Routing
Highlighted
Routing

PXE options not delivered to DHCP clients when dhcp-relay configured with forward-only.

‎06-10-2020 10:31 PM

Hello,

 

We have a setup where one set of DHCP servers deliver IP configuration to clients and another set of DHCP servers deliver the PXE options. This setup works only if we configure dhcp-relay without forward-only option. The issue is that this eats up licences and this is something we would like to avoid. We have tried the setup with forward-only-replies option as well. When I monitor traffic on the client switch port I see only the DHCP packets providing IP configuration.

 

 I've tried to go through documentation but I haven't found an explanation how the DHCP relay works with different configurations. The observed behaviour suggests that only the DHCP packets from the first responder are let through and others are dropped. I wish I could change this behaviour so that all DHCP packet would be allowed to flow through.

 

Could anyone give me more details how the DHCP relay actually works with different configuration? The router is MX10003 and it's running Junos 18.2R3.4.

 

Cheers, 

 

Matti

7 REPLIES 7
Highlighted
Routing

Re: PXE options not delivered to DHCP clients when dhcp-relay configured with forward-only.

[ Edited ]
‎06-10-2020 10:44 PM

Hi Matti,

 

The DHCP relay agent operates as the interface between DHCP clients and the server. The DHCP Relay Agent relays DHCP messages between DHCP clients and DHCP servers on different IP networks.

 

A Juniper Networks device operating as a DHCP relay agent forwards incoming requests from BOOTP and DHCP clients to a specified BOOTP or DHCP server. Client requests can pass through a virtual private network (VPN) tunnels. You cannot configure a single device interface to operate as both a DHCP client and a DHCP relay.

 

In a typical carrier edge network configuration, the DHCP client is on the subscriber’s computer, and the DHCP relay agent is configured on the router between the DHCP client and one or more DHCP servers.

 

The below link has more details-

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcp-relay-agent-security-devices...

 

In case you are looking for how DHCP works in a specific configuration, please elaborate so that we can provide you details.

 

Hope this answers your query 🙂

 

Please mark "Accepted Solution" if this helps you!

Kudos are always appreciated! 

Highlighted
Routing

Re: PXE options not delivered to DHCP clients when dhcp-relay configured with forward-only.

[ Edited ]
‎06-10-2020 10:58 PM

Hello mjsaarin,

 

Greetings!

 

Please go through the below document for DHCP Configuration for PXE Environment

https://kb.juniper.net/InfoCenter/index?page=content&id=KB16160&actp=METADATA

 

This above KB holds good for MX as-well. 

 

Preboot xEecution Environement (PXE) - is an environment to boot computers using a network interface independent of available data storage devices or installed operating systems.

The term PXE client only refers to the role that the machine takes in the PXE boot process. A PXE client can be a server, desktop, laptop or any other machine that is equipped with PXE boot code

The PXE protocol is approximately a combination of DHCP and TFTP.

1) Configure a pool of IP addresses for DHCP clients on a subnet. When a client joins the network, the DHCP server dynamically allocates an IP address from this pool.

2) Set the boot filename advertised to clients. The client uses the boot image stored in the boot file to complete configuration.

3) Set the server that contains the boot file.

4) Define the default and maximum lease times, in seconds.

5) Specify the DNS server that maintains the database of client name to IP address mappings.

6) Specify IP address for routers on the client’s subnetwork. Routers are listed in order of preference.

7) Set the next-server statement which is used to specify the host address of the server from which the initial boot file is to be loaded, this address could be from tftp, or ftp or nfs or something else that the host will use. It is asumed that the client either knows what to do next, or that information is in the bootfile.
 

To know more about the DHCP-Relay options, please follow the below documentation:

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/dhcp-rela...

 

I hope this helps. Please mark this post "Accept as solution" if this answers your query.

 

Kudos are always appreciated! Smiley Happy

 

Best Regards,

Lingabasappa H

Highlighted
Routing

Re: PXE options not delivered to DHCP clients when dhcp-relay configured with forward-only.

