If DHCP Relay option is configured for any instance on a Juniper SW/RTR, The DHCP Snooping is automatically enabled. Any Juniper Switch on the path from the client to the DHCP Server with DHCP Snooping activated, would drop these unicast udp DHCP renewal packets that pass through if forwarding options are not configured properly.
To figure out this issue we have collected the logs for a dhcp packet on Juniper during the issue.
> show configuration system processes dhcp-service
traceoptions {
file dhcp_logfile size 10m files 5;
level all;
flag all;
}
You can find the logs at the end of this post.
The unicast packets from the Client to the DHCP Server were definitely entering the Switch, were being processed by the DHCP Snooping mechanism (Can be seen in the logs), but no packets were coming out from the switch.
The unicast packets were being dropped by DHCP Snooping on the Juniper Switch..
SOLUTION:
To let packets not to be dropped we enabled forwarding of snooped packets on all interfaces.
> show configuration routing-instances <instance> forwarding-options
dhcp-relay {
forward-snooped-clients all-interfaces;
overrides {
allow-snooped-clients;
}
}
Related Links:
http://www.juniper.net/techpubs/en_US/junos15.1/topics/concept/dhcp-extended-snooped-packets.html
http://www.juniper.net/documentation/en_US/junos15.1/topics/task/configuration/dhcp-subscriber-access-dhcp-relay-snooped-clients-forwarding.html
DHCP-Service Logs on the Juniper Switch
Aug 18 09:35:24.404067 [INFO] jdhcpd_io_l2ng_pfe_reader: jdhcpd_pfe_pkt_hdr_t: len 141850860 L3ifindex = 328, L2ifindex = 586, dpi_rtbl=561
Aug 18 09:35:24.404106 [INFO] [irb.1] jdhcpd_io_get_ifs: The L3 interface is 586 and L2 interface is 561, using the L3 interface
Aug 18 09:35:24.404123 [DEBUG] rc_entry_sus_find_ipaddr: rc_entry_sus_find_ipaddr: TYPE 0 for IP ADDR 100.100.100.1 in routing context LR default/RI <inst>
Aug 18 09:35:24.404143 [INFO] [default:<inst>][RLY][INET][irb.1] jdhcpd_io_pfe_packet: SNOOP : recv sa 10.30.17.72 da 100.100.100.1, src_port 68, dst_port 67 if name irb.1 len 300
Aug 18 09:35:24.404158 [ERROR] jdhcpd_security_packet_handle: Interface >ae48.0< packet_flags:204
Aug 18 09:35:24.404169 security-packet-handle sus_l2:ae48.0
Aug 18 09:35:24.404180 [INFO] jdhcpd_security_packet_handle: security-packet-handle sus_l3:irb.1
Aug 18 09:35:24.404191 [INFO] jdhcpd_security_packet_handle: security-packet-handle input bd srv
Aug 18 09:35:24.404200 security-packet-handle default/default-switch/srv dhcp-security not configured
Aug 18 09:35:24.404262 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP from == 10.30.17.72, port == 68 ]--
Aug 18 09:35:24.404284 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP size == 300, op == 1 ]--
Aug 18 09:35:24.404298 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP flags == 0 ]--
Aug 18 09:35:24.404311 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP htype == 1, hlen == 6 ]--
Aug 18 09:35:24.404323 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP hops == 0, xid == de401a3c ]--
Aug 18 09:35:24.404336 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP secs == 0, flags == 0000 ]--
Aug 18 09:35:24.404350 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP ciaddr == 10.30.17.72 ]--
Aug 18 09:35:24.404364 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP yiaddr == 0.0.0.0 ]--
Aug 18 09:35:24.404378 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP siaddr == 0.0.0.0 ]--
Aug 18 09:35:24.404391 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP giaddr == 0.0.0.0 ]--
Aug 18 09:35:24.404411 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP chaddr == 00 cd fe e1 92 28 00 00 00 00 00 00 00 00 00 00 ]--
Aug 18 09:35:24.404424 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP sname == ]--
Aug 18 09:35:24.404436 [INFO] [default:<inst>][RLY][INET][irb.1] --[ DHCP/BOOTP file == ]--
Aug 18 09:35:24.404450 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code 53, len 1, data DHCP-REQUEST ]--
Aug 18 09:35:24.404467 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code 55, len 7, data 01 79 03 06 0f 77 fc ]--
Aug 18 09:35:24.404481 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code 57, len 2, data 05 dc ]--
Aug 18 09:35:24.404498 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code 61, len 7, data 01 00 cd fe e1 92 28 ]--
Aug 18 09:35:24.404512 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code 51, len 4, data 00 76 a7 00 ]--
Aug 18 09:35:24.404531 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code 12, len 14, data 52 61 63 68 65 6c 73 2d 69 50 68 6f 6e 65 ]--
Aug 18 09:35:24.404545 [INFO] [default:<inst>][RLY][INET][irb.1] --[ OPTION code 255, len 0 ]--
Aug 18 09:35:24.404560 [NOTE] [default:<inst>][RLY][INET][irb.1] jdhcpd_packet_handle: BOOTPREQUEST arrived on unconfigured interface irb.1, flags 3