IPv4 DHCP Hosts
This chapter provides information about IPv4 DHCP host configurations.
Topics in this chapter include:
Applicability
This chapter is related to the use of IPv4 only, and was originally written for and tested on Release 7.0.R6. The CLI now corresponds to Release 16.0.R6.
Configuration and troubleshooting commands are given for Bridged CO and Routed CO scenarios.
In the Triple Play Service Delivery Architecture (TPSDA), a subscriber is defined as a collection of hosts pertaining to a single access connection (such as a DSL line) and identified by a subscriber identifier. A subscriber host is an end user terminal within the subscriber home (for example, a PC, set-top box, home gateway) that is identified in the network with a unique (IP address; MAC address) tuple for IPoE or (PPPoE session ID; MAC address) tuple for PPPoE.
Following IPv4 host types are distinguished:
Static hosts
ip-mac
ip-only
Dynamic hosts
ARP-host
DHCP-host
PPPoE-host
This chapter provides configuration and troubleshooting commands for DHCP-hosts.
Overview
Knowledge of the Triple Play Service Delivery Architecture (TPSDA) concepts is assumed throughout this document.
The network topology for a Bridged CO environment is displayed in Bridged CO Network Topology and for a Routed CO environment in Routed CO Network Topology.
Following configuration tasks should be done first and are not detailed in this configuration note:
Basic service router configurations such as system interface, IGP (ISIS or OSPF), MPLS, BGP.
Bridged CO service topology: VPLS on BSA-1, terminated in a VPRN or IES service on BSR-1.
Routed CO service topology: VPRN or IES service with subscriber and group interface on BSR-1.
External DHCP server: server configuration and connectivity in the VPRN or base router instance.
External RADIUS server: server configuration and connectivity in the VPRN or base router instance (Enhanced Subscriber Management (ESM) only).
This chapter focuses on DHCP hosts instantiated in a VPLS service on BSA-1 (Bridged CO) or in a VPRN service subscriber interface on BSR-1 (Routed CO). Note that in case of Routed CO, it is also possible to instantiate the DHCP hosts in the base routing instance using an IES service.
Most of the DHCP host functionality is available with Basic Subscriber Management (BSM). When ESM is required, it is explicitly stated.
Review of the DHCP Protocol
The DHCP protocol is used by a DHCP server to dynamically assign IP addresses and other optional configuration parameters on request of DHCP clients. These parameters are leased by the DHCP server for a duration specified by the lease time.
The DHCP lease process is outlined in DHCP Lease Process.
When a DHCP client boots, a DHCP discover message is broadcast on the local subnet (dest-ip = 255.255.255.255).
A DHCP server in the local subnet responds with a unicast DHCP offer message containing the your ip address field as well as other configuration parameters in the option fields (such as subnet mask, default gateway, DNS server IP addresses, lease time, etc.).
The DHCP client responds with a DHCP request message to accept the parameters specified in the DHCP offer. The DHCP request is also broadcast on the local subnet.
The DHCP server acknowledges the DHCP request with a unicast DHCP ack message.
When the DHCP client receives a DHCP ack from the server, it is said to be in the bound state.
When half of the lease time has expired, the DHCP client tries to renew the lease. It will send a unicast DHCP request message to the DHCP server. The DHCP server will reply to the request with a unicast DHCP ack to the client.
If the renew failed, a rebind is attempted by default at 7/8 of the lease time. It will send a broadcast DHCP request message.
Before disconnecting from the local subnet, a DHCP client may return its lease by sending a DHCP release message to the DHCP server.
In case no DHCP server is present in the subnet of the DHCP client, a DHCP relay agent is needed to forward the broadcast DHCP discover/request messages on behalf of the DHCP client to a DHCP server located on a different subnet. The DHCP relay agent will add the gateway IP address field to the messages and send them as unicast to the DHCP server IP address. The DHCP server in this case will respond to the DHCP relay agent using a unicast frame. The DHCP relay agent forwards the DHCP server messages in broadcast frames on the DHCP client subnet.
Configuration
DHCP Snooping
DHCP client originated messages (discover, request, release) must be snooped (intercepted and sent to the control plane for further processing) to enable DHCP Option 82 insertion, authentication through local user database (LUDB), AAA/RADIUS or AAA/Diameter, and releasing the DHCP host session state.
For Bridged CO, DHCP snooping must be enabled explicitly on the subscriber SAP:
# Bridged CO @ BSA-1
configure
service
vpls 1
---snip---
sap 1/1/3:1 split-horizon-group "rshg-1" create
description "sub-1"
dhcp
snoop
no shutdown
exit
exit
exit
exit
exit
DHCP server originated messages (offer, ack, nak, etc.) must be snooped to enable DHCP Option 82 removal, lease state population and/or ESM functions.
For Bridged CO, DHCP snooping must be enabled explicitly on all SDPs and/or SAPs that should provide connectivity to the DHCP server:
# Bridged CO @ BSA-1
configure
service
vpls 1
---snip---
spoke-sdp 1:1 create
dhcp
snoop
exit
no shutdown
exit
exit
exit
exit
For Routed CO, DHCP snooping is implicitly enabled by configuring a DHCP relay agent (DHCP Relay Agent): All DHCP messages received on a routed network interface will be snooped, that is, they are intercepted and sent to the control plane for further processing.
DHCP Relay Agent
For Bridged CO, the DHCP relay agent function is configured in the IP edge (BSR), at the regular interface level:
# Bridged CO @ BSR-1
configure
service
vprn 1
---snip---
interface "int-BSA1-p2mp-1" create
description "Bridged CO"
address 10.1.0.254/16
dhcp
server 172.16.0.1
trusted
gi-address 10.1.0.254
no shutdown
exit
---snip---
ip-mtu 1500
spoke-sdp 1:1 create
no shutdown
exit
exit
exit
exit
exit
For Routed CO, the DHCP relay agent function must be configured at BSR-1 group-interface level where the DHCP host will be instantiated:
# Routed CO @ BSR-1
configure
service
vprn 1
---snip---
subscriber-interface "sub-int-1" create
description "Routed CO"
address 10.2.0.254/16
group-interface "group-int-1" create
---snip---
dhcp
server 172.16.0.1
trusted
---snip---
gi-address 10.2.0.254
no shutdown
exit
exit
exit
exit
exit
exit
The server command defines the IP address of the DHCP server and must be reachable in the same routing instance as where the (subscriber-)interface is defined.
The trusted command makes the interface a trusted interface and enables Option 82 insertion by a Layer 2 DHCP relay agent (see DHCP Options (Relay Agent Information)).
The gi-address must be a locally configured IP address on the (subscriber-) interface. By default the DHCP messages relayed to the DHCP server use the outgoing interface IP address as source IP address. By specifying the optional src-ip-addr flag, the configured gi-address is used as the source IP address:
- CLI Syntax:
— gi-address 10.2.0.254 src-ip-addr
A Layer 2 DHCP relay agent (such as BSAN or BSA) can add DHCP Option 82 information and leave the gi-address field to 0.0.0.0. The gi-address is the gateway IP address, filled in by the DHCP relay agent. An incoming DHCP discover with Option 82 present and gi-address field = 0.0.0.0 will be dropped by the DHCP relay agent according the RFC. The Rx Untrusted Packets and client Packets Discarded counters are increased in the DHCP statistics.
