Solved: DHCP in VXLAN Distributed IP Anycast Gateway

andriyy · ‎04-25-2020

Dear experts,

Would you help me understand ( from the packet walk perspective ) how exactly DHCP address assignment would work in VXLAN Distributed IP Anycast Gateway scenario ?

Can host receive IP addresses assigned by DHCP ? How the reply from DHCP server would be routed ?

Thank you !

f00z · ‎04-27-2020

To use it with anycast gateway if the dhcp server is in the same vrf but not on the same SVI (the same VTEP) , you would have to create loopbacks in the vrf for every VTEP that needs to do dhcp relay and add them to the VRF so the DHCP server replies will get back to the relay.

First you need to set the sub option type so the packets can be tagged with the correct VRF so the switch knows which interface to reply to inside the VTEP in case there is duplicate ip addresses or the relay is in another VRF, etc.

Ex

ip dhcp relay
ip dhcp relay information option
ip dhcp relay sub-option type cisco
ip dhcp relay information option vpn

interface Loopback5

vrf member vxlan-1234

ip address 5.5.5.5/32

interface vlan 1234

vrf member vxlan-1234

ip address 1.1.1.1/24

fabric fowarding mode anycast-gateway

ip dhcp relay address 192.168.200.1
ip dhcp relay source—interface loopback5

(and of course the rest of your vxlan configuration)

If it's in another vrf you make loopback in another vrf and use the use-vrf option of the relay address.

Most of the information is contained here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_appendix_0110.html

View solution in original post

Francesco Molino · ‎04-26-2020

Hi

To identify the real device, you'll need to make sure having a unique address on the giaddr field. For that, you'll need to use your loopback interface for example or your management interface.
Then, with Windows 2016, we use RFC3011 (option 118) or RFC3527 (option 82, suboption 5). Here a documentation for Windows 2016:
https://docs.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-subnet-options

However, this isn't supported on Windows 2012. We use the general option 82 with additional filtering. Here an official Cisco documentation:
https://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/200248-Configuring-Microsoft-Windows-Server-201.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

f00z · ‎04-27-2020

To use it with anycast gateway if the dhcp server is in the same vrf but not on the same SVI (the same VTEP) , you would have to create loopbacks in the vrf for every VTEP that needs to do dhcp relay and add them to the VRF so the DHCP server replies will get back to the relay.

First you need to set the sub option type so the packets can be tagged with the correct VRF so the switch knows which interface to reply to inside the VTEP in case there is duplicate ip addresses or the relay is in another VRF, etc.

Ex

ip dhcp relay
ip dhcp relay information option
ip dhcp relay sub-option type cisco
ip dhcp relay information option vpn

interface Loopback5

vrf member vxlan-1234

ip address 5.5.5.5/32

interface vlan 1234

vrf member vxlan-1234

ip address 1.1.1.1/24

fabric fowarding mode anycast-gateway

ip dhcp relay address 192.168.200.1
ip dhcp relay source—interface loopback5

(and of course the rest of your vxlan configuration)

If it's in another vrf you make loopback in another vrf and use the use-vrf option of the relay address.

Most of the information is contained here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_appendix_0110.html