DHCP server in Azure

There is a mythology in the cloud world, particularly in Azure, adding a DHCP server will open the seventh door of Hell. The VM will be deleted, it will disturb VMs in your VNET, break Azure…
Let's see what the reality behind and when and how you can use a DHCP server in Azure.

You can safely install a DHCP service in your Azure VM. But, if you intend to provide IP configuration for your VMs, it will not work.

To understand we need to remember how Network works in Azure. Azure Network is based on Hyper-V network virtualization, VXLAN. In this model, a network packet leaving the operating system of the VM is encapsulated in the virtual network interface and sent directly to its destination.
Let’s look at what happens when an Azure VM requests an IP configuration. All Azure VMs are configured to use DHCP. The Operating system will send a DHCP discovery message. This is a broadcast message, using UDP. The virtual network interface will intercept the message and the network virtualization system will take care of the configuration using the configuration of the subnet.

A DHCP server in the same Subnet or the same VNET could not answer to any other VM on the same Subnet or VNET, broadcast messages are not transmitted in Azure Virtual Network.
Using a DHCP service on a VM to serve other VMs on the same network is useless. VMs will always get the VNET configuration, and no discovery can be made to the DHCP server. This scenario is ineffective.

But there is a scenario where having a DHCP server in Azure makes sense. It is when you use a Hybrid Network using Express Route, Site-to-Site VPN, or SD-Wan.
In this situation, you may want to have a DHCP in Azure not to serve VMs in your Azure VNETs, it will not work, but your clients on-premises connect to Azure. For this, you will need a DHCP relay agent.
A DHCP relay agent is a service listing to broadcast messages on its local network and retransmit the request to a DHCP server using a unicast message. Unicast is allowed in Azure networking, so a DHCP server in Azure can deliver an IP configuration to a client outside Azure. This is the support scenario where you can use a DHCP server in Azure.
But, until recently, there was a historical limitation on DHCP traffic in Azure, a rate limit on unicast packet to UDP 67. But not anymore, so you can deploy A DHCP server without restriction.