Tujuan artikel iki kanggo nyederhanakake konfigurasi layanan DHCP kanggo VXLAN BGP EVPN lan kain DFA nggunakake Microsoft Windows Server 2016/2019.
Ing dokumentasi resmi, layanan DHCP adhedhasar Microsoft Windows Server 2012 kanggo kain dikonfigurasi minangka SuperScope sing ngemot blumbang Loopback (puncak blumbang iki yaiku ora kalebu kabeh alamat IP blumbang saka blumbang (alamat IP ora kalebu = pool)) lan pools kanggo nerbitake alamat IP kanggo jaringan nyata (kene sorotan - kabijakan diatur - kang DHCP Relay Circuit ID disaring lan DHCP relay Circuit ID ngemot VNI kanggo jaringan, IE kanggo pool liyane iki DHCP Relay Circuit ID bakal rada beda).
To configure DHCP on Windows server.
1. Create a super scope. Within the super scope, create scope B, S1, S2, S3, …, Sn for the subnet B and the subnets for each segment.
2. In scope B, specify the 'Exclusion Range' to be the entire address range (so that the offered address range must not be from this scope).
3. For every segment scope Si, specify a policy that matches on Agent Circuit ID with value of '0108000600XXXXXX', where '0108000600' is a fixed value for all segments, the 6 numbers "XXXXXX" is the segment ID value in hexadecimal. Also ensure to check the Append wildcard(*) check box.
4. Set the policy address range to the entire range of the scope.Artikel iki ngemot jawaban kanggo pitakonan ing ngisor iki:
Isi
-
- ( & )
-
-
Pambuka
Part iki sedhela dhaptar kabeh data dhisikan: Pandhuan kanggo configuring peralatan jaringan, RFC digunakake ing paket DHCP ing pabrik eVPN, évolusi setelan server DHCP ing Microsoft Windows Server 2012 ing dokumentasi Cisco kasedhiya kanggo referensi. Uga informasi ringkes babagan Superscope lan Kebijakan ing layanan DHCP ing Server Microsoft Windows.
Carane ngatur DHCP Relay ing VXLAN BGP EVPN, kain DFA
Konfigurasi DHCP Relay ing kain VXLAN BGP EVPN dudu topik utama artikel iki, amarga cukup prasaja. Aku nyedhiyani pranala menyang dokumentasi lan spoiler ing setelan ing peralatan jaringan.
Conto nyetel Relay DHCP ing Nexus 9000V v9.2(3)
service dhcp
ip dhcp relay
ip dhcp relay information option
ip dhcp relay information option vpn
interface loopback10
vrf member VRF1
ip address 10.120.0.1/32 tag 1234567
interface Vlan12
no shutdown
vrf member VRF1
no ip redirects
ip address 10.120.251.1/24 tag 1234567
no ipv6 redirects
fabric forwarding mode anycast-gateway
ip dhcp relay address 10.0.0.5
ip dhcp relay source-interface loopback10
RFC sing dileksanakake ing operasi layanan DHCP Relay ing kain VXLAN BGP EVPN
RFC#6607: Sub-opsi 151(0x97) - Pilihan Subnet Virtual
• Sub-option 151(0x97) - Virtual Subnet Selection (Defined in RFC#6607)
Used to convey VRF related information to the DHCP server in an MPLS-VPN and VXLAN EVPN multi-tenant environment."Jeneng" saka VRF ing ngendi klien dumunung ditularaké.
RFC # 5107: Sub-pilihan 11(0xb) - Server ID Override
• Sub-option 11(0xb) - Server ID Override (Defined in RFC#5107.)
The server identifier (server ID) override sub-option allows the DHCP relay agent to specify a new value for the server ID option, which is inserted by the DHCP server in the reply packet. This sub-option allows the DHCP relay agent to act as the actual DHCP server such that the renew requests will come to the relay agent rather than the DHCP server directly. The server ID override sub-option contains the incoming interface IP address, which is the IP address on the relay agent that is accessible from the client. Using this information, the DHCP client sends all renew and release request packets to the relay agent. The relay agent adds all of the appropriate sub-options and then forwards the renew and release request packets to the original DHCP server. For this function, Cisco’s proprietary implementation is sub-option 152(0x98). You can use the ip dhcp relay sub-option type cisco command to manage the function.Opsi iki digunakake kanggo mesthekake yen klien ngirim panjalukan kanggo nganyari alamat sewa menyang alamat IP sing digunakake ing pilihan iki. (Ing Cisco VXLAN BGP, EVPN minangka alamat Anycast gateway standar klien.)
