Thanks. I apppreciate the advice.
Nope, no EVPN. When you deployed those 10k's with dhcp relay in multiple virutal routers, what version of Junos was that running on?
I don't think I have the hardware on hand to do the relay on a stick thing. We do have some ex4300-mp's on a stick right off these 10k's but they have their own issues with dhcp....another open case that is also dhcp related. We'e also had some other major issues with the platform that make it unsuitable for this.
Honestly I really wish Juniper would dedicate some resources to solving these dhcp issues. Since we've been a customer, I'd estimate that 90% of my tickets have been dhcp-related. Seems a lot of the dhcp knobs are ISP-oriented. We'd like a clean dhcp relay that is enterprise focused.
I really wish rather than having support teams dedicated to product lines, there was an enterprise focused theam.
Another big want would be a long term, stable version of Junos that is supported both by JTAC and engineering, for customers who aren't really interested in feature enhancements.
Original Message:
Sent: 06-07-2021 03:25
From: DANIEL HEARTY
Subject: QFX10008 Flooding unicast dhcp like broadcast/unknown
I've deployed 10K8s with relays over multiple routing instances. The only issue I've come across is no smart-relay support with EVPN-VXLAN.. Although I guess you're not using EVPN-VXLAN?
I the meantime, perhaps you can move the relay function to a standalone device. This is also something I've seen in the past. You would place another switch (kinda on a stick) in the fabric configured with all your VLANs that require relay. Might be enough to get you going whilst JTAC work on the PR?
------------------------------
DANIEL HEARTY
Principal Engineer
Original Message:
Sent: 06-06-2021 14:05
From: Unknown User
Subject: QFX10008 Flooding unicast dhcp like broadcast/unknown
As an update. While "no-snoop" under dhcp relay stops the flooding of dhcp packets it also stops the box from relaying anything as well.
Beyond frustrated......
This should have never left development with this issue and nobody at Juniper seems to care. We cannot be the only shop that relay's dhcp across multiple virtual routers on a qfx-10008.
In their current state these boxes are 100% unusable.
Original Message:
Sent: 06-02-2021 05:31
From: STEVE PULUKA
Subject: QFX10008 Flooding unicast dhcp like broadcast/unknown
Thanks for the update and following through with JTAC. It can be a pain to be the first to report an issue and get the PR properly documented so we all benefit.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Original Message:
Sent: 06-01-2021 14:08
From: Unknown User
Subject: QFX10008 Flooding unicast dhcp like broadcast/unknown
If anyone is interested, the issue seems to be triggered by adding a dhcp relay in a non-default routing instance of type virtual-router and having snooping enabled on the relay. Was able to replicate this with JTAC today. Adding "set routing-instance name forwarding-options dhcp-relay no-snoop" stops the flooding. I've been told though that this should not be needed though and that that the are filing a PR for the issue.
Original Message:
Sent: 06-01-2021 12:36
From: Unknown User
Subject: QFX10008 Flooding unicast dhcp like broadcast/unknown
Seems there is a correlation between having an irb interface bound to the vlan and this issue. On vlans where there is no irb configured as the L3 interface I'm not seeing the issue. I don't think JTAC saw it this way but they did not have dhcp relay configured on the qfx, or multiple virtual routers with dhcp relay either.
Original Message:
Sent: 05-30-2021 05:45
From: STEVE PULUKA
Subject: QFX10008 Flooding unicast dhcp like broadcast/unknown
Well that is the definition of a Junos bug. Had JTAC checked the PR (problem report) database to see if it has already been discovered and fixed?
If not, they will need to duplicate your configuration and topology in the lab and generate a new PR for software development to add to the pipeline.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Original Message:
Sent: 05-29-2021 10:53
From: Unknown User
Subject: QFX10008 Flooding unicast dhcp like broadcast/unknown
I have checked that. It does have the destination mac in it's ethernet switching table. It floods every dhcp packet (frame) in every vlan even if it is unicast and has a known destination mac address. Was confirmed by myself and JTAC.
Original Message:
Sent: 05-29-2021 02:10
From: Unknown User
Subject: QFX10008 Flooding unicast dhcp like broadcast/unknown
The simplest reason is that your 10K doesn't have the destination MAC in its switching table--so it floods the packet to all ports. Have you checked this?
Original Message:
Sent: 05-28-2021 16:26
From: Unknown User
Subject: QFX10008 Flooding unicast dhcp like broadcast/unknown
The title says it all but some context here. We have a jtac case open and they are not able to reproduce the behavior in their lab yet.
We have 2 of these boxes doing this. When a unicast dhcprequest or dhcpack traverses any vlan on the box, its forwards that traffic out all interfaces where vstp is forwarding for the vlan even though traffic captures from switches linked to the 10k's which receive the traffic show that the traffic is l2 unicast.
Code on 1 is 20.2R2-S3 and the other is base 20.2R2.
Neither I nor JTAC can see anything in the config that would cause this....but I did find one thing I"m not sure about. Under the vstp config stanza, I'm using an interface range, which in looking at this doc doesn't seem like it's officially supported on the qfx, or that's my interpretation of it, as for the ex line it seems to specifically list vstp. So I tried a port outside of the range. Flooding still occurs:
https://www.juniper.net/documentation/us/en/software/junos/interfaces-ethernet-switches/topics/topic-map/switches-interface-range.html
Has anyone ever heard of such a thing?
Not sure at this point what parts of sanitized configs should be posted, etc but would appreciate any insight.