and will need to be updated manually.

    I'm not quite sure why it isn't working though, it sounds like you're doing the correct thing. Would you be able to post a snippet of the service-routes on both the data center and the router and the dhcp-relay service? You can either post it here or message it to me directly if you are concerned about sharing parts of your config publicly. Feel free to blank out any IP address too (eg: x.x.x.x).

    We'll take a look and see if we can figure out what is going on.

    Evan

    ------------------------------
    Evan Carson
    Software Engineer
    MA
    ------------------------------

    Original Message


  • 7.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 02-14-2019 11:57

    From the Data Center router:
                service-route               GST-LAN-DHCP-relay
                name          GST-LAN-DHCP-relay
                service-name  GST-LAN-DHCP
                nat-target    192.168.11.252

                next-hop      110Router-combo gst-lan-interface
                    node-name  110Router-combo
                    interface  gst-lan-interface
                exit
            exit
                service-route               _dhcp_relay_GST-LAN-DHCP-relay
                name          _dhcp_relay_GST-LAN-DHCP-relay
                service-name  _dhcp_relay_52_192.168.11.252
                generated     true
                nat-target    192.168.11.252

                next-hop      110Router-combo gst-lan-interface
                    node-name  110Router-combo
                    interface  gst-lan-interface
                exit
            exit​

    From the remote router:

                service-route               _dhcp_relay_52_192.168.11.252__110Router
                name          _dhcp_relay_52_192.168.11.252__110Router
                service-name  _dhcp_relay_52_192.168.11.252
                generated     true
                peer          110Router
            exit



    ------------------------------
    Austin Stoffel
    Systems Administrator
    ------------------------------

    Original Message


  • 8.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

     
    Posted 02-15-2019 08:23
    I fail to see what the issue is with the FIB on the remote router, if it's returning the Waypoint address of the DC router.  There is a peer type service that is auto-generated from the remote router to the DC router, and that's how the FIB will reflect that service route.  

    @Austin, do you have a route on the host of your DHCP server in DC to send DHCP responses back through our DC router?​  We don't source NAT DHCP requests, so you will see the remote router's relay interface address in those requests.

    Maybe you can include the FIB entries that you suspect are incorrect?

    Thanks!!

    ------------------------------
    Gene Shtirmer
    Sales Engineer
    Randolph NJ
    (973) 610-5676
    ------------------------------

    Original Message


  • 9.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 02-15-2019 09:19
    Since this is for a Guest WiFi network and devices between networks will not need to talk at all, I'm only setting up routes that are necessary for DHCP, DNS, and Public Internet, I currently don't have any other routes setup else setup for the "Guest WiFi" tenant. Which is probably why DHCP and DNS don't seem to be responding. What will the route for DHCP and DNS servers to send their responses look like?

    ------------------------------
    Austin Stoffel
    Systems Administrator
    ------------------------------

    Original Message


  • 10.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 02-18-2019 11:21
    It looks like I was just missing a static route in the DHCP server. I added a static route in the netplan of the DHCP server, and tested this morning. Everything looks to be working great now, Guest WiFi, DHCP Relay, and DNS. Thanks for all the help Gene and Evan.
    ​​​​​

    ------------------------------
    Austin Stoffel
    Systems Administrator
    ------------------------------

    Original Message


  • 11.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 10-10-2019 01:36
    Hello Evan,

    The lab setup I work on is based on the kit that includes Optiplex with VM Ware, Win10Home (client) and Win10Pro(server) and two 128T instances in the middle (LAN-WAN-WAN-LAN) over two physical Eth interfaces and two vSwitches.  No conductor though.
    Static configs works ok. I configured a DHCP relay agent service on an ingress router and service route on egress router towards the win server. DHCP server runs ok and supposed to assign a specific IP to the client. it doesn't happen. I see no requests relayed over the network. 

    Shall we have bidirectional service route setup to get it working? Does a non-conductor DHCP relay setup require an additional config?

    I noticed that I cant run the active directory, windows shares, media server across using other ANY/ANY generic service.
    HTTP/FTP/DNS/SIP work over this generic client-server single direction service.

    It would be good to learn about setting up a standalone 128Ts to facilitate the DHCP relay.  Some insight on MS Win client-server 128T config approaches could be even better:)

    Regards

    ------------------------------
    Vitaly
    Senior Network Engineer
    ------------------------------

    Original Message


  • 12.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 10-10-2019 10:29
    Hi Vitaly,

    It is certainly easier to setup mutli-router DHCP relay with a managed router setup (ie: managed by a conductor). The conductor performs a lot of the required service generation in order to simplify the setup and for complex DHCP relay topologies beyond a single router we highly recommend using the conductor.

    In general, in order to get this to work you would manually need to create the services and service routes that would otherwise be generated by the conductor. You would start with what we call the "master" DHCP relay service. This is specified with an "application-type == dhcp-relay" and the tenant in the access-policy determines how it is associated with the interface being relayed (DHCP is kind of non-standard in that the clients don't start with addresses assigned so the usual tenancy concepts don't necessarily apply).

    Here is an example of a master service:
    service relay_service
    name relay_service
    enabled true
    application-type dhcp-relay
    access-policy relayTenant1
        source relayTenant1
        permission allow
    exit
exit​

    The next thing you need to create is a "micro" service for each relay server target. This would normally be generated by the conductor. This service has the target server address and udp:67 as the service target. Note that you will need to specify one of these for each server target. Here is an example:
    service relay_service_172_16_3_2
    name relay_service_172_16_3_2
    enabled true
    address 172.16.3.2
    transport udp
        protocol udp
        port-range 67
           start-port 67
           end-port 67
        exit
    exit
    access-policy relayTenant1
        source relayTenant1
        permission allow
    exit
exit​


    From here it is now the "micro" service that is used to specify service-routes etc... to identify the destination of the relayed packets. This is definitely made much easier with the conductor which will not only generate these services but also all the peering relationships to make this easier.

    Regards,

    Evan

    ------------------------------
    Evan Carson
    Software Engineer
    MA
    ------------------------------

    Original Message


  • 13.  RE: Looking for a guide or examples for setting up DHCP Relay in 128T routers

    Posted 10-10-2019 22:07
    Thanks for that Evan,

    Are you saying that both those configs snippets to be applied in the ingress router only? You have mentioned that the second piece negates the need of use of the service route which was created on the egress router (DHCP Server side) as per your initial reply.
    I notice that DHCP stats 'unknown-dropped-packets' increases each time I force pc client to obtain IP from the server. The packet drop perhaps relates to some security policy settings or broadcast blocking. The interface is part of the tenancy, no issues there. There is no evidence that session is initiated either. I really need to clarify which of the configs pertain to the client side and server side routers. 

    Regards,

    ------------------------------
    Vitaly
    Senior Network Engineer
    ------------------------------

    Original Message