In a recent post I described the cutover procedure used to move from a Virtual Chassis (VC) configuration to a Multi-Chassis Link Aggregation Group (MC-LAG) configuration. One of the other requirements on this cutover was to utilize DHCP Relay. However I ran into a problem getting the DHCP Relay to work.

When reviewing the statistics on Bootp Helper I noticed that the dropped packet counter “Due to no interface in fud database” was increasing exponentially. Naturally, I enabled traceoptions under forwarding-options helpers with the following command:

forwarding-options {
    helpers {
        traceoptions {
            file fud.log;
            level all;
            flag all;
        }
    }
}

In the debug log we could see the following:

vndcpwar029@USDCA-SWJ-P01> show log fud.log 
May 6 21:51:24 fud_ifdb_get_addr(): getting database entry for irb.1221, port 67
May 6 21:51:28 received packet from 0.0.0.0 port 68 interface irb.1221 l2 interface ae21 rt_inst default
May 6 21:51:28 fud_ifdb_get_addr(): getting database entry for irb.1221, port 67
May 6 21:51:31 received packet from 0.0.0.0 port 68 interface irb.1224 l2 interface ae21 rt_inst default
May 6 21:51:31 fud_ifdb_get_addr(): getting database entry for irb.1224, port 67
May 6 21:51:36 received packet from 0.0.0.0 port 68 interface irb.1221 l2 interface ae21 rt_inst default
May 6 21:51:36 fud_ifdb_get_addr(): getting database entry for irb.1221, port 67

The unusual part about this is that the debug log did not indicate any unknown interface that was dropping the packet, and that the MX was receiving the packets. After a quick call to JTAC they recommended we enable the broadcast option on each bootp interface so that it looked like the following:

forwarding-options {
    helpers {
        traceoptions {
            file fud.log;
            level all;
            flag all;
        }
        bootp {
            interface {
                irb.1 {
                    broadcast;
                    server 1.2.3.4;
                }
            }
        }
    }
}

This broadcast option enables the MX to forward DHCP relay packets if the interface is unknown. Once this was added and committed DHCP Relay started to work as expected.

Clay is a recovering server guy that has learned how networks and security worked and used it to his advantage. He is always eager to learn a new technology or technique as there are never enough tools in the toolbox for solving problems in modern networking and server environment. Clay is always striving to make the "more perfect" network available to peers and users. He currently an active Juniper Ambassador, and has contributed to multiple Juniper Day One guides to solve both old and new problems that engineers face in their networks. Clay is a talented individual that enjoys the new challenges that are facing next generation networks, both large and small.

Clay has achieved two of the highest certifications from Juniper Networks: the JNCIE-SEC (Certification Number #69) for his proficiency in Juniper Networks security platforms, and the JNCIE-ENT (Certification Number #492) for his proficiency in Juniper Networks enterprise routing and switching platforms. He is also certified as a Pulse Secure Certified Instructor and Palo Alto Networks Certified Network Security Instructor. Outside of the of the certifications above, Clay also has experience with securing cloud-provider networks while ensuring the highest levels of performance to serve its users.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.