DHCP Overview
Understanding Differences Between Legacy DHCP and Extended DHCP
This topic covers the following sections:
- New Features and Enhancements in Extended DHCP
- Benefits of Extended DHCP
- Change in Configuring DHCP Local Server in Extended DHCP Environment
- Legacy DHCP and Extended DHCP Server Hierarchy Levels Changes
New Features and Enhancements in Extended DHCP
Extended DHCP or JDHCP extends and enhances traditional DHCP operation. With the extended DHCP local server, the client configuration information resides in a centralized address-assignment pool, which supports advanced pool matching and address range selection. aAny new features are only added to the Extended DHCP. Extended DHCP supports following features and enhancements:
In extended DHCP, the address-assignment pools are external to the DHCP local server. The external address-assignment pools are managed by the authd process, independently of the DHCP local server, and can be shared by different client applications such as DHCP or PPPoE access. In legacy DHCP, client address pool and client configuration information reside on the DHCP server.
Extended DHCP server interacts with the local AAA Service Framework to use back-end authentication servers, such as RADIUS, to provide DHCP client authentication.
You can configure the dynamic profile and authentication support on a global basis or for a specific group of interfaces.
Extended DHCP local server supports IPv6 clients.
Both DHCP local server and DHCPv6 local server support the specific address request feature, which enables you to assign a particular address to a client.
The extended DHCP local server provides a minimal configuration to the DHCP client if the client does not have DHCP option 55 configured. The server provides the subnet mask of the address-assignment pool that is selected for the client. In addition to the subnet mask, the server provides the following values to the client if the information is configured in the selected address-assignment pool:
router—A router located on the client’s subnet. This statement is the equivalent of DHCP option 3.
domain name—The name of the domain in which the client searches for a DHCP server host. This is the default domain name that is appended to hostnames that are not fully qualified. This is equivalent to DHCP option 15.
domain name server—A Domain Name System (DNS) name server that is available to the client to resolve hostname-to-client mappings. This is equivalent to DHCP option 6.
You can configure the local server to use DHCP option 82 information in the client PDU to determine which named address range to use for a particular client. The client configuration information, which is configured in the address-assignment pool, includes user-defined options, such as boot server, grace period, and lease time.
The extended DHCP server supports following features:
Graceful Routing Engine switchover (GRES), which provides mirroring support for clients.
Virtual routing and forwarding (VRF). The extended DHCP is also referred to as virtual router (VR) aware DHCP. See EX Series Switch Software Features Overview for a list of switches that support extended DHCP (VR-aware DHCP).
Table 1 provides a comparison of the extended DHCP and a legacy DHCP configuration options.
Feature |
Legacy DHCP Local Server |
Extended DHCP Local Server |
|---|---|---|
Local address pools |
X |
X |
External, centrally-managed address pools |
– |
X |
Local configuration |
X |
X |
External configuration using information from address-assignment pools or RADIUS servers |
– |
X |
Dynamic-profile attachment |
– |
X |
RADIUS-based subscriber authentication, and configuration using RADIUS attributes and Juniper Networks VSAs |
– |
X |
IPv6 client support |
– |
X |
Default minimum client configuration |
X |
X |
Benefits of Extended DHCP
Extended DHCP local server enhances traditional DHCP server operation by providing additional address assignment and client configuration functionality and flexibility in a subscriber-aware environment.
Extended DHCP local server enables service providers to take advantage of external address-assignment pools and integrated RADIUS-based configuration capabilities in addition to the continued support of traditional local address pools.
Change in Configuring DHCP Local Server in Extended DHCP Environment
In extended DHCP, use the following steps to configure DHCP server and address assignment pool:
Configure the extended DHCP local server on the device and specify how the DHCP local server determines which address-assignment pool to use.
Configure the address-assignment pools used by the DHCP local server. The address-assignment pools contain the IP addresses, named address ranges, and configuration information for DHCP clients.
The extended DHCP local server and the address-assignment pools used by the server must be configured in the same logical system and routing instance.