RFC#3527: Sub-opsi 5(0x5) - Pilihan Link
Sub-option 5(0x5) - Link Selection (Defined in RFC#3527.)
The link selection sub-option provides a mechanism to separate the subnet/link on which the DHCP client resides from the gateway address (giaddr), which can be used to communicate with the relay agent by the DHCP server. The relay agent will set the sub-option to the correct subscriber subnet and the DHCP server will use that value to assign an IP address rather than the giaddr value. The relay agent will set the giaddr to its own IP address so that DHCP messages are able to be forwarded over the network. For this function, Cisco’s proprietary implementation is sub-option 150(0x96). You can use the ip dhcp relay sub-option type ciscocommand to manage the function.Alamat jaringan saka ngendi klien mbutuhake alamat IP.
Evolusi dokumentasi Cisco babagan konfigurasi DHCP ing Microsoft Windows Server 2012
Aku kalebu bagean iki amarga ana tren positif ing bagean vendor:
Dokumentasi mung nuduhake carane ngatur DHCP Relay ing peralatan jaringan.
Artikel liyane digunakake kanggo ngatur DHCP ing Windows Server 2012:
Artikel iki nuduhake yen saben jaringan/VNI mbutuhake paket SuperScope dhewe lan alamat Loopback dhewe:
If multiple DHCP Scopes are required for multiple subnets, you need to create one LoopbackX per subnet/vlan on all LEAFS and create a superscope with a loopbackX range scope and actual client IP subnet scope per vlan.
Nambahake setelan Windows 2012 Server menyang dokumentasi kanggo nyetel peralatan jaringan. Kanggo kabeh blumbang alamat sing digunakake, siji SuperScope saben pusat data dibutuhake lan SuperScope iki minangka wates pusat data:
Create Superscope for all scopes you want to use for Option 82-based policies.
Note
The Superscope should combine all scopes and act as the administrative boundary.
Kabeh diterangake kanthi ringkes:
Let us assume the switch is using the address from subnet B (it can be the backbone subnet, management subnet, or any customer designated subnet for this purpose) to communicate with the Windows DHCP server. In DFA we have subnets S1, S2, S3, …, Sn for segment s1, s2, s3, …, sn.
To configure DHCP on Windows server.
1. Create a super scope. Within the super scope, create scope B, S1, S2, S3, …, Sn for the subnet B and the subnets for each segment.
2. In scope B, specify the 'Exclusion Range' to be the entire address range (so that the offered address range must not be from this scope).
3. For every segment scope Si, specify a policy that matches on Agent Circuit ID with value of '0108000600XXXXXX', where '0108000600' is a fixed value for all segments, the 6 numbers "XXXXXX" is the segment ID value in hexadecimal. Also ensure to check the Append wildcard(*) check box.
4. Set the policy address range to the entire range of the scope.
DHCP ing Microsoft Windows Server (superscope & policy)
Superscope is an administrative feature of a DHCP server that can be used to group multiple scopes as a single administrative entity. Superscope allows a DHCP server to provide leases from more than one scope to clients on a single physical network. Scopes added to a superscope are called member scopes.
Apa SuperScope - iku fungsi sing ngijini sampeyan kanggo gabungke sawetara pools alamat IP menyang siji unit administratif. Kanggo Panggenan kanggo pangguna ing jaringan fisik padha (ing VLAN padha) alamat IP saka sawetara pools. Yen panjalukan teka menyang blumbang alamat minangka bagéan saka SuperScope, banjur klien bisa diwenehi alamat saka Scope liyane kalebu ing SuperScope iki.
The DHCP Server role in Windows Server 2012 introduces a new feature that allows you to create IPv4 policies that specify custom IP address and option assignments for DHCP clients based on a set of conditions.
The policy based assignment (PBA) feature allows you to group DHCP clients by specific attributes based on fields contained in the DHCP client request packet. PBA enables targeted administration and greater control of the configuration parameters delivered to network devices with DHCP.
Kawicaksanan - ngidini sampeyan nemtokake alamat IP kanggo pangguna gumantung saka jinis pangguna utawa parameter. Insinyur Cisco nggunakake kawicaksanan ing Windows Server 2012 kanggo nyaring dening VNI (Virtual Network Identifier).
Bagéyan utama
Bagian iki ngemot asil riset, kenapa ora didhukung, cara kerjane (logika), apa sing anyar lan kepiye cara anyar iki bakal mbantu kita.
Napa Microsoft Windows Server 2000/2003/2008 ora didhukung?
Microsoft Windows Server 2008 lan versi sadurungé ora ngolah opsi 82 lan paket bali dikirim tanpa opsi 82.
