Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
Back to discussions
Expand all | Collapse all

MX DHCP relay - how to do a replacement for forwarding-options helpers bootp ?

  • 1.  MX DHCP relay - how to do a replacement for forwarding-options helpers bootp ?

    Posted 27 days ago

    Hi,

    I probably need to move from pefectly working, but legacy forwarding-options/helpers/bootp to modern forwarding-options/dhcp-relay on our MX104/MX204 router to support DHCP relay operation.

    I have a router with multiple routing instances and multiple separate DHCP servers and I am a little bit scared about DHCP relay implementation using forwarding-options/dhcp-relay.

    Here is my current working DHCP relay config:

    forwarding-options {
helpers {
	bootp {
		relay-agent-option;
		server 192.168.1.5 routing-instance RI_XXX;
		server 192.168.1.6 routing-instance RI_XXX;

		interface {
			xe-0/1/2.799 {
				server 192.168.99.95 routing-instance RI_YYY;
				server 192.168.99.96 routing-instance RI_YYY;
			} 
...
etc.				
}

    My interfaces and RE firewall filter looks like:

    interfaces {
    lo0 {
        unit 0 {
            family inet {
                filter {
                    input fw_router_mgmt;
                }
                address 127.0.0.1/32;             
            }
        }
    }
}	
	
firewall {
	family {
	inet {
	
	filter fw_router_mgmt {
		...
		term 3 {
			from {
				source-address {
					0.0.0.0/32;
				}
				destination-address {
					255.255.255.255/32;
				}
				protocol udp;
				port 67;
			}
			then accept;
		}
		...			
	}}}
}

    Everything works fine and there is no problem in IPv4 world.

    Now, I need to switch  to forwarding-options/dhcp-relay to be able to add support for IPv6 in the future. I have found Minimum DHCP Relay Agent Configuration article, but this is for SRX platform, not for MX.

    Summary of my requirements:

    • MX Router with multiple routing instances and working bootp helper, fortunately no IRB interfaces
    • No DHCP traffic inspection, snooping, no engineering - just forward DHCP frame from client to the DHCP server and back like bootp helper does.

    I saw few pieces of puzzle to disable unwanted things that can make it even more complicated:

    • use option called forward-only that should be used to disable almost all of the inspection features
    • use forwarding-options dhcp-relay no-snoop
    • use forwarding-options dhcp-relay forward-snooped-clients all-interfaces to permit traffic, because otherwise it could be dropped

    Please, if you have a simillar setup, I'd be glad for sharing a working piece of your config, something like "Minimum DHCP Relay Agent" above,  but for MX platform.

    Thank you for any feedback and support how to do the transition in no-horror way.