Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

DHCP Overview

Understanding Differences Between Legacy DHCP and Extended DHCP

This topic covers the following sections:

New Features and Enhancements in Extended DHCP

Extended DHCP or JDHCP extends and enhances traditional DHCP operation. With the extended DHCP local server, the client configuration information resides in a centralized address-assignment pool, which supports advanced pool matching and address range selection. aAny new features are only added to the Extended DHCP. Extended DHCP supports following features and enhancements:

  • In extended DHCP, the address-assignment pools are external to the DHCP local server. The external address-assignment pools are managed by the authd process, independently of the DHCP local server, and can be shared by different client applications such as DHCP or PPPoE access. In legacy DHCP, client address pool and client configuration information reside on the DHCP server.

  • Extended DHCP server interacts with the local AAA Service Framework to use back-end authentication servers, such as RADIUS, to provide DHCP client authentication.

  • You can configure the dynamic profile and authentication support on a global basis or for a specific group of interfaces.

  • Extended DHCP local server supports IPv6 clients.

  • Both DHCP local server and DHCPv6 local server support the specific address request feature, which enables you to assign a particular address to a client.

  • The extended DHCP local server provides a minimal configuration to the DHCP client if the client does not have DHCP option 55 configured. The server provides the subnet mask of the address-assignment pool that is selected for the client. In addition to the subnet mask, the server provides the following values to the client if the information is configured in the selected address-assignment pool:

    • router—A router located on the client’s subnet. This statement is the equivalent of DHCP option 3.

    • domain name—The name of the domain in which the client searches for a DHCP server host. This is the default domain name that is appended to hostnames that are not fully qualified. This is equivalent to DHCP option 15.

    • domain name server—A Domain Name System (DNS) name server that is available to the client to resolve hostname-to-client mappings. This is equivalent to DHCP option 6.

  • You can configure the local server to use DHCP option 82 information in the client PDU to determine which named address range to use for a particular client. The client configuration information, which is configured in the address-assignment pool, includes user-defined options, such as boot server, grace period, and lease time.

  • The extended DHCP server supports following features:

    • Graceful Routing Engine switchover (GRES), which provides mirroring support for clients.

    • Virtual routing and forwarding (VRF). The extended DHCP is also referred to as virtual router (VR) aware DHCP. See EX Series Switch Software Features Overview for a list of switches that support extended DHCP (VR-aware DHCP).

Table 1 provides a comparison of the extended DHCP and a legacy DHCP configuration options.

Table 1: Comparing the Extended DHCP Local Server to the Traditional DHCP Local Server

Feature

Legacy DHCP Local Server

Extended DHCP Local Server

Local address pools

X

X

External, centrally-managed address pools

X

Local configuration

X

X

External configuration using information from address-assignment pools or RADIUS servers

X

Dynamic-profile attachment

X

RADIUS-based subscriber authentication, and configuration using RADIUS attributes and Juniper Networks VSAs

X

IPv6 client support

X

Default minimum client configuration

X

X

Benefits of Extended DHCP

  • Extended DHCP local server enhances traditional DHCP server operation by providing additional address assignment and client configuration functionality and flexibility in a subscriber-aware environment.

  • Extended DHCP local server enables service providers to take advantage of external address-assignment pools and integrated RADIUS-based configuration capabilities in addition to the continued support of traditional local address pools.

Change in Configuring DHCP Local Server in Extended DHCP Environment

In extended DHCP, use the following steps to configure DHCP server and address assignment pool:

  • Configure the extended DHCP local server on the device and specify how the DHCP local server determines which address-assignment pool to use.

  • Configure the address-assignment pools used by the DHCP local server. The address-assignment pools contain the IP addresses, named address ranges, and configuration information for DHCP clients.

The extended DHCP local server and the address-assignment pools used by the server must be configured in the same logical system and routing instance.

