Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX/PTX] DHCP negotiation may fail when relay agents are part of a VRRP group

0

0

Article ID: KB34076 KB Last Updated: 03 Jun 2019Version: 1.0
Summary:

When the DHCP offer goes to one of the Relay agents with ip-address 192.168.182.59 and if the GIADDR is 192.168.182.60 for that DHCP offer, then 192.168.182.59 is not relaying this OFFER to 192.168.182.60. Instead, it drops even though it has a direct connection to reach this address and is part of same VLAN.

This article explains why the IRB interface dropped the traffic and what can be done to avoid these drops.

Symptoms:

When the IRB interfaces act as relay agents and are part of a VRRP group, DHCP relay agent sometimes decides not to forward DHCP OFFER Messages to the client.

Cause:

In this example: DHCP Server pools addresses in 10.10.10.0/24 subnet

When DHCP OFFER is sent to a different relay agent which is part of same VRRP group i.e. giaddr does not match with the relay agent to which DHCP Offer has been sent to, we will see that Offer gets dropped and will not be forwarded even though the relay agents are part of an aggregated interfaces.

In the broken case, the Offer from the DHCP server reaches MX2 (192.168.182.60) with a DA/GIADDR 192.168.182.59 that belongs to MX1:

 

Nov  6 07:50:41.501011 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] jdhcpd_io_process_ip_packet: SNOOP: recv pkt; sa 10.10.10.1; da 192.168.182.59; src_port 67; dst_port 67; len 300
Nov  6 07:50:41.501071 security-packet-handle sus_l2:xe-0/0/1.0
Nov  6 07:50:41.501111 [MSTR][INFO]  jdhcpd_security_packet_handle: security-packet-handle sus_l3: NULL so return
Nov  6 07:50:41.501157 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP   from == 10.10.10.1, port == 67 ]--
Nov  6 07:50:41.501198 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP   size == 300, op == 2 ]--
Nov  6 07:50:41.501668 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP  flags == 8000 ]--
Nov  6 07:50:41.501709 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP  htype == 1, hlen == 6 ]--
Nov  6 07:50:41.501748 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP   hops == 0, xid == 3c848b52 ]--
Nov  6 07:50:41.501787 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP   secs == 0, flags == 8000 ]--
Nov  6 07:50:41.501828 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP ciaddr == 0.0.0.0 ]--
Nov  6 07:50:41.501869 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP yiaddr == 192.168.182.36 ]--
Nov  6 07:50:41.501910 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP siaddr == 10.10.10.1 ]—
Nov  6 07:50:41.501950 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP giaddr == 192.168.182.59 ]--:
Nov  6 07:50:41.502003 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP chaddr == 7c fe 37 fe 00 00 00 00 00 00 00 00 00 00 00 00 ]--
Nov  6 07:50:41.502042 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP  sname ==  ]--
Nov  6 07:50:41.502081 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ DHCP/BOOTP   file ==  ]--
Nov  6 07:50:41.502120 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ OPTION code  53, len   1, data DHCP-OFFER ]--
Nov  6 07:50:41.502165 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ OPTION code   1, len   4, data ff ff ff 00 ]--
Nov  6 07:50:41.502258 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ OPTION code  58, len   4, data 00 05 46 00 ]--
Nov  6 07:50:41.502307 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ OPTION code  59, len   4, data 00 09 3a 80 ]--
Nov  6 07:50:41.502351 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ OPTION code  51, len   4, data 00 0a 8c 00 ]--
Nov  6 07:50:41.502395 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ OPTION code  54, len   4, data 0a 0a 0a 01 ]--
Nov  6 07:50:41.502435 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] --[ OPTION code 255, len   0 ]--

 

DHCP Relay cannot find the client with that address and the packet is dropped:

