Azure VMware Solutions: DHCP on L2 Stretch w/ HCX

Published 04-06-2020 03:14 PM 1,737 Views
 

Challenge

By default ​​​​​​​DHCP will not work for VMs on the HCX L2 stretch network in Azure VMware Solutions when the DHCP server lives in the organization's on-premises datacenter.  This is because NSX by default will block all DHCP requests from traversing the L2 stretch.  But not to worry, there is a very simple solution.
 

Step 1: Get Destination Network Name

Go to you source vCenter (typically on-prem) and find the network extension which needs to support DHCP requests from AVS to On-Prem.  Take note of the destination network name.

 

step1.jfif

 

Step 2: Create a Segment Security Profile

Log into the NSX Manager in AVS.  Navigate to Networking, Segments, Segment Profiles and then Add Segment Profile.  You will need to choose the Segment Security profile.

 

step2.jpg

Step 3: Configure the Segment Security Profile (Part 1)

Assign a name and a tag to the profile, then make all the toggles look exactly as shown in this picture.

 step3.jpg

 Step 4: Configure the Segment Security Profile (Part 2)

In this step you are going to need to remove all the MAC addresses (if any) which are listed in the BPDU Filter Allow List.  After removing, your screen should look exactly as it does in this picture.
 
step4.jpg

Step 5: Edit the Network Segment  

Go back to the Networking Tab, choose Segments on the left column, Segments, then in the search area on the right enter the name of the network (from step 1).  The search should then find the network, when it goes edit the segment by choosing the 3 button icon and choose Edit.
 

step5.jpg

Step 6: Change the Segment Security

Change the Segment Security option from whatever it is currently to the item you created in step 3b.  Save the configuration. 
 

step6.jpg

 

