[j-nsp] M7i DHCP Relay

[Emmanuel Halbwachs]

Hello,

Chuck Anderson a écrit (Thu, Aug 12, 2010 at 08:33:39AM -0400) :
> I've just installed an MX960 with all bridge-domains and IRB to 
> replace a "Layer 3 switch" core router in an enterprise campus LAN 
> environment.

Same context here with a MX240.

> The BOOTP Helper (stateless DHCP Relay Agent functionality configured 
> under forwarding-options helpers bootp) fails to forward DHCP Replies 
> from the DHCP Server back to the DHCP Client

We've been hit by the same issue.

> unless the MX is configured with DHCP Option 82 support via the
> relay-agent-option statement.

I can't remember well, but I think we tried this with no success.

Then we tried to configure the full-fledged extended DHCP relay as a
workaround. It didn't work either. With the help of our reseller and
JTAC, we discover that one have to use the old 9.2-style configuration
(one subinterface per bridge-domain instead of vlan-id-list). But then
another issue: if a PC with the same MAC changes VLAN, the DHCP
request is not forward, even if DHCP anti-spoofing is disabled.

I believe PR are on their ways for this two issues.

> This really really sucks.  So much so that I wouldn't be averse to 
> setting up a Linux box with dhcrelay on it with all my VLANs trunked 
> into it to replace the MX as DHCP Relay.

Tired by thoses bugs and due to deployment time constraints, we
finally set up our Linux DHCP servers with a trunk and to listen to
requests from any VLAN. Yes, ugly, but robust and then we don't rely
on Juniper to deliver our DHCP service.

I too was very surprised how such a basic fonctionnality was so buggy
with IRB interfaces.

Cheers,

-- 
Emmanuel Halbwachs                       Observatoire de Paris-Meudon
Resp. Réseau/Sécurité                           5 Place Jules Janssen
tel  :  +33 1 45 07 75 54                        F 92195 MEUDON CEDEX
fax  :  +33 1 45 07 01 89       véhicules : 11 av. Marcelin Berthelot