The Nile Access Service provides a comprehensive DHCP solution to ensure seamless IP address assignment and network connectivity for devices across your campus environment. This document explores the various integration options and configuration details for the Nile DHCP service.

The Nile Access Service offers a fully managed DHCP service, leveraging the same cloud-native architecture that powers the overall connectivity platform. This DHCP service can be configured to operate in the following modes:

Regardless of the DHCP mode, the Nile Access Service ensures that IP address assignment is tightly integrated with the overall network segmentation and access control policies, providing a unified and secure connectivity experience.

If you prefer to use your organization's existing DHCP infrastructure, the Nile Access Service can seamlessly integrate with your external DHCP servers. This integration allows you to maintain control and visibility over the DHCP service while benefiting from the Nile Access Service's comprehensive network management capabilities.

Traditionally, customers are familiar with an integrated DHCP server within a firewall, such as Palo Alto or Fortinet. In these deployments, the DHCP server operates in Layer 2 mode, listening on all configured VLANs. The firewall is connected to the wireless controller, access point, or switch using a trunk port, allowing DHCP broadcast packets to reach the firewall.

However, the Nile Access Service operates at Layer 3. Unlike the traditional approach, Nile does not send any DHCP broadcast packets to the upstream router or firewall. Instead, Nile acts as an IP helper, sending an L3 DHCP packet directly to the DHCP server.

The key differences in Nile's DHCP integration approach are:

This integration approach means that the DHCP traffic must be routed via the router or firewall to reach the DHCP server. As a result, customers must ensure that the necessary firewall rules are in place, allowing UDP ports 67 and 68 between the Nile default gateway IP addresses and the DHCP server.

By leveraging this Layer 3 DHCP integration, the Nile Access Service ensures that IP address assignment is tightly integrated with the overall network segmentation and access control policies, providing a unified and secure connectivity experience.

To configure the integration with external DHCP servers, follow these steps:

The Nile DHCP service supports two redundancy options to ensure high availability and seamless failover:

Option 1: VIP (Virtual IP) Configuration If the customer configures multiple DHCP servers with a shared Virtual IP (VIP), they only need to provide the VIP address as the "Host 1" configuration in the Nile Customer Portal. Nile will then send all DHCP requests to the VIP, and the underlying DHCP server cluster will handle the redundancy and load balancing.

Option 2: Load-Balanced DHCP Server Cluster Customers can configure multiple DHCP servers as "Host 1", "Host 2", and "Host 3" in the Nile Customer Portal. In this scenario, the DHCP servers should be set up in a clustered configuration with load balancing.

When a DHCP request is received, Nile will send the request to all three configured DHCP servers. The first server to respond with a DHCP offer will have its IP address assigned to the requesting client. The responses from the other two servers will be ignored.

In both redundancy options, the customer is responsible for configuring the redundancy and high availability on the DHCP server side. Nile will simply send the DHCP requests to the configured servers and use the first valid response received.

This flexible approach allows customers to leverage their existing DHCP infrastructure and deployment models while benefiting from the simplicity and cloud-managed nature of the Nile Managed DHCP service.