DHCP for Tenant Systems
Understanding DHCP support for Tenant Systems
Starting in Junos OS Release 18.4R1, a tenant system supports the DHCP client feature to learn IP addresses for interfaces assigned to the tenant systems. Additionally, starting in Junos OS Release 18.4R1, tenant systems support the DHCP relay feature. A DHCP relay agent forwards DHCP requests and responses between the DHCP client and the DHCP server.
An interface of an SRX Series Firewall operating as a DHCP client receives the TCP or IP settings and the IP address from an external DHCP server.
An SRX Series Firewall operating as a DHCP relay agent for tenant systems forwards incoming requests from the DHCP clients to a specified DHCP server. The client requests pass through interfaces on the tenant systems.
Minimum DHCPv6 Relay Agent Configuration for Tenant Systems
The following example describes the minimum configuration required to configure an SRX Series Firewall as a DHCPv6 relay agent for the tenant system.
Before you begin determine the following:
The DHCP routing instance name, the DHCP relay group and the DHCP active server-group for the tenant system.
Example: Configuring a DHCPv6 Client for Tenant Systems
This example shows how to configure a device as a DHCPv6 client for tenant systems.
Requirements
This example uses the following hardware and software components:
An SRX Series Firewall
Junos OS Release 18.4R1
Before you begin:
Read the Understanding DHCP support for Tenant Systems to understand how and where this procedure fits in the overall tenant systems support for DHCP.
No special configuration beyond device initialization is required before configuring this feature.
Overview
In this example, a tenant system administrator configures an SRX Series Firewall as a DHCPv6 client for a tenant system.
The DHCPv6 client for a tenant system includes the following features:
Identity association for non-temporary addresses (IA_NA)
Identity association for prefix delegation (IA_PD)
Autoconfig or stateful mode
DHCP unique identifier (DUID)
Configuration
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set tenants TSYS1 security zones security-zone trust host-inbound-traffic system-services all set tenants TSYS1 security zones security-zone trust host-inbound-traffic protocols all set tenants TSYS1 security zones security-zone trust interfaces ge-0/0/0.0 set tenants TSYS1 routing-instances r1 instance-type virtual-router set tenants TSYS1 routing-instances r1 interface ge-0/0/0.0 set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-type autoconfig set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-type stateful set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-ia-type ia-na set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-ia-type ia-pd set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client req-option dns-server set protocols router-advertisement interface ge-0/0/0.0
Configuring DHCPv6 Client in a Tenant System
Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
Configure security zones to permit traffic for a tenant system.
[edit tenants TSYS1 security zones] user@host# set security-zone trust host-inbound-traffic system-services all user@host# set security-zone trust host-inbound-traffic protocols all user@host# set security-zone trust interfaces ge-0/0/0.0
Create a routing instance and assign the routing instance type to a tenant system.
[edit tenants TSYS1] user@host# set routing-instances r1 instance-type virtual-router
Specify the interface name for the routing instance.
[edit tenants TSYS1] user@host# set routing-instances r1 interface ge-0/0/0.0
Configure the DHCPv6 client type. The client type can be
autoconfigorstatefulfor a tenant system.To enable DHCPv6 auto configuration mode, configure the client type as
autoconfig.[edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host# set client-type autoconfig
For stateful address assignment, configure the client type as
stateful.[edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host# set client-type stateful
Specify the identity association type.
To configure identity association for nontemporary address (IA_NA) assignment, specify the
client-ia typeasia-na.[edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host# set client-ia-type ia-na
To configure identity association for prefix delegation (IA_PD), specify the
client-ia-typeasia-pd.[edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host# set client-ia-type ia-pd
Configure the DHCPv6 client identifier by specifying the DHCP unique identifier (DUID) type for the tenant system. The following DUID type is supported:
Link Layer address (duid-ll)
[edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host# set client-identifier duid-type duid-ll
Specify the DHCPv6 client requested option as
dns-serverfor the tenant system.[edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host# set req-option dns-server
Configure the router advertisement.
