Ko te kaupapa o tenei tuhinga he whakangawari i te whirihoranga o te ratonga DHCP mo VXLAN BGP EVPN me te papanga DFA ma te whakamahi i te Microsoft Windows Server 2016/2019.
I roto i nga tuhinga whaimana, ko te ratonga DHCP i runga i te Microsoft Windows Server 2012 mo te papanga kua whirihorahia hei SuperScope kei roto he poka wai Loopback (ko te mea nui o tenei puna ko te whakakore i nga wahitau IP katoa o te puna kaukau mai i te puna (kaore he wahitau IP = poka wai)) me nga puna mo te tuku i nga wahitau IP mo nga whatunga tuuturu (koinei te mea nui - kua whirihorahia te kaupapa here - kei reira te DHCP Relay Circuit ID kua tātarihia me tenei DHCP Relay Circuit ID kei roto te VNI mo te whatunga, ara mo tetahi atu puna ko tenei DHCP Relay Ka paku rereke te ID Circuit).
To configure DHCP on Windows server.
1. Create a super scope. Within the super scope, create scope B, S1, S2, S3, …, Sn for the subnet B and the subnets for each segment.
2. In scope B, specify the 'Exclusion Range' to be the entire address range (so that the offered address range must not be from this scope).
3. For every segment scope Si, specify a policy that matches on Agent Circuit ID with value of '0108000600XXXXXX', where '0108000600' is a fixed value for all segments, the 6 numbers "XXXXXX" is the segment ID value in hexadecimal. Also ensure to check the Append wildcard(*) check box.
4. Set the policy address range to the entire range of the scope.Kei roto i tenei tuhinga nga whakautu ki nga patai e whai ake nei:
Tuhinga
-
- ( & )
-
-
Whakataki
Ko tenei waahanga he rarangi poto katoa nga raraunga tuatahi: Nga tohutohu mo te whirihora i nga taputapu whatunga, nga RFC e whakamahia ana i roto i nga paatete DHCP i roto i nga wheketere eVPN, ko te whanaketanga o nga tautuhinga tūmau DHCP i runga i te Microsoft Windows Server 2012 i roto i nga tuhinga Cisco e whakaratohia ana hei tohutoro. Me nga korero poto mo te Superscope me te Kaupapahere i roto i te ratonga DHCP i runga i nga Microsoft Windows Servers.
Me pehea te whirihora DHCP Relay i runga i te VXLAN BGP EVPN, papanga DFA
Ko te whirihora i te Relay DHCP i runga i te papanga VXLAN BGP EVPN ehara i te kaupapa matua o tenei tuhinga, na te mea he maamaa noa. Ka whakaratohia e ahau nga hononga ki nga tuhinga me te kaipahua mo nga tautuhinga i runga i nga taputapu whatunga.
He tauira mo te whakarite Relay DHCP ki runga Nexus 9000V v9.2(3)
service dhcp
ip dhcp relay
ip dhcp relay information option
ip dhcp relay information option vpn
interface loopback10
vrf member VRF1
ip address 10.120.0.1/32 tag 1234567
interface Vlan12
no shutdown
vrf member VRF1
no ip redirects
ip address 10.120.251.1/24 tag 1234567
no ipv6 redirects
fabric forwarding mode anycast-gateway
ip dhcp relay address 10.0.0.5
ip dhcp relay source-interface loopback10
Ko nga RFC e whakatinanahia ana i roto i te mahi o te ratonga DHCP Relay i roto i nga papanga VXLAN BGP EVPN
RFC#6607: Kōwhiringa-iti 151(0x97) - Tīpakonga Ipurangiroto Mariko
• Sub-option 151(0x97) - Virtual Subnet Selection (Defined in RFC#6607)
Used to convey VRF related information to the DHCP server in an MPLS-VPN and VXLAN EVPN multi-tenant environment.Ko te "ingoa" o te VRF kei reira te kaihoko ka tukuna.
RFC#5107: Kōwhiringa-iti 11(0xb) - Whakakore ID Tūmau
• Sub-option 11(0xb) - Server ID Override (Defined in RFC#5107.)
