Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1497
Views
10
Helpful
9
Replies

PE router does not receive the DHCP relay packet?

Lost & Found
Level 2
Level 2

‎06-27-2022 11:37 AM

From the topology it shows that point to point connection between the local site CE router and the PE router. The setup is that the "ip helper x.x.x.x" is placed on the core switch SVI, then it is forwarded to the CE, PE, and MPLS network. simple setup with no extra features.

 

To briefly explain the situation, I added a filter to both the CE (Cisco) and PE (Juniper) routers to match the dhcp/bootp packets. However, I've seen that CE has matches while PE has none. This implies that dhcp/bootp packets are dropping or being lost along the way.

 

Topology: https://ibb.co/TvC9hLF

 

Although we looked at the configuration and settings on both CE and PE, we were unable to find any problems that would have an impact on communication specially the DHCP packets. Just to add, we don't experience any issues with other services. The DHCP communication is the only problem we are having.

 

Question(s):

  1. Is it possible for DHCP packets to get dropped in on of the local provider Layer2 equipment which placed in between the CE & PE?

  2. How can we be certain that the equipment used by the local provider is not the problem? Considering that it is not under our management and that it is somewhat difficult to obtain the complete cooperation of the local provider?

  3. Do you have any suggestions or ideas about what more approach verification is required to identify the problem?

  4. Is there any other way we can communicate with the DHCP server besides the bootp packet? Do you think adding a port-nat to translate port 67 to port 68 will work as port 67 is now being matched on the CE router? or we can specify the port on Ip helper address?

Labels:
9 Replies 9

MHM Cisco World
VIP
VIP

‎06-27-2022 11:45 AM

DHCP with MPLS

need 
*information option VPN <- 

**need that CE know the subnet of DHCP server

https://sites.google.com/site/amitsciscozone/mpls/mpls-wiki/dhcp-relay-support-for-mpls-vpn

0 Helpful

Lost & Found
Level 2
Level 2
In response to MHM Cisco World

‎06-27-2022 11:55 AM

CE knows how to reach the DHCP server. no issue in terms of reachability the only problem is the DHCP services between relay and server which hosted in DC. 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Lost & Found

‎06-27-2022 02:15 PM

the reachability from SVI you config IP helper under it??

0 Helpful

Lost & Found
Level 2
Level 2
In response to MHM Cisco World

‎06-27-2022 11:21 PM

yes, Ip helper was set up under the SVI.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Lost & Found

‎06-28-2022 04:23 AM

use ping 
ping <ip helper DHCP> source <ip SVI>

check if this ping is success or not

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-27-2022 12:18 PM

Hello @Lost & Found ,

 

>> o briefly explain the situation, I added a filter to both the CE (Cisco) and PE (Juniper) routers to match the dhcp/bootp packets. However, I've seen that CE has matches while PE has none

 

post the firewall filter configuration on the Juniper PE Side

 

CAn the receiving SVI ping the DHCP server located in DC ?

 

if helper-address is correctly configured on client facing SVI the DHCP packet becomes a routable unicast packet and it is quite normal that the PE node does see only unicast packets with destination the server address.

 

Edit:

I have seen you network topology : you have QinQ tunneling on intermediate device this means that Juniper PE might receive frames with double 802.1Q tag but you have configured the Juniper side for single VLAN tag.

 

Hope to help

Giuseppe

 

0 Helpful

Lost & Found
Level 2
Level 2
In response to Giuseppe Larosa

‎06-27-2022 11:28 PM

@Giuseppe Larosa  I appreciate your input.

 

1. Post the firewall filter configuration on the Juniper PE Side. =  At first, we assume Juniper could be the culprit, but after reviewing the configuration and settings, we find that there is no blocking on both the software and hardware levels of the PE.

2. CAn the receiving SVI ping the DHCP server located in DC ? = yes, no issues with Ping on both ends. 

3. if helper-address is correctly configured on client facing SVI the DHCP packet becomes a routable unicast packet and it is quite normal that the PE node does see only unicast packets with destination the server address. = Yes, Correct. We tried using different link, and it works, proving that the SVI configuration is not the problem.

4. ou have QinQ tunneling on intermediate device this means that Juniper PE might receive frames with double 802.1Q tag but you have configured the Juniper side for single VLAN tag. = yes, Qinq is being used, but it should not affect specific service or protocol right?

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Lost & Found

‎06-28-2022 04:28 AM

Hello @Lost & Found ,

>> 4. ou have QinQ tunneling on intermediate device this means that Juniper PE might receive frames with double 802.1Q tag but you have configured the Juniper side for single VLAN tag. = yes, Qinq is being used, but it should not affect specific service or protocol right?

 

if you have ICMP connectivity there is no basic issue in your setup.  I had noticed the Qin Q because I have seen the Juniper configured for a single VLAN tag of 80. But if ping works from SVI to DHCP server you should be fine.

 

I agree with you on this point

 

Hope to help

Giuseppe

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Giuseppe Larosa

‎06-28-2022 06:29 AM

as I inform us the reachability is OK even with QinQ,

still do you add 

ip dhcp relay information option vpn <<-- this need to add to make dhcp server know the VRF this dhcp message come from.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card