Page tree

Contents

You can configure general DHCP service properties and change some default values. The following sections describe the DHCP service properties that you can configure:

Configuring Automated Scope Management

BloxOne DDI provides global parameters that can assist you in streamlining the management of your IP scopes and networks. Based on the configuration of these parameters, BloxOne DDI analyzes the data and provides suggestions on how you can scale your subnets in advance. You can preview these suggestions and decide whether you want to accept, decline, or modify them. For example, if the threshold parameter is set at 90%, address space increase at 20%, and unused IPs at 10%, it means that BloxOne DDI will suggest how you can expand the affected subnet by 20% and retain 10% of unused addresses outside of DHCP when the subnet usage reaches or exceeds the threshold of 90%. For information about how to review the suggested options and take actions, see Resizing DHCP Scopes. In addition, you can enable notifications, so the Cloud Service Portal can display an alert icon next to the respective subnets and their ancestors (such as the IP spaces and address blocks) when the network usage reaches or exceeds the configured threshold.

In this release, BloxOne DDI provides the following suggestions on how you can manage your subnets:

  • Expand or create a DHCP address range.
  • Expand a subnet one bit at a time by expanding an existing range.
  • Suppress notifications based on your business needs.

Note

When you expand or update a subnet, you must adjust your routing configuration. In addition, there is no support for shared or overlapping subnets in the suggested options.

To configure global parameters that BloxOne DDI uses to project suggestions, complete the following:

  1. From the Cloud Services Portal, click Manage -> IPAM/DHCP -> Global DHCP Configuration.

  2. On the Global DHCP Configuration page, expand Automated Scope Management, and complete the following:

    • Enable Automated Scope Management: Select this check box to configure parameters that BloxOne DDI uses to analyze your network usage and provide suggestions about your address scope management.

    • Enable Notifications: Select this check box so the Cloud Services Portal can display an alert icon  next to the subnets when they require attention based on the parameters you have configured. You can disable notifications so the alert icon will not show up even when attention is required. You can also turn off notifications temporarily and re-enable it for a later date by selecting a date in the Re-enable Notifications field.

    • Trend Line Threshold: This field displays the current threshold for subnet usage. The default is 90%. You can change the default value by entering a different percentage.

      Note

      BloxOne DDI validates the threshold four times a day. When the subnet usage reaches or exceeds the threshold at the time when BloxOne DDI performs the validation, the portal displays the alert icon  next to the respective subnet. The portal removes the icon if the usage falls below the threshold during the next validation time.

    • Increase DHCP Range Address Space: This field shows the percentage or the number of addresses a subnet will expand when its usage reaches or exceeds the threshold. The default is 20%. You can override the default by setting a specific percentage or a number of addresses for the expansion. If you are configuring this at the global or IP space level, using a percentage is more effective. For a specific subnet, however, you can select a specific number of addresses you want to add. Ensure that you select the corresponding unit from the drop-down menu while entering the value.
    • Unused IP Reservation: This is the number of unused IP addresses that you want to retain within the subnet and are not associated with any DHCP usage (such as ranges, fixed addresses, and others). The default is 10%. When you override the default, ensure that you take into consideration the parameter for the DHCP range increase so the numbers align properly for your subnets.

      Note

      BloxOne DDI validates the parameters four times a day. When any of these parameters create concerns for any of the subnets, the portal displays the alert icon next to the respective subnets, so you can preview the suggested options for expanding your subnets. For more information, see Resizing DHCP Scopes.

  3. Click Save & Close to save the configuration or click Cancel to exit.

Defining Lease Times

A DHCP lease time specifies the amount of time that the DHCP server grants to a network device the permission to use a particular IP address. There are a number of factors to consider when setting the lease time for IP addresses, such as the types of resources and clients on the network, and impact to traffic and performance.

You can set parameters to control how the DHCP server responds to lease requests for clients and hardware. When you choose to deny the lease requests, the application does not assign IP addresses to the clients and hardware that are defined in the list. You can also configure the DHCP server to assign or deny IP addresses to unknown DHCP clients. Unknown clients include clients that are not roaming hosts and clients that do not have fixed addresses or DHCP host entries.

Hosts are authoritative for their lease data. The BloxOne DDI appliance periodically saves the changes to the leases in the cloud. The application does not support lease history and only current leases are available.

To control how the application assigns leases to client requests:

  1. From the Cloud Services Portal, click Manage -> IPAM/DHCP -> Global DHCP Configuration.

  2. On the Global DHCP Configuration page, click Leases and enter the following details:

    • Lease Time: Enter the lease time and select the time unit from the drop-down list.