The server identifier (server ID) override sub-option allows the DHCP relay agent to specify a new value for the server ID option, which is inserted by the DHCP server in the reply packet. This sub-option allows the DHCP relay agent to act as the actual DHCP server such that the renew requests will come to the relay agent rather than the DHCP server directly. The server ID override sub-option contains the incoming interface IP address, which is the IP address on the relay agent that is accessible from the client. Using this information, the DHCP client sends all renew and release request packets to the relay agent. The relay agent adds all of the appropriate sub-options and then forwards the renew and release request packets to the original DHCP server. For this function, Cisco’s proprietary implementation is sub-option 152(0x98). You can use the ip dhcp relay sub-option type cisco command to manage the function.Ka whakamahia te kōwhiringa ki te whakarite kia tukuna e te kiritaki he tono ki te whakahou i te rīhi wāhitau ki te wāhitau IP e whakamahia ana i tenei kōwhiringa. (I runga i te Cisco VXLAN BGP, ko EVPN te kuaha taunoa a te kiritaki Anycast wāhitau.)
RFC#3527: Kōwhiringa-iti 5(0x5) - Tīpakonga Hononga
Sub-option 5(0x5) - Link Selection (Defined in RFC#3527.)
The link selection sub-option provides a mechanism to separate the subnet/link on which the DHCP client resides from the gateway address (giaddr), which can be used to communicate with the relay agent by the DHCP server. The relay agent will set the sub-option to the correct subscriber subnet and the DHCP server will use that value to assign an IP address rather than the giaddr value. The relay agent will set the giaddr to its own IP address so that DHCP messages are able to be forwarded over the network. For this function, Cisco’s proprietary implementation is sub-option 150(0x96). You can use the ip dhcp relay sub-option type ciscocommand to manage the function.Wāhitau o te whatunga e hiahia ana te kiritaki ki tetahi wahitau IP.
Te whanaketanga o nga tuhinga Cisco mo te whirihora i te DHCP i runga i te Microsoft Windows Server 2012
I whakauruhia e ahau tenei waahanga na te mea he pai te ahua o te kaihoko:
Ko nga tuhinga anake e whakaatu ana me pehea te whirihora i te Relay DHCP ki nga taputapu whatunga.
I whakamahia tetahi atu tuhinga ki te whirihora i te DHCP ki te Windows Server 2012:
Ko tenei tuhinga e tohu ana ko ia whatunga/VNI e hiahia ana ki tana ake paihere SuperScope me ona ake huinga wahitau Loopback:
If multiple DHCP Scopes are required for multiple subnets, you need to create one LoopbackX per subnet/vlan on all LEAFS and create a superscope with a loopbackX range scope and actual client IP subnet scope per vlan.
Kua taapirihia nga tautuhinga Tūmau Windows 2012 ki te tuhinga mo te whakarite taputapu whatunga. Mo nga puna korero katoa e whakamahia ana, kotahi te SuperScope mo ia pokapū raraunga me tenei SuperScope te rohe o te pokapū raraunga:
Create Superscope for all scopes you want to use for Option 82-based policies.
Note
The Superscope should combine all scopes and act as the administrative boundary.
Ko nga mea katoa ka tino whakamaramatia:
Let us assume the switch is using the address from subnet B (it can be the backbone subnet, management subnet, or any customer designated subnet for this purpose) to communicate with the Windows DHCP server. In DFA we have subnets S1, S2, S3, …, Sn for segment s1, s2, s3, …, sn.
To configure DHCP on Windows server.
1. Create a super scope. Within the super scope, create scope B, S1, S2, S3, …, Sn for the subnet B and the subnets for each segment.
2. In scope B, specify the 'Exclusion Range' to be the entire address range (so that the offered address range must not be from this scope).
3. For every segment scope Si, specify a policy that matches on Agent Circuit ID with value of '0108000600XXXXXX', where '0108000600' is a fixed value for all segments, the 6 numbers "XXXXXX" is the segment ID value in hexadecimal. Also ensure to check the Append wildcard(*) check box.
