Madhumuni ya makala haya ni kurahisisha usanidi wa huduma ya DHCP kwa VXLAN BGP EVPN na kitambaa cha DFA kwa kutumia Microsoft Windows Server 2016/2019.
Katika hati rasmi, huduma ya DHCP kulingana na Microsoft Windows Server 2012 ya kitambaa imesanidiwa kama SuperScope iliyo na bwawa la Loopback (angazio kuu la dimbwi hili ni kutengwa kwa anwani zote za IP za bwawa kwenye bwawa (anwani ya IP isiyojumuishwa = pool)) na mabwawa ya kutoa anwani za IP za mitandao halisi (hapa ndio kielelezo - sera imesanidiwa - ambapo Kitambulisho cha Mzunguko wa Upeanaji wa DHCP huchujwa na Kitambulisho hiki cha Mzunguko wa upeanaji wa DHCP kina VNI ya mtandao, i.e. kwa dimbwi lingine Relay hii ya DHCP Kitambulisho cha mzunguko kitakuwa tofauti kidogo).
To configure DHCP on Windows server.
1. Create a super scope. Within the super scope, create scope B, S1, S2, S3, …, Sn for the subnet B and the subnets for each segment.
2. In scope B, specify the 'Exclusion Range' to be the entire address range (so that the offered address range must not be from this scope).
3. For every segment scope Si, specify a policy that matches on Agent Circuit ID with value of '0108000600XXXXXX', where '0108000600' is a fixed value for all segments, the 6 numbers "XXXXXX" is the segment ID value in hexadecimal. Also ensure to check the Append wildcard(*) check box.
4. Set the policy address range to the entire range of the scope.Nakala hii ina majibu ya maswali yafuatayo:
yaliyomo
-
- ( & )
-
-
Utangulizi
Sehemu hii inaorodhesha kwa ufupi data zote za awali: Maagizo ya kusanidi vifaa vya mtandao, RFC zinazotumiwa katika pakiti za DHCP katika viwanda vya eVPN, mabadiliko ya mipangilio ya seva ya DHCP kwenye Microsoft Windows Server 2012 katika nyaraka za Cisco imetolewa kwa ajili ya kumbukumbu. Pamoja na maelezo mafupi kuhusu Superscope na Sera katika huduma ya DHCP kwenye Seva za Microsoft Windows.
Jinsi ya kusanidi Relay ya DHCP kwenye VXLAN BGP EVPN, kitambaa cha DFA
Kusanidi Relay ya DHCP kwenye kitambaa cha VXLAN BGP EVPN sio mada kuu ya nakala hii, kwani ni rahisi sana. Ninatoa viungo kwa nyaraka na mharibifu kwenye mipangilio kwenye vifaa vya mtandao.
Mfano wa kusanidi DHCP Relay kwenye Nexus 9000V v9.2(3)
service dhcp
ip dhcp relay
ip dhcp relay information option
ip dhcp relay information option vpn
interface loopback10
vrf member VRF1
ip address 10.120.0.1/32 tag 1234567
interface Vlan12
no shutdown
vrf member VRF1
no ip redirects
ip address 10.120.251.1/24 tag 1234567
no ipv6 redirects
fabric forwarding mode anycast-gateway
ip dhcp relay address 10.0.0.5
ip dhcp relay source-interface loopback10
RFC ambazo zinatekelezwa katika uendeshaji wa huduma ya DHCP Relay katika vitambaa vya VXLAN BGP EVPN
RFC#6607: Chaguo-ndogo 151(0x97) - Uteuzi Pekee wa Subnet
• Sub-option 151(0x97) - Virtual Subnet Selection (Defined in RFC#6607)
Used to convey VRF related information to the DHCP server in an MPLS-VPN and VXLAN EVPN multi-tenant environment."Jina" la VRF ambayo mteja iko hupitishwa.
RFC#5107: Chaguo-ndogo 11(0xb) - Kubatilisha Kitambulisho cha Seva
• Sub-option 11(0xb) - Server ID Override (Defined in RFC#5107.)