Output from DHCP debug log on BSR-1:
158 2019/04/09 14:44:32.78 CET MINOR: DEBUG #2001 vprn1 PIP
"PIP: DHCP
instance 2 (1), interface index 4 (group-int-1),
DROPPED DHCP Boot Request on Interface group-int-1 (1/1/3:1) Port 67
Problem: message is received from an untrusted client
Therefore, the DHCP relay agent should be configured as trusted to allow DHCP Option 82 insertion by a Layer 2 DHCP relay agent.
DHCP Options (Relay Agent Information)
In Bridged CO, when DHCP snooping is enabled on a VPLS SAP, DHCP Option 82 relay agent information can be altered or added on an incoming DHCP discover/request. This is referred to as a Layer 2 DHCP relay agent function.
In Routed CO, a DHCP relay agent can alter or add the DHCP Option 82 relay agent information on an incoming DHCP discover/request.
Supported DHCP Option 82 sub-options and their format are listed in Supported DHCP Option 82 Sub-Options:
Option 82 Sub-Option |
Format |
Example |
---|---|---|
Opt82 [1] Circuit ID (Routed CO) |
ifindex — 32 bit virtual router ID followed by a 32 bit ifindex in hex |
00 00 00 02 00 00 00 04 |
sap-id [sap id in ascii] |
1/1/3:1 |
|
ascii-tuple [system-name|service-id|group-interface|sap-id] |
||
vlan-ascii-tuple [system-name|service-id|group-interface|dot1p|vlan-id] |
‟BSR-1|1|group-int-1|0|1” |
|
Opt82 [1] Circuit ID (Bridged CO) |
ascii-tuple [system-name|service-id|sap-id] |
‟BSA-1|1|1/1/2:1” |
vlan-ascii-tuple [system-name|service-id|sap-id |dot1p|vlan-id] |
‟BSA-1|1|1/1/2:1|0|1” |
|
Opt82 [2] Remote ID (Bridged and Routed CO) |
MAC [client hw address in hex] |
fe fd 00 02 45 00 |
string (max. 32 chars) |
‟Opt-82 [2] – Remote ID” |
|
Opt82 [9] Vendor Specific (Bridged and Routed CO) |
[1] system-id [hostname in ascii] |
‟BSA-1” or ‟BSR-1” |
[2] client-mac-address [client hw address in hex] |
fe fd 00 02 45 00 |
|
[3] service-id |
1 |
|
[4] sap-id [sap id in ascii] |
‟1/1/2:1” |
|
[5] string (max. 32 chars) |
‟Opt-82 [9] [5] – string” |
|
Opt82 [9] Vendor Specific (Routed CO) |
[13] pool-name [dhcp pool name from Radius/Local User DB in ascii |
‟dhcp-pool-1” |
The application for the Option 82 Circuit-ID vlan-ascii-tuple format is to preserve the Dot1p marking of DHCP packets in the downstream direction (DHCP server to client). The dot1p value of the incoming DHCP discover/request is recorded as part of the Option 82 Circuit ID. The outgoing DHCP offer/ack packets are then marked with the Dot1p value found as part of the Circuit ID echoed by the DHCP server.
Following actions can be taken on incoming DHCP discover/request:
replace
drop
keep (default)
Replace
At ingress:
If present, remove all the Option 82 information from the incoming DHCP discover/request. Insert the configured DHCP options before forwarding to the DHCP relay agent or DHCP server.
At egress:
Remove all Option 82 information from the incoming DHCP offer/ack before forwarding to the client.
# Bridged CO @ BSA-1
configure
service
vpls 1
---snip---
sap 1/1/3:1 split-horizon-group "rshg-1" create
description "sub-1"
dhcp
snoop
option
action replace
remote-id string "Opt-82 [2] - Remote ID"
vendor-specific-option
system-id
client-mac-address
service-id
sap-id
string "Opt-82 [9][5] - Vendor ID"
exit
exit
no shutdown
exit
exit
exit
exit
exit
# Routed CO @ BSR-1
configure
service
vprn 1
---snip---
subscriber-interface "sub-int-1" create
description "Routed CO"
address 10.2.0.254/16
group-interface "group-int-1" create
---snip---
dhcp
option
action replace
circuit-id
remote-id string "Opt-82 [2] Remote-ID"
vendor-specific-option
system-id
client-mac-address
pool-name
service-id
sap-id
string "Opt-82 [9][5] string"
exit
exit
server 172.16.0.1
trusted
---snip---
gi-address 10.2.0.254
no shutdown
exit
exit
exit
exit
exit
exit
Drop
Drop all incoming DHCP discover/request with Option 82 information present.
Incoming DHCP discover/request without Option 82 information will be forwarded to (Bridged CO) or processed by (Routed CO) the DHCP relay agent as is, ignoring the configured options.
# Bridged CO @ BSA-1
configure
service
vpls 1
---snip---
sap 1/1/3:1 split-horizon-group "rshg-1" create
description "sub-1"
dhcp
snoop
option
action drop
exit
exit
exit
exit
exit
exit
# Routed CO @ BSR-1
configure
service
vprn 1
---snip---
subscriber-interface "sub-int-1" create
description "Routed CO"
address 10.2.0.254/16
group-interface "group-int-1" create
---snip---
dhcp
option
action drop
exit
server 172.16.0.1
trusted
gi-address 10.2.0.254
no shutdown
exit
exit
exit
exit
exit
exit
The output from the DHCP debug log on BSA-1 and BSR-1 is as follows:
# Bridged CO @ BSA-1
343 2019/04/10 10:39:28.811 CEST MINOR: DEBUG #2001 Base SVCMGR
"SVCMGR: Dropped DHCP Packet
VPLS 1, SAP 1/1/3:1
Problem: port config doesn't allow BOOTP/DHCP packets with option 82
# Routed CO @ BSR-1
730 2019/04/10 10:42:58.978 CEST MINOR: DEBUG #2001 vprn1 PIP
"PIP: DHCP
instance 2 (1), interface index 6 (group-int-1),
DROPPED DHCP Boot Request on Interface group-int-1 (1/1/3:1) Port 67
Problem: action drop is configured and packet contains option 82
The Clients Packets Dropped counter is increased in the DHCP statistics:
*A:BSA-1# show service id 1 dhcp statistics
=====================================================
DHCP Statistics, service 1
=====================================================
Client Packets Snooped : 85
Client Packets Forwarded : 52
Client Packets Dropped : 9
Client Packets Proxied (RADIUS) : 0
Client Packets Proxied (Diameter) : 0
Client Packets Proxied (User-Db) : 0
Client Packets Proxied (Lease-Split) : 24
Server Packets Snooped : 43
Server Packets Forwarded : 19
Server Packets Dropped : 24
DHCP RELEASEs Spoofed : 24
DHCP FORCERENEWs Spoofed : 0
=====================================================
*A:BSA-1#
*A:BSR-1# show service id 1 dhcp statistics
====================================================================
DHCP Global Statistics, service 1
====================================================================
Rx Packets : 287
Tx Packets : 251
Rx Malformed Packets : 0
Rx Untrusted Packets : 0
Client Packets Discarded : 36
Client Packets Relayed : 124
Client Packets Snooped : 6
Client Packets Proxied (RADIUS) : 0
Client Packets Proxied (Diameter) : 0
Client Packets Proxied (User-Db) : 0
Client Packets Proxied (Lease-Split) : 0
Server Packets Discarded : 52
Server Packets Relayed : 69
Server Packets Snooped : 0
DHCP RELEASEs Spoofed : 52
DHCP FORCERENEWs Spoofed : 0
Client packets streamed : 0
====================================================================
*A:BSR-1#
Keep (Default)
At ingress: Incoming DHCP discover/request without Option 82 information will be forwarded to (Bridged CO) or processed by (Routed CO) the DHCP relay agent as is, ignoring any configured option.