- Panjaluk saka klien dikirim menyang Broadcast (DHCP Discover).
- Peralatan (Nexus) ngirim paket menyang server DHCP (DHCP Discover + Option 82).
- Server DHCP nampa paket kasebut, ngolah, ngirim maneh, nanging tanpa opsi 82. (Tawaran DHCP - tanpa opsi 82)
- Peralatan (Nexus) nampa paket saka server DHCP. (DHCP Offer) Nanging ora ngirim paket iki kanggo pangguna pungkasan.
Data Sniffer - ing Windows Server 2008 lan ing klien DHCPWindows Server 2008 nampa panjalukan saka peralatan jaringan. (Pilihan 82 ana ing dhaptar)
Windows Server 2008 ngirim respon menyang peralatan jaringan. (Opsi 82 ora kadhaptar minangka pilihan ing paket)
Panjaluk saka klien - DHCP Discover saiki lan Penawaran DHCP ora ana
Statistik peralatan jaringan:
NEXUS-9000V-SW-1# show ip dhcp relay statistics
----------------------------------------------------------------------
Message Type Rx Tx Drops
----------------------------------------------------------------------
Discover 8 8 0
Offer 8 8 0
Request(*) 0 0 0
Ack 0 0 0
Release(*) 0 0 0
Decline 0 0 0
Inform(*) 0 0 0
Nack 0 0 0
----------------------------------------------------------------------
Total 16 16 0
----------------------------------------------------------------------
DHCP L3 FWD:
Total Packets Received : 0
Total Packets Forwarded : 0
Total Packets Dropped : 0
Non DHCP:
Total Packets Received : 0
Total Packets Forwarded : 0
Total Packets Dropped : 0
DROP:
DHCP Relay not enabled : 0
Invalid DHCP message type : 0
Interface error : 0
Tx failure towards server : 0
Tx failure towards client : 0
Unknown output interface : 0
Unknown vrf or interface for server : 0
Max hops exceeded : 0
Option 82 validation failed : 0
Packet Malformed : 0
Relay Trusted port not configured : 0
DHCP Request dropped on MCT : 0
* - These counters will show correct value when switch
receives DHCP request packet with destination ip as broadcast
address. If request is unicast it will be HW switched
NEXUS-9000V-SW-1#
Napa konfigurasi angel banget ing Microsoft Windows Server 2012?
Microsoft Windows Server 2012 durung ndhukung RFC#3527 (Opsi 82 Sub-pilihan 5(0x5) - Pilihan Link)
Nanging fungsi Kebijakan wis dileksanakake.
Cara kerjane:
- Microsoft Windows Server 2012 wis blumbang super (SuperScope) kang alamat Loopback lan pools kanggo jaringan nyata.
- Pilihan saka blumbang kanggo nerbitake alamat IP tumiba menyang SuperScope, wiwit respon teka saka DHCP Relay karo alamat Loopback Source klebu ing SuperScope.
- Nggunakake Kabijakan, panjaluk kasebut milih saka Superscope ruang lingkup anggota sing VNI ana ing Opsi 82 Subopsi 1 ID Sirkuit Agen. ("0108000600" + 24 bit VNI + 24 bit sing nilaine ora dingerteni kanggo aku, nanging sniffer nuduhake nilai 0 ing lapangan iki.)
Kepiye persiyapan disederhanakake ing Microsoft Windows Server 2016/2019?
Microsoft Windows Server 2016 ngleksanakake fungsi RFC#3527. Yaiku, Windows Server 2016 bisa ngenali jaringan sing bener saka Opsi 82 Sub-pilihan 5(0x5) - atribut Pilihan Link
Telung pitakonan langsung muncul:
- Apa kita bisa nindakake tanpa Superscope?
- Apa kita bisa nindakake tanpa Kebijakan lan ngowahi VNI dadi heksadesimal?
- Apa kita bisa nindakake tanpa Cakupan kanggo alamat Sumber DHCP Loopback?
Q. Apa kita bisa nindakake tanpa Superscope?
A. Ya, ruang lingkup bisa digawe langsung ing area alamat IPv4.
Q. Apa kita bisa nindakake tanpa Kebijakan lan ngowahi VNI dadi heksadesimal?
A. Ya, pilihan jaringan adhedhasar Pilihan 82 Subopsi 0x5,
Q. Apa kita bisa nindakake tanpa Cakupan kanggo alamat Sumber DHCP Loopback?
A. Ora kita ora bisa. Amarga Microsoft Windows Server 2016/2019 nduweni pangayoman marang panjalukan DHCP sing ala. Tegese, kabeh panjalukan saka alamat sing ora ana ing blumbang server DHCP dianggep ala.