The server identifier (server ID) override sub-option allows the DHCP relay agent to specify a new value for the server ID option, which is inserted by the DHCP server in the reply packet. This sub-option allows the DHCP relay agent to act as the actual DHCP server such that the renew requests will come to the relay agent rather than the DHCP server directly. The server ID override sub-option contains the incoming interface IP address, which is the IP address on the relay agent that is accessible from the client. Using this information, the DHCP client sends all renew and release request packets to the relay agent. The relay agent adds all of the appropriate sub-options and then forwards the renew and release request packets to the original DHCP server. For this function, Cisco’s proprietary implementation is sub-option 152(0x98). You can use the ip dhcp relay sub-option type cisco command to manage the function.Chaguo hutumika kuhakikisha kuwa mteja anatuma ombi la kusasisha ukodishaji wa anwani kwa anwani ya IP iliyotumiwa katika chaguo hili. (Kwenye Cisco VXLAN BGP, EVPN ndiyo lango chaguo-msingi la mteja lango la Anycast.)
RFC#3527: Chaguo-ndogo 5(0x5) - Uteuzi wa Kiungo
Sub-option 5(0x5) - Link Selection (Defined in RFC#3527.)
The link selection sub-option provides a mechanism to separate the subnet/link on which the DHCP client resides from the gateway address (giaddr), which can be used to communicate with the relay agent by the DHCP server. The relay agent will set the sub-option to the correct subscriber subnet and the DHCP server will use that value to assign an IP address rather than the giaddr value. The relay agent will set the giaddr to its own IP address so that DHCP messages are able to be forwarded over the network. For this function, Cisco’s proprietary implementation is sub-option 150(0x96). You can use the ip dhcp relay sub-option type ciscocommand to manage the function.Anwani ya mtandao ambayo mteja anahitaji anwani ya IP.
Mageuzi ya hati za Cisco kuhusu kusanidi DHCP kwenye Microsoft Windows Server 2012
Nilijumuisha sehemu hii kwa sababu kuna mwelekeo mzuri kwa upande wa muuzaji:
Nyaraka zinaonyesha tu jinsi ya kusanidi DHCP Relay kwenye vifaa vya mtandao.
Nakala nyingine ilitumiwa kusanidi DHCP kwenye Windows Server 2012:
Nakala hii inaonyesha kuwa kila mtandao/VNI inahitaji kifurushi chake cha SuperScope na seti yake ya anwani za Loopback:
If multiple DHCP Scopes are required for multiple subnets, you need to create one LoopbackX per subnet/vlan on all LEAFS and create a superscope with a loopbackX range scope and actual client IP subnet scope per vlan.
Imeongeza mipangilio ya Seva ya Windows 2012 kwenye nyaraka za kusanidi vifaa vya mtandao. Kwa mabwawa yote ya anwani yanayotumika, SuperScope moja kwa kila kituo cha data inahitajika na SuperScope hii ndio mpaka wa kituo cha data:
Create Superscope for all scopes you want to use for Option 82-based policies.
Note
The Superscope should combine all scopes and act as the administrative boundary.
Kila kitu kinaelezewa kwa ufupi sana:
Let us assume the switch is using the address from subnet B (it can be the backbone subnet, management subnet, or any customer designated subnet for this purpose) to communicate with the Windows DHCP server. In DFA we have subnets S1, S2, S3, …, Sn for segment s1, s2, s3, …, sn.
To configure DHCP on Windows server.
1. Create a super scope. Within the super scope, create scope B, S1, S2, S3, …, Sn for the subnet B and the subnets for each segment.
2. In scope B, specify the 'Exclusion Range' to be the entire address range (so that the offered address range must not be from this scope).
3. For every segment scope Si, specify a policy that matches on Agent Circuit ID with value of '0108000600XXXXXX', where '0108000600' is a fixed value for all segments, the 6 numbers "XXXXXX" is the segment ID value in hexadecimal. Also ensure to check the Append wildcard(*) check box.
