SD-WAN

last person joined: 12 days ago 

Ask questions and share experiences with SD-WAN and Session Smart Router (formerly 128T).

  • 1.  Has anyone here played with dhcp relay in 3.2.5? Having trouble getting it to work.

    Posted 08-01-2018 00:00


  • 2.  RE: Has anyone here played with dhcp relay in 3.2.5? Having trouble getting it to work.

     
    Posted 08-01-2018 00:00

    And there is a small gotcha with assigning a DHCP dedicated tenant to an interface, with other tenants assigned by means of neighborhood/member configuration. In those instances, the tenant assigned to the interface must be the PARENT of the tenants assigned using membership construct. Otherwise, member/neighborhood tenants will not be properly used by the router in its operation.



  • 3.  RE: Has anyone here played with dhcp relay in 3.2.5? Having trouble getting it to work.

    Posted 08-01-2018 00:00

    Thank you @Mark Shields and @Gene - this worked for me.

    ​​


  • 4.  RE: Has anyone here played with dhcp relay in 3.2.5? Having trouble getting it to work.

    Posted 08-01-2018 00:00

    DHCP Relay needs to be enabled as service in the 128T with a configuration like the following:

    service relay-agent name relay-agent security encrypt access-policy tenant1 source tenant1 exit application-type dhcp-relay exit

    The important things here are:

    1) Set the application-type to 'dhcp-relay'

    2) Configure one or more access-policies. The tenant(s) configured here need to be configured as the tenant on the 128T network-interfaces where you wish to have the DHCP relay agent listening.

    Next, you will need to configure a service-route that tells the 128T where the authoritative DHCP server is. This should be configured on the router that the DHCP server sits behind.

    service-route relay-agent name relay-agent service-name relay-agent nat-target 10.233.90.30 next-hop hq lan node-name hq interface lan exit exit


    The service-name should match the service configured above. The nat-target must be the address of the authoritative DHCP server. And the next-hop should point out the interface towards the DHCP server.

    If you commit the configuration now, a few things should happen. First, the conductor should automatically generate a service corresponding to each authoritative DHCP server configured with a service-route. It will look similar to what is shown below:

    service _dhcp_relay_21_10.233.90.30 name _dhcp_relay_21_10.233.90.30 description ""Auto generated DHCP relay service for DHCP server 10.233.90.30"" enabled true scope private security encrypt tap-multiplexing false ¾ transport udp protocol udp ¾ port-range 67 start-port 67 end-port 67 exit exit address 10.233.90.30/32 ¾ access-policy tenant1 source tenant1 permission allow exit source-nat disabled generated true exit

    The conductor should also automatically generate a service-route for this new service on the same router which sits in front of the authoritative DHCP server.

    service-route _dhcp_relay_relay-agent name _dhcp_relay_relay-agent service-name _dhcp_relay_21_10.233.90.30 generated true nat-target 10.233.90.30 ¾ next-hop hq lan node-name hq interface lan exit exit


    If your main dhcp-relay service has 'share-service-routes' set to 'true' (the default setting) AND you have your neighborhoods setup to allow for auto-generation of 128T peering, you should also get peer service-routes on your remote branch routers like the following:

    service-route _dhcp_relay_21_10.233.90.30__hq name _dhcp_relay_21_10.233.90.30__hq service-name _dhcp_relay_21_10.233.90.30 generated true peer hq exit

    After your configuration has been committed, you should also check your router FIB tables. We are seeing an issue where the FIB entry is not being generated with the appropriate next-hop address. For example:

    admin@conductor.conductor# show fib router tps rows all | grep relay ? Piping output... 10.233.90.30/32 67 UDP tenant1 _dhcp_relay_21_10.233.90.30 <none>


    That last entry of '<none>' should contain the next hop gateway. This problem will also generate entries in highwayManager.log which look like this:

    Aug 01 17:32:09.174 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255] Aug 01 17:32:17.908 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255] Aug 01 17:32:28.003 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255] Aug 01 17:32:49.389 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255] Aug 01 17:32:57.690 [HWMC|SA ] INFO (sessionManager ) Service path not found for [src ip 10.233.180.1, dest ip 10.233.90.30, src l4 port 67, dest l4 port 67, proto 17, vlan 0, device port 255]

    If you see this issue, please restart your 128T service on that router. When it comes back up, your FIB entry should contain a gateway as shown below:

    admin@conductor.conductor# show fib router tps rows all | grep relay ? Piping output... 10.233.90.30/32 67 UDP tenant1 _dhcp_relay_21_10.233.90.30 172.16.1.1



  • 5.  RE: Has anyone here played with dhcp relay in 3.2.5? Having trouble getting it to work.