Hello @acc.94 ,
your concerns are correct:
the DHCP server must be out of the fabric.
The explanation for this need is the following:
for a given VXVLAN each fabric node implements the Anycast Concept for the SVI default gateway.
This means that each Fabric node when performing DHCP relay function wil populate the gi address with the SAME IP address for a specific VXVLAN/IP subnet and then it will send the packet inside a VXVLAN UDP packet towards the Border Node that advertised the subnet where the DHCP server IP address is part of.
Having the DHCP servers out of the fabric allows to use the Fabric Border nodes as proxies, they have a loopback interface configured with the same IP address of the Anycast SVI so they can propagate the DHCP request to the external DHCP servers.
When the DHCP server answer comes back it is first processed by the local loopback, then using LISP and VXVLAN UDP at the data plane, and having tracked from what fabric node has arrived the original DHCP request the Border node can send the DHCP offer to the correct fabric node sending actually to the fabric node loopback address ( in the external UDP header the destination address must be unique so it is the loopback address that is advertised in the IGP actually IS-IS)
The fabric node takes the DHCP offer and propagates it the original requester.
So the DHCP servers like other services for example AAA servers or ISE must be out of the fabric and reachable via Border nodes.
Hope to help
Giuseppe