Nov  6 07:50:41.502479 [MSTR][DEBUG][default:default][RLY][INET][xe-0/0/1.0] jdhcpd_find_client_from_server_pdu: Using yiaddr from BOOTPREPLY for lookup
Nov  6 07:50:41.502526 [MSTR][DEBUG] client_key_compose: Composing key (0x2a55200) for cid_l 0, cid NULL, mac 7c fe 37 fe 00 00, htype 1, subnet 100.107.182.59, ifindx 0, opt82_l 0, opt82 NULL
Nov  6 07:50:41.502567 [MSTR][DEBUG] client_key_compose: Successfully composed CK_TYPE_HW_ADDR_ON_SUBNET (2) client key object.
Nov  6 07:50:41.502612 [MSTR][DEBUG] client_key_print: key_type CK_TYPE_HW_ADDR_ON_SUBNET (2): subnet 100.107.182.59, MAC htype 1, Addr 7c fe 37 fe 00 00
Nov  6 07:50:41.502652 [MSTR][DEBUG] client_key_print: key_type CK_TYPE_HW_ADDR_ON_SUBNET (2) other fields: subnet 100.107.182.59, ifindex 0, opt82_len 0, -)
Nov  6 07:50:41.502699 [MSTR][NOTE] [default:default][RLY][INET][xe-0/0/1.0] jdhcpd_find_client_from_server_pdu: Client lookup, no entry for with ckey
Nov  6 07:50:41.502744 [MSTR][DEBUG][default:default][RLY][INET][xe-0/0/1.0] jdhcpd_process_forward_only_or_drop: Returning ... forward-only flags not set (flags=0, rc_flags a0040d) for routing context 0
Nov  6 07:50:41.502787 [MSTR][NOTE] [default:default][RLY][INET][xe-0/0/1.0] jdhcpd_packet_handle: BOOTPREPLY could not find client table entry
Nov  6 07:50:41.502830 [MSTR][DEBUG] jdhcpd_packet_free: PACKET - Freeing v4 packet 0x2a55000
Solution:

Tested: MX 80 JunOS 17.2X75 D91.19

On both MX-1 and MX-2:

#set forwarding-options dhcp-relay forward-snooped-clients non-configured-interfaces

With the forward-snooped clients configuration, the same Offer is forwarded to Easygoer:

Nov  6 07:44:52.466679 [MSTR][DEBUG][default:default][RLY][INET][xe-0/0/1.0] jdhcpd_find_client_from_server_pdu: Using yiaddr from BOOTPREPLY for lookup
Nov  6 07:44:52.466727 [MSTR][DEBUG] client_key_compose: Composing key (0x2a59400) for cid_l 0, cid NULL, mac 7c fe 37 fe 00 00, htype 1, subnet 100.107.182.59, ifindx 0, opt82_l 0, opt82 NULL
Nov  6 07:44:52.466770 [MSTR][DEBUG] client_key_compose: Successfully composed CK_TYPE_HW_ADDR_ON_SUBNET (2) client key object.
Nov  6 07:44:52.466816 [MSTR][DEBUG] client_key_print: key_type CK_TYPE_HW_ADDR_ON_SUBNET (2): subnet 100.107.182.59, MAC htype 1, Addr 7c fe 37 fe 00 00
Nov  6 07:44:52.466857 [MSTR][DEBUG] client_key_print: key_type CK_TYPE_HW_ADDR_ON_SUBNET (2) other fields: subnet 100.107.182.59, ifindex 0, opt82_len 0, -)
Nov  6 07:44:52.467397 [MSTR][NOTE] [default:default][RLY][INET][xe-0/0/1.0] jdhcpd_find_client_from_server_pdu: Client lookup, no entry for with ckey
Nov  6 07:44:52.469742 [MSTR][INFO]  jdhcpd_io_route_packet_legacy: Sending routed packet on rc-index 0
Nov  6 07:44:52.469926 [MSTR][INFO] [default:default][RLY][INET][xe-0/0/1.0] jdhcpd_packet_handle: *** forwarding bootreply packet received for relay ***

Note: MC lag is not configured between MX-1 and MX-2, though it is one of the solutions for the relay agents.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search