At ingress for incoming DHCP discover/request with Option 82 information present. Configured vendor specific options will be merged with the existing Option 82 information before sending to (Routed CO) or processing by (Routed CO) the DHCP relay agent. Configured Circuit ID and Remote ID options will be ignored.
At egress: Remove Option 82 vendor specific information from the incoming DHCP offer/ack before forwarding to the client. Other existing DHCP Option 82 information is retained.
# Bridged CO @ BSA-1
configure
service
vpls 1
---snip---
sap 1/1/3:1 split-horizon-group "rshg-1" create
description "sub-1"
dhcp
snoop
option
action keep
exit
exit
exit
exit
exit
# Routed CO @ BSR-1
configure
service
vprn 1
---snip---
subscriber-interface "sub-int-1" create
description "Routed CO"
address 10.2.0.254/16
group-interface "group-int-1" create
---snip---
dhcp
option
action keep
exit
server 172.16.0.1
trusted
gi-address 10.2.0.254
no shutdown
exit
exit
exit
exit
exit
DHCP Lease State
The DHCP lease state table keeps track of the DHCP host states. The DHCP lease state table enables subscriber management functions (per-subscriber QoS and accounting) and security functions (dynamic anti-spoof filtering) on the DHCP host.
The DHCP lease information for a specific host is extracted from the DHCP ack message.
Information in DHCP Lease State displays some information stored in the DHCP lease state. The table does not display all information: additional data is added for managed SAPs, DHCPv6, etc.
Parameter |
Comment |
---|---|
Service ID |
Service where the DHCP host is connected |
IP Address |
IP address of the DHCP host |
Client HW Address |
Ethernet MAC address of the DHCP host |
Subscriber-interface (Routed CO only) |
Subscriber interface name where the DHCP host is instantiated |
Group-interface (Routed CO only) |
Group interface name where the DHCP host is instantiated |
SAP |
SAP where the DHCP hosts is connected |
Up Time |
The DHCPv4 host uptime |
Remaining Lease Time |
The time remaining before the lease expires |
Remaining SessionTime |
The time remaining before the DHCPv4 host is deleted from the system (updated each time a DHCP renew/rebind occurs) |
Persistence Key |
Lookup key for this host in the persistency file (see further) |
Sub-Ident |
ESM: Subscriber ID of the DHCP host |
Sub-Profile-String |
ESM: Subscriber profile string of the DHCP host |
SLA-Profile-String |
ESM: SLA profile string of the DHCP host |
App-Profile-String |
ESM: Application profile string of the DHCP host |
Lease ANCP-String |
ESM: ANCP string for this DHCP host |
Lease Int Dest Id |
ESM: Internal destination ID for this DHCP host |
Category-Map-Name |
ESM: Volume and Time based accounting |
Lease Info origin |
ESM: Origin for the IP configuration for this host (None, DHCP, RADIUS, etc.) |
Ip-Netmask |
The IP netmask for this DHCP host |
Broadcast-Ip-Addr |
The broadcast IP address for this host |
Default-Router |
The default gateway for this host |
Primary-Dns |
The primary DNS server for this host |
Secondary-Dns |
The secondary DNS server for this host |
Primary-Nbns |
The primary NetBIOS name server for this host |
Secondary-Nbns |
The secondary NetBIOS name server for this host |
ServerLeaseStart |
Time and date that the lease for this host started (first DHCP ack received) |
ServerLastRenew |
Time and date that the lease for this host was last renewed |
ServerLeaseEnd |
Time and date that the lease for this host will expire |
Session-Timeout |
The DHCPv4 is deleted when its uptime reaches this value |
IPoE|PPP session |
Indication if this lease belongs to an IPoE or PPP session, or to no session |
Lease-Time |
The lease time specified by the DHCPv4 server |
DHCP Server Addr |
IP address of the DHCP server that allocated the lease for this host |
Circuit Id |
DHCP Relay Agent information Option 82 Circuit ID content |
Remote Id |
DHCP Relay Agent information Option 82 Remote ID content |
RADIUS User-Name |
ESM: Username used in the RADIUS authentication access request |
For Bridged CO, the DHCP lease state table can only be populated through explicit configuration with the lease-populate command. The number of leases allowed on the VPLS SAP must be specified. When omitted, a single DHCP host is allowed per SAP.
# Bridged CO @ BSA-1
configure
service
vpls 1
---snip---
sap 1/1/3:1 split-horizon-group "rshg-1" create
description "sub-1"
dhcp
snoop
lease-populate 10
no shutdown
exit
exit
exit
exit
exit
For Routed CO, DHCP lease state table population is enabled by default on a group interface with DHCP configured as no shutdown. The number of leases allowed on each SAP of the group-interface must be configured (by default a single DHCP host is allowed on each SAP):
# Routed CO @ BSR-1
configure
service
vprn 1
---snip---
subscriber-interface "sub-int-1" create
description "Routed CO"
address 10.2.0.254/16
group-interface "group-int-1" create
dhcp
server 172.16.0.1
trusted
lease-populate 10
gi-address 10.2.0.254
no shutdown
exit
exit
exit
exit
exit
exit
To check the DHCP lease state for a particular service, use the show service id <service-id> dhcp lease-state command. Detailed output as well as additional output filtering is available:
*A:BSA-1# show service id 1 dhcp lease-state ?
- lease-state [wholesaler <service-id>] [sap <sap-id>|sdp <sdp-id:vc-id>|interface <interface-name>|ip-address <ip-address[/mask]>|chaddr <ieee-address>|mac <ieee-address>|{[port <port-id>] [no-inter-dest-id | inter-dest-id <inter-dest-id>]}] [session {none|ipoe}] [detail]
A:BSR-1# show service id 1 dhcp lease-state ?