4. Set the policy address range to the entire range of the scope.
DHCP katika Seva ya Microsoft Windows (superscope & sera)
Superscope is an administrative feature of a DHCP server that can be used to group multiple scopes as a single administrative entity. Superscope allows a DHCP server to provide leases from more than one scope to clients on a single physical network. Scopes added to a superscope are called member scopes.
SuperScope ni nini - ni utendaji unaokuwezesha kuchanganya mabwawa kadhaa ya anwani za IP kwenye kitengo kimoja cha utawala. Ili kutangaza kwa watumiaji kwenye mtandao huo wa kimwili (katika VLAN sawa) anwani za IP kutoka kwa madimbwi kadhaa. Ikiwa ombi lilikuja kwenye kundi la anwani kama sehemu ya SuperScope, basi mteja anaweza kupewa anwani kutoka kwa Wigo mwingine uliojumuishwa katika SuperScope hii.
The DHCP Server role in Windows Server 2012 introduces a new feature that allows you to create IPv4 policies that specify custom IP address and option assignments for DHCP clients based on a set of conditions.
The policy based assignment (PBA) feature allows you to group DHCP clients by specific attributes based on fields contained in the DHCP client request packet. PBA enables targeted administration and greater control of the configuration parameters delivered to network devices with DHCP.
Sera - inakuwezesha kugawa anwani za IP kwa watumiaji kulingana na aina ya mtumiaji au parameter. Wahandisi wa Cisco hutumia sera katika Windows Server 2012 kuchuja kwa VNI (Kitambulisho cha Mtandao cha Virtual).
Mwili kuu
Sehemu hii ina matokeo ya utafiti, kwa nini hauungwi mkono, jinsi unavyofanya kazi (mantiki), ni nini kipya na jinsi hii mpya itatusaidia.
Kwa nini Microsoft Windows Server 2000/2003/2008 haitumiki?
Microsoft Windows Server 2008 na matoleo ya awali hayachakati chaguo 82 na pakiti ya kurejesha inatumwa bila chaguo 82.
- Ombi kutoka kwa mteja linatumwa kwa Broadcast (DHCP Discover).
- Kifaa (Nexus) hutuma pakiti kwa seva ya DHCP (DHCP Discover + Chaguo 82).
- Seva ya DHCP hupokea pakiti, kuichakata, kuirejesha, lakini bila chaguo la 82. (Ofa ya DHCP - bila chaguo 82)
- Kifaa (Nexus) hupokea pakiti kutoka kwa seva ya DHCP. (Ofa ya DHCP) Lakini haitumi pakiti hii kwa mtumiaji wa mwisho.
Data ya kunusa - kwenye Windows Server 2008 na kwenye kiteja cha DHCPWindows Server 2008 inapokea ombi kutoka kwa vifaa vya mtandao. (Chaguo la 82 lipo kwenye orodha)
Windows Server 2008 hutuma majibu kwa vifaa vya mtandao. (Chaguo la 82 halijaorodheshwa kama chaguo kwenye kifurushi)
Ombi kutoka kwa mteja - DHCP Discover ipo na Ofa ya DHCP haipo
Takwimu za vifaa vya mtandao:
NEXUS-9000V-SW-1# show ip dhcp relay statistics
----------------------------------------------------------------------
Message Type Rx Tx Drops
----------------------------------------------------------------------
Discover 8 8 0
Offer 8 8 0
Request(*) 0 0 0
Ack 0 0 0
Release(*) 0 0 0
Decline 0 0 0
Inform(*) 0 0 0
Nack 0 0 0
----------------------------------------------------------------------
Total 16 16 0
----------------------------------------------------------------------
DHCP L3 FWD:
Total Packets Received : 0
Total Packets Forwarded : 0
Total Packets Dropped : 0
Non DHCP:
Total Packets Received : 0
Total Packets Forwarded : 0
Total Packets Dropped : 0
DROP:
DHCP Relay not enabled : 0
Invalid DHCP message type : 0
Interface error : 0
Tx failure towards server : 0
Tx failure towards client : 0
Unknown output interface : 0
Unknown vrf or interface for server : 0
Max hops exceeded : 0
Option 82 validation failed : 0
Packet Malformed : 0
Relay Trusted port not configured : 0
DHCP Request dropped on MCT : 0
* - These counters will show correct value when switch
receives DHCP request packet with destination ip as broadcast
address. If request is unicast it will be HW switched
NEXUS-9000V-SW-1#
Kwa nini usanidi ni mgumu sana katika Microsoft Windows Server 2012?
