Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] How does DHCP relay packets forward with DHCP-only?

0

0

Article ID: KB37320 KB Last Updated: 15 Aug 2021Version: 1.0
Summary:

This article explains why the DHCP relay cannot complete DORA when DHCP-only is enabled. 

Symptoms:

With the following configuration when forward-only is enabled, there will be a sub-option 9 under dhcp option 82 which is be added automatically. The sub-option will indicate which interface is going to be the OIF for this dhcp relay foward-only. Since the dhcp reply forward-only does not generate the dhcp stateful info, we have to depend on this sub-option 9 to find out the OIF. If the returned dhcp offer does not contain this sub-option, the dhcp will not forward this offer to client. 

set forwarding-options dhcp-relay server-group 1 172.16.100.10
set forwarding-options dhcp-relay group 1 active-server-group 1
set forwarding-options dhcp-relay group 1 overrides trust-option-82
set forwarding-options dhcp-relay group 1 overrides send-release-on-delete
set forwarding-options dhcp-relay group 1 forward-only
set forwarding-options dhcp-relay group 1 interface xe-1/3/0.0

On a server-facing interface, there are 2 option-82's. On the 2nd option-82, there is a sub-option 9 with the physical interface where it received the dhcp discover from the client. But for some reason, the dhcp offer did not carry this sub-option. So the MX discarded the dhcp packet. 

  • Monitor traffic interface ge-1/1/9 detail layer2-headers no-resolve 
  • Address resolution is OFF.
  • Listening on ge-1/1/9, capture size 1514 bytes
12:07:32.507745 Out 94:f7:ad:5a:a9:e5 > f0:00:02:b0:a7:8d, ethertype IPv4 (0x0800), length 496: (tos 0x0, ttl  64, id 38498, offset 0, flags [none], proto: UDP (17), length: 482) 172.16.10.1.67 > 172.16.100.10.67: BOOTP/DHCP, Request from f0:00:01:b0:a7:8d, length 454, xid 0x7, Flags [Broadcast]
          Gateway-IP 172.16.10.1
          Client-Ethernet-Address f0:00:01:b0:a7:8d
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            MSZ Option 57, length 2: 576
            Client-ID Option 61, length 7: ether f0:00:01:b0:a7:8d
            Lease-Time Option 51, length 4: 60
            Hostname Option 12, length 52: "client_Port //2/10 [F4:A7:39:CD:4E:00/xe-0/0/21]-0-0"
            Parameter-Request Option 55, length 5: 
              Subnet-Mask, Domain-Name-Server, Domain-Name, Static-Route
              Netbios-Name-Server
            Agent-Information Option 82, length 53: 
              Circuit-ID SubOption 1, length 51: circuitId_Port //2/10 [F4:A7:39:CD:4E:00/xe-0/0/21]
            Agent-Information Option 82, length 72: 
              Circuit-ID SubOption 1, length 51: circuitId_Port //2/10 [F4:A7:39:CD:4E:00/xe-0/0/21]
              Unknown SubOption 9, length 17: 
                0x0000: 0000 0a4c 0c04 0a78 652d 312f 332f 302e 
                0x000f: 30
12:07:32.508827  In PFE proto 2 (ipv4): (tos 0xc0, ttl  64, id 39486, offset 0, flags [none], proto: UDP (17), length: 408) 172.16.100.10.67 > 172.16.10.1.67: BOOTP/DHCP, Reply, length 380, xid 0x7, Flags [Broadcast]
          Your-IP 172.16.10.1
          Server-IP 172.16.100.10
          Gateway-IP 172.16.10.1
          Client-Ethernet-Address f0:00:01:b0:a7:8d
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Lease-Time Option 51, length 4: 3600
            Server-ID Option 54, length 4: 172.16.100.10
            Subnet-Mask Option 1, length 4: 255.255.255.0
            Hostname Option 12, length 52: "server_Port //11/4 [F4:A7:39:CD:4E:00/xe-0/0/22]-2-0"
            Default-Gateway Option 3, length 4: 172.16.10.1
            Agent-Information Option 82, length 53: 
              Circuit-ID SubOption 1, length 51: circuitId_Port //2/10 [F4:A7:39:CD:4E:00/xe-0/0/21]
Solution:

Since the sub-option 9 will be added automatically, the DHCP server must have this sub-option in offer/ack. Otherwise, the DORA cannot be finished. 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search