Citrix SD-WAN

DHCP

Citrix SD-WAN introduces the ability to use Standard Edition appliances as either DHCP Servers or DHCP Relay agents. The DHCP server feature allows devices on the same network as the SD-WAN appliance’s LAN/WAN interface to obtain their IP configuration from the SD-WAN appliance. The DHCP relay feature allows your SD-WAN appliances to forward DHCP packets between DHCP client and server.

The following are the benefits of using the DHCP server and DHCP relay features:

  • Reduce the amount of equipment at client site.
  • Replace router at client site (Easy deployment of edge router services).
  • Simplify the client site network.
  • Configuration of Router without CLI commands.
  • Reduce manual configuration on simple client sites.

DHCP server

Citrix SD-WAN appliances can be configured as DHCP server. It can assigns and manages IP addresses from specified address pools within the network to DHCP clients. The DHCP server can be configured to assign more parameters such as the IP address of the Domain Name System (DNS) server and the default router. DHCP server accepts address assignment requests and renewals. The DHCP server also accepts broadcasts from locally attached LAN segments or from DHCP requests forwarded by other DHCP relay agents within the network.

DHCP server

DHCP relay

A DHCP relay agent is a host or router that forwards DHCP packets between clients and servers. Network administrators can use the DHCP Relay service of the SD-WAN appliances to relay requests and replies between local DHCP Clients and a remote DHCP Server. It allows local hosts to acquire dynamic IP addresses from the remote DHCP Server. Relay agent receives DHCP messages and generates a new DHCP message to send out on another interface.

DHCP relay

Citrix SD-WAN appliances support WAN Link IP address learning through DHCP Clients. This functionality reduces the amount of manual configuration required to deploy SD-WAN appliances and reduces ISP costs by eliminating the need to purchase static IP addresses. SD-WAN appliances can obtain dynamic IP addresses for WAN Links on untrusted interfaces. This eliminates the need for an intermediary WAN router to perform this function.

Note

  • DHCP Client can only be configured for untrusted non-bridged interfaces configured as Client Nodes.
  • DHCP client and data port can be enabled on MCN/RCN only if Public IP address is configured.
  • One-Arm or Policy Based Routing (PBR) deployment is not supported on the site with DHCP Client configuration.
  • DHCP events are logged from the client’s perspective only and no DHCP server logs are generated.

From Citrix SD-WAN 11.5 release onwards, you can configure DHCP for an untrusted virtual interface on fail-to-block mode through Citrix SD-WAN Orchestrator service. For more information, see WAN link IP address learning through DHCP client.

DHCP support on Fail-to-Wire port

Earlier, the DHCP client was only supported on Fail-to-block port. With 11.2.0 release, the DHCP client capability is extended on fail-to-wire port for the branch site with serial High Availability (HA) deployments. This enhancement:

  • Allows the DHCP client configuration on untrusted interface group that has fail-to-wire bridge pair and serial HA deployments.

  • Allows DHCP interfaces to be selected as part of Private Intranet WAN links.

DHCP client is now supported on the private intranet link.

DHCP support on fail to wire port

Note:

A LAN interface must not be connected into the fail-to-wire pair as packets might be bridged between the interfaces.

The runtime Virtual IP address, Subnet Mask, and Gateway settings are logged and archived in a log file called SDWANVW_ip_learned.log. Events are generated when Dynamic Virtual IPs are learned, released, or expired, and when there is a communication issue with the learned Gateway or DHCP server. Or when duplicate IP addresses are detected in the archived log file. If duplicate IPs are detected at a site, Dynamic Virtual IP addresses are released and renewed until all Virtual Interfaces at the site obtain unique Virtual IP addresses.

To monitor DHCP client WAN links:

  1. In the SD-WAN appliance, Enable/Disable/Purge Flows page, the DHCP Client WAN Links table provides the status of learned IPs.

  2. You can request to renew the IP, which refreshes the lease time. You can also choose to Release Renew, which issues a new IP address or the same IP address with a new lease.

    DHCP client WAN link monitoring

DHCP logs

Citrix SD-WAN enables you to generate DHCP server logs for IP addresses. Whenever IP addresses are allocated to endpoints, the logs are generated. The logs contain details such as the timestamp of the IP address allocation and lease duration, MAC address, the client ID and so on. The client ID none indicates that it is not present in the DHCP request.

To generate and view DHCP logs, navigate to Configuration > Logging/Monitoring. Select the SDWAN_dhcp.log option from the drop-down list and click View Log.

DHCP logs

Note

These logs are generated only when Citrix SD-WAN acts as a DHCP server.

DHCP