Objektif atik sa a se senplifye konfigirasyon sèvis DHCP pou VXLAN BGP EVPN ak twal DFA lè l sèvi avèk Microsoft Windows Server 2016/2019.
Nan dokiman ofisyèl la, sèvis DHCP ki baze sou Microsoft Windows Server 2012 pou twal la configuré kòm yon SuperScope ki gen yon pisin Loopback (ak rekò nan pisin sa a se esklizyon tout adrès IP pisin lan soti nan pisin lan (eskli adrès IP = pisin)) ak pisin pou bay adrès IP pou rezo reyèl (isit la se rekò a - politik se configuré - nan ki DHCP Relay Circuit ID yo filtre epi sa a ID sikwi relè DHCP gen VNI a pou rezo a, sa vle di pou yon lòt pisin sa a DHCP Relay. Awondisman ID pral yon ti kras diferan).
To configure DHCP on Windows server.
1. Create a super scope. Within the super scope, create scope B, S1, S2, S3, …, Sn for the subnet B and the subnets for each segment.
2. In scope B, specify the 'Exclusion Range' to be the entire address range (so that the offered address range must not be from this scope).
3. For every segment scope Si, specify a policy that matches on Agent Circuit ID with value of '0108000600XXXXXX', where '0108000600' is a fixed value for all segments, the 6 numbers "XXXXXX" is the segment ID value in hexadecimal. Also ensure to check the Append wildcard(*) check box.
4. Set the policy address range to the entire range of the scope.Atik sa a gen repons pou kesyon sa yo:
Content
-
- ( & )
-
-
Entwodiksyon
Pati sa a yon ti tan bay lis tout premye done yo: Enstriksyon pou konfigirasyon ekipman rezo a, RFC yo itilize nan pake DHCP nan faktori eVPN, evolisyon nan anviwònman sèvè DHCP sou Microsoft Windows Server 2012 nan dokiman Cisco yo bay pou referans. Osi byen tou kout enfòmasyon sou Superscope ak Policy nan sèvis la DHCP sou Microsoft Windows Servers.
Ki jan yo konfigirasyon DHCP Relay sou yon twal VXLAN BGP EVPN, DFA
Konfigirasyon DHCP Relay sou yon twal VXLAN BGP EVPN se pa sijè prensipal la nan atik sa a, paske li se byen senp. Mwen bay lyen ki mennen nan dokiman ak yon spoiler sou anviwònman sou ekipman rezo.
Egzanp konfigirasyon DHCP Relay sou Nexus 9000V v9.2(3)
service dhcp
ip dhcp relay
ip dhcp relay information option
ip dhcp relay information option vpn
interface loopback10
vrf member VRF1
ip address 10.120.0.1/32 tag 1234567
interface Vlan12
no shutdown
vrf member VRF1
no ip redirects
ip address 10.120.251.1/24 tag 1234567
no ipv6 redirects
fabric forwarding mode anycast-gateway
ip dhcp relay address 10.0.0.5
ip dhcp relay source-interface loopback10
RFC ki aplike nan operasyon sèvis DHCP Relay nan twal VXLAN BGP EVPN
RFC#6607: Sou-opsyon 151 (0x97) - Seleksyon Virtuel Subnet
• Sub-option 151(0x97) - Virtual Subnet Selection (Defined in RFC#6607)
Used to convey VRF related information to the DHCP server in an MPLS-VPN and VXLAN EVPN multi-tenant environment.Transmèt "non" VRF kote kliyan an ye.
RFC#5107: Sou-opsyon 11 (0xb) - Sèvè ID Override
• Sub-option 11(0xb) - Server ID Override (Defined in RFC#5107.)
The server identifier (server ID) override sub-option allows the DHCP relay agent to specify a new value for the server ID option, which is inserted by the DHCP server in the reply packet. This sub-option allows the DHCP relay agent to act as the actual DHCP server such that the renew requests will come to the relay agent rather than the DHCP server directly. The server ID override sub-option contains the incoming interface IP address, which is the IP address on the relay agent that is accessible from the client. Using this information, the DHCP client sends all renew and release request packets to the relay agent. The relay agent adds all of the appropriate sub-options and then forwards the renew and release request packets to the original DHCP server. For this function, Cisco’s proprietary implementation is sub-option 152(0x98). You can use the ip dhcp relay sub-option type cisco command to manage the function.Opsyon an itilize pou asire ke kliyan an voye yon demann pou renouvle kontra-lwaye adrès la nan adrès IP yo itilize nan opsyon sa a. (Sou Cisco VXLAN BGP, EVPN se adrès Anycast pòtay default kliyan an.)
