Designlet: Azure VMware Solution DHCP and DNS Configuration Options

Introduction

Workloads running in an Azure VMware Solution private cloud require DNS and DHCP services for name resolution and automatic IP address assignment. This Designlet addresses common approaches and related considerations for deploying these services.

Summary and Considerations

Pre-requisites

  • A deployed Azure VMware Solution private cloud
  • If extending services from on-premises infrastructure, connectivity between the on-premises data center and the AVS private cloud

General Considerations/Recommendations

  • No automatic name resolution or IP address configuration services are enabled for AVS-hosted VMs by default
  • AVS management components including vCenter and ESXi hosts are only able to resolve public name records by default
  • The DNS forwarder service is available for AVS private clouds created on or after July 1, 2021. For clouds created earlier, open a support request to configure this feature. 

Document Reference

Azure VMware Solution Documentation (Microsoft)

VMware NSX-T Documentation

Last Updated

August 2021

 

DHCP Options

No DHCP services are enabled by default during AVS private cloud provisioning. To provide these services, customers may configure the DHCP service built into NSX-T, extend existing on-premises DHCP infrastructure to the AVS private cloud, or deploy customer-managed local DHCP services within the private cloud.

The following sections describe considerations and configuration steps for these options.

Configure a DHCP server in NSX-T

A common approach is to leverage the DHCP service built into NSX-T. This requires only that you provide an IP address on a separate, non-overlapping network, and that you configure each new segment on which you want to provide DHCP addresses with a DHCP range. VMs deployed on these segments will be provided an IP address in that range, the default gateway defined at segment creation, and be configured to use the NSX-T DNS forwarder created at AVS private cloud provisioning.

Follow these steps to create an NSX-T DHCP server:

  1. Log into the Azure portal, and select the AVS private cloud object
  2. Select Workload Networking > DHCP
  3. Click Add
  4. Select the DHCP Server server type, provide a name, and provide an IP address and non-overlapping range in CIDR format. You may optionally set a custom lease time in seconds—the default value is 86400.
  5. Click OK. Provisioning will take a few moments to complete.
  6. Select Workload Networking > Segments
  7. To create a new DHCP-enabled segment, click Add. Provide a segment name, define a subnet by providing a gateway address and network in CIDR format, provide a range of DHCP address, and click OK.
  8. To add a DHCP range to an existing segment, click the three-dot control on the far-right side of the segment row, select Edit, add the range, and click Save.

VMs created on the segment should now receive IP addresses from the NSX-T DHCP server.

Deploy a local DHCP server in the AVS private cloud

If your organization has standardized on a non-NSX DHCP or IP Address Management platform, you may choose to deploy a local instance within the AVS private cloud rather than routing DHCP traffic over a connection back to an on-premises data center. This is supported in AVS. Refer to your platform documentation and install as if you were deploying to an on-premises vSphere environment.

After configuring your DHCP server, you will need to configure a DHCP relay service in NSX-T to make it available to VMs deployed onto NSX-T segments. This is described in the next section.

Configure a DHCP relay in NSX-T

A DHCP relay must be configured to support any non-NSX DHCP service. This could include a VM or appliance deployed within the AVS private cloud or existing on-premises infrastructure. Follow these steps to configure a DHCP relay:

  1. Log into the Azure portal, and select the AVS private cloud object
  2. Select Workload Networking -> DHCP
  3. Click Add
  4. Select the DHCP Relay server type, provide a name, and supply up to three DHCP IP addresses that correspond to existing external DHCP servers.
  5. Click OK. Provisioning will take a few moments to complete.
  6. Ensure DHCP scope on the external DHCP server has been created and activated for each NSX-T segment you wish to extend DHCP services to
  7. Return to the AVS private cloud object in the Azure portal, and select Workload Networking > Segments
  8. Click Add to create a new segment
  9. Provide a segment name, a subnet and gateway in CIDR notation that match an existing DHCP scope. Provide the range of IP addresses configured in the DHCP scope.
  10. Click OK

VMs created on the new segment should now receive IP addresses and any configured scope options from the DHCP server.

DNS Options

During AVS private cloud deployment, a DNS forwarder service and default forwarder zone are created in NSX-T. The default forwarder zone is configured to forward requests to Cloudflare DNS servers (1.1.1.1 and 1.0.0.1) for name resolution. If NSX-T is providing DHCP services, DHCP-enabled VMs will be configured to use the forwarder service for DNS resolution. If your VMs require the ability to resolve name records from private DNS zones, you can add up to five conditional forwarders to the NSX-T DNS Service.

You may choose to leverage external DNS servers or deploy local DNS servers in the AVS private cloud. The following sections describe considerations and configuration steps for these options.

Use external DNS servers

VMs deployed in your AVS private cloud can be configured to use existing DNS infrastructure for name resolution. This may be VMs or appliances deployed in the AVS private cloud, on-premises, in Azure IaaS, or the Azure DNS service.

For VMs with static network configurations, this is simply assigning the desired DNS servers in those configurations.

If non-NSX DHCP servers being used, add the desired DNS servers as scope options.

If NSX-T is providing DHCP services, add a forwarder zone for the DNS domain as described in the following section.

Add a forwarder zone to the NSX-T DNS service

Conditional forwarders can be added to the NSX-T DNS service to allow AVS-hosted VMs to resolve private DNS zones. To configure a forwarder zone, follow these steps:

  1. Log into the Azure portal, and select the AVS private cloud object
  2. Select Workload Networking > DNS
  3. On the DNZ zones tab, click Add
  4. Select FQDN zone, enter a name for the zone, enter the FQDN of the zone, and provide up to three DNS servers for the zone. Source IP can be left blank.
  5. Click OK. The provisioning operation will take a few moments to complete
  6. From the Workload Networking > DNS panel, click the DNS service tab
  7. Click Edit
  8. Click the dropdown under FQDN zones (up to 5) and check the box next to the freshly created FQDN zone.
  9. Click OK. The operation will take a few minutes to complete.

 

Authors and Contributors

  • Steve Pantol, Senior Technical Marketing Architect, Cloud Services, VMware

 

 

 

Filter Tags

General Management Azure Services Azure VMware Solution Document Technical Guide Intermediate Design