Conclusion

That's it, by modifying the AVS NSX configuration, DHCP requests will now be sent from the VM in AVS on the L2 stretch back to on-prem DHCP server.  
%3CLINGO-SUB%20id%3D%22lingo-sub-1286589%22%20slang%3D%22en-US%22%3EAzure%20VMware%20Solutions%3A%20DHCP%20on%20L2%20Stretch%20w%2F%20HCX%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1286589%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22CanvasZoneContainer%20CanvasZoneContainer--hintUpdate%20CanvasZoneContainerEmphasis%20root-177%20CanvasZoneContainer--read%22%20data-negative-space%3D%22true%22%3E%0A%3CDIV%20class%3D%22CanvasZone%20row%20CanvasZone--alignment%20CanvasZone--noMargin%20CanvasZone%20CanvasZone--read%22%20data-automation-id%3D%22CanvasZone%22%20data-drag-tag%3D%22CanvasZone%22%20data-drag-hidden-extra-elements%3D%22true%22%20data-negative-space%3D%22true%22%20data-sp-a11y-id%3D%22CanvasZone_1%22%3E%0A%3CDIV%20class%3D%22CanvasSection%20CanvasSection-col%20CanvasSection-sm12%20CanvasSection-xl12%20CanvasSection--read%22%20data-automation-id%3D%22CanvasSection%22%20data-drag-tag%3D%22CanvasSection%22%20data-negative-space%3D%22true%22%3E%0A%3CDIV%20class%3D%22ControlZone%20ControlZone--emphasis%20root-178%20ControlZone--clean%22%20data-automation-id%3D%22ControlZone%22%20data-drag-tag%3D%22ControlZone%22%20data-drag-disallowed-tag%3D%22CanvasFullWidth%22%20data-drag-hidden-extra-elements%3D%22true%22%20data-sp-a11y-id%3D%22ControlZone_c1cddc67-e2cb-4fb0-9baa-e27ac088e688%22%3E%0A%3CDIV%20class%3D%22ControlZone-control%22%20data-sp-a11y-checker-user-controllable%3D%22true%22%3E%0A%3CDIV%20class%3D%22rte-webpart%20rte-margin-fix%22%20data-sp-feature-tag%3D%22Rich%20Text%20Editor%22%20data-sp-feature-instance-id%3D%22c1cddc67-e2cb-4fb0-9baa-e27ac088e688%22%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3CDIV%20class%3D%22CanvasZoneContainer%20CanvasZoneContainer--hintUpdate%20CanvasZoneContainerEmphasis%20root-177%20CanvasZoneContainer--read%22%20data-negative-space%3D%22true%22%3E%0A%3CDIV%20class%3D%22CanvasZone%20row%20CanvasZone--alignment%20CanvasZone--noMargin%20CanvasZone%20CanvasZone--read%22%20data-automation-id%3D%22CanvasZone%22%20data-drag-tag%3D%22CanvasZone%22%20data-drag-hidden-extra-elements%3D%22true%22%20data-negative-space%3D%22true%22%20data-sp-a11y-id%3D%22CanvasZone_2%22%3E%0A%3CDIV%20class%3D%22CanvasSection%20CanvasSection-col%20CanvasSection-sm12%20CanvasSection-xl12%20CanvasSection--read%22%20data-automation-id%3D%22CanvasSection%22%20data-drag-tag%3D%22CanvasSection%22%20data-negative-space%3D%22true%22%3E%0A%3CDIV%20class%3D%22ControlZone%20ControlZone--emphasis%20root-178%20ControlZone--clean%22%20data-automation-id%3D%22ControlZone%22%20data-drag-tag%3D%22ControlZone%22%20data-drag-disallowed-tag%3D%22CanvasFullWidth%22%20data-drag-hidden-extra-elements%3D%22true%22%20data-sp-a11y-id%3D%22ControlZone_98ff00c4-0509-4589-bb18-673368205648%22%3E%0A%3CDIV%20class%3D%22ControlZone--position%22%3E%0A%3CDIV%20class%3D%22ControlZone-control%22%20data-sp-a11y-checker-user-controllable%3D%22true%22%3E%0A%3CDIV%20class%3D%22rte-webpart%20rte-margin-fix%22%20data-sp-feature-tag%3D%22Rich%20Text%20Editor%22%20data-sp-feature-instance-id%3D%2298ff00c4-0509-4589-bb18-673368205648%22%3E%0A%3CH2%20id%3D%22toc-hId--1380264553%22%20id%3D%22toc-hId--1380265257%22%3EChallenge%3C%2FH2%3EBy%20default%20DHCP%20will%20not%20work%20for%20VMs%20on%20the%20HCX%20L2%20stretch%20network%20in%20Azure%20VMware%20Solutions%20when%20the%20DHCP%20server%20lives%20in%20the%20organization's%20on-premises%20datacenter.%26nbsp%3B%20This%20is%20because%20NSX%20by%20default%20will%20block%20all%20DHCP%20requests%20from%20traversing%20the%20L2%20stretch.%26nbsp%3B%20But%20not%20to%20worry%2C%20there%20is%20a%20very%20simple%20solution.