Microsoft Windows Server 2012 bado haitumii RFC#3527 (Chaguo 82 Ndogo-Chaguo 5(0x5) - Uteuzi wa Kiungo)
Lakini utendakazi wa Sera tayari umetekelezwa.
Jinsi inavyofanya kazi:
- Microsoft Windows Server 2012 ina bwawa bora (SuperScope) ambalo lina anwani za Loopback na madimbwi kwa mitandao halisi.
- Uteuzi wa bwawa la kutoa anwani ya IP unapatikana katika SuperScope, kwa kuwa jibu lilitoka kwa DHCP Relay na anwani ya Chanzo ya Loopback ikiwa ni pamoja na SuperScope.
- Kwa kutumia Sera, ombi huchagua kutoka kwa Superscope upeo wa mshiriki ambaye VNI yake iko katika Kitambulisho cha Mzunguko cha Wakala wa Chaguo 82 Chaguo 1. (“0108000600”+ biti 24 VNI + biti 24 ambazo thamani zake hazijulikani kwangu, lakini mnusaji anaonyesha maadili ya 0 katika uwanja huu.)
Usanidi umerahisishwaje katika Microsoft Windows Server 2016/2019?
Microsoft Windows Server 2016 hutumia utendaji wa RFC#3527. Hiyo ni, Windows Server 2016 inaweza kutambua mtandao sahihi kutoka kwa Chaguo 82 Sub-Chaguo 5(0x5) - Sifa ya Uteuzi wa Kiungo.
Maswali matatu huibuka mara moja:
- Je, tunaweza kufanya bila Superscope?
- Je! tunaweza kufanya bila Sera na kubadilisha VNI kuwa fomu ya hexadecimal?
- Je, tunaweza kufanya bila Wigo wa anwani za Chanzo cha Loopback DHCP?
Q. Je, tunaweza kufanya bila Superscope?
A. Ndio, wigo unaweza kuunda mara moja katika eneo la anwani za IPv4.
Q. Je! tunaweza kufanya bila Sera na kubadilisha VNI kuwa fomu ya hexadecimal?
A. Ndiyo, uteuzi wa mtandao unategemea Chaguo 82 Suboption 0x5,
Q. Je, tunaweza kufanya bila Wigo wa anwani za Chanzo cha Loopback DHCP?
A. Hapana hatuwezi. Kwa sababu Microsoft Windows Server 2016/2019 ina ulinzi dhidi ya maombi hasidi ya DHCP. Hiyo ni, maombi yote kutoka kwa anwani ambazo haziko kwenye seva ya DHCP huchukuliwa kuwa hasidi.
Note
All relay agent IP addresses (GIADDR) must be part of an active DHCP scope IP address range. Any GIADDR outside of the DHCP scope IP address ranges is considered a rogue relay and Windows DHCP Server will not acknowledge DHCP client requests from those relay agents.
A special scope can be created to "authorize" relay agents. Create a scope with the GIADDR (or multiple if the GIADDR's are sequential IP addresses), exclude the GIADDR address(es) from distribution, and then activate the scope. This will authorize the relay agents while preventing the GIADDR addresses from being assigned.Wale. Ili kusanidi bwawa la DHCP kwa kiwanda cha VXLAN BGP EVPN kwenye Microsoft Windows Server 2016/2019, unahitaji tu:
- Unda bwawa la anwani za Chanzo Relay.