- lease-state [wholesaler <service-id>] [sap <sap-id>|sdp <sdp-id:vc-id>|interface <interface-name>|ip-address <ip-address[/mask]>|chaddr <ieee-address>|mac <ieee-address>|{[port <port-id>] [no-inter-dest-id | inter-dest-id <inter-dest-id>]}] [session {none|ipoe}] [detail]
*A:BSA-1# show service id 1 dhcp lease-state mac 00:00:00:11:11:11 detail
===============================================================================
DHCP lease states for service 1
===============================================================================
Service ID : 1
IP Address : 10.1.0.100
Client HW Address : 00:00:00:11:11:11
SAP : 1/1/3:1
Termination Type : local
Up Time : 0d 01:46:22
Remaining Lease Time : 0d 10:13:37
Remaining SessionTime: N/A
Persistence Key : N/A
Sub-Ident : "sub-11"
Sub-Profile-String : "sub-profile-1"
SLA-Profile-String : "sla-profile-1"
App-Profile-String : ""
Lease ANCP-String : ""
Lease Int Dest Id : ""
Category-Map-Name : ""
Lease Info origin : DHCP
Ip-Netmask : 255.255.0.0
Broadcast-Ip-Addr : 10.1.255.255
Default-Router : 10.1.0.254
Primary-Dns : N/A
Secondary-Dns : N/A
Primary-Nbns : N/A
Secondary-Nbns : N/A
ServerLeaseStart : 04/09/2019 13:47:36
ServerLastRenew : 04/09/2019 13:47:36
ServerLeaseEnd : 04/10/2019 01:47:36
Session-Timeout : N/A
IPoE|PPP session : No
Lease-Time : 0d 12:00:00
DHCP Server Addr : 172.16.0.1
Radius User-Name : "00:00:00:11:11:11"
-------------------------------------------------------------------------------
Number of lease states : 1
===============================================================================
*A:BSA-1#
*A:BSR-1# show service id 1 dhcp lease-state mac 00:00:00:33:33:33 detail
===============================================================================
DHCP lease states for service 1
===============================================================================
Service ID : 1
IP Address : 10.2.0.102
Client HW Address : 00:00:00:33:33:33
Subscriber-interface : sub-int-1
Group-interface : group-int-1
SAP : 1/1/3:1
Termination Type : local
Up Time : 0d 01:43:48
Remaining Lease Time : 0d 10:16:12
Remaining SessionTime: N/A
Persistence Key : N/A
Sub-Ident : "sub-33"
Sub-Profile-String : "sub-profile-1"
SLA-Profile-String : "sla-profile-1"
App-Profile-String : ""
Lease ANCP-String : ""
Lease Int Dest Id : ""
Category-Map-Name : ""
Lease Info origin : DHCP
Ip-Netmask : 255.255.0.0
Broadcast-Ip-Addr : 10.2.255.255
Default-Router : 10.2.0.254
Primary-Dns : N/A
Secondary-Dns : N/A
Primary-Nbns : N/A
Secondary-Nbns : N/A
ServerLeaseStart : 04/09/2019 13:53:58
ServerLastRenew : 04/09/2019 13:53:58
ServerLeaseEnd : 04/10/2019 01:53:58
Session-Timeout : N/A
IPoE|PPP session : No
Lease-Time : 0d 12:00:00
DHCP Server Addr : 172.16.0.1
Radius User-Name : "00:00:00:33:33:33"
-------------------------------------------------------------------------------
Number of lease states : 1
===============================================================================
*A:BSR-1#
DHCP Host Session: Set-up, Operation and Release
Snooping the DHCP communication between a DHCP client and a DHCP relay agent/server facilitates the DHCP host instantiation: Upon the reception of a DHCP ack message from the server, the DHCP lease state table is populated. With ESM enabled, a DHCP host is also instantiated. The DHCP host will appear in the subscriber-host table for the service with origin set to DHCP.
*A:BSA-1# show service id 1 subscriber-hosts
=============================================================
Subscriber Host table
=============================================================
Sap Subscriber
IP Address
MAC Address PPPoE-SID Origin
-------------------------------------------------------------
1/1/3:1 sub-11
10.1.0.100
00:00:00:11:11:11 N/A DHCP
-------------------------------------------------------------
Number of subscriber hosts : 1
=============================================================
*A:BSA-1#
*A:BSR-1# show service id 1 subscriber-hosts
=============================================================
Subscriber Host table
=============================================================
Sap Subscriber
IP Address
MAC Address PPPoE-SID Origin Fwding State
-------------------------------------------------------------
1/1/3:1 sub-33
10.2.0.102
00:00:00:33:33:33 N/A DHCP Fwding
-------------------------------------------------------------
Number of subscriber hosts : 1
=============================================================
*A:BSR-1#
If ESM is enabled, the subscriber-host will also appear in the active subscriber table:
*A:BSR-1# show service active-subscribers
===============================================================================
Active Subscribers
===============================================================================
-------------------------------------------------------------------------------
Subscriber sub-33 (sub-profile-1)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
(1) SLA Profile Instance sap:1/1/3:1 - sla:sla-profile-1
-------------------------------------------------------------------------------
IP Address
MAC Address Session Origin Svc Fwd
-------------------------------------------------------------------------------
10.2.0.102
00:00:00:33:33:33 N/A DHCP 1 Y
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Number of active subscribers : 1
===============================================================================
*A:BSR-1#
Troubleshooting the DHCP session set-up is done with DHCP debugging:
*A:BSA-1# debug service id 1 dhcp ?
- dhcp
- no dhcp
[no] detail-level - Configure the DHCP tracing detail level
[no] mac - Show DHCP packets for a particular MAC address
[no] mode - Configure the DHCP tracing mode
[no] sap - Show DHCP packets for a particular SAP
[no] sdp - Show DHCP packets for a particular SDP
*A:BSA-1#
*A:BSR-1# debug router 1 ip dhcp ?
- dhcp [interface <ip-int-name>]
- dhcp mac <ieee-address>
- dhcp sap <sap-id>
- no dhcp [interface <ip-int-name>]
- no dhcp mac <ieee-address>
- no dhcp sap <sap-id>
---snip---
*A:BSR-1#
For example:
*A:BSA-1# show debug
debug
service
id 1
dhcp
mode egr-ingr-and-dropped
detail-level medium
exit
exit
exit
exit
*A:BSA-1#
*A:BSR-1# show debug
debug
router "1"
ip
dhcp
detail-level medium
mode egr-ingr-and-dropped
exit
exit
exit
exit
*A:BSR-1#
The example above will log all DHCP packets on the service. When thousands of DHCP hosts are active, fine grained filtering is required: for example look only to dropped packets or look only to packets from a particular MAC address.