4. Set the policy address range to the entire range of the scope.
DHCP i Microsoft Windows Server (superscope me te kaupapa here)
Superscope is an administrative feature of a DHCP server that can be used to group multiple scopes as a single administrative entity. Superscope allows a DHCP server to provide leases from more than one scope to clients on a single physical network. Scopes added to a superscope are called member scopes.
He aha te SuperScope - he mahinga ka taea e koe te whakakotahi i nga puna maha o nga wahitau IP ki roto i te waahanga whakahaere kotahi. Hei panui ki nga kaiwhakamahi i runga i te whatunga tinana kotahi (i roto i te VLAN kotahi) nga wahitau IP mai i nga puna wai maha. Mēnā i tae mai te tono ki tētahi puna wāhi noho hei wāhanga o te SuperScope, ka taea te hoatu ki te kiritaki he wāhitau mai i tetahi atu Scope kei roto i tenei SuperScope.
The DHCP Server role in Windows Server 2012 introduces a new feature that allows you to create IPv4 policies that specify custom IP address and option assignments for DHCP clients based on a set of conditions.
The policy based assignment (PBA) feature allows you to group DHCP clients by specific attributes based on fields contained in the DHCP client request packet. PBA enables targeted administration and greater control of the configuration parameters delivered to network devices with DHCP.
Kaupapa here – ka taea e koe te tautapa i nga wahitau IP ki nga kaiwhakamahi i runga i te momo kaiwhakamahi, tawhā ranei. Ka whakamahia e nga miihini Cisco nga kaupapa here i roto i te Windows Server 2012 hei tātari ma te VNI (Tautuutu Whatunga Mariko).
Ko te waahanga matua
Kei roto i tenei wahanga nga hua o te rangahau, he aha i kore ai e tautokona, he pehea te mahi (arorau), he aha nga mea hou me pehea te awhina o tenei mea hou i a tatou.
He aha te Microsoft Windows Server 2000/2003/2008 kaore i te tautokona?
Ko te Microsoft Windows Server 2008 me nga putanga o mua kaore e tukatuka i te whiringa 82 ka tukuna te kete whakahoki kaore he whiringa 82.
- Ka tukuna te tono mai i te kiritaki ki te Broadcast (DHCP Discover).
- Ka tukuna e te taputapu (Nexus) te putea ki te tūmau DHCP (DHCP Discover + Option 82).
- Ka whiwhi te DHCP Server i te kete, ka tukatuka, ka whakahokia, engari kaore he whiringa 82. (DHCP Offer – without option 82)
- Ka whiwhi te taputapu (Nexus) i tetahi kete mai i te tūmau DHCP. (DHCP Offer) Engari karekau e tuku i tenei kete ki te kaiwhakamahi mutunga.
Raraunga hongi - i runga i te Windows Server 2008 me te kiritaki DHCPKa whiwhi tono a Windows Server 2008 mai i nga taputapu whatunga. (Kei te rarangi 82)
Ka tukuna e Windows Server 2008 te whakautu ki nga taputapu whatunga. (Kāore te kōwhiringa 82 i te rārangi hei kōwhiringa i roto i te mōkihi)
Tono mai i te kiritaki - Kei te noho a DHCP Discover, kei te ngaro te tuku DHCP
Nga tatauranga mo nga taputapu whatunga:
NEXUS-9000V-SW-1# show ip dhcp relay statistics
----------------------------------------------------------------------
Message Type Rx Tx Drops
----------------------------------------------------------------------
Discover 8 8 0
Offer 8 8 0
Request(*) 0 0 0
Ack 0 0 0
Release(*) 0 0 0
Decline 0 0 0
Inform(*) 0 0 0
Nack 0 0 0
----------------------------------------------------------------------
Total 16 16 0
----------------------------------------------------------------------
DHCP L3 FWD:
Total Packets Received : 0
Total Packets Forwarded : 0
Total Packets Dropped : 0
Non DHCP:
Total Packets Received : 0
Total Packets Forwarded : 0
Total Packets Dropped : 0
DROP:
DHCP Relay not enabled : 0
Invalid DHCP message type : 0
Interface error : 0
Tx failure towards server : 0
Tx failure towards client : 0
Unknown output interface : 0
Unknown vrf or interface for server : 0
Max hops exceeded : 0
Option 82 validation failed : 0
Packet Malformed : 0
Relay Trusted port not configured : 0
DHCP Request dropped on MCT : 0
* - These counters will show correct value when switch
receives DHCP request packet with destination ip as broadcast
address. If request is unicast it will be HW switched
NEXUS-9000V-SW-1#
He aha i tino uaua ai te whirihoranga i roto i te Microsoft Windows Server 2012?
