IP ClosネットワークでDHCPを設定する方法
必要条件
「 キャンパス ネットワーク用に IP Clos ファブリックを構成する方法 」構成例で構成した以下のデバイスで DHCP を構成します。この設定例では、次のデバイスを使用します。
DCHP サーバーとして Junos OS リリース 20.2R3 を実行している EX4600 スイッチ。DHCPサーバは、ネットワーク内の外部デバイスである可能性があります。
概要
このセクションを使用して、ネットワーク上の DHCP を構成します。DHCP 検出パケットによるネットワークのフラッディングを回避するには、VRF ルーティング インスタンスのインターフェイスで DHCP を設定します。どちらのディストリビューションデバイスも、レイヤー3で到達可能な外部DHCPサーバーへのDHCPリレーとして機能するように、EVPNマルチホーミング(ESI-LAGとも呼ばれる)で設定されています。これにより、ディストリビューション デバイスの 1 つに障害が発生した場合に、DHCP サービスを維持するための冗長接続が提供されます。サーバーとディストリビューション層の間のリンクは ESI です。は、DHCP サーバーを使用した仮想ネットワーク トポロジーを示しています。 図 1 は、DHCP サーバーを使用した仮想ネットワーク トポロジを示しています。
図 1: 仮想ネットワークトポロジーとDHCPサーバー
のオーバーレイ
のオーバーレイ
構成
CLIクイック構成
アクセス スイッチの DHCP リレー設定。
手順
アクセス スイッチで、DHCP リレーを設定します。
set groups dhcp-relay forwarding-options dhcp-relay forward-only set groups dhcp-relay forwarding-options dhcp-relay forward-only-replies set groups dhcp-relay forwarding-options dhcp-relay group test interface vme.0 exclude set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay dhcpv6 group v6_relay active-server-group v6_server_group set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay dhcpv6 group v6_relay forward-only set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay dhcpv6 group v6_relay interface irb.1 set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay dhcpv6 group v6_relay interface irb.2 set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay dhcpv6 group v6_relay interface vme.0 exclude set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay dhcpv6 group v6_relay interface em0.0 exclude set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay dhcpv6 server-group v6_server_group abcd::80:01:01:02 set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay forward-only set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay forward-only-replies set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay server-group server_group_1 172.16.38.1 set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay group dhcp_relay_1 active-server-group server_group_1 set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay group dhcp_relay_1 forward-only set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay group dhcp_relay_1 route-suppression destination set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay group dhcp_relay_1 interface irb.1 set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay group dhcp_relay_1 interface irb.2 set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay group dhcp_relay_1 interface em0.0 exclude set groups dhcp-relay routing-instances VRF-ep-type2-1 forwarding-options dhcp-relay group dhcp_relay_1 interface vme.0 exclude set apply-groups dhcp-relay
アクセス スイッチで、DHCP サーバーへのルートが EVPN タイプ 5 ルートで到達可能であることを確認します。
user@access-1>show route table VRF-ep-type2-1.evpn.0 VRF-ep-type2-1.evpn.0: 13 destinations, 17 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 5:172.16.3.1:3001::0::172.16.38.0::24/248 *[BGP/170] 01:41:21, localpref 100, from 172.16.3.1 AS path: I, validation-state: unverified > to 192.168.3.2 via ge-2/0/2.0 [BGP/170] 01:41:24, localpref 100, from 172.16.4.1 AS path: I, validation-state: unverified > to 192.168.3.2 via ge-2/0/2.0 5:172.16.4.1:3001::0::172.16.38.0::24/248 *[BGP/170] 01:41:24, localpref 100, from 172.16.4.1 AS path: I, validation-state: unverified to 192.168.4.2 via ge-0/0/1.0 > to 192.168.6.2 via ge-2/0/1.0 [BGP/170] 01:41:21, localpref 100, from 172.16.3.1 AS path: I, validation-state: unverified to 192.168.4.2 via ge-0/0/1.0 > to 192.168.6.2 via ge-2/0/1.0 5:172.16.3.1:3001::0::abcd::80:1:1:0::112/248 *[BGP/170] 01:41:21, localpref 100, from 172.16.3.1 AS path: I, validation-state: unverified > to 192.168.3.2 via ge-2/0/2.0 [BGP/170] 01:41:24, localpref 100, from 172.16.4.1 AS path: I, validation-state: unverified > to 192.168.3.2 via ge-2/0/2.0 5:172.16.4.1:3001::0::abcd::80:1:1:0::112/248 *[BGP/170] 01:41:24, localpref 100, from 172.16.4.1 AS path: I, validation-state: unverified > to 192.168.4.2 via ge-0/0/1.0 to 192.168.6.2 via ge-2/0/1.0 [BGP/170] 01:41:21, localpref 100, from 172.16.3.1 AS path: I, validation-state: unverified > to 192.168.4.2 via ge-0/0/1.0 to 192.168.6.2 via ge-2/0/1.0アクセス スイッチで、VRF サポートを設定して、EVPN タイプ 5 ルートをディストリビューション レイヤーにアドバタイズします。
