[j-nsp] DHCP relaying/snooping and proxy-arp on MX-240

Bjørn Skovlund skovlund at gmail.com
Thu Oct 22 10:51:39 EDT 2009


I got an MX-240 running JUNOS 9.6R1.13.

This terminates layer 3 for a range of customers arriving in
double-tagged VLANs like this:
ge-0/0/1 {
    encapsulation flexible-ethernet-services;
    unit 567 {
        vlan-tags outer 1310 inner 12;
        family inet {
            unnumbered-address lo0.0 preferred-source-address xx.xx.xx.xx;

We then map them in dhcp-relay like this:
dhcp-relay {
    server-group {
        data {
    group data {
        active-server-group data;
        overrides {
        relay-option-82 {
            circuit-id {
                prefix {
                use-interface-description logical;
        interface ge-0/0/1.567;

Previously we've done this in routing-instances, but are now trying to
get away from that, for ease of configuration (I got boxes with 200K
lines of configuration). We're running 9.3 on our production boxes and
I'm pretty sure that DHCP "snooping" is in effect with the above
configuration inside routing-instances, but I haven't tested this
positively since 9.1 or so.

Right now DHCP snooping is not working on 9.6 in global
routing-instance - is there any way to specify snooping or does it
need to be in a routing-instance to enable snooping?

Secondly, we assign customers in /23 networks and have proxy-arp on,
so they can talk to eachother. Problem is if a customer has more than
one computer online (bridging), he needs to go over his WAN link and
around the MX in order to talk between his two computers, as the MX is
proxying the ARPs. Is there any way to disable arp-proxying towards
the unit where the arp in question has been learned from?

Thanks in advance.

Cheers, Bjørn

More information about the juniper-nsp mailing list