[j-nsp] JUNOS BootP-relay Behaviour

Daniel.Hilj at synetrix.co.uk Daniel.Hilj at synetrix.co.uk
Mon Mar 9 10:41:03 EDT 2009


Try the "vpn" keyword. That's how you change this behaviour with JunosES at least, haven't got a EX to test on now but possibly the same.

set forwarding-options helpers bootp ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  client-response-ttl  IP time-to-live value to set in responses to client (1..255)
  description          Text description of servers
> interface            Incoming BOOTP/DHCP request forwarding interface configuration
  maximum-hop-count    Maximum number of hops per packet (1..16)
  minimum-wait-time    Minimum number of seconds before requests are forwarded (0..30000)
  relay-agent-option   Use DHCP Relay Agent option in relayed BOOTP/DHCP messages
> server               Server information
  vpn                  Enable vpn encryption


Regards
Daniel

-----Original Message-----
From: Phil Mayers [mailto:p.mayers at imperial.ac.uk] 
Sent: 09 March 2009 12:03
To: alain.briant at bt.com
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] JUNOS BootP-relay Behaviour

alain.briant at bt.com wrote:
> When I configure DHCP relay like this on an EX switch:
>  
> "set forwarding-options helpers bootp interface XX server @IPDHCPserver"
>  
> The outgoing relayed paquets are received on the DHCP server with a
> source address
> of the outgoing interface of the EX switch (the Net IP.B address)
>  
>                                              __________
>                         _______             {          }
>               Net IP.A |       | Net IP.B  {            }
> DHCP client |----------| EX SW |----------{      NET     }--| DHCP
> server
>                        |_______|           {            }
>                                             {__________}
>  
>  
>  
> On a C router and other brands the behaviour is different and the
> address used 
> is the one from the incoming interface (the Net IP.A address)

We see this too, but why does it matter? DHCP servers are required to 
inspect the "giaddr" field in the BOOTP/DHCP header, not the source of 
the IP packet.

----------------------------------------------------------------------------------------------------------
Synetrix Holdings Limited
Tel: +44 (0)1252 405 600
www.synetrix.co.uk

Synetrix (Holdings) Limited is a limited company registered in England and Wales. Registered number: 0349 1956. VAT number: GB776 1259 07. Registered office: Synetrix House, 49-51 Victoria Road, Farnborough, Hampshire, GU14 7PA.

IMPORTANT NOTICE:
This message is intended solely for the use of the Individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Synetrix Holdings Limited. Synetrix Holdings Limited accepts no responsibility for loss or damage arising from its use, including damage from virus. 


More information about the juniper-nsp mailing list