Hi all,
I am new to juniper switching and we have been experiencing some weird DHCP issues. Recently we have swapped our core switch out with a new EX4600, previously Catalyst 4506. The EX's are in a virtual-chassis configuration (RE0 and RE1). The previous switch was there and working fine for 5+ years, no issues. Soon as we swapped to the Juniper's we started see problems with the DHCP packets. It seems that from the client side when we do
ipconfig/renew command that the request is never acknowledged. But if we do a
ipconfig /release then
renew we get a response. After doing multiple packet captures at various points on the network we found that discover packets are acknowledged and assigned an IP (broadcast), but the request (unicast) always fails. The only difference I see in these are the source IP. One from the core and one from the client, respectively.
The DHCP server is located behind a pair of Nexus 3548, which had a known DHCP bug in the version we were running. They have been updated to a current working stable version, but the problem still persist. Now I am at a loss for what the issue could be. I have tried everything I know , to no avail. Below I have posted some of the commands I ran along with the current config a pertaining portions. Please let me know if you guys have any ideas.
Something else interesting we've noticed after we put the Junipers into place, we're now seeing an error pop up when joining Windows machines to the domain. They still join but this error was not occurring until we installed the Junipers. I found a MS article based on the error and they have 3 potential causes:
- The NIC adapter IPv4 properties have changed to disable NetBIOS over TCP/IP
- The NIC adapter has IPv4 disabled
- There is an issue with UDP communication over port 137
Options 1 and 2 do not apply, the computers we're seeing the error on are brand new Windows 10 images before being domain joined AKA no group policies applied, the NIC adapters are in a default config and NetBIOS and IPv4 are both enabled. The UDP traffic part caught my attention because what else is doing UDP? That's right – DHCP.
We have not done any firm packet tracings or captures yet, but I thought I'd bring this up in case it prompts a lightbulb moment in someone. It may not just be DHCP unicast UDP packets having issues but other UDP packets as well (although we do see the UDP broadcasts working for DHCP).
This was really stressful situation at first not knowing if all our leases were going expire and not renew, but thankfully after it gets to 87% of the lease time it sends out the discovery packet and is able to renew. But I still want to get to the bottom of the problem. At 50% of the lease time the client sends the request packets and fails.
root@EX4600-Core> show dhcp relay statistics
Packets dropped:
Total 538120
Invalid server address 22554
Interface not configured 743
Send error 514748
No binding found 3
Requested IP address 72
Messages received:
BOOTREQUEST 884428
DHCPDECLINE 1
DHCPDISCOVER 298872
DHCPINFORM 136562
DHCPRELEASE 103
DHCPREQUEST 448890
DHCPLEASEACTIVE 0
DHCPLEASEUNASSIGNED 0
DHCPLEASEUNKNOWN 0
DHCPLEASEQUERYDONE 0
DHCPACTIVELEASEQUERY 0
Messages sent:
BOOTREPLY 75785
DHCPOFFER 31421
DHCPACK 44321
DHCPNAK 43
DHCPFORCERENEW 0
DHCPLEASEQUERY 0
DHCPBULKLEASEQUERY 0
DHCPLEASEACTIVE 0
DHCPLEASEUNASSIGNED 0
DHCPLEASEUNKNOWN 0
DHCPLEASEQUERYDONE 0
DHCPACTIVELEASEQUERY 0
Packets forwarded:
Total 1688
BOOTREQUEST 1362
BOOTREPLY 326
root@EX4600-Core> show system statistics udp
fpc0:
--------------------------------------------------------------------------
udp:
863556 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
23 dropped due to no socket
8386 broadcast/multicast datagrams dropped due to no socket
0 dropped due to full socket buffers
0 not for hashed pcb
855147 delivered
6303212 datagrams output
fpc1:
--------------------------------------------------------------------------
udp:
15220990 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
13422 dropped due to no socket
125165 broadcast/multicast datagrams dropped due to no socket
0 dropped due to full socket buffers
0 not for hashed pcb
15082403 delivered
8979406 datagrams output
dhcp-relay {
forward-snooped-clients all-interfaces;
overrides {
allow-snooped-clients;
always-write-giaddr;
bootp-support;
send-release-on-delete;
delete-binding-on-renegotiation;
}
relay-option-82;
inactive: forward-only;
server-group {
DCHP_Clients {
192.168.223.209;
}
Ruckus {
192.168.230.9;
}
}
active-server-group DCHP_Clients;
group DHCP_Clients {
interface xe-0/0/23.0;
interface ae0.0;
interface ae1.0;
interface ae2.0;
interface ae3.0;
interface irb.0;
interface irb.5;
interface irb.12;
interface irb.30;
interface irb.111;
interface irb.230;
interface irb.232;
}
group Ruckus {
interface irb.235;
------------------------------
JOSHUA HOLCOMBE
------------------------------