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22rte-webpart%20rte-margin-fix%22%20data-sp-feature-tag%3D%22Rich%20Text%20Editor%22%20data-sp-feature-instance-id%3D%2298ff00c4-0509-4589-bb18-673368205648%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20class%3D%22rte-webpart%20rte-margin-fix%22%20data-sp-feature-tag%3D%22Rich%20Text%20Editor%22%20data-sp-feature-instance-id%3D%2298ff00c4-0509-4589-bb18-673368205648%22%3E%0A%3CH2%20id%3D%22toc-hId-1107248280%22%20id%3D%22toc-hId-1107247576%22%3EStep%201%3A%26nbsp%3BGet%20Destination%20Network%20Name%3C%2FH2%3E%0A%3CP%3EGo%20to%20you%20source%20vCenter%20(typically%20on-prem)%20and%20find%20the%20network%20extension%20which%20needs%20to%20support%20DHCP%20requests%20from%20AVS%20to%20On-Prem.%26nbsp%3B%20Take%20note%20of%20the%20destination%20network%20name.%3C%2FP%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22rte-webpart%20rte-margin-fix%22%20data-sp-feature-tag%3D%22Rich%20Text%20Editor%22%20data-sp-feature-instance-id%3D%2298ff00c4-0509-4589-bb18-673368205648%22%3E%0A%3CP%20class%3D%22cke_editable%20rte--read%20isFluentRTE%20cke_editableBulletCounterReset%20cke_editable%20rteEmphasis%20root-311%22%20data-automation-id%3D%22textBox%22%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22step1.jfif%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F182556iB9490045085C1719%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22step1.jfif%22%20alt%3D%22step1.jfif%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20class%3D%22cke_editable%20rte--read%20isFluentRTE%20cke_editableBulletCounterReset%20cke_editable%20rteEmphasis%20root-311%22%20data-automation-id%3D%22textBox%22%20id%3D%22toc-hId--700206183%22%20id%3D%22toc-hId--700206887%22%3E%3CSPAN%3EStep%202%3A%26nbsp%3B%3C%2FSPAN%3ECreate%20a%20Segment%20Security%20Profile%3C%2FH2%3E%0A%3CP%3E%3CSPAN%3ELog%20into%20the%20NSX%20Manager%20in%20AVS.%26nbsp%3B%20Navigate%20to%20Networking%2C%20Segments%2C%20Segment%20Profiles%20and%20then%20Add%20Segment%20Profile.%26nbsp%3B%20You%20will%20need%20to%20choose%20the%20Segment%20Security%20profile.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22step2.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F182559i7A2730C71C8DB0EB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22step2.jpg%22%20alt%3D%22step2.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20id%3D%22step-3a-configure-the-segment-security-profile%22%20id%3D%22toc-hId-1787306650%22%20id%3D%22toc-hId-1787305946%22%3EStep%203%3A%20Configure%20the%20Segment%20Security%20Profile%20(Part%201)%3C%2FH2%3E%3CSPAN%3EAssign%20a%20name%20and%20a%20tag%20to%20the%20profile%2C%20then%20make%20all%20the%20toggles%20look%20exactly%20as%20shown%20in%20this%20picture.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22rte-webpart%20rte-margin-fix%22%20data-sp-feature-tag%3D%22Rich%20Text%20Editor%22%20data-sp-feature-instance-id%3D%2298ff00c4-0509-4589-bb18-673368205648%22%3E%0A%3CP%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22step3.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F182562i33FDA2CF849DF18C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22step3.jpg%22%20alt%3D%22step3.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--20147813%22%20id%3D%22toc-hId--20148517%22%3E%26nbsp%3BStep%204%3A%20Configure%20the%20Segment%20Security%20Profile%20(Part%202)%3C%2FH2%3E%0A%3CDIV%20class%3D%22ControlZone%20ControlZone--emphasis%20root-178%20ControlZone--clean%22%20data-automation-id%3D%22ControlZone%22%20data-drag-tag%3D%22ControlZone%22%20data-drag-disallowed-tag%3D%22CanvasFullWidth%22%20data-drag-hidden-extra-elements%3D%22true%22%20data-sp-a11y-id%3D%22ControlZone_f53bb2b5-2bbb-4bdc-91b6-a3e7f3d22d77%22%3E%0A%3CDIV%20class%3D%22ControlZone--position%22%3E%0A%3CDIV%20class%3D%22ControlZone-control%22%20data-sp-a11y-checker-user-controllable%3D%22true%22%3E%0A%3CDIV%20class%3D%22rte-webpart%20rte-margin-fix%22%20data-sp-feature-tag%3D%22Rich%20Text%20Editor%22%20data-sp-feature-instance-id%3D%22f53bb2b5-2bbb-4bdc-91b6-a3e7f3d22d77%22%3E%0A%3CDIV%3E%0A%3CDIV%20class%3D%22cke_editable%20rte--read%20isFluentRTE%20cke_editableBulletCounterReset%20cke_editable%20rteEmphasis%20root-311%22%20data-automation-id%3D%22textBox%22%3EIn%20this%20step%20you%20are%20going%20to%20need%20to%20remove%20all%20the%20MAC%20addresses%20(if%20any)%20which%20are%20listed%20in%20the%20BPDU%20Filter%20Allow%20List.