Kāore anō a Microsoft Windows Server 2012 i te tautoko i te RFC#3527 (Kōwhiringa 82 Kōwhiringa-iti 5(0x5) - Tīpakonga Hononga)
Engari kua whakatinanahia te mahinga Kaupapahere.
Pehea e mahi ana:
- He puna nui a Microsoft Windows Server 2012 (SuperScope) kei a ia nga wahitau Loopback me nga puna mo nga whatunga tuuturu.
- Ko te kowhiringa o te puna wai mo te tuku i tetahi wahitau IP ka taka ki SuperScope, na te mea i puta mai te whakautu mai i te DHCP Relay me te wahitau Loopback Source kei roto i te SuperScope.
- Ma te whakamahi i te Kaupapahere, ka tohua e te tono mai i te Superscope te waahanga mema kei roto te VNI kei roto i te Kōwhiringa 82 Waahanga 1 Agent Circuit ID. (“0108000600”+ 24 paraka VNI + 24 paraka kaore au i te mohio, engari ko te hongi e whakaatu ana i nga uara o te 0 i tenei mara.)
Me pehea te whakangawari o te tatūnga i roto i te Microsoft Windows Server 2016/2019?
Ka whakatinanahia e Microsoft Windows Server 2016 te mahi RFC#3527. Arā, ka taea e Windows Server 2016 te mohio ki te whatunga tika mai i te Kōwhiringa 82 Kōwhiringa-iti 5(0x5) - Hunga Tohunga Hononga
E toru nga patai ka ara ake:
- Ka taea e taatau kaore he Superscope?
- Ka taea e taatau ki te kore Kaupapahere me te huri i te VNI ki te ahua hautekauono?
- Ka taea e taatau te mahi me te kore he Scope for Loopback DHCP Source address?
Q. Ka taea e taatau kaore he Superscope?
A. Ae, ka taea te hanga i nga waahi i te waahi o nga wahitau IPv4.
Q. Ka taea e taatau ki te kore Kaupapahere me te huri i te VNI ki te ahua hautekauono?
A. Ae, ko te kowhiringa whatunga kei runga i te Kōwhiringa 82 Suboption 0x5,
Q. Ka taea e taatau te mahi me te kore he Scope for Loopback DHCP Source address?
A. Kaore e taea e tatou. Na te mea he whakamarumaru a Microsoft Windows Server 2016/2019 ki nga tono DHCP kino. Arā, ko nga tono katoa mai i nga wahitau kaore i roto i te puna DHCP tūmau ka kiia he kino.
Note
All relay agent IP addresses (GIADDR) must be part of an active DHCP scope IP address range. Any GIADDR outside of the DHCP scope IP address ranges is considered a rogue relay and Windows DHCP Server will not acknowledge DHCP client requests from those relay agents.
A special scope can be created to "authorize" relay agents. Create a scope with the GIADDR (or multiple if the GIADDR's are sequential IP addresses), exclude the GIADDR address(es) from distribution, and then activate the scope. This will authorize the relay agents while preventing the GIADDR addresses from being assigned.Ko era. Hei whirihora i te puna DHCP mo te wheketere VXLAN BGP EVPN i runga i te Microsoft Windows Server 2016/2019, me:
- Waihangahia he puna mo nga wahitau Relay Puna.
