Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

DHCP issues

  • 1.  DHCP issues

    Posted 08-03-2021 09:15
    Hi all,

    I am new to juniper switching and we have been experiencing some weird DHCP issues. Recently we have swapped our core switch out with a new EX4600, previously Catalyst 4506. The EX's are in a virtual-chassis configuration (RE0 and RE1). The previous switch was there and working fine for 5+ years, no issues. Soon as we swapped to the Juniper's we started see problems with the DHCP packets.  It seems that from the client side when we do ipconfig/renew  command that the request is never acknowledged. But if we do a ipconfig /release then renew we get a response. After doing multiple packet captures at various points on the network we found that discover packets are acknowledged and assigned an IP (broadcast), but the request (unicast) always fails.  The only difference I see in these are the source IP. One from the core and one from the client, respectively.

    The DHCP server is located behind a pair of Nexus 3548, which had a known DHCP bug in the version we were running. They have been updated to a current working stable version, but the problem still persist. Now I am at a loss for what the issue could be. I have tried everything I know , to no avail. Below I have posted some of the commands I ran along with the current config a pertaining portions. Please let me know if you guys have any ideas.

    Something else interesting we've noticed after we put the Junipers into place, we're now seeing an error pop up when joining Windows machines to the domain.  They still join but this error was not occurring until we installed the Junipers.  I found a MS article based on the error and they have 3 potential causes:

    1. The NIC adapter IPv4 properties have changed to disable NetBIOS over TCP/IP
    2. The NIC adapter has IPv4 disabled
    3. There is an issue with UDP communication over port 137

    Options 1 and 2 do not apply, the computers we're seeing the error on are brand new Windows 10 images before being domain joined AKA no group policies applied, the NIC adapters are in a default config and NetBIOS and IPv4 are both enabled.  The UDP traffic part caught my attention because what else is doing UDP?  That's right – DHCP.

     We have not done any firm packet tracings or captures yet, but I thought I'd bring this up in case it prompts a lightbulb moment in someone.  It may not just be DHCP unicast UDP packets having issues but other UDP packets as well (although we do see the UDP broadcasts working for DHCP).


    This was really stressful situation at first not knowing if all our leases were going expire and not renew, but thankfully after it gets to 87% of the lease time it sends out the discovery packet and is able to renew. But I still want to get to the bottom of the problem.  At 50% of the lease time the client sends the request packets and fails.  

    root@EX4600-Core> show dhcp relay statistics
    Packets dropped:
    Total 538120
    Invalid server address 22554
    Interface not configured 743
    Send error 514748
    No binding found 3
    Requested IP address 72

    Messages received:
    BOOTREQUEST 884428
    DHCPDECLINE 1
    DHCPDISCOVER 298872
    DHCPINFORM 136562
    DHCPRELEASE 103
    DHCPREQUEST 448890
    DHCPLEASEACTIVE 0
    DHCPLEASEUNASSIGNED 0
    DHCPLEASEUNKNOWN 0
    DHCPLEASEQUERYDONE 0
    DHCPACTIVELEASEQUERY 0

    Messages sent:
    BOOTREPLY 75785
    DHCPOFFER 31421
    DHCPACK 44321
    DHCPNAK 43
    DHCPFORCERENEW 0
    DHCPLEASEQUERY 0
    DHCPBULKLEASEQUERY 0
    DHCPLEASEACTIVE 0
    DHCPLEASEUNASSIGNED 0
    DHCPLEASEUNKNOWN 0
    DHCPLEASEQUERYDONE 0
    DHCPACTIVELEASEQUERY 0

    Packets forwarded:
    Total 1688
    BOOTREQUEST 1362
    BOOTREPLY 326



    root@EX4600-Core> show system statistics udp
    fpc0:
    --------------------------------------------------------------------------
    udp:
    863556 datagrams received
    0 with incomplete header
    0 with bad data length field
    0 with bad checksum
    23 dropped due to no socket
    8386 broadcast/multicast datagrams dropped due to no socket
    0 dropped due to full socket buffers
    0 not for hashed pcb
    855147 delivered
    6303212 datagrams output

    fpc1:
    --------------------------------------------------------------------------
    udp:
    15220990 datagrams received
    0 with incomplete header
    0 with bad data length field
    0 with bad checksum
    13422 dropped due to no socket
    125165 broadcast/multicast datagrams dropped due to no socket
    0 dropped due to full socket buffers
    0 not for hashed pcb
    15082403 delivered
    8979406 datagrams output


    dhcp-relay {
    forward-snooped-clients all-interfaces;
    overrides {
    allow-snooped-clients;
    always-write-giaddr;
    bootp-support;
    send-release-on-delete;
    delete-binding-on-renegotiation;
    }
    relay-option-82;
    inactive: forward-only;
    server-group {
    DCHP_Clients {
    192.168.223.209;
    }
    Ruckus {
    192.168.230.9;
    }
    }
    active-server-group DCHP_Clients;
    group DHCP_Clients {
    interface xe-0/0/23.0;
    interface ae0.0;
    interface ae1.0;
    interface ae2.0;
    interface ae3.0;
    interface irb.0;
    interface irb.5;
    interface irb.12;
    interface irb.30;
    interface irb.111;
    interface irb.230;
    interface irb.232;
    }
    group Ruckus {
    interface irb.235;



    ------------------------------
    JOSHUA HOLCOMBE
    ------------------------------


  • 2.  RE: DHCP issues

    Posted 08-03-2021 09:35
    Do you have a firewall filter applied to your loopback interface?

    Thanks,
    Cord





  • 3.  RE: DHCP issues

    Posted 08-03-2021 09:35
    If you have a filter on your lo0.0  you will need to make sure you all dhcp traffic to and from your dhcp servers.

    FYI the dhcp t2 timer reverts to bcast and not unicast for renew.


  • 4.  RE: DHCP issues

    Posted 08-03-2021 12:10
    Unless they are set by default, I do not have anything explicitly defined.

    ------------------------------
    JOSHUA HOLCOMBE
    ------------------------------