RFC#3527: Sou-opsyon 5 (0x5) - Seleksyon lyen
Sub-option 5(0x5) - Link Selection (Defined in RFC#3527.)
The link selection sub-option provides a mechanism to separate the subnet/link on which the DHCP client resides from the gateway address (giaddr), which can be used to communicate with the relay agent by the DHCP server. The relay agent will set the sub-option to the correct subscriber subnet and the DHCP server will use that value to assign an IP address rather than the giaddr value. The relay agent will set the giaddr to its own IP address so that DHCP messages are able to be forwarded over the network. For this function, Cisco’s proprietary implementation is sub-option 150(0x96). You can use the ip dhcp relay sub-option type ciscocommand to manage the function.Adrès rezo kote kliyan an bezwen yon adrès IP.
Evolisyon dokiman Cisco konsènan konfigirasyon DHCP sou Microsoft Windows Server 2012
Mwen enkli seksyon sa a paske gen yon tandans pozitif sou pati vandè a:
Dokiman an sèlman montre kijan pou konfigirasyon DHCP Relay sou ekipman rezo a.
Yo te itilize yon lòt atik pou konfigirasyon DHCP sou Windows Server 2012:
Atik sa a endike ke chak rezo/VNI mande pou pwòp pakèt SuperScope li yo ak pwòp seri adrès Loopback li yo:
If multiple DHCP Scopes are required for multiple subnets, you need to create one LoopbackX per subnet/vlan on all LEAFS and create a superscope with a loopbackX range scope and actual client IP subnet scope per vlan.
Te ajoute anviwònman Windows 2012 Server nan dokiman an pou mete ekipman rezo a. Pou tout pisin adrès yo itilize, yon sèl SuperScope pou chak sant done obligatwa epi SuperScope sa a se limit sant done a:
Create Superscope for all scopes you want to use for Option 82-based policies.
Note
The Superscope should combine all scopes and act as the administrative boundary.
Tout bagay yo eksplike trè kout:
Let us assume the switch is using the address from subnet B (it can be the backbone subnet, management subnet, or any customer designated subnet for this purpose) to communicate with the Windows DHCP server. In DFA we have subnets S1, S2, S3, …, Sn for segment s1, s2, s3, …, sn.
To configure DHCP on Windows server.
1. Create a super scope. Within the super scope, create scope B, S1, S2, S3, …, Sn for the subnet B and the subnets for each segment.
2. In scope B, specify the 'Exclusion Range' to be the entire address range (so that the offered address range must not be from this scope).
3. For every segment scope Si, specify a policy that matches on Agent Circuit ID with value of '0108000600XXXXXX', where '0108000600' is a fixed value for all segments, the 6 numbers "XXXXXX" is the segment ID value in hexadecimal. Also ensure to check the Append wildcard(*) check box.
4. Set the policy address range to the entire range of the scope.
DHCP nan Microsoft Windows Server (superscope & politik)
Superscope is an administrative feature of a DHCP server that can be used to group multiple scopes as a single administrative entity. Superscope allows a DHCP server to provide leases from more than one scope to clients on a single physical network. Scopes added to a superscope are called member scopes.
Ki sa ki SuperScope - li se yon fonksyonalite ki pèmèt ou konbine plizyè pisin nan adrès IP nan yon sèl inite administratif. Pou fè piblisite pou itilizatè yo sou menm rezo fizik (nan menm VLAN) adrès IP ki soti nan plizyè pisin. Si demann lan te vini nan yon gwoup adrès kòm yon pati nan yon SuperScope, Lè sa a, kliyan an ka resevwa yon adrès ki soti nan yon lòt Scope ki enkli nan SuperScope sa a.
The DHCP Server role in Windows Server 2012 introduces a new feature that allows you to create IPv4 policies that specify custom IP address and option assignments for DHCP clients based on a set of conditions.
The policy based assignment (PBA) feature allows you to group DHCP clients by specific attributes based on fields contained in the DHCP client request packet. PBA enables targeted administration and greater control of the configuration parameters delivered to network devices with DHCP.
Règleman - pèmèt ou bay adrès IP itilizatè yo depann sou kalite itilizatè oswa paramèt. Enjenyè Cisco itilize règleman nan Windows Server 2012 pou filtre pa VNI (Virtual Network Identifier).
Pati prensipal la
Seksyon sa a gen rezilta rechèch la, poukisa li pa sipòte, kijan li fonksyone (lojik), sa ki nouvo ak ki jan nouvo sa a pral ede nou.
Poukisa Microsoft Windows Server 2000/2003/2008 pa sipòte?