    • Allow Leases for Unknown Clients: Select this check box to assign IP addresses to unknown DHCP clients. Unknown DHCP clients include clients that are not roaming hosts and clients that do not have fixed addresses or DHCP host entries. Clear the check box to deny IP addresses to unknown DHCP clients.

    • IGNORE LEASE REQUESTS FROM: Click Add to add DHCP clients or hardware whose lease request must be denied. To delete an entry, select the respective check box and click Remove.

  3. Click Save & Close to save the details or click Cancel to exit.

Configuring DHCP Options

DHCP options provide specific configuration and service information to DHCP clients. These options appear as variable-length fields at the end of the DHCP messages that DHCP servers and clients exchange. For example, DHCP option 3 is used to list the available routers in the network of the client and option 6 is used to list the available DNS servers.

To configure DHCP options:

  1. From the Cloud Services Portal, click Manage -> IPAM/DHCP -> Global DHCP Configuration.

  2. On the Global DHCP Configuration page, click DHCP Options and click Add to add a DHCP option space or an option group to the list or click Remove to delete the entry:

    • Type: Select Option or Option Group based on what you want to add to the list.
    • Space: Select a value from the drop-down list. The list displays either option spaces or option groups that are configured based on the Type you select.

    • Name: Select a value from the drop-down list. The list displays names of the option spaces or option groups based on the Space you select.

    • Option Type: Displays the option type.

    • Value: Enter the match value that you want the option code to use for the selected DHCP option. To add more options to the filter, click Add and repeat the steps.

  3. Click Save & Close to save the details or click Cancel to exit.

Sharing DHCP Fingerprint Rules with Infoblox

When you define DHCP fingerprints, you can choose to share your fingerprint rules with Infoblox or not. When you share your fingerprint rules, Infoblox can further analyze the information and re-publish it in the pre-defined list for future releases. This help enhances the pre-defined list and make it more comprehensive. Your fingerprint rules are shared with Infoblox by default.

To share your DHCP fingerpint rules with Infoblox:

  1. From the Cloud Services Portal, click Manage -> IPAM/DHCP -> Global DHCP Configuration.

  2. On the Global DHCP Configuration page, click DHCP Fingerprint Rules, and complete the folloiwng:

    • Share fingerprint with Infoblox: When this checkbox is selected, your DHCP fingerprint rules are shared with Infoblox. This checkbox is selected by default. Deselect this checkbox is you do not want to share your fingerprint rules.

Enabling DDNS for IPv4 Clients

You can enable the DHCP server to send DDNS updates for IPv4 clients at the DHCP global and DHCP DHCP server levels.

You can specify a different domain name that the application uses specifically for DDNS updates. It combines the hostname from the client and the domain name you specify to create the FQDN that it uses to update DNS. For IPv4 clients, you can specify the DDNS domain name at the DHCP global and server levels.

Sending Updates for Zones on an External Name Server

The DHCP server can send dynamic updates to an external primary server that you specify. For each IP space, you can specify the zone to be updated and the IP address of the primary server for that zone. You can add information for a forward and reverse zone. The DHCP server updates the A record in the forward zone and the PTR record in the reverse zone.

You can also use keys to secure communications between the servers. Both the DHCP server sending the update and the DNS server receiving it must share the same secret key.

About the Client FQDN Option

When an IPv4 DHCP client sends DHCP DISCOVER and DHCP REQUEST messages, it can include option 81, the Client FQDN option.The Client FQDN option contains the FQDN (fully qualified domain name) of the client and instructions on whether the client or the server performs DDNS updates. You can configure the application to replace the FQDN in the option by defining a hostname rewrite policy. For information about adding and enabling a hostname rewrite policy, see Replacing Host Names for DDNS Updates.

The DHCP server can support option 81 for IPv4 clients, and use the FQDN that the client provides for the update. It can also allow or deny the client’s request to update DNS, according to the administrative policies of your organization. The DHCP server indicates its response in the DHCP OFFER message it sends back to an IPv4 client.

Sending Updates with the FQDN Option Enabled

When you enable the DHCP server to support the FQDN option, it uses the information provided by the IPv4 client to update DNS as follows:

  • When an IPv4 DHCP client sends a DHCP request with the FQDN option, it can include either its FQDN or only its host name.

    • If the request includes the FQDN, the DHCP server uses this FQDN to update DNS. You can specify a list of forward-mapping zones to be updated for IPv4 clients using the FQDN option.
    • If the request includes the host name, the DHCP server provides the domain name. It combines the host name of the client and the domain name to create an FQDN for the client. It then updates DNS with the FQDN it created.  
  • When a DHCP client does not send a host name, the DHCP server provides a lease but does not update DNS.