To display the debugging information, a dedicated log should be created:
configure
log
log-id 1
description "Send debug log to a buffer in memory"
from debug-trace
to memory
no shutdown
exit
exit
exit
The following shows a sample DHCP debug log output (detail-level medium) on BSA-1:
77 2019/04/09 13:58:20.022 CEST MINOR: DEBUG #2001 Base SVCMGR
"SVCMGR: RX DHCP Packet
VPLS 1, spoke-sdp 1:1
BootReply to UDP port 68
ciaddr: 0.0.0.0 yiaddr: 10.1.0.102
siaddr: 172.16.0.1 giaddr: 10.1.0.254
chaddr: 00:00:00:22:22:22 xid: 0x7
DHCP options:
[53] Message type: Ack
[54] DHCP server addr: 172.16.0.1
[51] Lease time: 43200
[1] Subnet mask: 255.255.0.0
[3] Router: 10.1.0.254
[58] Renew timeout: 21600
[59] Rebind timeout: 37800
[28] Broadcast addr: 10.1.255.255
[255] End
"
During the lifespan of a DHCP host, the DHCP lease state is updated in the system: for example, the remaining lifetime changes after a DHCP renew. To check the lease details from the DHCP host during its lifespan, consult the DHCP lease state details:
*A:BSA-1# show service id 1 dhcp lease-state detail
===============================================================================
DHCP lease states for service 1
===============================================================================
Service ID : 1
IP Address : 10.1.0.100
Client HW Address : 00:00:00:11:11:11
SAP : 1/1/3:1
Termination Type : local
Up Time : 0d 02:09:01
Remaining Lease Time : 0d 09:50:58
Remaining SessionTime: N/A
Persistence Key : N/A
---snip---
ServerLeaseStart : 04/09/2019 13:47:36
ServerLastRenew : 04/09/2019 13:47:36
ServerLeaseEnd : 04/10/2019 01:47:36
Session-Timeout : N/A
IPoE|PPP session : No
Lease-Time : 0d 12:00:00
DHCP Server Addr : 172.16.0.1
Radius User-Name : "00:00:00:11:11:11"
-------------------------------------------------------------------------------
Number of lease states : 1
===============================================================================
*A:BSA-1#
If the remaining lifetime timer expires before the DHCP session is renewed or rebound, the DHCP lease state is cleared. If ESM is enabled, the DHCP host is removed from the system.
A DHCP host can be manually deleted from the system using following clear command:
*A:BSA-1# clear service id 1 dhcp lease-state ?
- lease-state all [no-dhcp-release]
- lease-state [port <port-id>] inter-dest-id <intermediate-destination-id>
[no-dhcp-release]
- lease-state [port <port-id>] no-inter-dest-id [no-dhcp-release]
- lease-state ip-address <ip-address[/mask]> [no-dhcp-release]
- lease-state mac <ieee-address> [no-dhcp-release]
- lease-state port <port-id> [no-dhcp-release]
- lease-state sap <sap-id> [no-dhcp-release]
- lease-state sdp <sdp-id:vc-id> [no-dhcp-release]
---snip---
*A:BSA-1# clear service id 1 dhcp lease-state ip-address 10.1.0.100
The DHCP lease state is deleted with all related state (such as, anti-spoof filter, ARP table entry). If ESM is enabled, the DHCP host is removed from the system. Optionally, a DHCP release is sent to the DHCP server to notify that the IP address can be released. This is reflected in the DHCP statistics in the DHCP RELEASEs Spoofed counter. Use the no-dhcp-release flag in the clear command if no DHCP release is to be sent when issuing the clear command.
To display a summary overview of the DHCP configuration on a particular service:
*A:BSA-1# show service id 1 dhcp summary
========================================================================
DHCP Summary, service 1
========================================================================
Sap/Sdp Snoop Used/ Arp Reply Info Admin
Provided Agent Option State
------------------------------------------------------------------------
sap:1/1/3:1 Yes 0/10 Yes Keep Up
sap:1/1/3:2 Yes 0/10 Yes Keep Up
sdp:1:1 Yes N/A N/A N/A N/A
------------------------------------------------------------------------
Number of Entries : 3
------------------------------------------------------------------------
========================================================================
*A:BSA-1#
*A:BSR-1# show service id 1 dhcp summary
===============================================================================
DHCP Summary, service 1
===============================================================================
Interface Name Arp Leases Per Interface/ Info Admin
SapId/Sdp Populate Per Sap Limit Option State
-------------------------------------------------------------------------------
group-int-1 Yes 1/10 Keep Up
int-BSA1-p2mp-1 No 0/0 Keep Up
-------------------------------------------------------------------------------
Interfaces: 2
===============================================================================
*A:BSR-1#
The Leases Per Interface/Per Sap Limit field indicates the number of active versus the number of allowed DHCP leases on the SAP, SDP or interface.
To check the DHCP statistics, use the following command:
*A:BSA-1# show service id 1 dhcp statistics
=====================================================
DHCP Statistics, service 1
=====================================================
Client Packets Snooped : 33
Client Packets Forwarded : 33
Client Packets Dropped : 0
Client Packets Proxied (RADIUS) : 0
Client Packets Proxied (Diameter) : 0
Client Packets Proxied (User-Db) : 0
Client Packets Proxied (Lease-Split) : 0
Server Packets Snooped : 12
Server Packets Forwarded : 12
Server Packets Dropped : 0
DHCP RELEASEs Spoofed : 1
DHCP FORCERENEWs Spoofed : 0
=====================================================
*A:BSA-1#
*A:BSR-1# show service id 1 dhcp statistics
====================================================================
DHCP Global Statistics, service 1
====================================================================
Rx Packets : 59
Tx Packets : 38
Rx Malformed Packets : 0
Rx Untrusted Packets : 0
Client Packets Discarded : 21
Client Packets Relayed : 18
Client Packets Snooped : 2
Client Packets Proxied (RADIUS) : 0
Client Packets Proxied (Diameter) : 0
Client Packets Proxied (User-Db) : 0
Client Packets Proxied (Lease-Split) : 0
Server Packets Discarded : 0
Server Packets Relayed : 18
Server Packets Snooped : 0
DHCP RELEASEs Spoofed : 0
DHCP FORCERENEWs Spoofed : 0
Client packets streamed : 0
====================================================================
*A:BSR-1#
Additional filtering can be done to retrieve DHCP statistics per SAP, SDP or interface.
To clear the DHCP statistics:
*A:BSA-1# clear service id 1 dhcp statistics ?
- statistics [sap <sap-id> | sdp <sdp-id:vc-id> |
interface <ip-int-name|ip-address>]
---snip---
*A:BSA-1#
*A:BSR-1# clear router 1 dhcp statistics ?
- statistics [<ip-int-name|ip-address>]
<ip-int-name|ip-ad*> : ip-int-name - 32 chars max
ip-address - a.b.c.d
---snip---
*A:BSR-1#
DHCP Hosts Advanced Topics
High Availability
The DHCP lease state supports High Availability (HA): the lease state table is synchronized to the standby CPM. When the active CPM fails, all DHCP hosts stay active without service interruption.
DHCP Lease State Persistency
A DHCP session does not have a keep-alive mechanism to detect unavailability. A new DHCP session set up is only attempted after expiration of the DHCP lease time. A node reboot causing the loss of DHCP lease state and the corresponding anti-spoof filters could therefore result in unacceptable long service outages.
The DHCP lease state can be made persistent across node reboots: DHCP lease state is restored from a persistency file stored on the compact flash file system. As a result, DHCP sessions will only loose connectivity during the time of reboot without being completely disconnected.
To activate the DHCP lease state persistency:
configure
system
persistence
subscriber-mgmt
description "DCHP lease state persistency"
location cf3:
exit
exit
exit
exit
A dedicated persistency file will be created on the specified compact flash file system. The file is initialized to store the maximum number of allowed hosts; its size is constant to avoid file system space problems during operations.