Microsoft Windows Server 2008 ak vèsyon pi bonè yo pa trete opsyon 82 epi yo voye pake retounen a san opsyon 82.
- Yo voye demann kliyan an nan Broadcast (DHCP Discover).
- Ekipman an (Nexus) voye yon pake nan sèvè DHCP (DHCP Discover + Opsyon 82).
- Sèvè DHCP resevwa pake a, trete l, voye l tounen, men san opsyon 82. (Ofri DHCP - san opsyon 82)
- Ekipman an (Nexus) resevwa yon pake ki soti nan sèvè DHCP la. (DHCP Ofri) Men, pa voye pake sa a bay itilizatè final la.
Done sniffer - sou Windows Server 2008 ak sou kliyan DHCP laWindows Server 2008 resevwa yon demann nan men ekipman rezo. (Opsyon 82 prezan nan lis la)
Windows Server 2008 voye repons lan nan ekipman rezo a. (Opsyon 82 pa nan lis kòm yon opsyon nan pake a)
Demann nan men kliyan an - DHCP Discover prezan epi DHCP òf manke
Estatistik sou ekipman rezo:
NEXUS-9000V-SW-1# show ip dhcp relay statistics
----------------------------------------------------------------------
Message Type Rx Tx Drops
----------------------------------------------------------------------
Discover 8 8 0
Offer 8 8 0
Request(*) 0 0 0
Ack 0 0 0
Release(*) 0 0 0
Decline 0 0 0
Inform(*) 0 0 0
Nack 0 0 0
----------------------------------------------------------------------
Total 16 16 0
----------------------------------------------------------------------
DHCP L3 FWD:
Total Packets Received : 0
Total Packets Forwarded : 0
Total Packets Dropped : 0
Non DHCP:
Total Packets Received : 0
Total Packets Forwarded : 0
Total Packets Dropped : 0
DROP:
DHCP Relay not enabled : 0
Invalid DHCP message type : 0
Interface error : 0
Tx failure towards server : 0
Tx failure towards client : 0
Unknown output interface : 0
Unknown vrf or interface for server : 0
Max hops exceeded : 0
Option 82 validation failed : 0
Packet Malformed : 0
Relay Trusted port not configured : 0
DHCP Request dropped on MCT : 0
* - These counters will show correct value when switch
receives DHCP request packet with destination ip as broadcast
address. If request is unicast it will be HW switched
NEXUS-9000V-SW-1#
Poukisa konfigirasyon tèlman konplèks nan Microsoft Windows Server 2012?
Microsoft Windows Server 2012 poko sipòte RFC#3527 (Opsyon 82 Sou-opsyon 5(0x5) - Seleksyon Link)
Men, fonksyonalite politik la te deja aplike.
Ki jan li fonksyone:
- Microsoft Windows Server 2012 gen yon pisin super (SuperScope) ki gen adrès Loopback ak pisin pou rezo reyèl.
- Seleksyon pisin lan pou bay yon adrès IP tonbe nan SuperScope, depi repons lan soti nan DHCP Relay ak adrès Loopback Sous la enkli nan SuperScope.
- Lè l sèvi avèk Règleman, demann lan chwazi nan Superscope sijè ki abòde manm ki gen VNI nan Opsyon 82 Suboption 1 Agent Circuit ID. ("0108000600"+ 24 bits VNI + 24 bits ki gen valè yo pa konnen pou mwen, men sniffer la montre valè 0 nan jaden sa a.)
Ki jan konfigirasyon senplifye nan Microsoft Windows Server 2016/2019?
Microsoft Windows Server 2016 aplike RFC#3527 fonksyonalite. Sa vle di, Windows Server 2016 ka rekonèt rezo ki kòrèk la nan Opsyon 82 Sou-opsyon 5(0x5) - Atribi seleksyon lyen.
Twa kesyon parèt imedyatman:
- Èske nou ka fè san Superscope?
- Èske nou ka fè san politik ak konvèti VNI nan fòm egzadesimal?
- Èske nou ka fè san Scope for Loopback DHCP Sous adrès?
Q. Èske nou ka fè san Superscope?
A. Wi, dimansyon ka kreye imedyatman nan zòn adrès IPv4.
Q. Èske nou ka fè san politik ak konvèti VNI nan fòm egzadesimal?
A. Wi, seleksyon rezo a baze sou Opsyon 82 Sou-opsyon 0x5,
Q. Èske nou ka fè san Scope for Loopback DHCP Sous adrès?
A. Non nou pa kapab. Paske Microsoft Windows Server 2016/2019 gen pwoteksyon kont demann DHCP move. Sa vle di, tout demann ki soti nan adrès ki pa nan rezèvwa sèvè DHCP yo konsidere kòm move.
