DHCP Relay Agent¶
TNSR can act as a DCHP relay agent which forwards DHCP requests from clients to an upstream server, rather than acting as a server itself. This allows administrators to run their DHCP services from a central location on a dedicated server, isolated from direct contact with clients. This has security, performance, administrative advantages, among other reasons. The TNSR DHCP relay agent can relay DHCPv4 and DHCPv6 requests.
The DHCP relay agent is activated on a per-VRF basis, and TNSR supports multiple relay agents in different VRFs. However, TNSR cannot act both as a DHCP server and as a relay at the same time.
Warning
DHCP relay functionality and the Kea DHCP server are mutually exclusive. Only one of the two can be active at the same time, even with separate VRFs or interfaces.
To configure the DHCP relay agent for a specific client VRF, use the
dhcp-relay <client-vrf> command from config mode. This command enters
config-dhcp-relay mode.
Note
The agent will relay DHCP requests from any client on an interface in the specified VRF. This does not require per-interface configuration.
DHCP Relay Agent Configuration¶
While in config-dhcp-relay mode the following commands are available to
configure DHCP relay agent behavior for a client VRF:
- description <text>:
Text describing the purpose of this relay agent.
- (source-ipv4-address|source-ipv6-address) <ip-addr>:
The source IPv4 or IPv6 address the relay agent will use when relaying packets to the upstream DHCP server. This is required.
Note
The relay agent utilizes this address in compliance with RFC 3527. The agent moves the original gateway IP address (
giaddr) in the DHCP request, which represents the address upon which TNSR received the packet, to agent information suboption5.This behavior allows DHCP servers to respond to relayed requests even when they do not have direct routes back to client subnets.
Some DHCP servers, such as Kea, automatically support this feature and can utilize the suboption
5value to select an address pool automatically without needing to configure special client classifications.- (server-ipv4|server-ipv6) <server-vrf> <ip-addr>:
Specifies the IPv4 or IPv6 destination for relayed DHCP requests matching the address family of the server.
- <server-vrf>:
The VRF through which the server can be reached. This is required. This does not need to match the client VRF.
Note
The server VRF can be the same as the client VRF, for example both may be
defaultif the TNSR configuration only contains one VRF.- <ip-addr>:
The IPv4 or IPv6 address of the DHCP server to which TNSR will deliver relayed requests.
Examples¶
DHCPv4¶
This example demonstrates configuring IPv4 DHCP relay to an upstream server. In
this example, the client and server VRF are both default. The source IP
address is 203.0.113.30 and the IP address of the upstream DHCP server is
198.51.100.9.
tnsr(config)# dhcp-relay default
tnsr(config-dhcp-relay)# description Relay Upstream
tnsr(config-dhcp-relay)# source-ipv4-address 203.0.113.30
tnsr(config-dhcp-relay)# server-ipv4 default 198.51.100.9
tnsr(config-dhcp-relay)# exit
tnsr(config)#
DHPCv6¶
Relaying DHCPv6 requires an extra step of configuring IPv6 router advertisements on the interface such that clients are informed that they should utilize DHCPv6.
This configures the LAN interface as described in the previous paragraph:
tnsr(config)# interface LAN
tnsr(config-interface)# ipv6 router-advertisements
tnsr(config-interface-ipv6-ra)# send-advertisements true
tnsr(config-interface-ipv6-ra)# managed-flag true
tnsr(config-interface-ipv6-ra)# other-config-flag true
tnsr(config-interface-ipv6-ra)# prefix 2001:db8:f4:1::/64
tnsr(config-interface-ipv6-ra-prefix)# on-link-flag true
tnsr(config-interface-ipv6-ra-prefix)# exit
tnsr(config-interface-ipv6-ra)# exit
tnsr(config-interface)# exit
Next, configure DHCP relay to send requests to an upstream DHCPv6 server:
tnsr(config)# dhcp-relay default
tnsr(config-dhcp-relay)# description Relay Upstream
tnsr(config-dhcp-relay)# source-ipv6-address 2001:db8:0:2::30
tnsr(config-dhcp-relay)# server-ipv6 default 2001:db8::9
tnsr(config-dhcp-relay)# exit
tnsr(config)#
Status¶
To view the current list of configured DHCP relays, use the show dhcp-relay
[<client-vrf>] command:
tnsr(config)# show dhcp-relay default
Source VRF Source IP Server IP Server VRF
----------- ------------ ------------ -----------
default 203.0.113.30 198.51.100.9 default