Note
All relay agent IP addresses (GIADDR) must be part of an active DHCP scope IP address range. Any GIADDR outside of the DHCP scope IP address ranges is considered a rogue relay and Windows DHCP Server will not acknowledge DHCP client requests from those relay agents.
A special scope can be created to "authorize" relay agents. Create a scope with the GIADDR (or multiple if the GIADDR's are sequential IP addresses), exclude the GIADDR address(es) from distribution, and then activate the scope. This will authorize the relay agents while preventing the GIADDR addresses from being assigned.Sing. Kanggo ngatur blumbang DHCP kanggo pabrik VXLAN BGP EVPN ing Microsoft Windows Server 2016/2019, sampeyan mung perlu:
- Nggawe blumbang kanggo alamat Source Relay.
- Nggawe blumbang kanggo jaringan klien
Apa sing ora perlu (nanging bisa dikonfigurasi lan bakal bisa digunakake lan ora bakal ngganggu karya):
- Nggawe Kebijakan
- Nggawe SuperScope
Conto:Conto nyetel server DHCP (ana 2 klien DHCP nyata - klien disambungake menyang kain VXLAN)
Conto nyetel blumbang pangguna:
Conto nyetel blumbang pangguna (kabijakan dipilih - kanggo mbuktekake manawa kabijakan ora digunakake kanggo operasi kolam sing bener):
Conto konfigurasi blumbang kanggo alamat Source DHCP Relay (rentang alamat kanggo penerbitan cocog karo pengecualian saka blumbang alamat):
Nggawe layanan DHCP ing Microsoft Windows Server 2019
Konfigurasi blumbang kanggo alamat Loopback (sumber) kanggo DHCP Relay.
Kita nggawe blumbang anyar (Scope) ing ruang IPv4.
Tuntunan nggawe blumbang. "Sabanjure >"
Ngatur jeneng blumbang lan gambaran saka blumbang.
Setel sawetara alamat IP kanggo Loopback lan topeng kanggo blumbang.
Nambahake pangecualian. Kisaran pangecualian kudu cocog karo kisaran blumbang.
Wektu rental. "Sabanjure >"
Pitakonan: Apa sampeyan bakal ngatur opsi DHCP saiki (DNS, WINS, Gateway, Domain) utawa sampeyan bakal nindakake mengko. Iku bakal luwih cepet kanggo njawab ora, lan banjur ngaktifake blumbang kanthi manual. Utawa pindhah menyang mburi tanpa ngisi informasi lan aktifake blumbang ing mburi tuntunan.
We konfirmasi sing opsi ora diatur lan blumbang ora diaktifake. "Rampung"
Kita ngaktifake blumbang kanthi manual. - Pilih Lingkup lan ing menu konteks - pilih "Aktifake".
Kita nggawe blumbang kanggo pangguna / server.
Kita nggawe blumbang anyar.
Tuntunan nggawe blumbang. "Sabanjure >"
Ngatur jeneng blumbang lan gambaran saka blumbang.
Setel sawetara alamat IP kanggo Loopback lan topeng kanggo blumbang.
Nambahake pangecualian. (Ora ana pangecualian sing dibutuhake kanthi standar) "Sabanjure>"
Wektu rental. "Sabanjure >"
Pitakonan: Apa sampeyan bakal ngatur opsi DHCP saiki (DNS, WINS, Gateway, Domain) utawa sampeyan bakal nindakake mengko. Ayo saiki diatur.
Konfigurasi alamat gateway standar.
Kita ngatur domain lan alamat server DNS.
Konfigurasi alamat IP server WINS.
Aktivasi lingkup.
Kolam renang wis diatur. "Rampung"
kesimpulan
Nggunakake Windows Server 2016/2019 nyuda kerumitan nyetel server DHCP kanggo kain VXLAN (utawa kain liyane). (Ora perlu nransfer pranala khusus menyang spesialis IT: ID Sirkuit Jaringan/Agen kanggo ndaftar saringan.)
Apa konfigurasi kanggo Windows Server 2012 bisa digunakake ing server 2016/2019 anyar - ya bakal bisa digunakake.
Dokumen iki ngemot referensi kanggo 2 versi: 7.X lan 9.3. Iki amarga kasunyatan sing versi 7.0 (3) I7 (7) release Cisco Suggested, lan versi 9.3 paling inovatif (malah ndhukung Multicast liwat VXLAN Multisite).
Dhaptar sumber
Source: www.habr.com