Policy Framework Configuration Guide - Juniper Networks

Chapter 15: Traffic Forwarding and Monitoring Configuration
3. The BSA then sends the DHCP discover message to the BSR, which converts it to a
unicast packet and sends it to the DHCP server.
4. The DHCP server looks up the client’s MAC address and option 82 information in its
database. A valid client is assigned an IP address, which is returned to the client using
a DHCP offer message. Both the BSR and BSA send this message upstream to the
client.
5. The client examines the DHCP offer, and if it is acceptable, issues a DHCP request
message that is sent to the DHCP server through the BSA and BSR.
6. The DHCP server confirms that the IP address is still available. If it is, the DHCP server
updates its local tables and sends a DHCP ACK message to the client.
7. The BSR receives the DHCP ACK message and passes the message to the BSA.
8. The BSA creates an anti-spoofing filter by binding the IP address in the ACK message
to the MAC address of the client. After this point, any DHCP messages from this IP
address that are not bound to the client’s MAC address are dropped.
9. The BSA sends the ACK message to the client so that the process of assigning a IP
address can be completed.
You configure DHCP snooping by including within a DHCP group the appropriate interfaces
of the BSA:
[edit routing-instances routing-instance-name bridge-domains bridge-domain-name
forwarding-options dhcp-relay group group-name]
interface interface-name;
In a VPLS environment, DHCP requests are forwarded over pseudowires. You can configure
DHCP snooping over VPLS at the [edit routing-instances routing-instance-name] hierarchy
level.
Configuring Port Mirroring
DHCP snooping works on a per learning bridge basis in bridge domains. Each learning
domain must have an upstream interface configured. This interface acts as the flood
port for DHCP requests coming from the client side. DHCP requests are be forwarded
across learning domains in a bridge domain. You can configure DHCP snooping on bridge
domains at the [edit routing-instances routing-instance-name bridge-domains
bridge-domain-name] hierarchy level. For an example of DHCP snooping on the MX Series
router, see the Junos OS MX Series Ethernet Services Routers Solutions Guide.
Port mirroring is the ability of a router to send a copy of an IPv4 or IPv6 packet to an
external host address or a packet analyzer for analysis. Port mirroring is different from
traffic sampling. In traffic sampling, a sampling key based on the packet header is sent
to the Routing Engine. There, the key can be placed in a file, or cflowd packets based on
the key can be sent to a cflowd server. In port mirroring, the entire packet is copied and
sent out through a next-hop interface.
One application for port mirroring sends a duplicate packet to a virtual tunnel. A next-hop
group can then be configured to forward copies of this duplicate packet to several
Copyright © 2010, Juniper Networks, Inc.
375