Junos
Junos

juniper dhcp relay not working for all reth l3 subinterfaces

[ Edited ]
a month ago

** SEE UPDATE AT BOTTOM **

 

Hi All,

 

I'm working with JTAC on this, but they seem to be as confused as I am about why this isn't working. Hoping you all might have some additional insight.

 

I have an issue where DHCP relay isn't working correctly in a chassis cluster for some of the subinterfaces in a reth group. Basic topology is that the DHCP server lives on vlan 120 and the SRX is relaying dhcp for two vlans: 15 and 140. The cluster physical interface [ge-0/0/4 ge-5/0/4] are connected to a Cisco switch trunk port and all vlans are defined on the switch. Vlan 15 is able to complete the DHCP sequence, but 140 is not. The SRX also provides routing for all vlans. Running dhcp services traceoptions shows only dhcp discover and request traffic. PCAPs on the DHCP server only show DHCP inform from the 140 l3 interface, 192.168.140.1.

 

This is in a test environment so access is as permissive as I can make it. Here's the relevant config for the interfaces, dhcp relay, security zones, and policies.

 

 

 

dhcp-relay {
    server-group {
        dhcp-server {
            192.168.120.2;
        }
    }
    active-server-group dhcp-server;
    group dhcp {
        interface reth1.15;
        interface reth1.140;
    }
}
show interfaces reth1

vlan-tagging;
redundant-ether-options {
    redundancy-group 1;
}
unit 15 {
    vlan-id 15;
    family inet {
        address 192.168.15.1/24;
    }
}
unit 120 {
    vlan-id 120;
    family inet {
        address 192.168.120.1/24;
    }
}
unit 140 {
    vlan-id 140;
    family inet {
        address 192.168.140.1/24;
    }
}
security-zone vlan15 {
    host-inbound-traffic {
        system-services {
            all;
        }
        protocols {
            all;
        }
    }
    interfaces {
        reth1.15;
    }
}
security-zone vlan120 {
    host-inbound-traffic {
        system-services {
            all;
        }
        protocols {
            all;
        }
    }
    interfaces {
        reth1.120;
    }
}
security-zone vlan140 {
    host-inbound-traffic {
        system-services {
            all;
        }
        protocols {
            all;
        }
    }
    interfaces {
        reth1.140;
    }
}
show security policies from zone vlan140 to zone vlan 120

policy allow-140 {
    match {
        source-address vlan140;
        destination-address vlan120;
        application any;
    }
    then {
        permit;
    }
}
show security policies from zone vlan15 to zone vlan120

policy allow-15 { match { source-address vlan15; destination-address vlan120; application any; } then { permit; } }
ge-0/0/4 {
    description "to switch";
    gigether-options {
        redundant-parent reth1;
    }
}

ge-5/0/4 {
    description "to switch";
    gigether-options {
        redundant-parent reth1;
    }
}

 

UPDATE - Had another session with JTAC today. Wound up rolling the version back from 18.2 to 15.1X49-D190.2 and redid the config from scratch. Relay is working fine now. JTAC is doing some regression testing with 18.2 to determine whether or not it's a bug with the relay itself. I'll update this post when/if they provide additional information.

 

FINAL UPDATE - JTAC confirmed that the issue is due to a bug in 18.2 and linked me to the PR information here: https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1440696.  They recommended either staying on version 15.1X49-D190, or upgrading both SRXs to 18.3R3. I've chosen to stay with 15.1x49-D190 since the recommended software page still shows 18.2.

Attachments

4 REPLIES 4
Junos

Re: juniper dhcp relay not working for all reth l3 subinterfaces

a month ago
Please share dhcp traceoption output file during issue state
Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Junos

Re: juniper dhcp relay not working for all reth l3 subinterfaces

a month ago

attached relevant content from the trace file.

Junos

Re: juniper dhcp relay not working for all reth l3 subinterfaces

a month ago
Try this config:

set forwarding-options dhcp-relay overrides bootp-support

If we move vlan5 clients to vlan140 or vice versa, what is the status?
Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Junos

Re: juniper dhcp relay not working for all reth l3 subinterfaces

a month ago

That didn't have any noticible effect.