Edit

Share via

Deploy a DHCP server in Azure on a virtual machine

  • Article

Learn how to deploy a highly available DHCP server in Azure on a virtual machine. This server is used as a target for an on-premises DHCP relay agent to provide dynamic IP address allocation to on-premises clients. Broadcast packets directly from clients to a DHCP Server don't work in an Azure Virtual Network by design.

Note

The on-premises client to DHCP Server (source port UDP/68, destination port UDP/67) is still not supported in Azure, since this traffic is intercepted and handled differently. This will result in timeout messages at the time of DHCP RENEW at T1 when the client directly attempts to reach the DHCP Server in Azure. The DHCP RENEW will succeed when the DHCP RENEW attempt is made at T2 via DHCP Relay Agent. For more details on the T1 and T2 DHCP RENEW timers, see RFC 2131.

Prerequisites

Create a virtual network and an Azure Bastion host

The following procedure creates a virtual network with a resource subnet, an Azure Bastion subnet, and a Bastion host:

  1. In the portal, search for and select Virtual networks.

  2. On the Virtual networks page, select + Create.

  3. On the Basics tab of Create virtual network, enter, or select the following information:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select Create new.
    Enter test-rg for the name.
    Select OK.
    Instance details
    Name Enter vnet-1.
    Region Select East US 2.

    Screenshot of the Basics tab for creating a virtual network in the Azure portal.

  4. Select Next to proceed to the Security tab.

  5. In the Azure Bastion section, select Enable Azure Bastion.

    Bastion uses your browser to connect to VMs in your virtual network over Secure Shell (SSH) or Remote Desktop Protocol (RDP) by using their private IP addresses. The VMs don't need public IP addresses, client software, or special configuration. For more information, see What is Azure Bastion?.

    Note

    Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it.

  6. In Azure Bastion, enter or select the following information:

    Setting Value
    Azure Bastion host name Enter bastion.
    Azure Bastion public IP address Select Create a public IP address.
    Enter public-ip-bastion in Name.
    Select OK.

    Screenshot of options for enabling an Azure Bastion host as part of creating a virtual network in the Azure portal.

  7. Select Next to proceed to the IP Addresses tab.

  8. In the address space box in Subnets, select the default subnet.

  9. In Edit subnet, enter or select the following information:

    Setting Value
    Subnet purpose Leave the default of Default.
    Name Enter subnet-1.
    IPv4
    IPv4 address range Leave the default of 10.0.0.0/16.
    Starting address Leave the default of 10.0.0.0.
    Size Leave the default of /24 (256 addresses).

    Screenshot of configuration details for a subnet.

  10. Select Save.

  11. Select Review + create at the bottom of the window. When validation passes, select Create.

Create internal load balancer

In this section, you create an internal load balancer that load balances virtual machines. An internal load balancer is used to load balance traffic inside a virtual network with a private IP address.

During the creation of the load balancer, you configure:

  • Frontend IP address
  • Backend pool
  • Inbound load-balancing rules

  1. In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results.

  2. In the Load balancer page, select Create.

  3. In the Basics tab of the Create load balancer page, enter, or select the following information:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select test-rg.
    Instance details
    Name Enter load-balancer
    Region Select (US) East US 2.
    SKU Leave the default Standard.
    Type Select Internal.
    Tier Leave the default Regional.

  4. Select Next: Frontend IP configuration at the bottom of the page.

  5. In Frontend IP configuration, select + Add a frontend IP configuration.

  6. Enter frontend-1 in Name.

  7. Select subnet-1 (10.0.0.0/24) in Subnet.

  8. In Assignment, select Static.

  9. In IP address, enter 10.0.0.100.

  10. Select Add.

  11. Select Next: Backend pools at the bottom of the page.

  12. In the Backend pools tab, select + Add a backend pool.

  13. Enter backend-pool for Name in Add backend pool.

  14. Select NIC or IP Address for Backend Pool Configuration.

  15. Select Save.

  16. Select the blue Review + create button at the bottom of the page.

  17. Select Create.

Configure second load balancer frontend

A second frontend is required for the load balancer to provide high availability for the DHCP server. Use the following steps to add a second frontend to the load balancer.

