Solved: Re: DHCP relay over MPLS network

Beaurr · ‎06-14-2022

Hello,

I have several branch connected in MPLS.

Branch A ( main branch, with 2 DHCP servers)

Branch B ( without DHCP server).

I would like to use DHCP servers on branch A to distribute IP adresses on branch B.

I asked to my operator to set up dhcp relay because I can't make modification myself on the ISP router.

But i was still able to obtain the configuration files of the 2 ISP routers ( A and B), and i see that they put the DHCP relays on interface 0/0 on router A ( main branch).

interface GigabitEthernet 0/0
ip address x.x.x.x  255.255.255.0
no negotiation
duplex full
speed 1000
ip helper-address 10.39.1.223  ==>My first DHCP server
ip helper-address 10.39.1.224  ==>Second DHCP server
description *** LAN CLIENT ***

Does the configuration have to be applied on the main router ( A) or on the remote branch router (B) or the two?

emurray · ‎06-22-2022

You would only need the DHCP relay at branch B. The interface that will need the configuration is the one facing the core switch at the branch where the client traffic will come. You wold need reachability to the DHCP server from branch B, so make sure you have that.

View solution in original post

Jon Marshall · ‎06-14-2022

Assuming this is a L3 MPLS network then you need the "ip helper-address ..." command(s) on the L3 interface(s) for the clients on router B.

Jon

MHM Cisco World · ‎06-14-2022

http://wonderdam.altervista.org/blog/vpls-basic-info-1/?doing_wp_cron=1655231157.1057639122009277343750

I am now 90% sure it l2vpn why?

You traffic from site b will l2 bridge to site A and there you will set

ip dhcp helper

Because site a svi is the gw for all client in site b

Please take look on this link

How bridge domain is use.

Beaurr · ‎06-14-2022

I'm not a specialist, but for me :

Layer 2 VPNs virtualize the datalink layer (Layer 2) so as to make geographically remote sites look as if they were operating in the same LAN network.

Layer 3 VPNs virtualize the network layer (Layer 3) so as to route your customer networks over a public infrastructure like Internet or Service provider backbone.

The actual commercial name of my operator offer is "Business VPN", and for me it's a L3VPN, or maybe a mix of the 2 ( it's possible?) but maybe I'm wrong.

I'll call my provider to tell me if it's a L3VPN or L2VPN offer

Giuseppe Larosa · ‎06-15-2022

Hello @Beaurr ,

regardless of the type of MPLS service the routing is present.

The DHCP helper address is needed on each remote site at LAN interface level on client facing interfaces to translate a non routable broadcast BOOTPS request of the new client on a routable packet with destination = DHCP server and

gi-address field = LAN IP address

that received the original broadcast message.

The

gi-address

field helps the centralized DHCP servers to pick a free address from the correct DHCP scope / pool and the DHCP server sends back to the

 gi-address

their answer that is then relayed as a BOOTP message to the requester.

DHCP snooping if enabled can create issues when it sees a non empty

gi-address

field ( example WLC uplinks)

Hope to help

Giuseppe

Beaurr · ‎06-15-2022

Hello Giuseppe Larosa

So, I have to add the dhcp relays on the interface of the 2 routers? A and B? On the LAN interface? or just on the B, as Jon Marshall said?

On Router A :

interface GigabitEthernet 0/0
ip address x.x.x.x  255.255.255.0
no negotiation
duplex full
speed 1000
ip helper-address 10.39.1.223  ==>My first DHCP server
ip helper-address 10.39.1.224  ==>Second DHCP server
description *** LAN CLIENT ***

and on router B :

interface GigabitEthernet 0/1
no ip address
bridge-group 1
description *** LAN CLIENT ***
service-policy input COS-IN
service-policy output REMARK-DSCP

ip helper-address 10.39.1.223  ==>My first DHCP server
ip helper-address 10.39.1.224  ==>Second DHCP server
exit

And for MHM Cisco World, The provider told me that "business VPN" is an L3VPN

Beaurr · ‎06-22-2022

I will have 4 local VLAN on site B

Ex :

VLAN 10

name DATA

Ip address 10.60.133.253 255.255.255.0

ip helper-address 10.39.1.224

ip helper-address 10.39.1.223

Do i have to add the IP Helper Adress in each vlan too like this?

emurray · ‎06-22-2022

You would only need the DHCP relay at branch B. The interface that will need the configuration is the one facing the core switch at the branch where the client traffic will come. You wold need reachability to the DHCP server from branch B, so make sure you have that.

Beaurr · ‎06-22-2022

yes, thanks. The DHCP servers are in the 10.39.1.0 subnet on site A. This subnet include all the servers an can be reached from site B.

traceroute ok in both direction!

MHM Cisco World · ‎06-22-2022

I think you misunderstand here,
he need to config

ip helper

under each SVI (VLAN) because this will receive the DHCP broadcast from client and forward it to central site.

https://www.expertnetworkconsultant.com/configuring/how-to-configure-a-dhcp-server-on-a-hypervisor-as-an-ip-helper-on-a-layer-3-switch-for-a-number-of-vlans/

emurray · ‎06-22-2022

Branch B is probably a normal branch with a Router on one interface facing the MPLS of the service provider but also another interface facing the CORE switch at the branch. That router is the default gateway for that branch and for that reason is where the

ip helper

must be configured.

MHM Cisco World · ‎06-22-2022

I ask him before he sure that this is l3vpn,

So each client have defualt gateway which is svi in branch B,

And since svi is defualt gateway then he need to config

ip helper

in each svi in branch B

The traffic will flow as below,

Client send broadcast dhcp ask ip

Svi receive this broadcast convert it to unicast send it to central site

Reply from central will reply and this reply will forward to cleint.

So in each SVI.

MHM Cisco World · ‎06-22-2022

And it is not router it is l3SW with multi vlan, this l3sw connect to central site via mpls l3vpn.

Beaurr · ‎06-23-2022

Hello MHM Cisco World,

yes that's it. I created 4 VLANS on L3 Switch on branch B. with theirs different ip interface for each VLAN.

The DHCP server is on site A, the 2 are connected via an MPLS L3 VPN.

So, if i understand correctly, I have to ask the operator to configure ip helper on the LAN interface of their router (branch B).

AND

Me, I have to add the ip helper on each VLANS ont the L3 switch of branch B

VLAN 10

name DATA

Ip address 10.60.133.253 255.255.255.0

ip helper-address 10.39.1.224

ip helper-address 10.39.1.223

MHM Cisco World · ‎06-23-2022

Yes you need that, each SVI will receive the broadcast from client in that VLAN and use IP helper IP to build UNICAST toward the dhcp server which is in site A.