  • If multiple DHCP clients specify the same FQDN or host name, the DHCP server allocates leases to the clients, but updates DNS only for the client that first sent the request. When it tries to update DNS for the succeeding clients, the update fails.

Sending Updates from DHCP Clients or a DHCP Server

When you enable the DHCP server to support the FQDN option, you must decide if you want the DHCP server to allow clients to update DNS. If you allow the client to update DNS, then the client updates its A record only. The DHCP server always updates the PTR record. You can configure the DHCP server as follows:

  • The DHCP server can allow clients to update DNS when they send the request in the FQDN option. This is useful for small sites where security is not an issue or in sites where clients move from one administrative domain to another and want to maintain the same FQDN regardless of administrative domain.

If you configure the DHCP server to allow clients to perform DDNS updates, you must also configure the DNS server to accept these updates from clients. Note that multiple clients can use the same name, resulting in multiple PTR records for one client name.

When a lease expires, the DHCP server does not delete the A record, if it was added by the client.

  • The DHCP server can refuse the DHCP client’s request to update DNS and always perform the updates itself. When the DHCP server updates DNS, it uses the FQDN provided by the DHCP client. Select this option if your organization requires tighter control over your network and does not allow clients to update their own records.

If you do not enable support for the FQDN option and a client includes it in a DHCP request with its FQDN, the DHCP server does not use the FQDN of the client. Instead, it creates the FQDN by combining the host name from the client with the domain name specified.

Generating Host Names for DDNS Updates

Some IPv4 clients do not send a host name with their DHCP requests. When the DHCP server receives such a request, its default behavior is to provide a lease but not update DNS. You can configure the DHCP server to generate a host name and update DNS with this host name when it receives a DHCP request that does not include a host name. It generates a name in the following format: dhcp-ip_address, where ip_address is the IP address of the lease. For example, if this feature is enabled and the DHCP server receives a DHCP REQUEST from an IPv4 DHCP client with IP address 10.1.1.1 and no host name, the DHCP server generates the name dhcp-10-1-1-1 and appends the domain name, if specified, for the DDNS update.

Replacing Host Names for DDNS Updates

In situations where you need to restrict the use of specific characters in a host name for DDNS updates, you can configure a hostname rewrite policy. Such policy accepts certain characters and replaces others in host names specified in IPv4 DHCP requests. When you create a hostname rewrite policy, you enter a regular expression matching invalid characters that the application replaces in the host name. You also specify a character that the application uses to replace invalid characters.

When you enable a hostname rewrite policy, the application replaces host names with the newly translated host name when it issues DHCP leases and sends DDNS updates for IPv4 DHCP clients. Before you enable a hostname rewrite policy, consider the following:

  • You must enable DDNS updates before the hostname rewrite policy can take effect.

  • The policy supports only IPv4 DHCP clients.

  • If DHCP option 81 support is enabled and updating DDNS is in the request, the application sends updates for A records directly to the DNS server and DHCP only updates the PTR record. When this happens, there can be a mismatch in the host name between the A and PTR records.

  • Changes made to a hostname rewrite policy apply only to subsequent DDNS updates.

When an IPv4 DHCP client requests an IP address, it includes its host name in DHCP option 12. If you enable a hostname rewrite policy, the application uses the newly translated host name when it issues a lease to the client.

The client can also include a FQDN in option 81, in which it instructs the server whether to perform DDNS updates. If the client sends a FQDN in option 81, the application replaces the entire FQDN based on the policy. For example, if the FQDN in option 81 is dev.bldg12.corpxyz.com, the application replaces invalid characters in the entire FQDN even though the host name can be dev or dev.bldg12. For example, if your hostname rewrite policy specifies valid characters as a-z and the replacement character is -, the newly translated FQDN is dev.bldg--.corpxyz.com. For information about client FQDN in option 81, see About the Client FQDN Option.

Note that when multiple IPv4 DHCP clients specify host names that map to the same translated host name, the application allocates leases to all clients, but it only sends DDNS updates to the first client request. When it tries to update DNS for subsequent clients, the updates fail. You can override this policy at the DNS server level.

To enable DDNS:

  1. From the Cloud Services Portal, click Manage -> IPAM/DHCP -> Global DHCP Configuration.

  2. On the Global DHCP Configuration page, click DDNS and complete the following:

    • Enable DDNS Updates: Select this check box to enable DDNS updates.

    • DDNS Domain Name: Specify the domain name of the network that the application uses to update DNS. For IPv4 clients, you can specify this at the DHCP global and DHCP server levels.

    • DDNS ZONES: Click Add to add DDNS zones, or Edit to modify, or click Remove to delete the associated DDNS zone.

