[j-nsp] JUNOS BootP-relay Behaviour
alain.briant at bt.com
alain.briant at bt.com
Mon Mar 9 09:01:27 EDT 2009
Hi Phil
This does matter because the DHCP server has to answer back to the source address of the packets received and in case you have a firewall between the NET and the DHCP server the firewall could be configured to deny packets from the net.ipB interface and only allow packets from net.IPA.
Finally I have done some tests on the DHCP relay on an M7i (so a real Juniper router) and the behaviour is the same as with Cisco.
So the Case that I opened on the JTAC was lastly taken in account as a real bug.
I am waiting for a new release now.
Yes indeed the problem in the majority of the cases is not very painful but in some cases you can get stuck!
Kind regards
Alain
-----Message d'origine-----
De : Phil Mayers [mailto:p.mayers at imperial.ac.uk]
Envoyé : lundi 9 mars 2009 13:03
À : Briant,A,Alain,JPECS R
Cc : juniper-nsp at puck.nether.net
Objet : Re: [j-nsp] JUNOS BootP-relay Behaviour
alain.briant at bt.com wrote:
> When I configure DHCP relay like this on an EX switch:
>
> "set forwarding-options helpers bootp interface XX server @IPDHCPserver"
>
> The outgoing relayed paquets are received on the DHCP server with a
> source address of the outgoing interface of the EX switch (the Net
> IP.B address)
>
> __________
> _______ { }
> Net IP.A | | Net IP.B { }
> DHCP client |----------| EX SW |----------{ NET }--| DHCP
> server
> |_______| { }
> {__________}
>
>
>
> On a C router and other brands the behaviour is different and the
> address used is the one from the incoming interface (the Net IP.A
> address)
We see this too, but why does it matter? DHCP servers are required to inspect the "giaddr" field in the BOOTP/DHCP header, not the source of the IP packet.
More information about the juniper-nsp
mailing list