cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
409
Views
2
Helpful
4
Replies

Can we directly connect DHCP/DNS server to Fabric Border Node?

Kevm
Level 1
Level 1

Hi Can I check for small SDA sites design, can we directly connect DHCP/DNS server to the Border Node?

1 Accepted Solution

Accepted Solutions

jalejand
Cisco Employee
Cisco Employee

As long as the DHCP s not part of a fabric subnet you can, design wise it doesn't sound like the best idea but it is technically possible.

Just do not use a fabric subnet to connect to it (l2 handoff/ipdb/whatever is extended to the border), as it has DHCP snooping configured (which cannot be simply fixed by disabling snooping or trusting a port, as it has some platform dependent restrictions when it comes to vxlan-encapsulated DHCP packets with a destination other than an anycast gateway).

View solution in original post

4 Replies 4

jalejand
Cisco Employee
Cisco Employee

As long as the DHCP s not part of a fabric subnet you can, design wise it doesn't sound like the best idea but it is technically possible.

Just do not use a fabric subnet to connect to it (l2 handoff/ipdb/whatever is extended to the border), as it has DHCP snooping configured (which cannot be simply fixed by disabling snooping or trusting a port, as it has some platform dependent restrictions when it comes to vxlan-encapsulated DHCP packets with a destination other than an anycast gateway).

gotcha

It is possible to connect DHCP/DNS server directly to SDA fabric. It can be a part of underlay or overlay depending on the design. If these servers are part of overlay network then it must be assigned an endpoint IP address within the appropriate VN and DNA policies and segmentation rules must permit communication between end points and the server.

If it is a part of underlay then it should be reachable through SDA fabric's underlay routing. DNS server doesn't require specific fabric aware configuration hence its reachability within the fabric is a must. 

one famous migration team from one famous company decided to do it in overlay for PXE-server local to site. And while PXE-clients living in legacy LAN behind L2-BN with affected AcGW were able to boot those within Fabric stopped to boot. One of the contributors here was default configuration for any L2-BN or EdgeNodes w/ affected AcGW on it doesnt trust dhcp on endpoint-facing ports while it's obviously mandatory to receive PXE-server reply.

Review Cisco Networking for a $25 gift card