Note
All relay agent IP addresses (GIADDR) must be part of an active DHCP scope IP address range. Any GIADDR outside of the DHCP scope IP address ranges is considered a rogue relay and Windows DHCP Server will not acknowledge DHCP client requests from those relay agents.
A special scope can be created to "authorize" relay agents. Create a scope with the GIADDR (or multiple if the GIADDR's are sequential IP addresses), exclude the GIADDR address(es) from distribution, and then activate the scope. This will authorize the relay agents while preventing the GIADDR addresses from being assigned.Moun sa yo. Pou konfigirasyon yon pisin DHCP pou yon faktori VXLAN BGP EVPN sou Microsoft Windows Server 2016/2019, ou bezwen sèlman:
- Kreye yon pisin pou adrès Relè Sous yo.
- Kreye yon pisin pou rezo kliyan yo
Ki sa ki pa nesesè (men yo ka konfigirasyon epi li pral travay epi yo pa pral entèfere ak travay):
- Kreye politik
- Kreye SuperScope
EgzanpEgzanp mete kanpe yon sèvè DHCP (gen 2 kliyan DHCP reyèl - kliyan yo konekte ak twal VXLAN)
Egzanp pou mete yon pisin itilizatè:
Yon egzanp mete kanpe yon pisin itilizatè (politik yo chwazi - pou pwouve ke règleman yo pa te itilize pou operasyon an kòrèk nan pisin lan):
Yon egzanp konfigirasyon yon rezèvwa pou adrès Relè DHCP Sous (ranje adrès pou emisyon an konplètman koresponn ak esklizyon nan rezèv adrès la):
Mete kanpe yon sèvis DHCP sou Microsoft Windows Server 2019
Konfigirasyon yon pisin pou adrès Loopback (sous) pou DHCP Relay.
Nou kreye yon nouvo pisin (Scope) nan espas IPv4 la.
Sòsye kreyasyon pisin. "Pwochen>"
Konfigure non pisin lan ak deskripsyon pisin lan.
Mete seri adrès IP pou Loopback ak mask pou pisin lan.
Ajoute eksepsyon. Ranje esklizyon an dwe egzakteman matche ak seri pisin lan.
Tan lokasyon. "Pwochen>"
Rekèt: Èske w ap configured opsyon DHCP kounye a (DNS, WINS, Gateway, Domèn) oswa ou pral fè li pita. Li ta pi vit reponn non, ak Lè sa a, aktive pisin lan manyèlman. Oswa ale nan fen a san yo pa ranpli nenpòt enfòmasyon epi aktive pisin lan nan fen sòsye an.
Nou konfime ke opsyon yo pa configuré epi pisin lan pa aktive. "Fini"
Nou aktive pisin lan manyèlman. — Chwazi Dimansyon epi nan meni kontèks la — chwazi "Aktive".
Nou kreye yon pisin pou itilizatè/sèvè.
Nou kreye yon nouvo pisin.
Sòsye kreyasyon pisin. "Pwochen>"
Konfigure non pisin lan ak deskripsyon pisin lan.
Mete seri adrès IP pou Loopback ak mask pou pisin lan.
Ajoute eksepsyon. (Pa gen okenn eksepsyon obligatwa pa default) "Next>"
Tan lokasyon. "Pwochen>"
Rekèt: Èske w ap configured opsyon DHCP kounye a (DNS, WINS, Gateway, Domèn) oswa ou pral fè li pita. Ann mete l kanpe kounye a.
Konfigure adrès pòtay default la.
Nou konfigirasyon domèn ak adrès sèvè dns yo.
Konfigirasyon adrès IP nan sèvè WINS.
Aktivasyon Dimansyon.
Se pisin lan configuré. "Fini"
Konklizyon
Sèvi ak Windows Server 2016/2019 diminye konpleksite nan mete kanpe yon sèvè DHCP pou yon twal VXLAN (oswa nenpòt lòt twal). (Li pa nesesè pou transfere lyen espesyal bay espesyalis IT: Rezo/Ajan Circuit ID pou anrejistre filtè yo.)
Èske konfigirasyon an pou Windows Server 2012 ap travay sou nouvo sèvè 2016/2019 - wi li pral travay.
Dokiman sa a gen referans a 2 vèsyon: 7.X ak 9.3. Sa a se akòz lefèt ke vèsyon 7.0(3)I7(7) se yon lage Cisco Sigjere, ak vèsyon 9.3 se pi inovatè (menm sipòte Multicast atravè VXLAN Multisite).
Lis sous yo
Sous: www.habr.com