      • Zone: Enter the FQDN of a valid forward-mapping or reverse-mapping zone to which the DHCP server sends the updates.  
      • DNS Server: Enter the IP address of the external primary server for that zone.
      • Use TSIGSelect this check box to use the standards-based TSIG key that uses the one-way hash function to secure transfers between name servers. For details, see RFC 1321, The MD5 Message-Digest Algorithm, RFC 2104, HMAC: Keyed-Hashing for Message Authentication, and RFC 4231, HMAC-SHA Identifiers, and Test Vectors.
        • Key Name: Type or paste the name of the key you want to use. The key name entered here must match the key name on the external name server.
        • AlgorithmSelect one of the following: HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512.
        • Key ValueType or paste a previously generated key. This key must also be present on the external primary server. You can generate a key, or obtain the key name and key from the external DNS server, by accessing the server yourself or by requesting the server administrator to deliver them to you through some out-of-band mechanism. Type or copy-and-paste the name and key into the appropriate fields.

    Click Add to associate the DDNS zone or click Cancel to exit. Reorder the columns by clicking the up and down arrows. The details you specify are displayed in the table.

    • Generate hostname if not sent by client: Select this check box to enable the DHCP server to generate a hostname and update DNS with this hostname, when the DHCP request of a client does not include a hostname. For more information, see Generating Host Names for DDNS Updates.
    • OPTION 81 SUPPORT
      • DHCP server updates DNS if requested by client: Select this option to allow the DHCP server to update DNS only when requested by DHCP clients.
      • DHCP server updates DNS unless the client specified otherwise: Select this option to allow the DHCP server to update DNS until the DHCP client stops lease request.
      • DHCP server updates DNS regardless of client preference: Select this option to allow the DHCP server to update DNS, regardless of the requests from DHCP clients.
    • HOSTNAME REWRITE POLICY
      • Enable hostname rewrite policy: Select this check box to use a hostname rewrite policy for DHCP leases and DDNS updates for IPv4 DHCP clients. From the drop-down list, select the hostname policy you want to use.
      • Invalid Characters: Enter a list of invalid characters that must be replaced in the host name. Ensure that you consider the following rules:

        • You can include only printable ASCII characters, including space.

        • BloxOne DDI includes period (.) as a valid character for label separators by default.

        • You can also use shortcuts for a series or range of characters. For example, when you enter a-d, the application includes the following: A, B, C, D, a, b, c, and d. When you enter 0-5, the application includes the following: 0, 1, 2, 3, 4, and 5. In a character range, ensure that the start character is less than the end character.

        • If you want to use dash (-) as a character, ensure that you put it in front of the valid character pattern. Otherwise, the application treats the string as a range of characters.

        • You can build a POSIX regular expression based on the string you enter here, but you cannot enter an empty string.

        • You cannot use the meta character (^) as a start or end character in a range. For example, a-^ is invalid. You also cannot use duplicate characters as character sets. For example, aa is invalid.


    Note

    BloxOne DDI supports POSIX regex bracket expressions. For more information, refer to http://pubs.opengroup.org/onlinepubs/9699919799/.  


      • Replace Invalid Characters with: Enter a character BloxOne DDI uses to replace invalid characters. Only enter one printable ASCII character. You can specify only a single replacement character.
  3. Click Save & Close to save the details or click Cancel to exit.

Configuring DHCP Filters

To control how BloxOne DDI allocates IPv4 addresses, you can define DHCP filters and apply them to DHCP global configuration, DHCP servers, IP spaces, address blocks, subnets and address ranges. Depending on your configuration, DHCP filters screen requesting clients by matching hardware names or DHCP options you define in the filters.

When you define DHCP filters, you classify DHCP clients based on the information provided by the clients. When you apply filters to an address range, the application responds to your address requests based on your configuration. The application also decides which DHCP options to return to the matching clients based on how you apply the filters.  

You can use filters to control address allocation based on your network requirements. For example, you can use DHCP filters to screen unmanaged hosts on a network by denying their address and option requests. If you have multiple address ranges on the same network and you want to assign IP addresses from specific address ranges to specific clients, you can use filters to screen the address assignments.  

To configure DHCP filters:

  1. From the Cloud Services Portal, click Manage -> IPAM/DHCP -> Global DHCP Configuration.
  2. On the Global DHCP Configuration page, click Filters -> Add to add a DHCP filter to the list or click Remove to delete the entry:
    • Filter Name: Select a value from the drop-down list. Select Hardware Name to select hardware filters or MAC addresses and Option Name to define option filters.  
    • Filter Type: Displays the filter type based on the filter name you select.
  3. Click Save & Close to save the details or click Cancel to exit.


  • No labels

This page has no comments.