%26nbsp%3B%20After%20removing%2C%20your%20screen%20should%20look%20exactly%20as%20it%20does%20in%20this%20picture.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22cke_editable%20rte--read%20isFluentRTE%20cke_editableBulletCounterReset%20cke_editable%20rteEmphasis%20root-311%22%20data-automation-id%3D%22textBox%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20class%3D%22cke_editable%20rte--read%20isFluentRTE%20cke_editableBulletCounterReset%20cke_editable%20rteEmphasis%20root-311%22%20data-automation-id%3D%22textBox%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22step4.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F182590iD7CD46D248BAFB4D%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22step4.jpg%22%20alt%3D%22step4.jpg%22%20%2F%3E%3C%2FSPAN%3E%3CH2%20id%3D%22toc-hId--1827602276%22%20id%3D%22toc-hId--1827602980%22%3EStep%205%3A%20Edit%20the%20Network%20Segment%26nbsp%3B%26nbsp%3B%3CI%20class%3D%22anchorIcon_902ad777%20css-504%22%20aria-hidden%3D%22true%22%3E%3C%2FI%3E%3C%2FH2%3E%3CSPAN%3EGo%20back%20to%20the%20Networking%20Tab%2C%20choose%20Segments%20on%20the%20left%20column%2C%20Segments%2C%20then%20in%20the%20search%20area%20on%20the%20right%20enter%20the%20name%20of%20the%20network%20(from%20step%201).%26nbsp%3B%20The%20search%20should%20then%20find%20the%20network%2C%20when%20it%20goes%20edit%20the%20segment%20by%20choosing%20the%203%20button%20icon%20and%20choose%20Edit.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22cke_editable%20rte--read%20isFluentRTE%20cke_editableBulletCounterReset%20cke_editable%20rteEmphasis%20root-311%22%20data-automation-id%3D%22textBox%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20class%3D%22cke_editable%20rte--read%20isFluentRTE%20cke_editableBulletCounterReset%20cke_editable%20rteEmphasis%20root-311%22%20data-automation-id%3D%22textBox%22%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22step5.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F182592i2011F5A98495AE93%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22step5.jpg%22%20alt%3D%22step5.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-659910557%22%20id%3D%22toc-hId-659909853%22%3EStep%206%3A%20Change%20the%20Segment%20Security%3CI%20class%3D%22anchorIcon_902ad777%20css-504%22%20aria-hidden%3D%22true%22%3E%3C%2FI%3E%3C%2FH2%3E%3CSPAN%3EChange%20the%20Segment%20Security%20option%20from%20whatever%20it%20is%20currently%20to%20the%20item%20you%20created%20in%20step%203b.%26nbsp%3B%20Save%20the%20configuration.%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22cke_editable%20rte--read%20isFluentRTE%20cke_editableBulletCounterReset%20cke_editable%20rteEmphasis%20root-311%22%20data-automation-id%3D%22textBox%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3CH2%20id%3D%22toc-hId--1147543906%22%20id%3D%22toc-hId--1147544610%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22step6.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F182596iDD7815E924F8BD19%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22step6.jpg%22%20alt%3D%22step6.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1339968927%22%20id%3D%22toc-hId-1339968223%22%3EConclusion%3C%2FH2%3E%0A%3CDIV%3E%3CSPAN%3EThat's%20it%2C%20by%20modifying%20the%20AVS%20NSX%20configuration%2C%20DHCP%20requests%20will%20now%20be%20sent%20from%20the%20VM%20in%20AVS%20on%20the%20L2%20stretch%20back%20to%20on-prem%20DHCP%20server.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1286589%22%20slang%3D%22en-US%22%3E%3CP%3EL2%20extension%20from%20on-premises%20vSphere%20cluster%20to%20Azure%20VMware%20Solutions%20(AVS)%20with%20HCX%20enables%20so%20much%2C%20but%20don't%20migrate%20VMs%20without%20making%20these%20changes.%26nbsp%3B%20If%20you%20do%2C%20no%20more%20IP%20addresses%20for%20your%20VMs.%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Version history
Last update:
‎Jul 29 2020 09:11 AM