There are many add on network services offered by the Edge Gateway appliance. DNS, DHCP, Client SSL-VPN, stretched L2 SSL-VPN, IPSEC-VPN, and basic load balancing to name a few. I have to admit it is pretty cool to have all these network services neatly bundled into a single appliance!
I am in process of migrating all of my home lab’s networking services from CentOS Linux VM’s (OpenSSL VPN, Bind DNS Resolver, DHCPD, gateway router, and iptables firewall) to NSX 6.2 running on vCenter 5.5.
DHCP seemed to be one of the least invasive changes to begin making to the environment, so this is the service I started with.
(Whether you are leveraging a *nix based DHCPD or Windows DHCP Service, now would be a good time to grab via screenshot any settings, including IP scope, gateway, DNS, etc. that you would like carried over to NSX.)
Begin by logging in to the vSphere Web Client, and from the home page navigate to Networking & Security.
Select the already deployed Edge Services Gateway which we will be using to provide DHCP service.
Once in the configuration screen for the NSX Edge, navigate to the DHCP tab. Toggle the “Enable Logging” policy setting, and select the green plus to create a new DHCP pool.
Depending on your specific needs, you can select “Auto Configure DNS” which will push through the IP address of your Edge device as the DNS server for the pool. Yep, the NSX Edge gateway out of the box operates as a recursive DNS server holding its own cache, leveraging the upstream DNS servers specified in the General Settings. This is pretty handy if you want to change your upstream DNS servers without having to touch multiple clients to refresh/renew leases.
In our case we are going to push through specific DNS servers, so we leave this unchecked.
We also leave “Lease Never Expires” unchecked, and set the timeout for one day at 86,400 seconds.
The only other thing to do is to set your range of addresses, preferred search suffix, DNS server settings, and gateway accordingly.
I my case this specific Edge Gateway is indeed acting as the gateway for this subnet.
The service automatically binds the pool to the Edge interface IP’d on the pool range specified. In other words, DHCP clients will need to be on the subnet facing my NSX Edge which is IP’d on 172.16.20.0/24.
A gotcha that I didn’t see in the admin manual is that it appears the DHCP service must be served up on an NSX interface of type “Internal”. I had originally pegged this to one of my “Uplink” interfaces on the Edge, and could not get the service to work until I re-classified the interface as “Internal”.
Hit OK to save the pool settings.
There can obviously be multiple pools, one for each interface of the Edge. Go ahead and add any other pools as needed.
Finally, set the “DHCP Service Status”” to “Enabled”, and publish the changes.
It’s just that easy!!
Now to check the health of the service……
I have a CentOS 7 VM on the Logical Network facing the Edge. After a restart of network service, it correctly pulls the DHCP settings we specified. Game on!
The Edge Service Gateway is where we go to look at any associated logging. It doesn’t appear to me that any logging or health of the service is available through the Web Client… boo! Maybe in a future release?
SSH to the NSX Edge Gateway. Type the command “show service dhcp” to list service status. (I love that the NSX appliances all have the Cisco IOS feel to them!!)
To see what leases have been handed out, type the command “show service dhcp leaseinfo”.
If you need to clear the leases, you must first enter enable mode, and can then type “clear service dhcp lease”.
That is about it for this post. There isn’t much to lighting up the DHCP service bundled with the Edge appliance, and now I can turn down the CentOS 6 VM that I had previously been using to run DHCPD for my lab. Score.