DHCP Relay needs to be enabled as service in the 128T with a configuration like the following:
service relay-agent
name relay-agent
security encrypt access-policy tenant1
source tenant1
exit
application-type dhcp-relay
exit
The important things here are:
1) Set the application-type to 'dhcp-relay'
2) Configure one or more access-policies. The tenant(s) configured here need to be configured as the tenant on the 128T network-interfaces where you wish to have the DHCP relay agent listening.
Next, you will need to configure a service-route that tells the 128T where the authoritative DHCP server is. This should be configured on the router that the DHCP server sits behind.
service-route relay-agent
name relay-agent
service-name relay-agent
nat-target 10.233.90.30 next-hop hq lan
node-name hq
interface lan
exit
exit
The service-name should match the service configured above. The nat-target must be the address of the authoritative DHCP server. And the next-hop should point out the interface towards the DHCP server.
If you commit the configuration now, a few things should happen. First, the conductor should automatically generate a service corresponding to each authoritative DHCP server configured with a service-route. It will look similar to what is shown below:
service _dhcp_relay_21_10.233.90.30
name _dhcp_relay_21_10.233.90.30
description ""Auto generated DHCP relay service for DHCP server 10.233.90.30""
enabled true
scope private
security encrypt
tap-multiplexing false
¾
transport udp
protocol udp
¾
port-range 67
start-port 67
end-port 67
exit
exit
address 10.233.90.30/32
¾
access-policy tenant1
source tenant1
permission allow
exit
source-nat disabled
generated true
exit
The conductor should also automatically generate a service-route for this new service on the same router which sits in front of the authoritative DHCP server.
service-route _dhcp_relay_relay-agent
name _dhcp_relay_relay-agent
service-name _dhcp_relay_21_10.233.90.30
generated true
nat-target 10.233.90.30
¾
next-hop hq lan
node-name hq
interface lan
exit
exit
If your main dhcp-relay service has 'share-service-routes' set to 'true' (the default setting) AND you have your neighborhoods setup to allow for auto-generation of 128T peering, you should also get peer service-routes on your remote branch routers like the following:
service-route _dhcp_relay_21_10.233.90.30__hq
name _dhcp_relay_21_10.233.90.30__hq
service-name _dhcp_relay_21_10.233.90.30
generated true
peer hq
exit
After your configuration has been committed, you should also check your router FIB tables. We are seeing an issue where the FIB entry is not being generated with the appropriate next-hop address. For example:
admin@conductor.conductor# show fib router tps rows all | grep relay
? Piping output...
10.233.90.30/32 67 UDP tenant1 _dhcp_relay_21_10.233.90.30 <none>
That last entry of '<none>' should contain the next hop gateway. This problem will also generate entries in highwayManager.log which look like this:
Aug 01 17:32:09.174 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255]
Aug 01 17:32:17.908 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255]
Aug 01 17:32:28.003 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255]
Aug 01 17:32:49.389 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255]
Aug 01 17:32:57.690 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255]
If you see this issue, please restart your 128T service on that router. When it comes back up, your FIB entry should contain a gateway as shown below:
admin@conductor.conductor# show fib router tps rows all | grep relay
? Piping output...
10.233.90.30/32 67 UDP tenant1 _dhcp_relay_21_10.233.90.30 172.16.1.1