Legacy DHCP and Extended DHCP Server Hierarchy Levels Changes

Legacy DHCP and extended DHCP servers can be configured at the hierarchy levels shown in Table 2:

Table 2: Legacy DHCP and Extended DHCP Server Hierarchy Levels

DHCP Service

Hierarchy

Legacy DHCP server

edit system services dhcp

Extended DHCP server

edit system services dhcp-local-server

Legacy DHCP relay

edit forwarding-options helpers bootp

Extended DHCP relay

edit forwarding-options dhcp-relay

Legacy DHCP address pool

edit system services dhcp pool

Extended DHCP address pool

edit access address-assignment pool

Since legacy DHCP is deprecated, that is, the commands are 'hidden' . These commands do not show in the help nor automatic completion. When you use the option show configuration to display your configuration, the system displays the following warning:

DHCP packets on non-configured interfaces are dropped

Once you enable DHCP-Relay on the MX routers, or QFX or EX switches, the DHCP Snooping feature gets enabled and all DHCP packets incoming through any interface (both configured and unconfigured interface) of the device are analyzed. The interfaces that are not listed under the DHCP configuration are considered ‘unconfigured’.

Depending on the configuration, DHCP packets received on unconfigured interfaces are dropped.

If the DHCP packets are dropped on ‘unconfigured’ interface, the DHCP traceoptions report it as:

Some behaviors specific for some platforms have changed along the releases. See, Release Notes.

Extended DHCP Relay Agent Overview

You can configure extended DHCP relay options on the router or on the switch and enable the router (or switch) to function as a DHCP relay agent. A DHCP relay agent forwards DHCP request and reply packets between a DHCP client and a DHCP server.

DHCP relay supports the attachment of dynamic profiles and also interacts with the local AAA Service Framework to use back-end authentication servers, such as RADIUS, to provide subscriber authentication or DHCP client authentication. You can attach dynamic profiles and configure authentication support on a global basis or for a specific group of interfaces.

Note:

The PTX Series Packet Transport Routers do not support authentication for DHCP relay agents.

On the routers, you can use DHCP relay in carrier edge applications such as video/IPTV to obtain configuration parameters, including an IP address, for your subscribers.

On the switches, you can use DHCP relay to obtain configuration parameters including an IP address for DHCP clients.

Note:

The extended DHCP relay agent options configured with the dhcp-relay statement are incompatible with the DHCP/BOOTP relay agent options configured with the bootp statement. As a result, you cannot enable both the extended DHCP relay agent and the DHCP/BOOTP relay agent on the router at the same time.

For information about the DHCP/BOOTP relay agent, see Configuring Routers, Switches, and Interfaces as DHCP and BOOTP Relay Agents.

You can also configure the extended DHCP relay agent to support IPv6 clients. SeeDHCPv6 Relay Agent Overview for information about the DHCPv6 relay agent feature.

To configure the extended DHCP relay agent on the router (or switch), include the dhcp-relay statement at the [edit forwarding-options] hierarchy level.

You can also include the dhcp-relay statement at the following hierarchy levels:

  • [edit logical-systems logical-system-name forwarding-options]

  • [edit logical-systems logical-system-name routing-instances routing-instance-name forwarding-options]

  • [edit routing-instances routing-instance-name forwarding-options]

Interaction Among the DHCP Relay Agent, DHCP Client, and DHCP Servers

The pattern of interaction among the DHCP Relay agent, DHCP client, and DHCP servers is the same regardless of whether the software installation is on a router or a switch. However, there are some differences in the details of usage.

On routers—In a typical carrier edge network configuration, the DHCP client is on the subscriber’s computer, and the DHCP relay agent is configured on the router between the DHCP client and one or more DHCP servers.

On switches—In a typical network configuration, the DHCP client is on an access device such as a personal computer and the DHCP relay agent is configured on the switch between the DHCP client and one or more DHCP servers.

The following steps describe, at a high level, how the DHCP client, DHCP relay agent, and DHCP server interact in a configuration that includes two DHCP servers.

  1. The DHCP client sends a discover packet to find a DHCP server in the network from which to obtain configuration parameters for the subscriber (or DHCP client), including an IP address.

  2. The DHCP relay agent receives the discover packet and forwards copies to each of the two DHCP servers. The DHCP relay agent then creates an entry in its internal client table to keep track of the client’s state.

  3. In response to receiving the discover packet, each DHCP server sends an offer packet to the client. The DHCP relay agent receives the offer packets and forwards them to the DHCP client.

  4. On receipt of the offer packets, the DHCP client selects the DHCP server from which to obtain configuration information. Typically, the client selects the server that offers the longest lease time on the IP address.