*A:BSA-1# file dir cf3:\sub*
Volume in drive cf3 on slot A is SROS VM.
Volume in drive cf3 on slot A is formatted as FAT32
Directory of cf3:
04/10/2019 08:25a 536871424 submgmt.012
04/10/2019 08:25a 12583424 submgmt.i12
2 File(s) 549454848 bytes.
0 Dir(s) 330903552 bytes free.
*A:BSA-1#
Each time a DHCP ack is received from the DHCP server, the persistency file is updated together with the lease state. If the file update fails, an event is generated to indicate that persistency can not be guaranteed.
The content of the persistency file may vary between different SR OS software releases. When upgrading, the persistency file is automatically upgraded to the new format. To downgrade the persistency file to a lower SR OS release version, use the following command:
*A:BSA-1# tools perform persistence downgrade ?
- downgrade target-version <target> [reboot]
<target> : the version you want to downgrade to
submgt
14.0 (current) - cf3:\submgmt.012
13.0 - cf3:\submgmt.011
12.0 - cf3:\submgmt.010
11.0 - cf3:\submgmt.009
10.0 - cf3:\submgmt.008
9.0 - cf3:\submgmt.007
8.0 - cf3:\submgmt.006
7.0 - cf3:\submgmt.005
6.0 - cf3:\submgmt.004
5.0 - cf3:\submgmt.003
4.0 - cf3:\submgmt.pst
<reboot> : reboot system after successful conversion
The content of the persistency file can be looked at using the following command:
*A:BSA-1# show service id 1 dhcp lease-state mac 00:00:00:11:11:11 detail
===============================================================================
DHCP lease states for service 1
===============================================================================
Service ID : 1
IP Address : 10.1.0.100
Client HW Address : 00:00:00:11:11:11
SAP : 1/1/3:1
Termination Type : local
Up Time : 0d 00:00:15
Remaining Lease Time : 0d 11:59:45
Remaining SessionTime: N/A
Persistence Key : 0x00000000
---snip---
Relay Agent Information
Circuit Id : 11
Radius User-Name : "00:00:00:11:11:11"
-------------------------------------------------------------------------------
Number of lease states : 1
===============================================================================
*A:BSA-1#
*A:BSA-1# tools dump persistence submgt record 0x00000000
----------------------------------------
Persistence Record
----------------------------------------
Client : submgt
Persist-Key : 0x00000000
Filename : cf3:\submgmt.011
Entries : Index FedHandle Last Update Action Valid
000064 0x00000000 2019/02/24 08:21:13 (UTC) ADD Yes
Data : 300 bytes
Host Type : DHCP lease state
Service ID : 1
SAP ID : 1/1/3:1
NH MAC : 00:00:00:11:11:11
Srvr Lse Start : 2019/04/09 08:21:13 (UTC)
IP : 10.1.0.100
CHADDR : 00:00:00:11:11:11
Srvr Last Renew: 2019/04/09 08:21:13 (UTC)
Srvr Lse End : 2019/04/09 20:21:13 (UTC)
Srvr Addr : 172.16.0.1
Option82 : 4 bytes
RADIUS Fallback: NO
Acct-Sess-Id : 02D9FF0000000856CD67F9
Multi-Sess-Id : 02D9FF0000000956CD67F9
Class Attr : 0 bytes
User-Name : "00:00:00:11:11:11"
Address Origin : DHCP
host is authenticated by radius: true
Subscriber-Id : "sub-11"
Sub-Profile-Str: "sub-prof-1"
SLA-Profile-Str: "sla-prof-1"
Framed IP Netmask: 255.255.0.0
Broadcast IP Address: 10.1.255.255
Default Router : 10.1.0.254
Lease-Time : 43200
*A:BSA-1#
Limiting the Number of DHCP Hosts
Lease populate limit
The maximum number of DHCP lease state entries for a VPLS SAP, for an IES/VPRN interface or for each SAP on an IES/VPRN group-interface is defined when enabling the lease-populate. When omitted, a single DHCP host is allowed:
configure
service
vpls 1
---snip---
sap 1/1/3:2 split-horizon-group "rshg-1" create
description "sub-1"
dhcp
snoop
lease-populate 1
no shutdown
exit
exit
exit
exit
exit
When trying to instantiate a new DHCP host while the configured number of leases is reached, the DHCP ack is dropped (DHCP debug log output):
110 2019/04/09 16:25:03.030 CEST MINOR: DEBUG #2001 Base SVCMGR
"SVCMGR: Dropped DHCP Packet
VPLS 1, spoke-sdp 1:1
Problem: lease-populate limit (1) exceeded on SAP 1/1/3:2
The following event is generated (log-id 99):
95 2019/04/09 16:26:33.871 CEST WARNING: DHCP #2002 Base Maximum number of lease states
"Lease state for (CiAddr = 10.1.0.102, ChAddr = 00:00:00:22:22:22, leaseTime = 43200)
was notstored because the number of DHCP lease states on SAP 1/1/3:2 in service 1 has
reached its upper limit"
With ESM enabled, the following additional limits apply:
sla-profile host-limits
multi-sub-sap limit
SLA-profile host limits
TheSLA-profile contains host limits defining the maximum number of dynamic subscriber hosts per subscriber for this sla-profile. Static hosts are not counted in the host-limits.
*A:BSA-1>config>subscr-mgmt>sla-prof# host-limits ?
- host-limits
- no host-limits
[no] ipv4-arp - Maximum number of IPv4 ARP hosts
[no] ipv4-dhcp - Maximum number of IPv4 DHCP hosts
[no] ipv4-overall - Maximum number of IPv4 hosts
[no] ipv4-ppp - Maximum number of IPv4 PPP hosts
[no] ipv6-overall - Maximum number of IPv6 hosts
[no] ipv6-pd-ipoe-d* - Maximum number of IPv6-PD IPOE DHCP hosts
[no] ipv6-pd-overall - Maximum number of IPv6-PD hosts
[no] ipv6-pd-ppp-dh* - Maximum number of IPv6-PD PPP DHCP hosts
[no] ipv6-wan-ipoe-* - Maximum number of IPv6-Wan IPOE DHCP hosts
[no] ipv6-wan-ipoe-* - Maximum number of IPv6-Wan IPOE SLAAC hosts
[no] ipv6-wan-overa* - Maximum number of IPv6-Wan hosts
[no] ipv6-wan-ppp-d* - Maximum number of IPv6-Wan PPP DHCP hosts
[no] ipv6-wan-ppp-s* - Maximum number of IPv6-Wan PPP SLAAC hosts
[no] lac-overall - Maximum number of L2TP LAC hosts
[no] overall - Maximum number of hosts
[no] remove-oldest - Remove oldest
Optionally the remove-oldest command can be used. In that case, the new host is accepted and the DHCP lease state for the oldest host (with the least remaining lease time) is cleared. A DHCP release message is sent to the DHCP server.
