Solved: DHCP in VXLAN Distributed IP Anycast Gateway

andriyy · ‎04-25-2020

Dear experts,

Would you help me understand ( from the packet walk perspective ) how exactly DHCP address assignment would work in VXLAN Distributed IP Anycast Gateway scenario ?

Can host receive IP addresses assigned by DHCP ? How the reply from DHCP server would be routed ?

Thank you !

f00z · ‎04-27-2020

To use it with anycast gateway if the dhcp server is in the same vrf but not on the same SVI (the same VTEP) , you would have to create loopbacks in the vrf for every VTEP that needs to do dhcp relay and add them to the VRF so the DHCP server replies will get back to the relay.

First you need to set the sub option type so the packets can be tagged with the correct VRF so the switch knows which interface to reply to inside the VTEP in case there is duplicate ip addresses or the relay is in another VRF, etc.

Ex

ip dhcp relay
ip dhcp relay information option
ip dhcp relay sub-option type cisco
ip dhcp relay information option vpn

interface Loopback5

vrf member vxlan-1234

ip address 5.5.5.5/32

interface vlan 1234

vrf member vxlan-1234

ip address 1.1.1.1/24

fabric fowarding mode anycast-gateway

ip dhcp relay address 192.168.200.1
ip dhcp relay source—interface loopback5

(and of course the rest of your vxlan configuration)

If it's in another vrf you make loopback in another vrf and use the use-vrf option of the relay address.

Most of the information is contained here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_appendix_0110.html

View solution in original post

Francesco Molino · ‎04-26-2020

Hi

To identify the real device, you'll need to make sure having a unique address on the giaddr field. For that, you'll need to use your loopback interface for example or your management interface.
Then, with Windows 2016, we use RFC3011 (option 118) or RFC3527 (option 82, suboption 5). Here a documentation for Windows 2016:
https://docs.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-subnet-options

However, this isn't supported on Windows 2012. We use the general option 82 with additional filtering. Here an official Cisco documentation:
https://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/200248-Configuring-Microsoft-Windows-Server-201.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

f00z · ‎04-27-2020

To use it with anycast gateway if the dhcp server is in the same vrf but not on the same SVI (the same VTEP) , you would have to create loopbacks in the vrf for every VTEP that needs to do dhcp relay and add them to the VRF so the DHCP server replies will get back to the relay.

First you need to set the sub option type so the packets can be tagged with the correct VRF so the switch knows which interface to reply to inside the VTEP in case there is duplicate ip addresses or the relay is in another VRF, etc.

Ex

ip dhcp relay
ip dhcp relay information option
ip dhcp relay sub-option type cisco
ip dhcp relay information option vpn

interface Loopback5

vrf member vxlan-1234

ip address 5.5.5.5/32

interface vlan 1234

vrf member vxlan-1234

ip address 1.1.1.1/24

fabric fowarding mode anycast-gateway

ip dhcp relay address 192.168.200.1
ip dhcp relay source—interface loopback5

(and of course the rest of your vxlan configuration)

If it's in another vrf you make loopback in another vrf and use the use-vrf option of the relay address.

Most of the information is contained here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_appendix_0110.html

DanielGutierrez615 · ‎10-03-2024

I just experience this, but one thing I'm not sure. The only way I was able to get the dhcp relay to work is : for every subnet that needed dhcp I had to allocate two unique ip address (because I have only two cisco ncs540) so if I have 6 subnets that need dhcp relay I would need 12 unique ip addresses configured on loopback interfaces. This looks like to many IPs just to get dhcp to work on frabric network with anycast gateway, but is there better way of doing this?