- Waihangahia he puna mo nga whatunga kiritaki
He aha te mea kaore e tika ana (engari ka taea te whirihora ka mahi ka kore e pokanoa ki te mahi):
- Waihanga Kaupapahere
- Waihanga SuperScope
Hei tauira:He tauira mo te whakatu i tetahi tūmau DHCP (e rua nga kaihoko DHCP tuuturu - kua hono nga kaihoko ki te papanga VXLAN)
He tauira mo te whakarite i te puna wai kaiwhakamahi:
He tauira mo te whakatu i tetahi puna wai kaiwhakamahi (kua tohua nga kaupapa here - hei tohu kaore i whakamahia nga kaupapa here mo te whakahaere tika o te puna):
He tauira mo te whirihora i tetahi puna mo nga wahitau Relay DHCP Relay (te awhe o nga wahitau mo te tukunga e tino rite ana ki te whakakore i te puna wahitau):
Te whakarite ratonga DHCP i runga i te Microsoft Windows Server 2019
Te whirihora i te puna mo nga wahitau Loopback (puna) mo te Relay DHCP.
Ka hangaia e matou he puna hou (Scope) i te waahi IPv4.
Ruānuku waihanga puna. "Whai muri >"
Whirihorahia te ingoa puna me te whakaahuatanga o te puna.
Tautuhia te awhe o nga wahitau IP mo Loopback me te kanohi mo te puna.
Te taapiri rereke. Me tino rite te awhe whakakore ki te awhe poka wai.
Te wa reti. "Whai muri >"
Uiui: Ka whirihorahia e koe nga whiringa DHCP inaianei (DNS, WINS, Gateway, Domain) ka mahia ranei e koe i muri mai. He tere ake te whakautu kaore, katahi ka whakahohe i te puna wai. Ka haere ranei ki te mutunga me te kore e whakakii i nga korero ka whakahohehia te puna wai i te mutunga o te ruānuku.
Ka whakapumautia e matou kaore i te whirihorahia nga whiringa karekau ano te puna kaukau. "Whakaoti"
Ka whakahohehia e maatau te poka wai. — Select Scope and in the context menu — select “Whakahohe”.
Ka hangaia e matou he puna mo nga kaiwhakamahi / tūmau.
Ka hangaia e matou he puna hou.
Ruānuku waihanga puna. "Whai muri >"
Whirihorahia te ingoa puna me te whakaahuatanga o te puna.
Tautuhia te awhe o nga wahitau IP mo Loopback me te kanohi mo te puna.
Te taapiri rereke. (Karekau he rereke e hiahiatia ana ma te taunoa) "Next >"
Te wa reti. "Whai muri >"
Uiui: Ka whirihorahia e koe nga whiringa DHCP inaianei (DNS, WINS, Gateway, Domain) ka mahia ranei e koe i muri mai. Me whakarite inaianei.
Whirihorahia te wahitau kuaha taunoa.
Ka whirihorahia e matou te rohe me nga wahitau tūmau DNS.
Te whirihora i nga wahitau IP o nga tūmau WINS.
Whakahohenga whanui.
Kua whirihorahia te puna. "Whakaoti"
mutunga
Ma te whakamahi i te Windows Server 2016/2019 ka whakaiti i te uaua o te whakatuu i tetahi tūmau DHCP mo te papanga VXLAN (tetahi atu papanga ranei). (Kaore e tika te whakawhiti hononga motuhake ki nga tohunga IT: Whatunga/Agent Circuit ID hei rehita whiriwhiringa.)
Ka mahi te whirihoranga mo Windows Server 2012 i runga i nga tuumau 2016/2019 hou - ae ka pai.
Kei roto i tenei tuhinga nga tohutoro mo nga putanga e 2: 7.X me 9.3. Ko tenei na te mea ko te putanga 7.0(3)I7(7) he putanga Cisco Suggested, a ko te putanga 9.3 te mea tino hou (tae noa ki te tautoko i te Multicast ma te VXLAN Multisite).
Te rarangi o nga puna
Source: will.com