In the beginning of 2022, I attended the “VMware Cloud Director: Advanced Networking with NSX-T Data Center” training for VCD 10.2. The training touched on a couple of topics, that are blog worthy. Other posts in this latest Cloud Director series are:
- Cloud Director: Comparing Data Center Group network features
- Cloud Director: Distributed Firewalling with NSX-T
Let’s start with the DHCP features that can be configured on network segments.
Available DHCP Modes
When DHCP services are needed on VMware Cloud Director (VCD) overlay based segments you have a couple of choices:
- Network Mode (10.2)
- Edge Mode (10.2)
- Relay Mode (10.3)
Network mode is intended to be use for Isolated networks or Routed networks that soon are to be detached from an Edge Gateway. Network mode does not require an Edge Gateway (T1) connected to the network segment (since it’s intended to be Isolated).
Because an Edge Gateway (T1) is not connected to an Isolated network, NSX-T needs to know which Edge cluster to use for the DHCP profile. That’s why an Edge cluster must be configured in the properties of an Org VDC. This should be configured before activating the DHCP scope. If this prerequisite task is not performed, an error message is shown in the UI.
] Cannot set NETWORK mode DHCP. Services edge cluster not defined for network <Segment Name>.
This issue can be fixed by configuring an Edge Cluster for the Org VDC.
After configuring the Edge Cluster, a DHCP scope in Network Mode can now be activated on a Isolated or Routed segment. First activate DHCP on the segment.
When that’s done, DHCP itself can be configured. An example configuration could be:
Since it’s an Isolated segment, there is no Edge gateway (T1) to implement the DHCP service. Within NSX-T this is implemented by creating a DHCP server profile. This profile is attached to the Edge cluster specified in the Org VDC and the segment is was activated on.
In Edge mode the DHCP service runs on the loopback address of the T1 router the segment is attached to. This implies that Edge mode is only supported for Routed segments and is pretty much the most straightforward DHCP implementation.
Relay mode should be use when the tenants DHCP service runs outside of VCD. For example as appliance, somewhere on the physical network.
The Edge Gateway (T1) needs to be configured as DHCP Forwarder (Relay mode), before it’s enabled at the segment. If this prerequisite task is not performed, an error message is shown in the UI. This time however, the error message is pretty descriptive.
Error: [ f7f51108-1c06-4909-baab-031d9a2266dc ] Cannot use RELAY mode for DHCP on network<Segment Name>
as DHCP Forwarder on edge gateway <Edge gateway name> is disabled.
This issue can be fixed by configuring DHCP Forwarding on the Edge gateway the routed segment is attached to.
After configuring DHCP Forwarding on the Edge gateway, DHCP Forwarding (Relay mode) can now be activated on the Routed segment.
As can be seen above, DHCP Forwarding is configured on the Edge gateway. Within NSX-T this is implemented by configuring a new DHCP relay profile that is attached to the Edge gateway.
After activating DHCP Forwarding on the segment, the DHCP relay profile is also attached to the segment.