  1. In the Azure portal, search for and select Load balancers.

  2. Select load-balancer.

  3. In Settings, select Frontend IP configuration.

  4. Select + Add.

  5. Enter or select the following information in Add frontend IP configuration:

    Setting Value
    Name Enter frontend-2.
    Subnet Select subnet-1 (10.0.0.0/24).
    Assignment Select Static.
    IP address Enter 10.0.0.200.
    Availability zone Select Zone-redundant.

  6. Select Add.

  7. Verify that in Frontend IP configuration, you have frontend-1 and frontend-2.

Create load balancer rules

The load balancer rules are used to distribute traffic to the virtual machines. Use the following steps to create the load balancer rules.

  1. In the Azure portal, search for and select Load balancers.

  2. Select load-balancer.

  3. In Settings, select Load balancing rules.

  4. Select + Add.

  5. Enter or select the following information in Add load balancing rule:

    Setting Value
    Name Enter lb-rule-1.
    IP version Select IPv4.
    Frontend IP address Select frontend-1.
    Backend pool Select backend-pool.
    Protocol Select UDP.
    Port Enter 67.
    Backend port Enter 67.
    Health probe Select Create new.
    Enter dhcp-health-probe for Name.
    Select TCP for Protocol.
    Enter 3389 for Port.
    Enter 67 for Interval.
    Enter 5 for Unhealthy threshold.
    Select Save.
    Enable Floating IP Select the box.

  6. Select Save.

  7. Repeat the previous steps to create the second load balancing rule. Replace the following values with the values for the second frontend:

    Setting Value
    Name Enter lb-rule-2.
    Frontend IP address Select frontend-2.
    Health probe Select dhcp-health-probe.

Create virtual machines

In this section, you create two VMs (vm-1 and vm-2) in two different zones (Zone 1 and Zone 2).

These VMs are added to the backend pool of the load balancer that was created earlier.

  1. In the search box at the top of the portal, enter Virtual machine. Select Virtual machines in the search results.

  2. Select + Create then Azure virtual machine.

  3. In Create a virtual machine, type or select the values in the Basics tab:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select test-rg.
    Instance details
    Virtual machine name Enter vm-1.
    Region Select East US 2.
    Availability options Select Availability zone.
    Availability zone Select Zones 1.
    Security type Select Standard.
    Image Select Windows Server 2022 Datacenter - x64 Gen2.
    VM architecture Leave the default of x64.
    Size Select a size.
    Administrator account
    Authentication type Select Password.
    Username Enter azureuser.
    Password Enter a password.
    Confirm password Reenter the password.
    Inbound port rules
    Public inbound ports Select None.

  4. Select the Networking tab, or select Next: Disks, then Next: Networking.

  5. In the Networking tab, enter or select the following information:

    Setting Value
    Network interface
    Virtual network Select vnet-1.
    Subnet Select subnet-1 (10.0.0.0/24)
    Public IP Select None.
    NIC network security group Select Basic
    Public inbound ports Leave the default of None.
    Load balancing
    Place this virtual machine behind an existing load-balancing solution? Select the check box.
    Load balancing settings
    Load-balancing options Select Azure load balancer
    Select a load balancer Select load-balancer
    Select a backend pool Select backend-pool

  6. Select Review + create.

  7. Review the settings, and then select Create.

  8. Follow the previous steps to create a VM with the following values and all the other settings the same as vm-1:

    Setting VM 2
    Name vm-2
    Availability zone 2
    Load-balancing options Select Azure load balancer
    Select a load balancer Select load-balancer
    Select a backend pool Select backend-pool

Configure DHCP server network adapters

You'll sign-in to the virtual machines with Azure Bastion and configure the network adapter settings and DHCP server role for each virtual machine.

