Nile DHCP Integration

overview the nile access service provides a comprehensive dhcp solution to ensure seamless ip address assignment and network connectivity for devices across your campus environment this document explores the various integration options and configuration details for the nile dhcp service nile dhcp service overview the nile access service offers a fully managed dhcp service, leveraging the same cloud native architecture that powers the overall connectivity platform this dhcp service can be configured to operate in the following modes nile managed dhcp nile provisions and manages the dhcp service, handling ip address assignment and lease management this option is ideal for organizations that do not have an existing dhcp infrastructure or prefer a fully outsourced dhcp solution integration with external dhcp servers the nile access service can seamlessly integrate with your organization's existing dhcp servers, ensuring compatibility with your current network infrastructure this integration allows you to maintain control and visibility over the dhcp service while benefiting from the nile access service's comprehensive network management capabilities regardless of the dhcp mode, the nile access service ensures that ip address assignment is tightly integrated with the overall network segmentation and access control policies, providing a unified and secure connectivity experience integrating with external dhcp servers if you prefer to use your organization's existing dhcp infrastructure, the nile access service can seamlessly integrate with your external dhcp servers this integration allows you to maintain control and visibility over the dhcp service while benefiting from the nile access service's comprehensive network management capabilities understanding nile's dhcp integration approach traditionally, customers are familiar with an integrated dhcp server within a firewall, such as palo alto or fortinet in these deployments, the dhcp server operates in layer 2 mode, listening on all configured vlans the firewall is connected to the wireless controller, access point, or switch using a trunk port, allowing dhcp broadcast packets to reach the firewall however, the nile access service operates at layer 3 unlike the traditional approach, nile does not send any dhcp broadcast packets to the upstream router or firewall instead, nile acts as an ip helper, sending an l3 dhcp packet directly to the dhcp server the key differences in nile's dhcp integration approach are packet origination the dhcp packet originates from the subnet that the device should belong to the source ip address of the packet is the default gateway of the client, which is assigned by nile default gateway configuration for example, if you have three user subnets (192 168 1 0/24, 192 168 2 0/24, and 192 168 3 0/24), nile will have ip addresses 192 168 1 1, 192 168 2 1, and 192 168 3 1 configured as the default gateways when a user connects to an ssid, nile checks the appropriate subnet and originates the ip helper request from the corresponding default gateway ip address this integration approach means that the dhcp traffic must be routed via the router or firewall to reach the dhcp server as a result, customers must ensure that the necessary firewall rules are in place, allowing udp ports 67 and 68 between the nile default gateway ip addresses and the dhcp server by leveraging this layer 3 dhcp integration, the nile access service ensures that ip address assignment is tightly integrated with the overall network segmentation and access control policies, providing a unified and secure connectivity experience configuring external dhcp server integration to configure the integration with external dhcp servers, follow these steps configure external dhcp server details in nile in the "network setup" > "dhcp" section of the nile customer portal, click the "add dhcp server" button select the "external dhcp" option and provide the necessary details, such as the server name, ip address(es), and geographical scope ensure that the dhcp server and any upstream firewalls are configured to respond to dhcp requests from the nile service block (nsb) devices associate external dhcp servers with network segments in the "network setup" > "segments" section, edit the segment you want to configure for external dhcp integration under the "service area" tab, select the external dhcp server you configured in the previous step save the segment configuration to enable the integration with your organization's dhcp service dhcp server redundancy the nile dhcp service supports two redundancy options to ensure high availability and seamless failover option 1 vip (virtual ip) configuration if the customer configures multiple dhcp servers with a shared virtual ip (vip), they only need to provide the vip address as the "host 1" configuration in the nile customer portal nile will then send all dhcp requests to the vip, and the underlying dhcp server cluster will handle the redundancy and load balancing option 2 load balanced dhcp server cluster customers can configure multiple dhcp servers as "host 1", "host 2", and "host 3" in the nile customer portal in this scenario, the dhcp servers should be set up in a clustered configuration with load balancing when a dhcp request is received, nile will send the request to all three configured dhcp servers the first server to respond with a dhcp offer will have its ip address assigned to the requesting client the responses from the other two servers will be ignored in both redundancy options, the customer is responsible for configuring the redundancy and high availability on the dhcp server side nile will simply send the dhcp requests to the configured servers and use the first valid response received this flexible approach allows customers to leverage their existing dhcp infrastructure and deployment models while benefiting from the simplicity and cloud managed nature of the nile managed dhcp service