Share via

Windows Server 2019 DHCP query

Anonymous
2024-09-25T06:56:59+00:00

Hi community,

Before I post this query I'd like to make it clear that I am not a Windows Server user/admin so please excuse any incorrect use of terminology.

I have a couple of queries I hope the community may be able to assist me with regarding the operation of DHCP in a Windows Server 2019 environment. I am hoping to also get some suggested links for further reading/understanding related to these queries to aid my understand and allow me to articulate this into documentation I am creating for the same.

Background: We are using DHCP in a EVPN-VXLAN network deployment. The operation of DHCP when used in such an environment, introduces several challenges/changes as compared to using DHCP in a traditional network deployment. Below are the observations.

  1. In a EVPN-VXLAN deployment, when a client initiates DHCP a DHCP-DISCOVER packet is broadcast, received on the Vlan interface and is then forwarded through the VXLAN-VTEP towards the respective DHCP server configured in the Vlan interface. As part of VXLAN there is a relay agent configured, which is the VTEP loopback interface. Skipping over some further detail... the request reaches the DHCP server with a source IP address of the loopback interface of the VTEP and not the subnet on which the client is deployed on. DHCP uses option 82 to provide this information to the DHCP server to allow it to allocate an address out of the correct pool. As the loopback IP is not present on the DHCP server, the DHCP server discards this request. To resolve this we have to add a DHCP pool for the loopback IP addresses, which effectively acts as a dummy/authorisation pool for the DHCP server and allows it to allocate IP addresses to clients.

Q: It makes sense to me that the DHCP server would only respond to requests from IP addresses that is aware of, hence the need to add the dummy pool. However, is there a Microsoft document that confirms this operation. What I have found so far is only links that detail that this must be added. I can't find anything from Microsoft that specifically calls this out as a feature of the DHCP server implementation.

  1. We had another issue with clients obtaining a new IP address after initial onboarding i.e. they start in one role on the network, they are then profiled and a new roles is provided that moves the client into a new Vlan and hence the client is required to DHCP again. To fix this we had to edit the registry of the DHCP server following these guidelines. https://www.reddit.com/r/Juniper/comments/1f774u9/evpnvxlan_dhcp_relay_issues/  "We had similar problem when we first started using EVPN-vxlan the problem was with the Windows DHCP server. If a device had already gotten an IP address the DCHP skipped some steps if a device asked for new one. It just looked at the Mac address and assumed it was asking for the same address again. We fixed it in the registry of the DHCP server by changing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DhcpServer\Parameters DhcpFlagSubnetChangeDHCPRequest To 1 (I think 0 is the default) and that fixed the problem for us."

Q: I'm trying to understand this a little better. Is anybody able to summarise how this works in Windows DHCP server in detail and why this is not the default option in the server configuration?

Thank you

Windows for business | Windows Server | Networking | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-09-25T08:16:34+00:00

    Hello,

    Thank you for posting in Microsoft Community forum.

    Question 1: The DHCP server processes the request

    The situation you mentioned is indeed a common challenge in EVPN-VXLAN deployments. DHCP servers will usually only respond to requests from their known IP addresses, which are for security and administrative reasons. The DHCP option 82 you mentioned is used to provide information about the relay agent so that the DHCP server can identify the true origin of the client.

    Regarding the Microsoft documentation you are looking for, while Microsoft's official documentation may not explicitly state that "a pool of virtual IP addresses must be added", you can refer to the following link to understand how DHCP option 82 works and how to configure DHCP relay:

    Install DHCP relay agent for Windows Server | Microsoft Learn

    Understanding DHCP Option 82 | Junos OS | Juniper Networks

    These documents can help you understand how the DHCP server handles requests from different IP addresses and how to configure DHCP options to suit your specific network environment.

    Please Note: This response contains links to third parties, which we provide for convenience of reference, and Microsoft cannot guarantee the validity of any information and content in this link.

    Question 2: IP address allocation behavior of the DHCP server

    Regarding the issue you mentioned that the client needs to re-acquire the IP address after changing the role, the default behavior of the Windows DHCP server is to assign an IP address based on the MAC address. If a device has already acquired an IP address, the DHCP server assumes that the device is requesting the same IP address without going through the full DHCP discovery process. This behavior can cause problems in some cases, especially in dynamic network environments.

    The registry modification you mentioned (setting DhcpFlagSubnetChangeDHCPRequest to 1) is to change this default behavior and allow the DHCP server to handle IP address assignment more flexibly when it receives a request. The reason for this setup may be to improve performance and reduce network traffic, as in many static or semi-static environments, devices often request the same IP address.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Regards,

    Jill Zhou

    0 comments
  2. Anonymous
    2024-09-25T10:26:26+00:00

    Hi Jill,

    Thank you for your prompt reply. If I may add a few further comments in reply to yours.

    1. Regarding the creation of a authorise or any DHCP pool on the server. Is it the case that the server will not respond to a DHCP discover request if a pool is not defined and this is a security/administrative precaution. If this is the case, is this stated anywhere in official Microsoft documentation. I understand the reasoning for it but it would be good to see this defined to support my documentation.
    2. As this change is a registry change on the server it impacts all scopes defined on the server. What is the impact to the DHCP server after making this change. Is it a hit on performance as the server is now completing the full DHCP process for a client that either requests a new DHCP address (previously unknown client) or when a client attempts to renew its address when the lease expires? Any other considerations that should be taken into account here?

    Thanks

    0 comments