set groups VRF-TYPE-2-BD-1-52 routing-instances VRF-ep-type2-1 protocols evpn ip-prefix-routes advertise direct-nexthop set groups VRF-TYPE-2-BD-1-52 routing-instances VRF-ep-type2-1 protocols evpn ip-prefix-routes encapsulation vxlan set groups VRF-TYPE-2-BD-1-52 routing-instances VRF-ep-type2-1 protocols evpn ip-prefix-routes vni 203001 set groups VRF-TYPE-2-BD-1-52 routing-instances VRF-ep-type2-1 instance-type vrf set groups VRF-TYPE-2-BD-1-52 routing-instances VRF-ep-type2-1 interface lo0.1 set groups VRF-TYPE-2-BD-1-52 routing-instances VRF-ep-type2-1 interface irb.1 set groups VRF-TYPE-2-BD-1-52 routing-instances VRF-ep-type2-1 interface irb.2 set groups VRF-TYPE-2-BD-1-52 routing-instances VRF-ep-type2-1 interface irb.3 set groups VRF-TYPE-2-BD-1-52 routing-instances VRF-ep-type2-1 interface irb.4
ディストリビューションデバイスで、ディストリビューションデバイスとDHCPサーバー間のESI-LAGインターフェイスを設定します。
ディストリビューション 1
set interfaces xe-0/0/5 ether-options 802.3ad ae1 set interfaces ae1 esi 00:00:00:ff:00:01:00:01:00:02 set interfaces ae1 esi all-active set interfaces ae1 aggregated-ether-options minimum-links 1 set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:99:99:01 set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk set interfaces ae1 unit 0 family ethernet-switching vlan members v3001 set interfaces irb unit 3001 virtual-gateway-accept-data set interfaces irb unit 3001 family inet address 172.16.38.2/24 virtual-gateway-address 172.16.38.3 set interfaces irb unit 3001 family inet6 address abcd::80:01:01:03/112 preferred set interfaces irb unit 3001 family inet6 address abcd::80:01:01:03/112 virtual-gateway-address abcd::80:01:01:01 set interfaces irb unit 3001 virtual-gateway-v4-mac 00:00:5e:00:00:04 set interfaces irb unit 3001 virtual-gateway-v6-mac 00:00:5e:00:00:04 set vlans v3001 vlan-id 3001 set vlans v3001 l3-interface irb.3001 set vlans v3001 vxlan vni 103001 set groups type5-dhcp-server interfaces lo0 unit 3001 family inet set groups type5-dhcp-server routing-instances VRF-ep-type5-2 routing-options rib VRF-ep-type5-2.inet6.0 multipath set groups type5-dhcp-server routing-instances VRF-ep-type5-2 routing-options multipath set groups type5-dhcp-server routing-instances VRF-ep-type5-2 protocols evpn ip-prefix-routes advertise direct-nexthop set groups type5-dhcp-server routing-instances VRF-ep-type5-2 protocols evpn ip-prefix-routes encapsulation vxlan set groups type5-dhcp-server routing-instances VRF-ep-type5-2 protocols evpn ip-prefix-routes vni 203001 set groups type5-dhcp-server routing-instances VRF-ep-type5-2 instance-type vrf set groups type5-dhcp-server routing-instances VRF-ep-type5-2 interface lo0.3001 set groups type5-dhcp-server routing-instances VRF-ep-type5-2 interface irb.3001 set groups type5-dhcp-server routing-instances VRF-ep-type5-2 route-distinguisher 172.16.3.1:3001 set groups type5-dhcp-server routing-instances VRF-ep-type5-2 vrf-target target:100:1 set apply-groups dhcp-relay-fwd
配信2
set interfaces xe-0/0/5 ether-options 802.3ad ae1 set interfaces ae1 esi 00:00:00:ff:00:01:00:01:00:02 set interfaces ae1 esi all-active set interfaces ae1 aggregated-ether-options minimum-links 1 set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:99:99:01 set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk set interfaces ae1 unit 0 family ethernet-switching vlan members v3001 set interfaces irb unit 3001 virtual-gateway-accept-data set interfaces irb unit 3001 family inet address 172.16.38.4/24 virtual-gateway-address 172.16.38.3 set interfaces irb unit 3001 family inet6 address abcd::80:01:01:04/112 preferred set interfaces irb unit 3001 family inet6 address abcd::80:01:01:04/112 virtual-gateway-address abcd::80:01:01:01 set interfaces irb unit 3001 virtual-gateway-v4-mac 00:00:5e:00:00:04 