Legacy DHCP and Extended DHCP Server Hierarchy Levels Changes
Legacy DHCP and extended DHCP servers can be configured at the hierarchy levels shown in Table 2:
DHCP Service |
Hierarchy |
|---|---|
Legacy DHCP server |
|
Extended DHCP server |
|
Legacy DHCP relay |
|
Extended DHCP relay |
|
Legacy DHCP address pool |
|
Extended DHCP address pool |
|
Since legacy DHCP is deprecated, that is, the commands are 'hidden'
. These commands do not show in the help nor automatic completion.
When you use the option show configuration to display your
configuration, the system displays the following warning:
## ## Warning: configuration block ignored: unsupported platform (...) ##
DHCP packets on non-configured interfaces are dropped
Once you enable DHCP-Relay on the MX routers, or QFX or EX switches, the DHCP Snooping feature gets enabled and all DHCP packets incoming through any interface (both configured and unconfigured interface) of the device are analyzed. The interfaces that are not listed under the DHCP configuration are considered ‘unconfigured’.
Depending on the configuration, DHCP packets received on unconfigured interfaces are dropped.
If the DHCP packets are dropped on ‘unconfigured’ interface, the DHCP traceoptions report it as:
May 25 18:26:31.796241 [MSTR][NOTE] [default:default][RLY][INET][irb.82] jdhcpd_packet_handle: BOOTPREQUEST irb.82 arrived on unconfigured interface DISCOVER, flags 23, config 0x0
Some behaviors specific for some platforms have changed along the releases. See, Release Notes.
Extended DHCP Relay Agent Overview
You can configure extended DHCP relay options on the router or on the switch and enable the router (or switch) to function as a DHCP relay agent. A DHCP relay agent forwards DHCP request and reply packets between a DHCP client and a DHCP server.
DHCP relay supports the attachment of dynamic profiles and also interacts with the local AAA Service Framework to use back-end authentication servers, such as RADIUS, to provide subscriber authentication or DHCP client authentication. You can attach dynamic profiles and configure authentication support on a global basis or for a specific group of interfaces.
The PTX Series Packet Transport Routers do not support authentication for DHCP relay agents.
On the routers, you can use DHCP relay in carrier edge applications such as video/IPTV to obtain configuration parameters, including an IP address, for your subscribers.
On the switches, you can use DHCP relay to obtain configuration parameters including an IP address for DHCP clients.
The extended DHCP relay agent options configured with
the dhcp-relay statement are incompatible with the DHCP/BOOTP
relay agent options configured with the bootp statement.
As a result, you cannot enable both the extended DHCP relay agent
and the DHCP/BOOTP relay agent on the router at the same time.
For information about the DHCP/BOOTP relay agent, see Configuring Routers, Switches, and Interfaces as DHCP and BOOTP Relay Agents.
You can also configure the extended DHCP relay agent to support IPv6 clients. SeeDHCPv6 Relay Agent Overview for information about the DHCPv6 relay agent feature.
To configure the extended DHCP relay agent on the router (or
switch), include the dhcp-relay statement at the [edit forwarding-options] hierarchy level.
You can also include the dhcp-relay statement
at the following hierarchy levels:
[edit logical-systems logical-system-name forwarding-options][edit logical-systems logical-system-name routing-instances routing-instance-name forwarding-options][edit routing-instances routing-instance-name forwarding-options]
Interaction Among the DHCP Relay Agent, DHCP Client, and DHCP Servers
The pattern of interaction among the DHCP Relay agent, DHCP client, and DHCP servers is the same regardless of whether the software installation is on a router or a switch. However, there are some differences in the details of usage.
On routers—In a typical carrier edge network configuration, the DHCP client is on the subscriber’s computer, and the DHCP relay agent is configured on the router between the DHCP client and one or more DHCP servers.
On switches—In a typical network configuration, the DHCP client is on an access device such as a personal computer and the DHCP relay agent is configured on the switch between the DHCP client and one or more DHCP servers.