  5. The DHCP client sends a request packet that specifies the DHCP server from which to obtain configuration information.

  6. The DHCP relay agent receives the request packet and forwards copies to each of the two DHCP servers.

  7. The DHCP server requested by the client sends an acknowledgement (ACK) packet that contains the client’s configuration parameters.

  8. The DHCP relay agent receives the ACK packet and forwards it to the client.

  9. The DHCP client receives the ACK packet and stores the configuration information.

  10. If configured to do so, the DHCP relay agent installs a host route and Address Resolution Protocol (ARP) entry for this client.

  11. After establishing the initial lease on the IP address, the DHCP client and the DHCP server use unicast transmission to negotiate lease renewal or release. The DHCP relay agent “snoops” on all of the packets unicast between the client and the server that pass through the router (or switch) to determine when the lease for this client has expired or been released. This process is referred to as lease shadowing or passive snooping.

DHCP Liveness Detection

Liveness detection for DHCP subscriber or DHCP client IP sessions utilizes an active liveness detection protocol to institute liveness detection checks for relevant clients. Clients are expected to respond to liveness detection requests within a specified amount of time. If the responses are not received within that time for a given number of consecutive attempts, then the liveness detection check fails and a failure action is implemented.

Note:

DHCP liveness detection either globally or per DHCP group.

DHCP Relay Proxy Overview

DHCP relay proxy mode is an enhancement to extended DHCP relay. DHCP relay proxy supports all DHCP relay features while providing additional features and benefits.

Normally, extended DHCP relay operates as a helper application for DHCP operations. Except for the ability to add DHCP relay agent options and the gateway address (giaddr) to DHCP packets, DHCP relay is transparent to DHCP clients and DHCP servers, and simply forwards messages between DHCP clients and servers.

When you configure DHCP relay to operate in proxy mode, the relay is no longer transparent. In proxy mode, DHCP relay conceals DHCP server details from DHCP clients, which interact with a DHCP relay in proxy mode as though it is the DHCP server. For DHCP servers there is no change, because proxy mode has no effect on how the DHCP server interacts with the DHCP relay.

Note:

You cannot configure both DHCP relay proxy and extended DHCP local server on the same interface.

Benefits of Using DHCP Relay Proxy

DHCP relay proxy provides the following benefits:

  • DHCP server isolation and DoS protection—DHCP clients are unable to detect the DHCP servers, learn DHCP server addresses, or determine the number of servers that are providing DHCP support. Server isolation also provides denial-of-service (DoS) protection for the DHCP servers.

  • Multiple lease offer selection—DHCP relay proxy receives lease offers from multiple DHCP servers and selects a single offer to send to the DHCP client, thereby reducing traffic in the network. Currently, the DHCP relay proxy selects the first offer received.

  • Support for both numbered and unnumbered Ethernet interfaces—For DHCP clients connected through Ethernet interfaces, when the DHCP client obtains an address, the DHCP relay proxy adds an access internal host route specifying that interface as the outbound interface. The route is automatically removed when the lease time expires or when the client releases the address. Note that DHCP Relay support for unnumbered Ethernet interfaces is not available on ACX7000 Devices (ACX7024, ACX7100, ACX7100, and ACX7509).

  • Logical system support—DHCP relay proxy can be configured in a logical system, whereas a non-proxy mode DHCP relay cannot.

Interaction Among DHCP Relay Proxy, DHCP Client, and DHCP Servers

The DHCP relay agent is configured on the router (or switch), which operates between the DHCP client and one or more DHCP servers.

The following steps provide a high-level description of how DHCP relay proxy interacts with DHCP clients and DHCP servers.

  1. The DHCP client sends a discover packet to locate a DHCP server in the network from which to obtain configuration parameters for the subscriber.

  2. The DHCP relay proxy receives the discover packet from the DHCP client and forwards copies of the packet to each supporting DHCP server. The DHCP relay proxy then creates a client table entry to keep track of the client state.

  3. In response to the discover packet, each DHCP server sends an offer packet to the client, which the DHCP relay proxy receives. The DHCP relay proxy does the following:

    1. Selects the first offer received as the offer to sent to the client

    2. Replaces the DHCP server address with the address of the DHCP relay proxy

    3. Forwards the offer to the DHCP client.

  4. The DHCP client receives the offer from the DHCP relay proxy.

  5. The DHCP client sends a request packet that indicates the DHCP server from which to obtain configuration information—the request packet specifies the address of the DHCP relay proxy.

