DHCP Option 82 in MPLS VPN

Tim Peiffer peiffer at umn.edu
Sat May 26 01:38:51 UTC 2007

I refrained from answering the original question, but decided that now 
would be the right time..  MPLS is out of scope for DHCP operations.

In MPLS, Provider (P) Provider Edge (PE), and Customer Edge (CE) all 
have a role in VPN routing.  The PE has the opportunity of placing the 
route in a virtual routing/forwarding (VRF) table.  The PE places a 
router port in one forwarding vrf or another.  The PE can make some 
routing decisions based upon redistribuion policies.  The one PE can 
place redistribute (non-transitive) the route in such a way that one VRF 
overlaps another.  This is particularly useful where Company A (vrf A) 
and Company B (vrf B) have pretty much the same address space (think 
RFC1918), and they use the same resources (services).  Company A knows 
routes to services.  The services know the route back to Company A.  
Company B knows routes to services.  The services know the route back to 
Company B.  Neither Company A nor Company B know of each others routes.

What I am trying to illustrate is that for the most part, MPLS is 
strictly a routing arrangement.  The DHCP relay is part of a given 
Company (A or B) and forwards to a server in the same Company/VRF, or to 
one that is in the overlapping VRF.
There are *no dhcp configuration details* that have anything to do with 
MPLS VRF, not even if the relay happens to be on the PE edge.

DHCP and Option 82 are oblivious to what VRF the traffic resides in.  
Option 82 only identifies the start of trust (source L1/L2 switch and 
port) and has *nothing* to do with routing.  MPLS is strictly a routing 
arrangment.   MPLS and DHCP are orthogonal network protocols.  There are 
many services that need to be VRF aware, but no one that I know is 
thinking about DHCP in that way.

PS.. Don't think of MPLS VPN as having anything in common with Remote 
Access VPN (PPTP/L2TP/IPSec).  They are two different methods of 
achieving virtual private networks.

Tim Peiffer
Network Support Engineer
Networking and Telecommunications Services
University of Minnesota

FredZone wrote:
> Hi,
> I'm not sure that the PE (What is it, PE?) has to know the source VPN of the 
> request. Relay agent will intercept the broadcast DHCP request and unicast 
> the message to DHCP server(s). When Server(s) replies to the relay agent 
> (setted in PE), if it can't determine the VPN destination, it will broadcast 
> the DHCP reply (All VPNs will receive the DHCP message and only the DHCP 
> client which recognize its own xid will treat the packet).
> If Relay Agent Information is activated, it could be used on DHCP replies 
> packets to help the relay agent to determine the VPN targeted by the answer 
> and forward the answer only on the right one. In this case, that's suppose 
> that VPN are seen by PE like Physical Line.
> Very interesting case.
> Regards.
> Fred
> ----- Original Message ----- 
> From: "Aggarwal Vivek-Q4997C" <Q4997C at motorola.com>
> To: <dhcp-users at isc.org>
> Sent: Wednesday, May 23, 2007 1:04 PM
> Subject: DHCP Option 82 in MPLS VPN
>> Hi
>> There is one scenario
>> I want to enable DHCP option 82 in MPLS VPNS
>> Two clients belonging to different MPLS VPN's are sending DHCP requests
>> over the same VLAN as seen by the relay-agent (assume it is setting on
>> the PE) then how will the PE know to which VPN each client and hence the
>> associated DHCP request belongs.
>> Can anyone please let me know how can I do the above
>> Rgds
>> Vivek Aggarwal
>> -- 
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.467 / Virus Database: 269.7.6/815 - Release Date: 22/05/2007 
>> 15:49

More information about the dhcp-users mailing list