The following example limits the amount of ipv4-dhcp hosts.
configure
subscriber-mgmt
sla-profile "sla-profile-2" create
host-limits
ipv4-dhcp 1
exit
exit
exit
exit
If the configured host-limit is reached for a subscriber, access is denied for a new host, an event is generated (log-id 99) and the corresponding DHCP ack message is dropped:
113 2019/04/09 16:34:05.002 CEST WARNING: DHCP #2005 Base Lease State Population Error
"Lease state table population error on SAP 1/1/3:2 in service 1 - subscriber sub-21,
sla-profile sla-profile-2 : host-limit ipv4-dhcp (1) exceeded "
Multi-sub-sap limit
The multi-sub-sap parameter defines the maximum number of subscribers (dynamic and static) that can be simultaneously active on this SAP. By default only a single subscriber is allowed (no multi-sub-sap).
# Bridged CO @ BSA-1
configure
service
vpls 1
sap 1/1/3:2
sub-sla-mgmt
multi-sub-sap 2
exit
exit
exit
exit
exit
# Routed CO @ BSR-1
configure
service
vprn 1
subscriber-interface "sub-int-1"
group-interface "group-int-1"
sap 1/1/3:2
sub-sla-mgmt
multi-sub-sap 2
exit
exit
exit
exit
exit
exit
exit
If the limit is reached, a new subscriber will be denied access, an event is generated (log-id 99) and the corresponding DHCP ack message is dropped:
112 2019/04/09 16:38:22.027 CET WARNING: DHCP #2005 vprn1 Lease State Population Error
"Lease state table population error on SAP 1/1/3:2 in service 1 - Number of
subscribers exceeds the configured multi-sub-sap limit (2)"
DHCP Host Connectivity Verification
Because the DHCP protocol does not have a keep-alive mechanism and IP address renewal is not frequent enough, alternative mechanisms are needed to track reachability of DHCP hosts.
The first alternative is called Subscriber Host Connectivity Verification (SHCV). An ARP unicast message is periodically sent to the DHCP host. The connectivity test fails:
If for X consecutive unicast ARP requests no ARP reply is received within the specified retry-timeout ([10 — 60] seconds, default 10). The number of retries (X-1) is specified by the retry-count ([2 — 29], default 2). Hence, at minimum 3 unicast ARP requests are send before connectivity is lost.
If the ARP reply contains an inconsistent IP/MAC compared with the local DHCP lease state
For a failed connectivity test, an event is raised and optionally the DHCP lease state is removed from the system by cleaning up all related resources (e.g. anti-spoof table) and sending a DHCP release to the DHCP server. When ESM is enabled, the DHCP host also is removed.
The interval for the periodic checks can be configured between 1 and 6000 minutes. If not specified, the default value of 10 minutes will be used.
The maximum time for DHCP host connectivity loss detection in this case is:
( (host-connectivity-verify interval) + ( (retry-count) * (retry-timeout) ) )
The parameters for the host-connectivity-verify command are:
*A:BSA-1>config>service>vpls>sap# host-connectivity-verify ?
- host-connectivity-verify source-ip <ip-address> [source-mac <ieee-address>] [interval <interval>] [action {remove|alarm}] [timeout <retry-timeout>]
[retry-count <count>]
<ip-address> : a.b.c.d
<ieee-address> : xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx
<interval> : [1..6000] minutes
<{remove|alarm}> : keywords
<retry-timeout> : [10..60] seconds
<count> : [2..29]
The configuration for Bridged CO is as follows, where the configured source IP should be an unused unique IP address in the DHCP client subnet or alternatively use source-ip 0.0.0.0. As the host-connectivity-verify application is sending a unicast ARP to the DHCP host, its ARP table is updated with the configured source-ip and source-mac (chassis MAC if not configured). If an existing IP address is used, the DHCP host ARP table gets poisoned, breaking the connectivity to that host.
# Bridged CO @ BSA-1
configure
service
vpls 1
sap 1/1/3:2
host-connectivity-verify source-ip 0.0.0.0 interval 1 action alarm
exit
The configuration for Routed CO is as follows, where the source IP is not configurable. The source-ip used in the unicast ARP is set to the local subscriber interface address in the subnet of the DHCP hosts that is checked for connectivity.
# Routed CO @ BSR-1
configure
service
vprn 1
subscriber-interface "sub-int-1"
group-interface "group-int-1"
host-connectivity-verify interval 1 action remove
exit
exit
To verify the result of the connectivity check:
*A:BSA-1# show service id 1 host-connectivity-verify statistics
===============================================================================
Host connectivity check statistics
===============================================================================
SvcId SapId/SdpId HostIp
DestIp MAC
Oper Last-reply/Conn-lost
-------------------------------------------------------------------------------
1 1/1/3:2 10.1.0.101
10.1.0.101 00:00:00:22:22:21
Up 04/09/2019 16:53:20 (elapsed: 0d 00:01:05)
-------------------------------------------------------------------------------
1 host-connectivity states : 1 Up / 0 Down / 0 Retry pending
===============================================================================
*A:BSA-1#
With action alarm, the lease-state is not removed in case the connectivity with the host is lost. An event is generated (log-id 99) and the statistics show:
*A:BSA-1# show service id 1 host-connectivity-verify statistics
===============================================================================
Host connectivity check statistics
===============================================================================
SvcId SapId/SdpId HostIp
DestIp MAC
Oper Last-reply/Conn-lost
-------------------------------------------------------------------------------
1 1/1/3:2 10.1.0.101
10.1.0.101 00:00:00:22:22:21
Down 04/10/2019 09:19:18 (elapsed: 0d 00:01:47)
-------------------------------------------------------------------------------
1 host-connectivity states : 0 Up / 1 Down / 0 Retry pending
===============================================================================
*A:BSA-1#
In case the connectivity with the host is lost, following event is generated:
229 2019/04/10 09:20:57.933 CEST WARNING: SVCMGR #2206 Base Host connectivity lost
"host connectivity lost on 1/1/3:2 in service 1 for inetAddr = 10.1.0.101,
chAddr=00:00:00:22:22:21, verify-addr=10.1.0.101."
When connectivity is restored, following event (log-id 99) is generated:
231 2019/04/10 09:27:22.933 CEST WARNING: SVCMGR #2207 Base Host connectivity restored
"host connectivity restored on 1/1/3:2 in service 1, for inetAddr = 10.1.0.101,
chAddr=00:00:00:22:22:21, verify-addr=10.1.0.101."
Connectivity to a DHCP host can also be checked using an OAM command:
*A:BSA-1# oam host-connectivity-verify service 1 sap 1/1/3:2
==============================================================================
Triggering host connectivity verify for service 1 sap 1/1/3:2 ...
Waiting 3 seconds ...