  6. The DHCP relay proxy receives the request packet and forwards copies, which include the address of selected server, to all supporting DHCP servers.

  7. The DHCP server requested by the client sends an acknowledgement (ACK) packet that contains the client configuration parameters.

  8. The DHCP relay proxy receives the ACK packet, replaces the DHCP server address with its own address, and forwards the packet to the client.

  9. The DHCP client receives the ACK packet and stores the configuration information.

  10. If configured to do so, the DHCP relay proxy installs a host route and Address Resolution Protocol (ARP) entry for the DHCP client.

  11. After the initial DHCP lease is established, the DHCP relay proxy receives all lease renewals and lease releases from the DHCP client and forwards them to the DHCP server.

Minimum DHCP Relay Agent Configuration

This example shows the minimum configuration you need to use the extended DHCP relay agent on your Junos OS device. Ensure that the device can connect to the DHCP server.

In this example, you direct certain DHCP client traffic to a DHCP server. You specify an active server group to which each client groups traffic is forwarded. Add server IP addresses to the active server group, You can configure an interface group and specifying the DHCP relay interface for the group. The interface used as the DHCP relay agent can forward messages to specific servers.

Configure DHCP Option 82 and forward-only feature.

This example creates active server group named my-dhcp-servers-group with IP address 203.0.113.21. The DHCP relay agent configuration is applied to a interfaces group named my-dhcp-interfaces. Within this group, the DHCP relay agent is enabled on interface ge-0/0/1.0.

  1. Configure the option to forward the traffic, without creating a new subscriber session.

  2. Enable DHCP relay agent information option (option 82) in DHCP packets destined for a DHCP server.

    Use the textual interface description instead of the interface identifier in the DHCP base option 82 Agent Circuit ID in DHCP packets that the DHCP relay agent sends to a DHCP server.

  3. Configure DHCP server group and add the IP addresses of the DHCP server belonging to the group.

  4. Set the DHCP server group as active server group.

    The DHCP relay agent relays DHCP client requests to the DHCP servers defined in the active server group.

  5. Configure an interface group and specify the DHCP relay interface for the group.

    DHCP relay runs on the interfaces defined in the group.

Note:

To configure a switch with DHCP relay in forward-only mode, check whether your DHCP server supports DHCP Option 82. See Verify support of Option-82 in DHCP Server for details.

The forward-only option in DHCP relay configurations do not require the S-SA-FP license to be installed.

From configuration mode, confirm your configuration by entering the show forwarding-options command and verify your configuration.

Configuring IPv4 and IPv6 Addresses on the Loopback Interface

When you have configured a DHCP server in a different service VRFs, you must configure IPv4 and IPv6 addresses on the loopback interface in the server VRF configuration for DCHP-relay function to work in all other VRFs.

Configure the dhcp-relay forward-only-replies option to enable DHCP response packets forwarded to the DHCP clients in the other VRF.

Example: DHCP Relay Agent Configuration with Multiple Clients and Servers

This example shows an extended DHCP relay agent configuration for a network that includes multiple DHCP clients and DHCP servers. Additional details follow the example.

This example creates two server-groups: sp-1, which includes DHCP server addresses 203.0.113.21 and 203.0.113.22, and sp-2, which includes DHCP server addresses 203.0.113.31, 203.0.113.32, and 203.0.113.33. The active server group to which the DHCP relay agent configuration applies is sp-1. A global override is set that causes the DHCP relay agent to use Layer 2 unicast transmission to send DHCP reply packets from the DHCP server to DHCP clients during the discovery process.

The example also creates three groups of subscribers and their associated Fast Ethernet interfaces: clients_a, clients_b, and eth_dslam_relay. These groups are configured to meet different needs, as follows:

  • The clients_a and clients_b groups consist of basic subscribers. The service provider for these groups inserts option 82 information in the DHCP packets that are destined for the DHCP server.

  • The subscribers in eth_dslam_relay are connected to an Ethernet digital subscriber line access multiplexer (DSLAM) that functions as a Layer 2 DHCP relay agent. The active server group for eth_dslam_relay is sp-2. Overrides are set for the eth_dslam_relay group that enable the DHCP relay agent to trust option 82 information and to use Layer 2 unicast transmission to send DHCP reply packets to DHCP clients during discovery.