[j-nsp] Set 802.1p bits for DHCP packets generated from the routing-engine

Saku Ytti saku at ytti.fi
Thu Dec 20 07:53:01 EST 2018


On Thu, 20 Dec 2018 at 14:24, Alex D. <listensammler at gmx.de> wrote:

Hey Alex,

> i tried that, but as mentioned, it didn't work. For testing purposes, i
> configured a "log all" as first term:
> term log-all-re-traffic {
>      then log;
> }
> DHCP packets from routing-engine to the DHCP-server and DHCP packets
> from client to the router are logged as expected. But mysteriously, I

Sorry for my confusion, where did you put the filter? lo0.0 egress
should not show you packets from client to the router.

> don't see DHCP packets from routing-engine towards the clients (behind
> the ONT) and thus setting a forwarding-class with this term also doesn't
> work. Did you already see such a behaviour?

The stateful DHCP (as opposed to helper) is quite tricky business.

1. It punts all transit DHCP in all interfaces, and lo0.0 FW filter
must allow these punted packets, otherwise you kill customers' dhcp
2. It encapsulates the punted traffic with another set of IP headers
(if you do 'monitor traffic ... write-file dhcp.pcap' you'll see the
encapsulation, without 'write-file' you'll just see the bottom headers
you expect to see, as the inline parser will hide the encapsulation
headers
3. lo0 filter does not see the original headers but the encapsulation headers

I wouldn't be surprised if for some reason it is not subject to normal
rules in CoS either, but I've not specifically tried to set or observe
their QoS.

-- 
  ++ytti


More information about the juniper-nsp mailing list