Introduction:
The Dynamic Host Configuration Protocol (DHCP) allows clients to obtain their network configuration from a DHCP server automatically. In NSX-T, this means the allocation of IP address, subnet mask, and default gateway. This article is a brief guide to get you up and running with an NSX-T managed Local DHCP Server configuration.
NSX-T supports two DHCP implementations:
- DHCP Server: The DHCP service and IP address pools are NSX-T managed.
- DHCP Relay: DHCP services run on a virtualized guest or physical server. NSX-T relays DHCP requests to a DHCP Server.
DHCP configuration changes are performed from two main sections in the NSX-T User Interface:
- Networking: Recommended configuration method for NSX-T 2.4 onwards, as supported by the Policy API.
- Advanced Networking & Security: The configuration method for NSX-T 2.3 and older, as supported by the Management Plane API.
In this case, we will be reviewing configuration steps in an NSX-T 2.5 Lab, using the Networking section, to future proof the configuration for subsequent NSX-T releases. This will set us up for more powerful Policy API calls in future lab deployments.
Three-Step DHCP Server Configuration Summary:
Step 1: Create a DHCP Server
Step2: Assign the DHCP Local Server to one or more Gateways
Step3: Assign a DHCP Range to a Segment Subnet
Lab Topology:
The DHCP Server is a logical construct, is shown disconnected, and is not associated with a segment.
Three-Step Configuration Details:
Step 1: Create a DHCP Server
Create a DHCP Server under the Networking section, not under Advanced Networking & Security, to future proof the setup.
Step 2: Assign the DHCP Local Server to one or more Gateways
Assign the DHCP Server under the Gateway’s IP Address Management.
The IP Adress Management Type is DHCP Local Server, with the created DHCP Server specified.
Step 3: Assign a DHCP Range to a Segment Subnet
The DHCP Range is defined where the Subnet IP address is assigned.
Configuration changes that are not Required:
- IP Address Pool definition
- IP Adress Block definition
- DNS Service Configuration is optional
- The Tier-1 Gateway does not need to be instantiated on an Edge Cluster
- The Local DHCP Server IP does not need to belong to IP address space assigned to a Segment Subnet
Verifying the DHCP Server Configuration:
Verify that the DHCP Server subnet resides in the Tier-1 Gateway routing table:
nsxtedge01> get logical-router Logical Router UUID VRF LR-ID Name Type Ports 736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 TUNNEL 3 cbf4e534-3ad4-4cfb-83b2-79e03f7c80c0 16 12 DR-lab-tier-1 DISTRIBUTED_ROUTER_TIER1 6 019feeec-649c-449d-998f-01a2f5fed8c9 17 2054 SR-lab-tier-0 SERVICE_ROUTER_TIER0 6 e9322040-ebe6-426c-914a-72858fd86322 18 11 DR-lab-tier-0 DISTRIBUTED_ROUTER_TIER0 4 nsxtedge01> vrf 16 nsxtedge01(vrf)> get forwarding Logical Router UUID VRF LR-ID Name Type cbf4e534-3ad4-4cfb-83b2-79e03f7c80c0 16 12 DR-lab-tier-1 DISTRIBUTED_ROUTER_TIER1 IPv4 Forwarding Table IP Prefix Gateway IP Type UUID Gateway MAC 0.0.0.0/0 100.64.160.0 route 6889225f-2206-4337-88c6-58fc5adb78af 100.64.160.0/31 route 6889225f-2206-4337-88c6-58fc5adb78af 100.64.160.1/32 route 2e9fa185-6b0e-5632-b80d-a646e903bc37 192.168.60.0/24 route 0842709d-5019-48f3-bb1b-228fc45ed058 <--- DHCP Server subnet 192.168.60.2/32 route 2e9fa185-6b0e-5632-b80d-a646e903bc37 192.168.70.0/24 route 6988c30f-6e40-4195-9a0b-f1a967c71a04 192.168.70.1/32 route 2e9fa185-6b0e-5632-b80d-a646e903bc37 IPv6 Forwarding Table IP Prefix Gateway IP Type UUID Gateway MAC ::/0 fc7a:1e3f:83d2:6800::1 route 6889225f-2206-4337-88c6-58fc5adb78af fc7a:1e3f:83d2:6800::/64 route 6889225f-2206-4337-88c6-58fc5adb78af fc7a:1e3f:83d2:6800::2/128 route 2e9fa185-6b0e-5632-b80d-a646e903bc37 nsxtedge01(vrf)>
In Advanced Networking & Security verify that the Relay Service has been realized in the Tier-1 Gateway Logical Router Ports where DHCP Clients connect:
Verify that the Guest VM has been allocated an IP Address:
Great, our Photon Guest VM has been allocated the first IP address in the DHCP scope:
DHCP Troubleshooting:
This covers DHCP Server Configuration in NSX-T. This related article outlines a structured approach to NSX-T DHCP Troubleshooting.
Excellent!!
So glad the article was helpful, new content is coming out Tuesday, Dec 3rd, stay tuned!
So what is the purpose the IP Address Pool setting in the segements?
Jani,
Thanks for asking!
In this case, NSX-T is performing DHCP Services. The DHCP scope isn’t defined with the DHCP service, as expected in a more traditional server-based system. Think of it more as a logical construct, where the DHCP pool is defined and associated with the segment on which DHCP Client workloads connect.
Regards,
Gary