[j-nsp] BOOTP helper on MX vrf
Mark Tinka
mark.tinka at seacom.mu
Thu Jun 13 08:01:02 EDT 2013
On Thursday, June 13, 2013 01:49:23 PM Sebastian Wiesinger
wrote:
> Actually you're right. 1000 are free. That would be 1000
> DHCP bindings on the whole box. Could work in this
> scenario... Is it true that the jdhcpd runs on the PFE?
> The bootp helper seems to punt *all* DHCP traffic (Port
> 69) going trough the box to the RE which is kind of
> scary... I just hope you can firewall it on the RE.
IIRC, it's a control plane process. It would be nice if it
can happen in the line card, but I don't have any definitive
information on that.
It is also good to ensure that if you have any Loopback
interfaces in this VRF (as you would in a typical broadband
type deployment), you check that you have allowed DHCP/BOOTP
packets through the any group-applied firewalls, otherwise
you could chase your tail trying to figure out what's going
on.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130613/e0ba0f0d/attachment-0001.sig>
More information about the juniper-nsp
mailing list