The following steps describe, at a high level, how the DHCP client, DHCP relay agent, and DHCP server interact in a configuration that includes two DHCP servers.
The DHCP client sends a discover packet to find a DHCP server in the network from which to obtain configuration parameters for the subscriber (or DHCP client), including an IP address.
The DHCP relay agent receives the discover packet and forwards copies to each of the two DHCP servers. The DHCP relay agent then creates an entry in its internal client table to keep track of the client’s state.
In response to receiving the discover packet, each DHCP server sends an offer packet to the client. The DHCP relay agent receives the offer packets and forwards them to the DHCP client.
On receipt of the offer packets, the DHCP client selects the DHCP server from which to obtain configuration information. Typically, the client selects the server that offers the longest lease time on the IP address.
The DHCP client sends a request packet that specifies the DHCP server from which to obtain configuration information.
The DHCP relay agent receives the request packet and forwards copies to each of the two DHCP servers.
The DHCP server requested by the client sends an acknowledgement (ACK) packet that contains the client’s configuration parameters.
The DHCP relay agent receives the ACK packet and forwards it to the client.
The DHCP client receives the ACK packet and stores the configuration information.
If configured to do so, the DHCP relay agent installs a host route and Address Resolution Protocol (ARP) entry for this client.
After establishing the initial lease on the IP address, the DHCP client and the DHCP server use unicast transmission to negotiate lease renewal or release. The DHCP relay agent “snoops” on all of the packets unicast between the client and the server that pass through the router (or switch) to determine when the lease for this client has expired or been released. This process is referred to as lease shadowing or passive snooping.
DHCP Liveness Detection
Liveness detection for DHCP subscriber or DHCP client IP sessions utilizes an active liveness detection protocol to institute liveness detection checks for relevant clients. Clients are expected to respond to liveness detection requests within a specified amount of time. If the responses are not received within that time for a given number of consecutive attempts, then the liveness detection check fails and a failure action is implemented.
DHCP liveness detection either globally or per DHCP group.
DHCP Relay Proxy Overview
DHCP relay proxy mode is an enhancement to extended DHCP relay. DHCP relay proxy supports all DHCP relay features while providing additional features and benefits.
Normally, extended DHCP relay operates as a helper application for DHCP operations. Except for the ability to add DHCP relay agent options and the gateway address (giaddr) to DHCP packets, DHCP relay is transparent to DHCP clients and DHCP servers, and simply forwards messages between DHCP clients and servers.
When you configure DHCP relay to operate in proxy mode, the relay is no longer transparent. In proxy mode, DHCP relay conceals DHCP server details from DHCP clients, which interact with a DHCP relay in proxy mode as though it is the DHCP server. For DHCP servers there is no change, because proxy mode has no effect on how the DHCP server interacts with the DHCP relay.
You cannot configure both DHCP relay proxy and extended DHCP local server on the same interface.
- Benefits of Using DHCP Relay Proxy
- Interaction Among DHCP Relay Proxy, DHCP Client, and DHCP Servers
Benefits of Using DHCP Relay Proxy
DHCP relay proxy provides the following benefits:
DHCP server isolation and DoS protection—DHCP clients are unable to detect the DHCP servers, learn DHCP server addresses, or determine the number of servers that are providing DHCP support. Server isolation also provides denial-of-service (DoS) protection for the DHCP servers.
Multiple lease offer selection—DHCP relay proxy receives lease offers from multiple DHCP servers and selects a single offer to send to the DHCP client, thereby reducing traffic in the network. Currently, the DHCP relay proxy selects the first offer received.
Support for both numbered and unnumbered Ethernet interfaces—For DHCP clients connected through Ethernet interfaces, when the DHCP client obtains an address, the DHCP relay proxy adds an access internal host route specifying that interface as the outbound interface. The route is automatically removed when the lease time expires or when the client releases the address. Note that DHCP Relay support for unnumbered Ethernet interfaces is not available on ACX7000 Devices (ACX7024, ACX7100, ACX7100, and ACX7509).
