Nile DHCP Integration

overview the nile access service provides a comprehensive dhcp solution to ensure seamless ip address assignment and network connectivity across campus environments this document explains the integration options and configuration details for the nile dhcp service nile dhcp service overview the nile access service includes a fully managed dhcp service built on the same cloud native architecture that powers the overall platform the service can operate in two modes nile managed dhcp nile provisions and manages dhcp, including ip address assignment and lease management best suited for organizations that lack an existing dhcp infrastructure or prefer a fully managed solution integration with external dhcp servers nile integrates seamlessly with existing customer dhcp servers this option provides compatibility with existing infrastructure while allowing customers to maintain control and visibility regardless of mode, the nile dhcp service integrates tightly with network segmentation and access control policies, ensuring a secure and unified connectivity experience integrating with external dhcp servers if you prefer to use your organization’s dhcp infrastructure, the nile access service integrates directly with external servers this allows continued control while benefiting from nile’s centralized management understanding nile’s dhcp integration approach traditionally, dhcp servers are integrated into firewalls such as palo alto or fortinet these servers operate at layer 2, listening for dhcp broadcasts across vlans dhcp broadcast packets travel to the firewall over trunk ports connected to controllers, switches, or access points nile operates differently the nile access service is layer 3 based and does not forward dhcp broadcasts upstream instead, nile functions as an ip helper by generating a layer 3 dhcp packet and forwarding it directly to the dhcp server key differences in nile’s approach packet origination the dhcp request originates from the subnet assigned to the device the source ip is the subnet’s default gateway provided by nile default gateway configuration for example, if you configure three user subnets (192 168 1 0/24, 192 168 2 0/24, 192 168 3 0/24), nile assigns default gateways 192 168 1 1, 192 168 2 1, and 192 168 3 1 when a device connects, nile originates the dhcp helper request from the appropriate default gateway because of this architecture, dhcp traffic must be routed through the customer’s firewall or router to reach the dhcp server customers must ensure that firewall rules allow udp ports 67 and 68 between the nile default gateway ips and the dhcp servers this integration ensures that dhcp assignment is consistent with nile’s segmentation and access control policies configuring external dhcp integration to configure external dhcp server integration configure external server details in nile in the nile customer portal, go to network setup > dhcp select add dhcp server choose external dhcp and enter the server name, ip address, and geographical scope ensure that the dhcp server and upstream firewalls respond to requests from the nile service block (nsb) associate dhcp server with a network segment in network setup > segments , select the segment to configure under the service area tab, select the external dhcp server created in step 1 save the configuration to complete integration dhcp server redundancy the nile dhcp service supports two redundancy models to ensure availability and failover option 1 virtual ip (vip) configuration customers provide the shared vip address in the nile portal nile sends dhcp requests to the vip the cluster of dhcp servers behind the vip manages load balancing and redundancy option 2 load balanced dhcp server cluster customers configure up to three servers (host 1, host 2, host 3) the servers must be set up in a load balanced cluster when a request is sent, all servers receive it the first valid response is used, and others are discarded in both models, customers are responsible for configuring redundancy and high availability on the dhcp server side nile forwards requests to the configured servers and relies on the first valid response summary the nile dhcp service provides flexible options, from fully managed dhcp to seamless integration with customer owned servers its layer 3 approach ensures dhcp functions align with segmentation and zero trust policies, while redundancy options provide resilience this combination allows organizations to benefit from nile’s cloud managed simplicity while preserving their preferred dhcp deployment model