‎06-10-2020 11:06 PM

Hello Matti

 

 This might be largely because DHCP works on a broadcast principle. The clients are going to broadcast for the first DHCP server that answers with an acceptable offer, which they will take. If you have a mixture of local DHCP servers and relays, the local servers will respond faster and may not provide the configuration you want to deploy at best. At worst, you will have a mix of acceptable responses and a lot of potential for conflicting addresses. On any network segment where you're using DHCP relays, the local server needs to be disabled.

 

With the additional helper, there's a semi-random chance that the DHCP request will be answered by the PXE server or the primary DHCP server. If it's answered by the first one, PXE works correctly. If it's answered by the second, PXE fails.


Regards,
Vishaal


Accept as Solution = cool ! (Help fellow community members with similar query be redirected here instead of them reposting again)
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: PXE options not delivered to DHCP clients when dhcp-relay configured with forward-only.

‎06-10-2020 11:30 PM

Hi!

 

Thanks for all the replies. It seems I need to learn to describe my issue better.

 

None of the DHCP servers are local. All are listed under the same server group within the routing instance where the clients are. All the servers see the requests and send the replies. For some reason, the setup work only when there is no forward-only setting. The working setting is similar to the one below:

me@r> show configuration routing-instances VRF-MY-VRF forwarding-options dhcp-relay
relay-option-82 {
circuit-id;
}
server-group {
MY-DHCP-SERVERS {
/* IP configuration server 1 */
192.168.10.10;
/* IP configuration server 2 */
192.168.10.20;
/* PXE configuration server 1 */
192.168.200.10;
/* PXE configuration server 2 */
192.168.200.20;
/* PXE configuration server 3 */
192.168.200.30;
}
}
route-suppression {
destination;
}
group MY-DHCP-DEFAULT {
active-server-group MY-DHCP-SERVERS;
interface et-0/1/9.314;
interface et-0/1/9.278;
}
no-snoop;

Highlighted
Routing

Re: PXE options not delivered to DHCP clients when dhcp-relay configured with forward-only.

‎06-10-2020 11:33 PM

Hi mjsaarin,

 

Good day

 

Please remove this part of the configuration and also remove the “forward-only” and then check if the dhcp relay works.

 

When using forward-only, option-82 is a requirement.

 

To avoid the option-82 requirement you would need to remove “forward-only”.

 

We have 2 option, or without “forward-only” or with “forward-only” and “option-82”(like the configuration above, this is the reason why it works with "trusted; no-option82 " )

 

DHCP packets forwarded with the forward-only statement do not consider other configurations except for the trust-option-82 option. The DHCP relay agent ignores all other configured options.

 

The information can be found here:

 

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/forward-o...

 

Please mark "Accepted Solution" if this helps.

 

Kudos are always appreciated

 

Thanks

Suraj

Highlighted
Routing

Re: PXE options not delivered to DHCP clients when dhcp-relay configured with forward-only.

‎06-11-2020 12:20 AM

Hi Suraj,

 

Thanks for the clarification. I've still got difficulties in understandind why the replies from one set of DHCP servers are relayed but the replies from the other set appear to be dropped. I wish the relay could be configured as transparent as possible.

 

Cheers,

 

Matti

Highlighted
Routing
Solution
Accepted by topic author mjsaarin
‎06-11-2020 09:10 PM

Re: PXE options not delivered to DHCP clients when dhcp-relay configured with forward-only.

‎06-11-2020 12:49 AM

HI mjsaarin,

 

With “forward-only” MX maintains bindings for DHCP and doesn’t transmitor rely on DHCP Option 82 information.
Without “forward-only” MX copies the incoming interface info into “DHCPDiscover Option 82” to know the interface where DHCP Discover was received.
DHCP server should simply copy this info back in the “OFFER” packet.


Following tech pub document briefly explains the above process with respect to bootp (legacy daemon) and the same is applicable to DHCP relay with “forward-only” also.
https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/policy-configuring-routers...

 

I’ve reviewed the data and verified that the MX is functioning as designed, exactly as KB30596 Explains the issue.

Here is the article where we found this option to try (KB30596): https://kb.juniper.net/InfoCenter/index?page=content&id=KB30596

 

Please mark "Accepted Solution" if this helps.

Kudos are always appreciated

 

Thanks

Suraj

 

Feedback