  1. In the Azure portal, search for and select Virtual machines.

  2. Select vm-1.

  3. In the vm-1 page, select Connect then Connect via Bastion.

  4. Enter the username and password you created when you created the virtual machine.

  5. Open PowerShell as an administrator.

  6. Run the following command to install the DHCP server role:

    Install-WindowsFeature -Name DHCP -IncludeManagementTools

Install Microsoft Loopback Adapter

Use the following steps to install the Microsoft Loopback Adapter by using the Hardware Wizard:

  1. Open Device Manager on the virtual machine.

  2. Select the computer name vm-1 in Device Manager.

  3. In the menu bar, select Action then Add legacy hardware.

  4. In the Add Hardware Wizard, select Next.

  5. Select Install the hardware that I manually select from a list (Advanced), and then select Next

  6. In the Common hardware types list, select Network adapters, and then select Next.

  7. In the Manufacturers list box, select Microsoft.

  8. In the Network Adapter list box, select Microsoft Loopback Adapter, and then select Next.

  9. select Next to start installing the drivers for your hardware.

  10. select Finish.

  11. In Device Manager, expand Network adapters. Verify that Microsoft Loopback Adapter is listed.

  12. Close Device Manager.

Set static IP address for Microsoft Loopback Adapter

Use the following steps to set a static IP address for the Microsoft Loopback Adapter:

  1. Open Network and Internet settings on the virtual machine.

  2. Select Change adapter options.

  3. Right-click Microsoft Loopback Adapter and select Properties.

  4. Select Internet Protocol Version 4 (TCP/IPv4) and select Properties.

  5. Select Use the following IP address.

  6. Enter the following information:

    Setting Value
    IP address Enter 10.0.0.100.
    Subnet mask Enter 255.255.255.0.

  7. Select OK.

  8. Select Close.

Enable routing between the loopback interface and the network adapter

Use the following steps to enable routing between the loopback interface and the network adapter:

  1. Open CMD as an administrator.

  2. Run the following command to list the network interfaces:

    netsh int ipv4 show int

    C:\Users\azureuser>netsh int ipv4 show int

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          75  4294967295  connected     Loopback Pseudo-Interface 1
  6           5        1500  connected     Ethernet
 11          25        1500  connected     Ethernet 3

    In this example, the network interface connected to the Azure Virtual network is Ethernet. The loopback interface that you installed in the previous section is Ethernet 3.

    Make note of the Idx number for the primary network adapter and the loopback adapter. In this example the primary network adapter is 6 and the loopback adapter is 11. You'll need these values for the next steps.

    Caution

    Don't confuse the Loopback Loopback Pseudo-Interface 1 with the Microsoft Loopback Adapter. The Loopback Pseudo-Interface 1 isn't used in this scenario.

  3. Run the following command to enable weakhostreceive and weakhostsend on the primary network adapter:

    netsh int ipv4 set int 6 weakhostreceive=enabled weakhostsend=enabled

  4. Run the following command to enable weakhostreceive and weakhostsend on the loopback adapter:

    netsh int ipv4 set int 11 weakhostreceive=enabled weakhostsend=enabled

  5. Close the bastion connection to vm-1.

  6. Repeat the previous steps to configure vm-2. Replace the IP address of 10.0.0.100 with 10.0.0.200 in the static IP address configuration of the loopback adapter.

Next step

In this article, you learned how to deploy a highly available DHCP server in Azure on a virtual machine. You also learned how to configure the network adapters and installed the DHCP role on the virtual machines. Further configuration of the DHCP server is required to provide DHCP services to on-premises clients from the Azure Virtual Machines. The DHCP relay agent on the on-premises network must be configured to forward DHCP requests to the DHCP servers in Azure. Consult the manufacturer's documentation for the DHCP relay agent for configuration steps.