Expand all | Collapse all

Why DHCP relay packets dropped?

  • 1.  Why DHCP relay packets dropped?

    Posted 04-12-2019 06:58

    Hello guys!

    Please tell me who faced this problem below in log dhcp_logfile on Juniper EX4600
    , periodically there is such an error in the dhcp relay service:

    [ERROR] jdhcpd_security_packet_handle: Interface >ae1.0< packet_flags:201

    And this packet drop


    > show dhcp relay statistics
    Packets dropped:
    Total 5488
    Bootp packets 2
    Interface not configured 2751
    Send error 2730
    No binding found 5





    Apr 12 14:34:16.523523 [INFO] [default:default][RLY][INET][irb.26][SID=100] JDHCPD_CLIENT_EVENT: Client(0x8e18c00) got event CLIENT_EVENT_ACK_PDU in state RELAY_STATE_BOUND
    Apr 12 14:34:16.523545 Unexpected ACK received in RELAY_STATE_BOUND, relaying (could be inform-ack)
    Apr 12 14:34:16.523557 [ERROR] jdhcpd_security_packet_handle: Interface >ae1.0< packet_flags:201
    Apr 12 14:34:16.523569 [INFO]  jdhcpd_security_packet_handle: security-packet-handle input bd USERS-26
    Apr 12 14:34:16.523579 security-packet-handle default/default-switch/USERS-26 dhcp-security not configured
    Apr 12 14:34:16.523594 [INFO] [default:default][RLY][INET][irb.26][SID=100] jdhcpd_packet_relay: *** relaying packet ***
    Apr 12 14:34:16.523608 [INFO] [default:default][RLY][INET][irb.26][SID=100] jdhcpd_packet_relay: Broadcast response for
    Apr 12 14:34:16.523751 [INFO] [default:default][RLY][INET][irb.26] jdhcpd_io_send_packet: DHCP PDU from to port 68 out interface 554 len 300
    Apr 12 14:34:47.536371 [INFO]  jdhcpd_io_l2ng_pfe_reader: jdhcpd_pfe_pkt_hdr_t: len 141946028 L3ifindex = 328, L2ifindex = 553, dpi_rtbl=564
    Apr 12 14:34:47.536417 [INFO] [irb.25] jdhcpd_io_get_ifs: The L3 interface is 553 and L2 interface is 564, using the L3 interface
    Apr 12 14:34:47.536440 [INFO] [default:default][RLY][INET][irb.25] jdhcpd_io_pfe_packet: LOCAL : recv sa da, src_port 68, dst_port 67 if name irb.25 len 300
    Apr 12 14:34:47.536456 [ERROR] jdhcpd_security_packet_handle: Interface >ae4.0< packet_flags:200
    Apr 12 14:34:47.536467 security-packet-handle sus_l2:ae4.0
    Apr 12 14:34:47.536478 [INFO]  jdhcpd_security_packet_handle: security-packet-handle sus_l3:irb.25
    Apr 12 14:34:47.536490 [INFO]  jdhcpd_security_packet_handle: security-packet-handle input bd USERS-25
    Apr 12 14:34:47.536649 security-packet-handle default/default-switch/USERS-25 dhcp-security not configured

    My dhcp-relay configuration:

    set forwarding-options dhcp-relay forward-snooped-clients all-interfaces
    set forwarding-options dhcp-relay overrides allow-snooped-clients
    set forwarding-options dhcp-relay overrides always-write-giaddr
    set forwarding-options dhcp-relay overrides bootp-support
    set forwarding-options dhcp-relay overrides send-release-on-delete
    set forwarding-options dhcp-relay overrides delete-binding-on-renegotiation

    Why do such errors occur in the dhcp server log?




  • 2.  RE: Why DHCP relay packets dropped?

    Posted 04-12-2019 07:31

    Hi Dmitriy MT,


    What's the Junos version on the EX? You can troubleshoot as follows:


    a) Please check and share the DHCP packets received on the interfaces ae1, ae4 - think you can capture them with "monitor traffic interface ae1 no-resolve" and "monitor traffic interface ae4 no-resolve".

    b) What does the DHCP server config look like, is this only IPv4 server? One instance these errors may be seen if you have a DHCPv4 server but also receiving DHCPv6 requests from clients.

    c) Which of those drop counters from the dhcp relay statistics are actually incrementing when you see the log message? Perhaps take a snapshot before the logs to contrast after.

    d) Check if any jdhcpd core-dumps from "show system core-dumps".


    Hope this helps.




    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).

  • 3.  RE: Why DHCP relay packets dropped?

    Posted 04-14-2019 23:33


    a) Does this not entail a switch load? The traffic on the switch is large, will this command cause overload and denial of service?

    b) Server configured only on IPv4

    c) To date, statistics such

    center@kmrt-ex4600-406> show dhcp relay statistics
    Packets dropped:
        Total                      6334
        Bootp packets              2
        Interface not configured   3180
        Send error                 3147
        No binding found           5
    Messages received:
        BOOTREQUEST                52313
        DHCPDECLINE                0
        DHCPDISCOVER               269
        DHCPINFORM                 46010
        DHCPRELEASE                49
        DHCPREQUEST                5983
    Messages sent:
        BOOTREPLY                  50311
        DHCPOFFER                  351
        DHCPACK                    49952
        DHCPNAK                    6
        DHCPFORCERENEW             0
    Packets forwarded:
        Total                      25351
        BOOTREQUEST                1315
        BOOTREPLY                  24036

    с) And this is the output of the command - "show system core-dumps"

    > show system core-dumps all-members
    /var/tmp/*core*: No such file or directory

    /var/tmp/*core*: No such file or directory