set interfaces irb unit 3001 virtual-gateway-v6-mac 00:00:5e:00:00:04 set vlans v3001 vlan-id 3001 set vlans v3001 l3-interface irb.3001 set vlans v3001 vxlan vni 103001 set groups type5-dhcp-server interfaces lo0 unit 3001 family inet set groups type5-dhcp-server routing-instances VRF-ep-type5-2 routing-options rib VRF-ep-type5-2.inet6.0 multipath set groups type5-dhcp-server routing-instances VRF-ep-type5-2 routing-options multipath set groups type5-dhcp-server routing-instances VRF-ep-type5-2 protocols evpn ip-prefix-routes advertise direct-nexthop set groups type5-dhcp-server routing-instances VRF-ep-type5-2 protocols evpn ip-prefix-routes encapsulation vxlan set groups type5-dhcp-server routing-instances VRF-ep-type5-2 protocols evpn ip-prefix-routes vni 203001 set groups type5-dhcp-server routing-instances VRF-ep-type5-2 instance-type vrf set groups type5-dhcp-server routing-instances VRF-ep-type5-2 interface lo0.3001 set groups type5-dhcp-server routing-instances VRF-ep-type5-2 interface irb.3001 set groups type5-dhcp-server routing-instances VRF-ep-type5-2 route-distinguisher 172.16.4.1:3001 set groups type5-dhcp-server routing-instances VRF-ep-type5-2 vrf-target target:100:1 set apply-groups type5-dhcp-server
最後に、EX4600スイッチをDHCPサーバーとして機能するよう設定します。
set groups DHCP_SERVER system services dhcp-local-server dhcpv6 group v6group interface irb.3001 set groups DHCP_SERVER system services dhcp-local-server group DHCP_Server interface irb.3001 set groups DHCP_SERVER system services dhcp-local-server group DHCP_Server interface em0.0 exclude set groups DHCP_SERVER interfaces irb unit 3000 family inet address 200.11.184.10/24 preferred set groups DHCP_SERVER routing-options rib inet6.0 static route 2001:db8::10:0:2:0/112 next-hop abcd::80:1:1:1 set groups DHCP_SERVER routing-options static route 10.0.2.0/24 next-hop 172.16.38.3 set groups DHCP_SERVER routing-options static route 10.0.1.0/24 next-hop 172.16.38.3 set groups DHCP_SERVER routing-options static route 172.16.1.0/24 next-hop 172.16.38.3 set groups DHCP_SERVER access address-assignment pool p1 family inet network 10.0.1.0/24 set groups DHCP_SERVER access address-assignment pool p1 family inet range p1_range low 10.0.1.10 set groups DHCP_SERVER access address-assignment pool p1 family inet range p1_range high 10.0.1.220 set groups DHCP_SERVER access address-assignment pool p1 family inet dhcp-attributes maximum-lease-time infinite set groups DHCP_SERVER access address-assignment pool p1 family inet dhcp-attributes router 10.0.1.254 set groups DHCP_SERVER access address-assignment pool p2 family inet network 10.0.2.0/24 set groups DHCP_SERVER access address-assignment pool p2 family inet range p2_range low 10.0.2.10 set groups DHCP_SERVER access address-assignment pool p2 family inet range p2_range high 10.0.2.220 set groups DHCP_SERVER access address-assignment pool p2 family inet dhcp-attributes maximum-lease-time infinite set groups DHCP_SERVER access address-assignment pool p2 family inet dhcp-attributes router 10.0.2.254 set groups DHCP_SERVER access address-assignment pool v6-p1 family inet6 range v6_p1_range low 2001:db8::10:0:2:10/112 set groups DHCP_SERVER access address-assignment pool v6-p1 family inet6 range v6_p1_range high 2001:db8::10:0:2:100/112
DHCPサーバーとして動作しているEX4600スイッチで、DHCPクライアントにIPアドレスが正常に割り当てられていることを確認します。
user@ex4600-03> show dhcp server binding IP address Session Id Hardware address Expires State Interface 10.0.2.10 2 00:10:94:00:3c:f1 537735079 BOUND irb.3001 10.0.2.11 5 00:10:94:00:3c:f2 537735079 BOUND irb.3001 10.0.2.12 6 00:10:94:00:3c:f3 537735079 BOUND irb.3001 10.0.2.13 7 00:10:94:00:3c:f4 537735079 BOUND irb.3001 10.0.2.14 8 00:10:94:00:3c:f5 537735079 BOUND irb.3001 10.0.2.15 9 00:10:94:00:3c:f6 537735079 BOUND irb.3001 10.0.2.16 10 00:10:94:00:3c:f7 537735079 BOUND irb.3001 10.0.2.17 11 00:10:94:00:3c:f8 537735079 BOUND irb.3001 10.0.2.18 12 00:10:94:00:3c:f9 537735079 BOUND irb.3001 10.0.2.19 13 00:10:94:00:3c:fa 537735079 BOUND irb.3001