[j-nsp] MX BNG with both local server and dhcp relay

Andrey Kostin ankost at podolsk.ru
Tue Jan 10 10:13:18 EST 2023 

Hi Dave,

Don't have experience with your specific case, just a common sense 
speculation. When you configure local dhcp server it usually specifies a 
template interface, like demux0.0, pp0.0, psX.0. Probably in your case a 
conflict happens when junos tries to enable both server and relay on the 
same subscriber interface. Maybe if you could dynamically enable dhcp 
server or relay for a particular subscriber interface it could solve the 
issue. Regarding interface separation, I'm not sure if it's possible to 
have more than one demux or pp interface, I believe only demux0 is 
supported. With ps interfaces you however can have many of them and if 
you can aggregate subscribers to pseudowires by service, you could 
enable dhcp server or relay depending on psX interface. However, 
pseudowires might be not needed and excessive for your design.
Did you try to analyze DHCP and AAA traceoptions and capture DHCP 
packets, BTW?

Kind regards,
Andrey

Dave Bell via juniper-nsp писал(а) 2023-01-05 08:50:
> Hi,
> 
> I'm having issues with DHCP relay on a Juniper MX BNG, and was 
> wondering if
> anyone had an insight on what may be the cause of my issue.
> 
> I've got subscribers terminating on the MX, authenticated by RADIUS, 
> and
> then placed into a VRF to get services. In the vast majority of cases 
> the
> IP addressing information is passed back by RADIUS, and so I'm using 
> the
> local DHCP server on the MX to deal with that side of things.
> 
> In one instance I require the use of an external DHCP server. I've got 
> the
> RADIUS server providing an Access-Accept for this subscriber, and also
> returning the correct VRF in which to terminate the subscriber. I've 
> also
> tried passing back the external DHCP server via RADIUS.
> 
> In the VRF, I've got the DHCP relay configured, and there is 
> reachability
> to the appropriate server
> 
> The MX however seems reluctant to actually forward DHCP requests to 
> this
> server. From the logging, I can see that the appropriate attributes are
> received and correctly decoded. The session gets relocated into the 
> correct
> routing instance, but then it tries to look for a local DHCP server.
> 
> I have the feeling that my issues are due to trying to use both the 
> local
> DHCP server and DHCP relay depending on the subscriber scenario. If I
> change the global configuration of DHCP from local server to DHCP 
> relay, my
> configuration works as expected though with the detriment of the 
> scenario
> where the attributes returned via RADIUS no longer work due to it not 
> being
> able to find a DHCP relay.
> 
> Since the MX decides how to authenticate the subscriber based on where 
> the
> demux interface is configured, I think ideally I would need to create a
> different demux interface for these type of subscribers that I can then 
> set
> to be DHCP forwarded, thought I don't seem to be able to convince the
> router to do that yet.
> 
> Has anyone come across this, and found a workable solution?
> 
> Regards,
> Dave
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list