===============================================================================
Host connectivity check statistics
===============================================================================
SvcId SapId/SdpId HostIp
DestIp MAC
Oper Last-reply/Conn-lost
-------------------------------------------------------------------------------
1 1/1/3:2 10.1.0.101
10.1.0.101 00:00:00:22:22:21
Up 04/10/2019 09:33:09 (elapsed: 0d 00:00:02)
-------------------------------------------------------------------------------
1 host-connectivity states : 1 Up / 0 Down / 0 Retry pending
===============================================================================
*A:BSA-1#
Note that in this case, no action is triggered. If the connectivity test is successful, the host-connectivity-verify statistics are updated with the new timestamp last-reply. If the connectivity test fails, the host-connectivity state becomes Retry Pending (oper state unknown) until an automatic test is scheduled again in the next interval.
To troubleshoot host-connectivity-verify, enable following debug log (additional filtering is possible on ip address, mac address and/or SAP):
debug
service
id 1
host-connectivity-verify
exit
exit
exit
exit
DHCP Lease Split
The second alternative to the DHCP protocol not having a keep-alive mechanism to verify connectivity is to use a DHCP proxy server with the lease-split option.
A finer granularity of DHCP lease time is used between the DHCP client and the DHCP proxy server than between the DHCP proxy server and the DHCP server.
The maximum time for DHCP host connectivity loss detection in this case is the configured DHCP lease-split lease time.
DHCP communication between the DHCP client and DHCP server is snooped. In the DHCP ack message, the offered lease-time from the DHCP server is replaced with the configured DHCP proxy server lease-split lease time. Note that the lease time is only updated if the configured lease-split lease time is less than half of the original lease time value. The minimum value for the proxy server lease-split lease time is 5 minutes. When the DHCP client renews the DHCP session, the DHCP proxy server sends a DHCP ack on behalf of the DHCP server as long as the next renew time is earlier than half of the DHCP server expiry time for this session. With ESM enabled, RADIUS re-authentication will occur only when the DHCP request must be sent to the DHCP server. In other words, configuring a DHCP proxy with lease-split does not put extra load on the RADIUS server.
In the example in DHCP Proxy Server: Lease Split Operation, the DHCP server offers a lease time of 960 seconds. The lease time in the offer sent to DHCP client will be updated with the lease time of 300 seconds as configured in the DHCP proxy server lease-split on BSA-1.
# Bridged CO @ BSA-1
configure
service
vpls 1
sap 1/1/3:2
dhcp
proxy-server
lease-time min 5
no shutdown
exit
exit
# Routed CO @ BSR-1
configure
service
vprn 1
subscriber-interface "sub-int-1"
group-interface "group-int-1"
dhcp
proxy-server
lease-time min 5
no shutdown
exit
exit
The emulated server address in the DHCP proxy-server configuration does not have to be configured for lease-split operation. This parameter is needed for an alternative use of the DHCP proxy server: RADIUS based IP configuration of a subscriber host. This is out of the scope of this configuration note.
If DHCP lease split is operational for a DHCP host, it will be shown in the Remaining Lifetime field of the detailed lease-state output. Note that the Session Timeout field is the original offered lease time from the DHCP server.
*A:BSA-1# show service id 1 dhcp lease-state detail
===============================================================================
DHCP lease states for service 1
===============================================================================
Service ID : 1
IP Address : 10.1.0.101
Client HW Address : 00:00:00:22:22:21
SAP : 1/1/3:2
Termination Type : local
Up Time : 0d 00:00:10
Remaining Lease Time : 0d 00:04:49 (Lease Split)
Remaining SessionTime: N/A
Persistence Key : N/A
Sub-Ident : "sub-21"
Sub-Profile-String : "sub-profile-2"
SLA-Profile-String : "sla-profile-2"
App-Profile-String : ""
Lease ANCP-String : ""
Lease Int Dest Id : ""
Category-Map-Name : ""
Lease Info origin : DHCP
Ip-Netmask : 255.255.0.0
Broadcast-Ip-Addr : 10.1.255.255
Default-Router : 10.1.0.254
Primary-Dns : N/A
Secondary-Dns : N/A
Primary-Nbns : N/A
Secondary-Nbns : N/A
ServerLeaseStart : 04/10/2019 09:44:06
ServerLastRenew : 04/10/2019 09:44:06
ServerLeaseEnd : 04/10/2019 21:44:06
Session-Timeout : N/A
IPoE|PPP session : No
Lease-Time : 0d 12:00:00
DHCP Server Addr : 172.16.0.1
Radius User-Name : "00:00:00:22:22:21"
-------------------------------------------------------------------------------
Number of lease states : 1
===============================================================================
*A:BSA-1#
When the DHCP client disconnects without sending a DHCP release, the DHCP lease state in the BSA/BSR will be removed only when the DHCP lease time expires. With DHCP proxy server lease-split, the DHCP client disconnection can be sped up. In the example below, the DHCP client disconnection is detected in less than 5 minutes (lease-split lease time) while it would have taken up to 16 minutes without the lease-split. Note that the values are illustrative; in reality the DHCP lease times will be higher.
DHCP Host Mobility
A field technician verifying DSLAM operation often connects and disconnects from different ports rapidly. This will require the node to clear its own DHCP host state, the DHCP server state as well as flush MAC addresses learned within the VPLS network or clear ARP entries from the routing instance.
A DHCP request enters on SAP2. On SAP1 there exists a lease state with the same Client Hardware address. The packet is dropped and a forced SHCV check verifies the existing lease state on SAP1. Three consecutive checks are launched with a timeout of 10 seconds. If the host indeed moved form SAP1 to SAP2, the connectivity check will fail on SAP1. The existing lease state is deleted and a DHCP release message is sent to the DHCP server. Any subsequent DHCP session setup will proceed as normal.
Note that for host mobility to function, host-connectivity-verification must be enabled. Next to periodic connectivity checks, it also enables forced checks triggered by moving hosts.
For Bridged CO, host-connectivity-verify must be enabled on the SAPs. When no interval is specified, it will default to 10 minutes for the periodic connectivity checks.
# Brigded CO
configure
service
vpls 1
sap 1/1/3:1
host-connectivity-verify source-ip 10.1.0.253
exit
sap 1/1/3:2
host-connectivity-verify source-ip 10.1.0.253
exit
exit
exit
exit
The configured source-ip should be an unused unique ip address in the DHCP client subnet or alternatively use source-ip 0.0.0.0. As the host-connectivity-verify application is sending a unicast ARP to the DHCP host, its ARP table is updated with the configured source-ip and source-mac (chassis MAC if not configured). If you would use an existing IP address, the DHCP host ARP table gets poisoned, breaking the connectivity to that host.
For Routed CO, host-connectivity-verify must be enabled on the group-interface. When no interval is specified, it will default to 10 minutes for the periodic connectivity checks.
# Routed CO
configure
service
vprn 1 customer 1 create
subscriber-interface "sub-int-1" create
group-interface "group-int-1" create
host-connectivity-verify
exit
exit
exit
exit
exit
The source IP address is not configurable. The source-ip used in the unicast ARP is fixed to the local subscriber interface address in the subnet of the DHCP hosts that is checked for connectivity.
Conclusion
This chapter provides configuration and troubleshooting commands for dynamic DHCP hosts. DHCP hosts can be instantiated in a Layer 2 bridged CO (VPLS) environment as well as in a Layer 3 Routed CO (IES/VPRN subscriber interface) context.