[edit] user@host# set protocols router-advertisement interface ge-0/0/0.0
Results
From configuration mode, confirm your configuration by entering the
show tenants TSYS1command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.user@host# show tenants TSYS1 interfaces { ge-0/0/0 { unit 0 { family inet6 { dhcpv6-client { client-type stateful; client-ia-type ia-na; client-ia-type ia-pd; client-identifier duid-type duid-ll; req-option dns-server; } } } } } routing-instances { r1 { instance-type virtual-router; interface ge-0/0/0.0; } } security { zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { ge-0/0/0.0; } } } }From configuration mode, confirm your configuration by entering the
show protocolscommand. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.user@host# show protocols router-advertisement { interface ge-0/0/0.0; }
If you are done configuring the device, enter commit from configuration mode.
Verification
To confirm that the configuration is working properly, perform these tasks:
- Verifying the DHCPv6 Client for the Tenant System
- Verifying the DHCPv6 Client Binding for the Tenant System
- Verifying the DHCPv6 Client Statistics Information for the Tenant System
Verifying the DHCPv6 Client for the Tenant System
Purpose
Verify that the DHCPv6 client information is configured.
Action
From the operational mode, enter the show dhcpv6
client binding tenant TSYS1 command.
user@host> show dhcpv6 client binding tenant TSYS1
IP/prefix Expires State ClientType Interface Client DUID
2000::17/128 67762 BOUND STATEFUL ge-0/0/6.0 LL0x3-10:0e:7e:49:25:86
2000:100::/64 67762 BOUND STATEFUL ge-0/0/6.0 LL0x3-10:0e:7e:49:25:86
Meaning
The output displays the address binding information for the tenant system.
Verifying the DHCPv6 Client Binding for the Tenant System
Purpose
Verify that the DHCPv6 client binding information is configured.
Action
From the operational mode, enter the show dhcpv6
client binding detail tenant TSYS1 command.
user@host> show dhcpv6 client binding detail tenant TSYS1
Client Interface/Id: ge-0/0/6.0
Hardware Address: 10:0e:7e:49:25:86
State: BOUND(DHCPV6_CLIENT_STATE_BOUND)
ClientType STATEFUL
Lease Expires: 2018-11-09 07:11:47 UTC
Lease Expires in: 67760 seconds
Lease Start: 2018-11-08 07:11:47 UTC
Bind Type: IA_NA IA_PD
Preferred prefix length 0
Sub prefix length 0
Client DUID: LL0x3-10:0e:7e:49:25:86
Rapid Commit: Off
Server Identifier: fe80::46f4:77ff:fed6:670a
Client IP Address: 2000::17/128
Client IP Prefix: 2000:100::/64
DHCP options:
Name: server-identifier, Value: VENDOR0x00000583-0x34343a34
Meaning
The output displays the detailed client binding information for the tenant system.
Verifying the DHCPv6 Client Statistics Information for the Tenant System
Purpose
Verify that the DHCP client statistics information is configured.
Action
From the operational mode, enter the show dhcpv6
client statistics tenant TSYS1 command.
user@host> show dhcpv6 client statistics tenant TSYS1 routing-instance R1
Dhcpv6 Packets dropped:
Total 3
Bad Send 3
Messages received:
DHCPV6_ADVERTISE 1
DHCPV6_REPLY 1
DHCPV6_RECONFIGURE 0
Messages sent:
DHCPV6_DECLINE 0
DHCPV6_SOLICIT 1
DHCPV6_INFORMATION_REQUEST 0
DHCPV6_RELEASE 0
DHCPV6_REQUEST 1
DHCPV6_CONFIRM 0
DHCPV6_RENEW 0
DHCPV6_REBIND 0
Meaning
The output displays the information about the number of packets discarded, the number of messages received and the number of messages sent by the DHCP client for the tenant system.