Logical system support—DHCP relay proxy can be configured in a logical system, whereas a non-proxy mode DHCP relay cannot.
Interaction Among DHCP Relay Proxy, DHCP Client, and DHCP Servers
The DHCP relay agent is configured on the router (or switch), which operates between the DHCP client and one or more DHCP servers.
The following steps provide a high-level description of how DHCP relay proxy interacts with DHCP clients and DHCP servers.
The DHCP client sends a discover packet to locate a DHCP server in the network from which to obtain configuration parameters for the subscriber.
The DHCP relay proxy receives the discover packet from the DHCP client and forwards copies of the packet to each supporting DHCP server. The DHCP relay proxy then creates a client table entry to keep track of the client state.
In response to the discover packet, each DHCP server sends an offer packet to the client, which the DHCP relay proxy receives. The DHCP relay proxy does the following:
Selects the first offer received as the offer to sent to the client
Replaces the DHCP server address with the address of the DHCP relay proxy
Forwards the offer to the DHCP client.
The DHCP client receives the offer from the DHCP relay proxy.
The DHCP client sends a request packet that indicates the DHCP server from which to obtain configuration information—the request packet specifies the address of the DHCP relay proxy.
The DHCP relay proxy receives the request packet and forwards copies, which include the address of selected server, to all supporting DHCP servers.
The DHCP server requested by the client sends an acknowledgement (ACK) packet that contains the client configuration parameters.
The DHCP relay proxy receives the ACK packet, replaces the DHCP server address with its own address, and forwards the packet to the client.
The DHCP client receives the ACK packet and stores the configuration information.
If configured to do so, the DHCP relay proxy installs a host route and Address Resolution Protocol (ARP) entry for the DHCP client.
After the initial DHCP lease is established, the DHCP relay proxy receives all lease renewals and lease releases from the DHCP client and forwards them to the DHCP server.
Minimum DHCP Relay Agent Configuration
This example shows the minimum configuration you need to use the extended DHCP relay agent on your Junos OS device. Ensure that the device can connect to the DHCP server.
In this example, you direct certain DHCP client traffic to a DHCP server. You specify an active server group to which each client groups traffic is forwarded. Add server IP addresses to the active server group, You can configure an interface group and specifying the DHCP relay interface for the group. The interface used as the DHCP relay agent can forward messages to specific servers.
Configure DHCP Option 82 and forward-only feature.
This example creates active server group named my-dhcp-servers-group
with IP address 203.0.113.21. The DHCP relay agent configuration is applied to a
interfaces group named my-dhcp-interfaces. Within this group, the DHCP
relay agent is enabled on interface ge-0/0/1.0.
Configure the option to forward the traffic, without creating a new subscriber session.
user@host# set forwarding-options dhcp-relay forward-only
Enable DHCP relay agent information option (option 82) in DHCP packets destined for a DHCP server.
user@host# set forwarding-options dhcp-relay relay-option-82 circuit-id use-interface-description device
Use the textual interface description instead of the interface identifier in the DHCP base option 82 Agent Circuit ID in DHCP packets that the DHCP relay agent sends to a DHCP server.
Configure DHCP server group and add the IP addresses of the DHCP server belonging to the group.
user@host# set forwarding-options dhcp-relay server-group my-dhcp-servers-group 203.0.113.2
Set the DHCP server group as active server group.
user@host# set forwarding-options dhcp-relay active-server-group my-dhcp-servers-group
The DHCP relay agent relays DHCP client requests to the DHCP servers defined in the active server group.
Configure an interface group and specify the DHCP relay interface for the group.
user@host# set forwarding-options dhcp-relay group my-dhcp-interf-group interface ge-0/0/1.0
DHCP relay runs on the interfaces defined in the group.
To configure a switch with DHCP relay in forward-only mode, check
whether your DHCP server supports DHCP Option 82. See Verify support of Option-82 in DHCP Server
for details.
The forward-only option in DHCP relay configurations do not require the
S-SA-FP license to be installed.