- Unda bwawa la mitandao ya mteja
Nini sio lazima (lakini inaweza kusanidiwa na itafanya kazi na haitaingilia kazi):
- Unda Sera
- Unda SuperScope
MfanoMfano wa kusanidi seva ya DHCP (kuna wateja 2 halisi wa DHCP - wateja wameunganishwa kwenye kitambaa cha VXLAN)
Mfano wa kuanzisha hifadhi ya watumiaji:
Mfano wa kusanidi kundi la watumiaji (sera zimechaguliwa - ili kudhibitisha kuwa sera hazikutumika kwa utendakazi sahihi wa bwawa):
Mfano wa kusanidi kidimbwi cha anwani za Chanzo cha DHCP Relay (anuwai za anwani za utoaji zinalingana kikamilifu na kutengwa kutoka kwa dimbwi la anwani):
Kuanzisha huduma ya DHCP kwenye Microsoft Windows Server 2019
Inasanidi bwawa la anwani za Loopback (chanzo) za Relay ya DHCP.
Tunaunda bwawa jipya (Upeo) katika nafasi ya IPv4.
Mchawi wa kuunda bwawa. "Inayofuata>"
Sanidi jina la bwawa na maelezo ya bwawa.
Weka anuwai ya anwani za IP za Loopback na kinyago cha bwawa.
Kuongeza vighairi. Masafa ya kutengwa lazima yalingane kabisa na masafa ya bwawa.
Muda wa kukodisha. "Inayofuata>"
Hoja: Je, utasanidi chaguo za DHCP sasa (DNS, WINS, Gateway, Domain) au utafanya hivyo baadaye. Itakuwa haraka kujibu hapana, na kisha kuamsha dimbwi kwa mikono. Au nenda hadi mwisho bila kujaza habari yoyote na uwashe bwawa mwishoni mwa mchawi.
Tunathibitisha kuwa chaguo hazijasanidiwa na bwawa la kuogelea halijawezeshwa. "Maliza"
Tunawasha bwawa kwa mikono. — Chagua Upeo na kwenye menyu ya muktadha — chagua “Amilisha”.
Tunaunda bwawa kwa watumiaji/seva.
Tunaunda bwawa mpya.
Mchawi wa kuunda bwawa. "Inayofuata>"
Sanidi jina la bwawa na maelezo ya bwawa.
Weka anuwai ya anwani za IP za Loopback na kinyago cha bwawa.
Kuongeza vighairi. (Hakuna vighairi vinavyohitajika kwa chaguo-msingi) "Inayofuata >"
Muda wa kukodisha. "Inayofuata>"
Hoja: Je, utasanidi chaguo za DHCP sasa (DNS, WINS, Gateway, Domain) au utafanya hivyo baadaye. Hebu tuiweke sasa.
Sanidi anwani chaguo-msingi ya lango.
Tunasanidi kikoa na anwani za seva za DNS.
Inasanidi anwani za IP za seva za WINS.
Uwezeshaji wa upeo.
Bwawa limesanidiwa. "Maliza"
Hitimisho
Kutumia Windows Server 2016/2019 hupunguza utata wa kusanidi seva ya DHCP kwa kitambaa cha VXLAN (au kitambaa kingine chochote). (Sio lazima kuhamisha viungo maalum kwa wataalamu wa TEHAMA: Kitambulisho cha Mzunguko wa Mtandao/Wakala ili kusajili vichujio.)
Je, usanidi wa Windows Server 2012 utafanya kazi kwenye seva mpya za 2016/2019 - ndiyo itafanya kazi.
Hati hii ina marejeleo ya matoleo 2: 7.X na 9.3. Hii ni kutokana na ukweli kwamba toleo la 7.0(3)I7(7) ni toleo Lililopendekezwa na Cisco, na toleo la 9.3 ndilo la ubunifu zaidi (hata linaunga mkono Multicast kupitia VXLAN Multisite).
Orodha ya vyanzo
Chanzo: mapenzi.com