VMware NSX-T DHCP Relay for AVS Workloads

As Azure VMware Solution evolves, we see more integration into the Azure portal. This doesn’t mean you cannot do things the “old-fashioned way” but gives you an alternative, typically, a more streamlined option. DHCP is one of those.

For users of Azure VMware Solution who want to deliver IP addresses to some/all their vSphere workloads via a DHCP server, NSX-T needs to be configured to either act as the DHCP server or relay to the DHCP server. Those who are deploying Horizon on top of AVS will undoubtedly need this.

If the choice is to relay to a DHCP server (that is not NSX-T), a few places where that DHCP server could sit; back on-premises, within an Azure vNet, or the private cloud.

On-premises: I don’t recommend that because this now creates a dependency on the on-premises environment to run the cloud environment. IMO, when a hybrid environment exists, it should be architected to be able to function independently.  

Azure vNet: DHCP requests do not get passed in Azure vNets. So when the DHCP request flows from the private cloud and hits the vNet, the fabric drops the traffic. See https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#what-protocols-can-i-use-within-vnets

Private Cloud: We have one location not recommended (on-premises), one location which can’t support it (Azure vNet), so the private cloud is the recommended location of the DHCP server for your AVS private cloud workloads.😊

Whichever location you choose for the DHCP server, the process to set up the relay is the same. However, configuration steps are different depending on the state of the environment.

Before diving into the scenarios and the configuration step for each, here is the constant throughout. The DHCP Server’s IP address is 192.168.1.99 and lives on the segment VirtualWorkloads-Mgmt.

The two scenarios and configuration steps are outlined below, scenario 1 is creating a new segment and DHCP relay, and scenario 2 is assigning a relay to an environment where segments already exist.

Scenario 1

No segments have been created yet which require DHCP relay, and you now will create the segment(s).

First, Create the DHCP Relay.

  1. Choose DHCP in the Azure Portal
  2. Press Add to add a DHCP relay.
  3. Select DHCP Relay
  4. Type in a friendly name of the DHCP-Relay
  5. Type in the IP of the DHCP server(s), then press OK.

Second, create the segment(s).Choose Segments in the Azure Portal

  1. Select Segments
  2. Press Add to add a segment.
  3. Type in the name that the segment will be called (friendly name).
  4. Type in the segment’s gateway IP address.
  5. Define the DHCP range.
    This part is a bit confusing. Even though the DHCP scope lives on the DHCP server, NSX-T (which the Azure portal configures on our behalf) must have a scope configured on the segment. What I’m assuming is that unless the scope exists on the segment configuration, the segment won’t trigger a DHCP relay. By the way, it doesn’t have to be the same scope as on the DHCP server.

When VMs get added to this segment in the AVS vCenter Server, their IPs will be pulled from the DHCP server defined in the previous step.

Scenario 2

Segment(s) which require DHCP relay are already created, and none were configured for DHCP relay at the time of creation.

First, Create the DHCP Relay.

  1. Choose DHCP in the Azure Portal
  2. Press Add to add a DHCP relay.
  3. Select DHCP Relay
  4. Type in a friendly name of the DHCP-Relay
  5. Type in the IP of the DHCP server(s), then press OK.

Second, Assign DHCP scope to the segments in NSX-T Manager.

  1. Log into NSX-T Manager and choose Networking.
  2. Choose Segments
  3. Choose the ellipsis and select the edit option.
  4. Select the Subnet.
  5. Choose the ellipsis and select the edit option.
  6. Define the DHCP range.
    This part is a bit confusing. Even though the DHCP scope lives on the DHCP server, NSX-T (which the Azure portal configures on our behalf) must have a scope configured on the segment. What I’m assuming is that unless the scope exists on the segment configuration, the segment won’t trigger a DHCP relay. By the way, it doesn’t have to be the same scope as on the DHCP server.
  7. Press Add
  8. Press Apply
  9. Press Save

Add a Comment

Your email address will not be published.