From configuration mode, confirm your configuration by entering the show
forwarding-options command and verify your configuration.
user@srx-01# show forwarding-options
dhcp-relay {
relay-option-82 {
circuit-id {
use-interface-description device;
}
}
forward-only;
server-group {
my-dhcp-servers-group {
203.0.113.21;
}
}
active-server-group my-dhcp-servers-group;
group my-dhcp-interf-group {
interface ge-0/0/1.0;
}
}
Configuring IPv4 and IPv6 Addresses on the Loopback Interface
When you have configured a DHCP server in a different service VRFs, you must configure IPv4 and IPv6 addresses on the loopback interface in the server VRF configuration for DCHP-relay function to work in all other VRFs.
Configure the dhcp-relay forward-only-replies option to enable DHCP response packets forwarded to the DHCP clients in the other VRF.
[edit routing-instances]
Svr-1 {
instance-type vrf;
routing-options {
auto-export;
}
protocols {
evpn {
ip-prefix-routes {
advertise direct-nexthop;
encapsulation vxlan;
vni 11000;
export type5-export;
}
}
}
forwarding-options {
dhcp-relay {
dhcpv6 {
forward-only-replies;
}
forward-only-replies;
}
}
interface lo0.2;
route-distinguisher 103.0.0.1:5000;
vrf-import import-tenant;
vrf-target target:5000:1;
vrf-table-label;
}
lo0 {
unit 0 {
family inet {
address 103.0.0.1/32;
}
family inet6 {
address 1003::1/128;
}
}
unit 1 {
family inet {
address 103.0.0.1/32;
}
family inet6 {
address 1003::1/128;
}
}
unit 2 {
family inet {
address 103.0.0.2/32;
}
family inet6 {
address 1003::2/128;
}
}
Example: DHCP Relay Agent Configuration with Multiple Clients and Servers
This example shows an extended DHCP relay agent configuration for a network that includes multiple DHCP clients and DHCP servers. Additional details follow the example.
[edit forwarding-options]
dhcp-relay {
server-group {
sp-1 {
203.0.113.21;
203.0.113.22;
}
sp-2 {
203.0.113.31;
203.0.113.32;
203.0.113.33;
}
}
active-server-group sp-1;
overrides layer2-unicast-replies;
group clients_a {
relay-option-82 circuit-id;
interface fe-1/0/1.1;
interface fe-1/0/1.2;
interface fe-1/0/1.3;
}
group clients_b {
relay-option-82 {
circuit-id {
prefix routing-instance-name;
}
}
interface fe-1/0/1.4;
interface fe-1/0/1.5;
interface fe-1/0/1.6;
}
group eth_dslam_relay {
active-server-group sp-2;
overrides {
trust-option-82;
layer2-unicast-replies;
}
interface fe-1/0/1.7;
interface fe-1/0/1.8;
interface fe-1/0/1.9;
}
}
This example creates two server-groups: sp-1, which includes DHCP server addresses 203.0.113.21 and 203.0.113.22,
and sp-2, which includes DHCP server addresses 203.0.113.31,
203.0.113.32, and 203.0.113.33. The active server group to which the
DHCP relay agent configuration applies is sp-1. A global
override is set that causes the DHCP relay agent to use Layer 2 unicast
transmission to send DHCP reply packets from the DHCP server to DHCP
clients during the discovery process.
The example also creates three groups of subscribers
and their associated Fast Ethernet interfaces: clients_a, clients_b, and eth_dslam_relay. These groups
are configured to meet different needs, as follows:
The
clients_aandclients_bgroups consist of basic subscribers. The service provider for these groups inserts option 82 information in the DHCP packets that are destined for the DHCP server.The subscribers in
eth_dslam_relayare connected to an Ethernet digital subscriber line access multiplexer (DSLAM) that functions as a Layer 2 DHCP relay agent. The active server group foreth_dslam_relayissp-2. Overrides are set for theeth_dslam_relaygroup that enable the DHCP relay agent to trust option 82 information and to use Layer 2 unicast transmission to send DHCP reply packets to DHCP clients during discovery.