DHCP Server Configuration in NSX-T

Introduction:

The Dynamic Host Configuration Protocol (DHCP) allows clients to obtain their network configuration from a DHCP server automatically. In NSX-T, this means the allocation of IP address, subnet mask, and default gateway. This article is a brief guide to get you up and running with an NSX-T managed Local DHCP Server configuration.

NSX-T supports two DHCP implementations:

DHCP Server: The DHCP service and IP address pools are NSX-T managed.
DHCP Relay: DHCP services run on a virtualized guest or physical server. NSX-T relays DHCP requests to a DHCP Server.

DHCP configuration changes are performed from two main sections in the NSX-T User Interface:

Networking: Recommended configuration method for NSX-T 2.4 onwards, as supported by the Policy API.
Advanced Networking & Security: The configuration method for NSX-T 2.3 and older, as supported by the Management Plane API.

In this case, we will be reviewing configuration steps in an NSX-T 2.5 Lab, using the Networking section, to future proof the configuration for subsequent NSX-T releases. This will set us up for more powerful Policy API calls in future lab deployments.

Three-Step DHCP Server Configuration Summary:

Step 1: Create a DHCP Server

Step2: Assign the DHCP Local Server to one or more Gateways

Step3: Assign a DHCP Range to a Segment Subnet

Lab Topology:

The DHCP Server is a logical construct, is shown disconnected, and is not associated with a segment.

Three-Step Configuration Details:

Step 1: Create a DHCP Server

Create a DHCP Server under the Networking section, not under Advanced Networking & Security, to future proof the setup.

Step 2: Assign the DHCP Local Server to one or more Gateways

Assign the DHCP Server under the Gateway’s IP Address Management.

The IP Adress Management Type is DHCP Local Server, with the created DHCP Server specified.

Step 3: Assign a DHCP Range to a Segment Subnet

The DHCP Range is defined where the Subnet IP address is assigned.

Configuration changes that are not Required:

IP Address Pool definition
IP Adress Block definition
DNS Service Configuration is optional
The Tier-1 Gateway does not need to be instantiated on an Edge Cluster
The Local DHCP Server IP does not need to belong to IP address space assigned to a Segment Subnet

Verifying the DHCP Server Configuration:

Verify that the DHCP Server subnet resides in the Tier-1 Gateway routing table:

nsxtedge01> get logical-router
 Logical Router
 UUID                                   VRF    LR-ID  Name                              Type                        Ports
 736a80e3-23f6-5a2d-81d6-bbefb2786666   0      0                                        TUNNEL                      3
 cbf4e534-3ad4-4cfb-83b2-79e03f7c80c0   16     12     DR-lab-tier-1                     DISTRIBUTED_ROUTER_TIER1    6
 019feeec-649c-449d-998f-01a2f5fed8c9   17     2054   SR-lab-tier-0                     SERVICE_ROUTER_TIER0        6
 e9322040-ebe6-426c-914a-72858fd86322   18     11     DR-lab-tier-0                     DISTRIBUTED_ROUTER_TIER0    4

nsxtedge01> vrf 16
 nsxtedge01(vrf)> get forwarding
 Logical Router
 UUID                                   VRF    LR-ID  Name                              Type
 cbf4e534-3ad4-4cfb-83b2-79e03f7c80c0   16     12     DR-lab-tier-1                     DISTRIBUTED_ROUTER_TIER1
 IPv4 Forwarding Table
 IP Prefix          Gateway IP      Type     UUID                                   Gateway MAC
 0.0.0.0/0          100.64.160.0    route    6889225f-2206-4337-88c6-58fc5adb78af
 100.64.160.0/31                    route    6889225f-2206-4337-88c6-58fc5adb78af
 100.64.160.1/32                    route    2e9fa185-6b0e-5632-b80d-a646e903bc37
 192.168.60.0/24                    route    0842709d-5019-48f3-bb1b-228fc45ed058          <--- DHCP Server subnet
 192.168.60.2/32                    route    2e9fa185-6b0e-5632-b80d-a646e903bc37
 192.168.70.0/24                    route    6988c30f-6e40-4195-9a0b-f1a967c71a04
 192.168.70.1/32                    route    2e9fa185-6b0e-5632-b80d-a646e903bc37
 IPv6 Forwarding Table
 IP Prefix                                     Gateway IP                                Type        UUID                                   Gateway MAC
 ::/0                                          fc7a:1e3f:83d2:6800::1                    route       6889225f-2206-4337-88c6-58fc5adb78af
 fc7a:1e3f:83d2:6800::/64                                                                route       6889225f-2206-4337-88c6-58fc5adb78af
 fc7a:1e3f:83d2:6800::2/128                                                              route       2e9fa185-6b0e-5632-b80d-a646e903bc37
 nsxtedge01(vrf)>

In Advanced Networking & Security verify that the Relay Service has been realized in the Tier-1 Gateway Logical Router Ports where DHCP Clients connect:

Verify that the Guest VM has been allocated an IP Address:

Great, our Photon Guest VM has been allocated the first IP address in the DHCP scope:

DHCP Troubleshooting:

This covers DHCP Server Configuration in NSX-T. This related article outlines a structured approach to NSX-T DHCP Troubleshooting.

4 thoughts on “DHCP Server Configuration in NSX-T”

Arunabha Ghosh says:

November 20, 2019 at 2:23 am

Excellent!!
1. admin says:
  
  December 2, 2019 at 4:30 pm
  
  So glad the article was helpful, new content is coming out Tuesday, Dec 3rd, stay tuned!
Jani says:

December 12, 2019 at 3:44 pm

So what is the purpose the IP Address Pool setting in the segements?
1. admin says:
  
  December 13, 2019 at 2:04 pm
  
  Jani,
  
  Thanks for asking!
  
  In this case, NSX-T is performing DHCP Services. The DHCP scope isn’t defined with the DHCP service, as expected in a more traditional server-based system. Think of it more as a logical construct, where the DHCP pool is defined and associated with the segment on which DHCP Client workloads connect.
  
  Regards,
  Gary

Comments are closed.