• November 23, 2020, 05:05:23 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: PSN: Stackable switches cause malformed DHCP packets w/DHCP relay, snooping  (Read 2975 times)

0 Members and 1 Guest are viewing this topic.

Offline telecom116

  • Sr. Member
  • ****
  • Posts: 217
Just got this PSN# PSN004238u, published today (6/26):

Malformed DHCP packets are discarded by Stackable Ethernet Routing Switches (ERS) when DHCP snooping, DHCP relay or NonEap Phone Authentication using DHCP signature is enabled on the switches.

In some releases of the Stackable ERS platforms (ERS 2500, 3500, 4000 and 5000 Series) as well as the VSP 7000, a software issue was found to cause malformed DHCP packets as they were forwarded out of the switch. When this issue was encountered an extra 4 bytes was added to the payload of the forwarded DHCP packet, but the Total Length in the IP Header was not updated. The resulting malformed DHCP packet is still successfully forwarded or relayed to the next hop toward the DHCP server(s).
Affected are specific software versions of ERS 2500, 3500, 4000 and 5000 series, and the VSP 7000.

The "fun" part is that code has been added in the fix to discard any malformed packets.  Problem is if you have any affected (ie, non-upgraded) switches upstream, DHCP packets may be silently discarded and you won't get DHCP client requests.   >:(

Fixed software versions as well as more information are in the PSN:
« Last Edit: June 26, 2014, 06:38:29 PM by telecom116 »

Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
I think I may have run in to this already and it went away when the switches were upgraded....  Humm...

Offline imorris

  • Rookie
  • **
  • Posts: 18
I have run into this issue also.  Looks like Avaya have known about this for some time, but until the PSN there was only one mention of it that I can see. 

In the release notes of ERS4000 v5.6.4 (Dec 2013) the "Known Limitations" cites: 

"A DHCP memory leak issue was addressed in this release that included a change in the DHCP packet header.
In code versions prior to 5.6.4, the code added 4 bytes to each egressing DHCP packet without changing the total length value of the packet thus creating a malformed DHCP packet. The 5.6.4 release will now discard these packets when DHCP snooping is enabled.
This fix may create unexpected loss of DHCP packets when the 4k is connected to other ERS switches running prior code. The affected ERS switches are 2500/3500, 4k running code prior to 5.6.4, and 5k running code prior to 6.3.3.
The workaround is to disable DHCP snooping until this fix is propagated to all ERS switches."


Offline Dominik

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1564
    • Networkautobahn
thanks for sharing that link. Looks like I have to do some updates...
Itīs always the networks fault!

Offline Tony

  • Full Member
  • ***
  • Posts: 91
I have run into this issues yesterday. what's the heck to disable dhcp snooping and everything is working fine.